;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : A422BA9C6C1C1CD0745E70670AF28A93
; File Name : u:\work\a422ba9c6c1c1cd0745e70670af28a93_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0006E000 ( 450560.)
; Section size in file : 0006E000 ( 450560.)
; Offset to raw data for section: 00001000
; Flags F00000C0: Data Bss Shareable Executable Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_nsp0 segment para public 'CODE' use32
assume cs:_nsp0
;org 401000h
assume es:nothing, ss:nothing, ds:_nsp0, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401000 proc near ; DATA XREF: sub_40CE55+38E0�o
var_494 = byte ptr -494h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_20C = byte ptr -20Ch
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_8C = byte ptr -8Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 494h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0A5h
mov esi, eax
lea edi, [ebp+var_294]
rep movsd
mov dword ptr [eax+290h], 1
call dword_42104C
push eax
call sub_415539
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_20C]
push eax
lea eax, [ebp+var_28C]
push eax
call sub_4013E9
push eax
lea eax, [ebp+var_494]
push offset dword_423050
push eax
call sub_4154E7
xor esi, esi
add esp, 20h
cmp [ebp+var_8], esi
jnz short loc_401090
push esi
lea eax, [ebp+var_494]
push [ebp+var_C]
push eax
lea eax, [ebp+var_10C]
push eax
push [ebp+var_294]
call sub_412D4C
add esp, 14h
loc_401090: ; CODE XREF: sub_401000+6E�j
lea eax, [ebp+var_494]
push eax
call sub_40B16D
push [ebp+var_290]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
pop edi
pop esi
sub_401000 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4010B2 proc near ; CODE XREF: sub_4013E9+40�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = word ptr -58h
var_56 = word ptr -56h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = byte ptr -34h
var_32 = word ptr -32h
var_30 = word ptr -30h
var_2E = word ptr -2Eh
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
var_2A = word ptr -2Ah
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_7 = byte ptr -7
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call dword_43A310
test eax, eax
jz short loc_4010F2
xor eax, eax
jmp loc_4013E5
; ---------------------------------------------------------------------------
loc_4010F2: ; CODE XREF: sub_4010B2+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_43A43C
cmp eax, 0FFFFFFFFh
mov [ebp+var_20], eax
jz loc_4013DD
push esi
lea ecx, [ebp+var_40]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_40], edi
call dword_43A378
cmp eax, 0FFFFFFFFh
jz loc_4013D3
push [ebp+arg_C]
mov [ebp+var_58], 2
call dword_43A398
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_56], ax
mov [ebp+var_54], esi
mov [ebp+var_34], 45h
call dword_43A398
push [ebp+arg_C]
mov [ebp+var_32], ax
mov [ebp+var_30], di
mov [ebp+var_2E], bx
mov [ebp+var_2C], 80h
mov [ebp+var_2B], 6
mov [ebp+var_2A], bx
mov [ebp+var_24], esi
call dword_43A398
mov [ebp+var_12], ax
call sub_415543
movzx eax, ax
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_43A398
push 12345678h
mov [ebp+var_14], ax
call dword_43A394
push offset dword_4230D8
mov [ebp+var_10], eax
push [ebp+arg_8]
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_4011C2
mov [ebp+var_C], ebx
mov [ebp+var_7], 2
jmp short loc_401216
; ---------------------------------------------------------------------------
loc_4011C2: ; CODE XREF: sub_4010B2+105�j
push offset dword_4230CC
push [ebp+arg_8]
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_4011DE
mov [ebp+var_C], ebx
mov [ebp+var_7], 10h
jmp short loc_401216
; ---------------------------------------------------------------------------
loc_4011DE: ; CODE XREF: sub_4010B2+121�j
push offset dword_4230C0
push [ebp+arg_8]
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_401216
call sub_415543
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_C], edx
call sub_415543
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_7], dl
loc_401216: ; CODE XREF: sub_4010B2+10E�j
; sub_4010B2+12A�j ...
push 4000h
mov [ebp+var_8], 50h
call dword_43A398
mov [ebp+var_6], ax
lea eax, [ebp+var_48]
push eax
mov [ebp+var_2], bx
mov [ebp+arg_8], ebx
call dword_421054
lea eax, [ebp+var_1C]
push eax
call dword_421050
push [ebp+var_44]
mov eax, [ebp+arg_10]
cdq
push [ebp+var_48]
push edx
push eax
call sub_4159A0
add eax, [ebp+var_1C]
push 14h
pop esi
adc edx, [ebp+var_18]
mov [ebp+var_3C], eax
mov [ebp+var_38], edx
loc_401264: ; CODE XREF: sub_4010B2+2E2�j
; sub_4010B2+2F0�j
mov [ebp+var_4], bx
call sub_415543
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_43A398
mov [ebp+var_14], ax
call sub_415543
mov edi, eax
shl edi, 10h
call sub_415543
or edi, eax
push edi
call dword_43A398
movzx eax, ax
mov [ebp+var_10], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call dword_43A394
mov [ebp+var_28], eax
mov eax, [ebp+var_24]
push esi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call dword_43A398
mov [ebp+var_6E], ax
mov eax, [ebp+var_28]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_4155D0
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_94]
push eax
call sub_4155D0
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40A1CA
mov [ebp+var_4], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_4155D0
lea eax, [ebp+var_14]
push esi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_4155D0
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_415570
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40A1CA
mov [ebp+var_2A], ax
lea eax, [ebp+var_34]
push esi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_4155D0
add esp, 14h
lea eax, [ebp+var_58]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_20]
call dword_43A3FC
cmp eax, 0FFFFFFFFh
jz short loc_4013A7
add [ebp+arg_8], eax
lea eax, [ebp+var_1C]
push eax
call dword_421050
mov eax, [ebp+var_18]
cmp eax, [ebp+var_38]
jg short loc_4013D0
jl loc_401264
mov eax, [ebp+var_1C]
cmp eax, [ebp+var_3C]
jnb short loc_4013D0
jmp loc_401264
; ---------------------------------------------------------------------------
loc_4013A7: ; CODE XREF: sub_4010B2+2CB�j
call dword_43A32C
push eax
lea eax, [ebp+var_F4]
push offset dword_42308C
push eax
call sub_4154E7
lea eax, [ebp+var_F4]
push eax
call sub_40B16D
add esp, 10h
jmp short loc_4013D3
; ---------------------------------------------------------------------------
loc_4013D0: ; CODE XREF: sub_4010B2+2E0�j
; sub_4010B2+2EE�j
mov ebx, [ebp+arg_8]
loc_4013D3: ; CODE XREF: sub_4010B2+78�j
; sub_4010B2+31C�j
push [ebp+var_20]
call dword_43A430
pop esi
loc_4013DD: ; CODE XREF: sub_4010B2+5B�j
call dword_43A2F8
mov eax, ebx
loc_4013E5: ; CODE XREF: sub_4010B2+3B�j
pop edi
pop ebx
leave
retn
sub_4010B2 endp
; =============== S U B R O U T I N E =======================================
sub_4013E9 proc near ; CODE XREF: sub_401000+4F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40A05B
push [esp+10h+arg_4]
mov esi, eax
call sub_415A5F
push [esp+14h+arg_C]
mov ebx, eax
call sub_415A5F
mov edi, eax
call sub_415543
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
push [esp+20h+arg_8]
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4010B2
add esp, 20h
test eax, eax
jnz short loc_401438
push 1
pop eax
loc_401438: ; CODE XREF: sub_4013E9+4A�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_4013E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401447 proc near ; DATA XREF: sub_40CE55+3AC8�o
var_3BC = byte ptr -3BCh
var_1BC = dword ptr -1BCh
var_1B8 = byte ptr -1B8h
var_138 = byte ptr -138h
var_B8 = byte ptr -0B8h
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 3BCh
push ebx
push esi
mov eax, [ebp+arg_0]
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_1BC]
push 1
pop ebx
push 0FFh
push 3
rep movsd
push 2
mov [eax+19Ch], ebx
call dword_43A418
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_4014E2
call dword_43A32C
push eax
lea eax, [ebp+var_3BC]
push offset dword_42322C
push eax
call sub_4154E7
xor edi, edi
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_4014C5
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_412D4C
add esp, 14h
loc_4014C5: ; CODE XREF: sub_401447+5C�j
lea eax, [ebp+var_3BC]
push eax
call sub_40B16D
push [ebp+var_38]
call sub_4152AF
pop ecx
pop ecx
push edi
call dword_421048
loc_4014E2: ; CODE XREF: sub_401447+3A�j
lea ecx, [ebp+var_C]
push 4
push ecx
xor edi, edi
push 2
push edi
push eax
mov [ebp+var_C], ebx
call dword_43A378
cmp eax, 0FFFFFFFFh
jnz short loc_401559
call dword_43A32C
push eax
lea eax, [ebp+var_3BC]
push offset dword_4231E0
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_24], edi
jnz short loc_40153C
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_412D4C
add esp, 14h
loc_40153C: ; CODE XREF: sub_401447+D3�j
lea eax, [ebp+var_3BC]
push eax
call sub_40B16D
push [ebp+var_38]
call sub_4152AF
pop ecx
pop ecx
push edi
call dword_421048
loc_401559: ; CODE XREF: sub_401447+B3�j
lea eax, [ebp+var_1B8]
push eax
call dword_43A3D8
cmp eax, 0FFFFFFFFh
jnz short loc_4015C0
lea eax, [ebp+var_3BC]
push offset dword_4231AC
push eax
call sub_4154E7
cmp [ebp+var_24], edi
pop ecx
pop ecx
jnz short loc_4015A3
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_412D4C
add esp, 14h
loc_4015A3: ; CODE XREF: sub_401447+13A�j
lea eax, [ebp+var_3BC]
push eax
call sub_40B16D
push [ebp+var_38]
call sub_4152AF
pop ecx
pop ecx
push edi
call dword_421048
loc_4015C0: ; CODE XREF: sub_401447+122�j
push 10h
lea eax, [ebp+var_1C]
push edi
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_1C], 2
push edi
call dword_43A398
mov [ebp+var_1A], ax
lea eax, [ebp+var_1B8]
push eax
call dword_43A3D8
mov esi, dword_42104C
mov [ebp+var_18], eax
mov [ebp+arg_0], edi
call esi
mov [ebp+var_8], eax
loc_4015FE: ; CODE XREF: sub_401447+2E8�j
call esi
sub eax, [ebp+var_8]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_30]
ja loc_4017A9
push 41Ch
mov byte_438B98, 45h
call dword_43A398
cmp [ebp+var_2C], edi
mov word_438B9A, ax
mov word_438B9C, bx
mov word_438B9E, di
mov byte_438BA0, 80h
mov byte_438BA1, bl
mov word_438BA2, di
jz short loc_401684
call sub_415543
mov ebx, eax
shl ebx, 8
call sub_415543
add ebx, eax
shl ebx, 8
call sub_415543
add ebx, eax
shl ebx, 8
call sub_415543
add ebx, eax
push 1
mov dword_438BA4, ebx
pop ebx
jmp short loc_40169C
; ---------------------------------------------------------------------------
loc_401684: ; CODE XREF: sub_401447+20B�j
push [ebp+var_1BC]
call sub_40A171
pop ecx
push eax
call dword_43A3D8
mov dword_438BA4, eax
loc_40169C: ; CODE XREF: sub_401447+23B�j
mov eax, [ebp+var_18]
mov dword_438BA8, eax
call sub_415543
cdq
mov ecx, 100h
idiv ecx
mov byte_438BAC, dl
call sub_415543
cdq
mov ecx, 100h
idiv ecx
mov byte_438BAD, dl
call sub_415543
cdq
mov ecx, 0F0h
push 400h
idiv ecx
mov word_438BAE, di
mov word_438BB2, bx
inc edx
mov word_438BB0, dx
call sub_415543
cdq
mov ecx, 0FFh
idiv ecx
push edx
push offset dword_438BB4
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_1C]
push 10h
push eax
push edi
push 41Ch
push offset byte_438B98
push [ebp+var_4]
call dword_43A3FC
cmp eax, 0FFFFFFFFh
jz short loc_401734
inc [ebp+arg_0]
jmp loc_4015FE
; ---------------------------------------------------------------------------
loc_401734: ; CODE XREF: sub_401447+2E3�j
push [ebp+var_4]
call dword_43A430
call dword_43A32C
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
push offset dword_423148
lea eax, [ebp+var_3BC]
push 200h
push eax
call sub_415A6A
add esp, 18h
cmp [ebp+var_24], edi
jnz short loc_40178C
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_412D4C
add esp, 14h
loc_40178C: ; CODE XREF: sub_401447+323�j
lea eax, [ebp+var_3BC]
push eax
call sub_40B16D
push [ebp+var_38]
call sub_4152AF
pop ecx
pop ecx
push edi
call dword_421048
loc_4017A9: ; CODE XREF: sub_401447+1C8�j
push [ebp+var_4]
call dword_43A430
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_30]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_1B8]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_138]
push eax
lea eax, [ebp+var_3BC]
push offset dword_4230E4
push eax
call sub_4154E7
add esp, 1Ch
cmp [ebp+var_24], edi
jnz short loc_401811
push edi
lea eax, [ebp+var_3BC]
push [ebp+var_28]
push eax
lea eax, [ebp+var_B8]
push eax
push [ebp+var_1BC]
call sub_412D4C
add esp, 14h
loc_401811: ; CODE XREF: sub_401447+3A8�j
lea eax, [ebp+var_3BC]
push eax
call sub_40B16D
push [ebp+var_38]
call sub_4152AF
pop ecx
pop ecx
push edi
call dword_421048
sub_401447 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40182E proc near ; DATA XREF: sub_40CE55+37D1�o
var_414 = byte ptr -414h
var_214 = dword ptr -214h
var_210 = byte ptr -210h
var_190 = byte ptr -190h
var_110 = byte ptr -110h
var_90 = byte ptr -90h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 414h
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 85h
mov esi, eax
lea edi, [ebp+var_214]
rep movsd
mov dword ptr [eax+210h], 1
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_190]
push eax
lea eax, [ebp+var_210]
push eax
call sub_401B7C
push eax
lea eax, [ebp+var_414]
push offset dword_423274
push eax
call sub_4154E7
xor esi, esi
add esp, 18h
cmp [ebp+var_8], esi
jnz short loc_4018AB
push esi
lea eax, [ebp+var_414]
push [ebp+var_C]
push eax
lea eax, [ebp+var_90]
push eax
push [ebp+var_214]
call sub_412D4C
add esp, 14h
loc_4018AB: ; CODE XREF: sub_40182E+5B�j
lea eax, [ebp+var_414]
push eax
call sub_40B16D
push [ebp+var_10]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
pop edi
pop esi
sub_40182E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4018CA proc near ; CODE XREF: sub_401B7C+3C�p
var_284 = byte ptr -284h
var_F4 = byte ptr -0F4h
var_B4 = byte ptr -0B4h
var_B3 = byte ptr -0B3h
var_A0 = byte ptr -0A0h
var_94 = byte ptr -94h
var_8C = byte ptr -8Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = byte ptr -70h
var_6F = byte ptr -6Fh
var_6E = word ptr -6Eh
var_58 = dword ptr -58h
var_50 = word ptr -50h
var_4E = word ptr -4Eh
var_4C = dword ptr -4Ch
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_32 = word ptr -32h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = byte ptr -28h
var_27 = byte ptr -27h
var_26 = word ptr -26h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = byte ptr -20h
var_1E = word ptr -1Eh
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 284h
push ebx
push edi
push 0Eh
xor ebx, ebx
pop ecx
xor eax, eax
lea edi, [ebp+var_B3]
mov [ebp+var_B4], bl
rep stosd
stosw
stosb
lea eax, [ebp+var_284]
push eax
push 202h
call dword_43A310
test eax, eax
jz short loc_40190A
xor eax, eax
jmp loc_401B78
; ---------------------------------------------------------------------------
loc_40190A: ; CODE XREF: sub_4018CA+37�j
push 1
pop edi
push edi
push ebx
push ebx
push 0FFh
push 3
push 2
call dword_43A43C
cmp eax, 0FFFFFFFFh
mov [ebp+var_C], eax
jz loc_401B70
push esi
lea ecx, [ebp+var_38]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_38], edi
call dword_43A378
cmp eax, 0FFFFFFFFh
jz loc_401B66
push 10h
lea eax, [ebp+var_50]
push ebx
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_50], 2
push [ebp+arg_8]
call dword_43A398
mov esi, [ebp+arg_0]
push 28h
mov [ebp+var_4E], ax
mov [ebp+var_4C], esi
mov [ebp+var_20], 45h
call dword_43A398
push [ebp+arg_8]
mov [ebp+var_1E], ax
mov [ebp+var_1C], di
mov [ebp+var_1A], bx
mov [ebp+var_18], 80h
mov [ebp+var_17], 6
mov [ebp+var_16], bx
mov [ebp+var_10], esi
call dword_43A398
push 4000h
mov [ebp+var_32], ax
mov [ebp+var_2C], ebx
mov [ebp+var_28], 50h
mov [ebp+var_27], 2
call dword_43A398
mov [ebp+var_26], ax
lea eax, [ebp+var_40]
push eax
mov [ebp+var_22], bx
mov [ebp+arg_8], ebx
call dword_421054
lea eax, [ebp+var_8]
push eax
call dword_421050
push [ebp+var_3C]
mov eax, [ebp+arg_C]
cdq
push [ebp+var_40]
push edx
push eax
call sub_4159A0
add eax, [ebp+var_8]
mov esi, edx
adc esi, [ebp+var_4]
mov [ebp+var_58], eax
loc_4019F5: ; CODE XREF: sub_4018CA+25D�j
; sub_4018CA+26B�j
mov [ebp+var_24], bx
call sub_415543
cdq
mov ecx, 3E9h
idiv ecx
add edx, 3E8h
push edx
call dword_43A398
mov [ebp+var_34], ax
call sub_415543
mov edi, eax
shl edi, 10h
call sub_415543
or edi, eax
push edi
call dword_43A398
movzx eax, ax
mov [ebp+var_30], eax
mov eax, [ebp+arg_4]
inc [ebp+arg_4]
push eax
call dword_43A394
push 14h
mov [ebp+var_14], eax
mov eax, [ebp+var_10]
pop edi
push edi
mov [ebp+var_74], eax
mov [ebp+var_70], bl
mov [ebp+var_6F], 6
call dword_43A398
mov [ebp+var_6E], ax
mov eax, [ebp+var_14]
mov [ebp+var_78], eax
lea eax, [ebp+var_78]
push 20h
push eax
lea eax, [ebp+var_B4]
push eax
call sub_4155D0
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_94]
push eax
call sub_4155D0
lea eax, [ebp+var_B4]
push 34h
push eax
call sub_40A1CA
mov [ebp+var_24], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_4155D0
lea eax, [ebp+var_34]
push edi
push eax
lea eax, [ebp+var_A0]
push eax
call sub_4155D0
push 4
lea eax, [ebp+var_8C]
push ebx
push eax
call sub_415570
add esp, 44h
lea eax, [ebp+var_B4]
push 28h
push eax
call sub_40A1CA
mov [ebp+var_16], ax
lea eax, [ebp+var_20]
push edi
push eax
lea eax, [ebp+var_B4]
push eax
call sub_4155D0
add esp, 14h
lea eax, [ebp+var_50]
push 10h
push eax
push ebx
lea eax, [ebp+var_B4]
push 28h
push eax
push [ebp+var_C]
call dword_43A3FC
cmp eax, 0FFFFFFFFh
jz short loc_401B3A
add [ebp+arg_8], eax
lea eax, [ebp+var_8]
push eax
call dword_421050
mov eax, [ebp+var_4]
cmp eax, esi
jg short loc_401B63
jl loc_4019F5
mov eax, [ebp+var_8]
cmp eax, [ebp+var_58]
jnb short loc_401B63
jmp loc_4019F5
; ---------------------------------------------------------------------------
loc_401B3A: ; CODE XREF: sub_4018CA+247�j
call dword_43A32C
push eax
lea eax, [ebp+var_F4]
push offset dword_4232B0
push eax
call sub_4154E7
lea eax, [ebp+var_F4]
push eax
call sub_40B16D
add esp, 10h
jmp short loc_401B66
; ---------------------------------------------------------------------------
loc_401B63: ; CODE XREF: sub_4018CA+25B�j
; sub_4018CA+269�j
mov ebx, [ebp+arg_8]
loc_401B66: ; CODE XREF: sub_4018CA+78�j
; sub_4018CA+297�j
push [ebp+var_C]
call dword_43A430
pop esi
loc_401B70: ; CODE XREF: sub_4018CA+5B�j
call dword_43A2F8
mov eax, ebx
loc_401B78: ; CODE XREF: sub_4018CA+3B�j
pop edi
pop ebx
leave
retn
sub_4018CA endp
; =============== S U B R O U T I N E =======================================
sub_401B7C proc near ; CODE XREF: sub_40182E+3C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push ebx
push esi
push edi
push [esp+0Ch+arg_0]
call sub_40A05B
push [esp+10h+arg_4]
mov esi, eax
call sub_415A5F
push [esp+14h+arg_8]
mov ebx, eax
call sub_415A5F
mov edi, eax
call sub_415543
cdq
mov ecx, 200h
push edi
idiv ecx
push ebx
lea eax, [edx+esi+100h]
push eax
push esi
call sub_4018CA
add esp, 1Ch
test eax, eax
jnz short loc_401BC7
push 1
pop eax
loc_401BC7: ; CODE XREF: sub_401B7C+46�j
cdq
mov ecx, 3E8h
idiv ecx
cdq
idiv edi
pop edi
pop esi
pop ebx
retn
sub_401B7C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401BD6 proc near ; DATA XREF: sub_40CE55+2C1E�o
var_440 = byte ptr -440h
var_240 = dword ptr -240h
var_23C = byte ptr -23Ch
var_1BC = byte ptr -1BCh
var_13C = byte ptr -13Ch
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = byte ptr -0A0h
var_9F = byte ptr -9Fh
var_8C = byte ptr -8Ch
var_80 = byte ptr -80h
var_78 = byte ptr -78h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = byte ptr -5Ch
var_5B = byte ptr -5Bh
var_5A = word ptr -5Ah
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_2A = word ptr -2Ah
var_28 = word ptr -28h
var_26 = word ptr -26h
var_24 = byte ptr -24h
var_23 = byte ptr -23h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 440h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 68h
mov esi, eax
pop ecx
lea edi, [ebp+var_240]
rep movsd
push 1
xor ebx, ebx
pop esi
lea edi, [ebp+var_9F]
push 0Eh
mov [eax+19Ch], esi
pop ecx
xor eax, eax
mov [ebp+var_A0], bl
rep stosd
stosw
stosb
mov edi, dword_42104C
call edi
push eax
call sub_415539
pop ecx
push 0FFh
push 3
push 2
call dword_43A418
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_401C9F
call dword_43A32C
push eax
lea eax, [ebp+var_440]
push offset dword_423438
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401C7F
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_412D4C
add esp, 14h
loc_401C7F: ; CODE XREF: sub_401BD6+84�j
lea eax, [ebp+var_440]
push eax
call sub_40B16D
push [ebp+var_BC]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
loc_401C9F: ; CODE XREF: sub_401BD6+61�j
lea ecx, [ebp+var_34]
push 4
push ecx
push 2
push ebx
push eax
mov [ebp+var_34], esi
call dword_43A378
cmp eax, 0FFFFFFFFh
jnz short loc_401D1D
call dword_43A32C
push eax
lea eax, [ebp+var_440]
push offset dword_4233EC
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_A8], ebx
jnz short loc_401CFD
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_412D4C
add esp, 14h
loc_401CFD: ; CODE XREF: sub_401BD6+102�j
lea eax, [ebp+var_440]
push eax
call sub_40B16D
push [ebp+var_BC]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
loc_401D1D: ; CODE XREF: sub_401BD6+DF�j
lea eax, [ebp+var_23C]
push eax
call dword_43A3D8
cmp eax, 0FFFFFFFFh
jnz short loc_401D8D
lea eax, [ebp+var_440]
push offset dword_4233B8
push eax
call sub_4154E7
cmp [ebp+var_A8], ebx
pop ecx
pop ecx
jnz short loc_401D6D
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_412D4C
add esp, 14h
loc_401D6D: ; CODE XREF: sub_401BD6+172�j
lea eax, [ebp+var_440]
push eax
call sub_40B16D
push [ebp+var_BC]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
loc_401D8D: ; CODE XREF: sub_401BD6+157�j
push 10h
lea eax, [ebp+var_44]
push ebx
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_44], 2
push ebx
call dword_43A398
mov [ebp+var_42], ax
lea eax, [ebp+var_23C]
push eax
call dword_43A3D8
mov [ebp+var_40], eax
mov [ebp+arg_0], ebx
call edi
mov [ebp+var_30], eax
loc_401DC5: ; CODE XREF: sub_401BD6+430�j
call edi
sub eax, [ebp+var_30]
xor edx, edx
mov ecx, 3E8h
div ecx
cmp eax, [ebp+var_B4]
ja loc_402089
push 28h
mov [ebp+var_2C], 45h
call dword_43A398
cmp [ebp+var_B0], ebx
mov [ebp+var_2A], ax
mov [ebp+var_28], si
mov [ebp+var_26], bx
mov [ebp+var_24], 80h
mov [ebp+var_23], 6
mov [ebp+var_22], bx
jz short loc_401E38
call sub_415543
mov esi, eax
shl esi, 8
call sub_415543
add esi, eax
shl esi, 8
call sub_415543
add esi, eax
shl esi, 8
call sub_415543
add esi, eax
push 1
mov [ebp+var_20], esi
pop esi
jmp short loc_401E4E
; ---------------------------------------------------------------------------
loc_401E38: ; CODE XREF: sub_401BD6+233�j
push [ebp+var_240]
call sub_40A171
pop ecx
push eax
call dword_43A3D8
mov [ebp+var_20], eax
loc_401E4E: ; CODE XREF: sub_401BD6+260�j
mov eax, [ebp+var_40]
cmp [ebp+var_B8], ebx
mov [ebp+var_1C], eax
jnz short loc_401E6C
call sub_415543
cdq
mov ecx, 401h
idiv ecx
push edx
jmp short loc_401E72
; ---------------------------------------------------------------------------
loc_401E6C: ; CODE XREF: sub_401BD6+284�j
push [ebp+var_B8]
loc_401E72: ; CODE XREF: sub_401BD6+294�j
call dword_43A398
mov [ebp+var_16], ax
call sub_415543
cdq
mov ecx, 401h
idiv ecx
push edx
call dword_43A398
push 12345678h
mov [ebp+var_18], ax
call dword_43A394
mov [ebp+var_14], eax
lea eax, [ebp+var_1BC]
push offset dword_4233B4
push eax
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jz short loc_401EC2
mov [ebp+var_10], ebx
mov [ebp+var_B], 2
jmp short loc_401F1E
; ---------------------------------------------------------------------------
loc_401EC2: ; CODE XREF: sub_401BD6+2E1�j
lea eax, [ebp+var_1BC]
push offset dword_4233B0
push eax
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jz short loc_401EE2
mov [ebp+var_10], ebx
mov [ebp+var_B], 10h
jmp short loc_401F1E
; ---------------------------------------------------------------------------
loc_401EE2: ; CODE XREF: sub_401BD6+301�j
lea eax, [ebp+var_1BC]
push offset dword_4233A8
push eax
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jz short loc_401F1E
call sub_415543
push 3
cdq
pop ecx
idiv ecx
mov [ebp+var_10], edx
call sub_415543
push 2
cdq
pop ecx
idiv ecx
neg edx
sbb dl, dl
and dl, 0Eh
add dl, cl
mov [ebp+var_B], dl
loc_401F1E: ; CODE XREF: sub_401BD6+2EA�j
; sub_401BD6+30A�j ...
push 200h
mov [ebp+var_C], 50h
call dword_43A398
mov [ebp+var_A], ax
mov eax, [ebp+var_20]
mov [ebp+var_64], eax
mov eax, [ebp+var_1C]
push 14h
mov [ebp+var_6], bx
mov [ebp+var_8], bx
mov [ebp+var_60], eax
mov [ebp+var_5C], bl
mov [ebp+var_5B], 6
call dword_43A398
mov [ebp+var_5A], ax
lea eax, [ebp+var_64]
push 20h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_4155D0
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_80]
push eax
call sub_4155D0
lea eax, [ebp+var_A0]
push 34h
push eax
call sub_40A1CA
mov [ebp+var_8], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_4155D0
lea eax, [ebp+var_18]
push 14h
push eax
lea eax, [ebp+var_8C]
push eax
call sub_4155D0
push 4
lea eax, [ebp+var_78]
push ebx
push eax
call sub_415570
add esp, 44h
lea eax, [ebp+var_A0]
push 28h
push eax
call sub_40A1CA
mov [ebp+var_22], ax
lea eax, [ebp+var_2C]
push 14h
push eax
lea eax, [ebp+var_A0]
push eax
call sub_4155D0
add esp, 14h
lea eax, [ebp+var_44]
push 10h
push eax
push ebx
lea eax, [ebp+var_A0]
push 3Ch
push eax
push [ebp+var_4]
call dword_43A3FC
cmp eax, 0FFFFFFFFh
jz short loc_40200B
inc [ebp+arg_0]
jmp loc_401DC5
; ---------------------------------------------------------------------------
loc_40200B: ; CODE XREF: sub_401BD6+42B�j
push [ebp+var_4]
call dword_43A430
call dword_43A32C
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
push offset dword_423344
lea eax, [ebp+var_440]
push 200h
push eax
call sub_415A6A
add esp, 18h
cmp [ebp+var_A8], ebx
jnz short loc_402069
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_412D4C
add esp, 14h
loc_402069: ; CODE XREF: sub_401BD6+46E�j
lea eax, [ebp+var_440]
push eax
call sub_40B16D
push [ebp+var_BC]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
loc_402089: ; CODE XREF: sub_401BD6+203�j
push [ebp+var_4]
call dword_43A430
mov eax, [ebp+arg_0]
xor edx, edx
imul eax, 3Ch
mov ecx, eax
shr eax, 0Ah
div [ebp+var_B4]
shr ecx, 14h
push ecx
push eax
lea eax, [ebp+var_23C]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_1BC]
push eax
lea eax, [ebp+var_440]
push offset dword_4232E0
push eax
call sub_4154E7
add esp, 1Ch
cmp [ebp+var_A8], ebx
jnz short loc_4020FA
push ebx
lea eax, [ebp+var_440]
push [ebp+var_AC]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_240]
call sub_412D4C
add esp, 14h
loc_4020FA: ; CODE XREF: sub_401BD6+4FF�j
lea eax, [ebp+var_440]
push eax
call sub_40B16D
push [ebp+var_BC]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
sub_401BD6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40211A proc near ; CODE XREF: sub_4021FB+B4�p
; sub_4021FB+253�p
var_314 = byte ptr -314h
var_114 = byte ptr -114h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = byte ptr 14h
arg_8C = dword ptr 94h
arg_90 = dword ptr 98h
push ebp
mov ebp, esp
sub esp, 314h
lea eax, [ebp+var_10]
push esi
push eax
call dword_42105C
lea eax, [ebp+var_114]
push 104h
push eax
call dword_421058
lea eax, [ebp+var_114]
push offset dword_423C30
push eax
call sub_415C10
lea eax, [ebp+var_114]
push offset dword_42C20C
push eax
call sub_415C10
lea eax, [ebp+var_114]
push offset dword_423C2C
push eax
call sub_415BE8
mov esi, eax
add esp, 18h
test esi, esi
jnz short loc_402181
push 1
pop eax
jmp short loc_4021F8
; ---------------------------------------------------------------------------
loc_402181: ; CODE XREF: sub_40211A+60�j
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset dword_423C10
push esi
call sub_415B96
push esi
call sub_415B40
add esp, 28h
cmp [ebp+arg_90], 0
jnz short loc_4021F6
push [ebp+arg_0]
lea eax, [ebp+var_314]
push offset dword_423BEC
push 200h
push eax
call sub_415A6A
push 0
lea eax, [ebp+var_314]
push [ebp+arg_8C]
push eax
lea eax, [ebp+arg_C]
push eax
push [ebp+arg_4]
call sub_412D4C
add esp, 24h
loc_4021F6: ; CODE XREF: sub_40211A+A3�j
xor eax, eax
loc_4021F8: ; CODE XREF: sub_40211A+65�j
pop esi
leave
retn
sub_40211A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4021FB proc near ; DATA XREF: sub_40CE55+1E1E�o
var_8DC = dword ptr -8DCh
var_8D8 = byte ptr -8D8h
var_4DC = byte ptr -4DCh
var_2DD = byte ptr -2DDh
var_2DC = byte ptr -2DCh
var_DC = byte ptr -0DCh
var_D8 = dword ptr -0D8h
var_48 = byte ptr -48h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 8DCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
and [ebp+var_8DC], 0
push 25h
and [ebp+var_4], 0
pop ecx
mov esi, eax
lea edi, [ebp+var_DC]
rep movsd
mov dword ptr [eax+90h], 1
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp+var_8D8]
rep stosd
call dword_43A320
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call dword_43A334
mov ebx, 200h
loc_402256: ; CODE XREF: sub_4021FB+2C7�j
push 8
call dword_421060
call dword_43A320
cmp eax, [ebp+var_8]
jz short loc_4022DE
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
mov [ebp+var_8], eax
call dword_43A334
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
lea eax, [ebp+var_4DC]
push offset dword_423C60
push eax
call sub_4154E7
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_40211A
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_415570
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_415570
add esp, 0Ch
loc_4022DE: ; CODE XREF: sub_4021FB+6C�j
mov [ebp+arg_0], offset dword_423484
loc_4022E5: ; CODE XREF: sub_4021FB+2BD�j
push 10h
call dword_43A278
movsx esi, ax
mov eax, [ebp+arg_0]
mov edi, [eax-4]
push edi
call dword_43A364
test ah, 80h
jz short loc_40237D
push 14h
call dword_43A278
test ax, ax
jz short loc_40232E
cmp esi, 0FFFFFFFFh
jle short loc_40232E
cmp edi, 40h
jle short loc_40232E
cmp edi, 5Bh
jge short loc_40232E
mov [ebp+edi*4+var_8DC], 1
jmp loc_4024AD
; ---------------------------------------------------------------------------
loc_40232E: ; CODE XREF: sub_4021FB+112�j
; sub_4021FB+117�j ...
push 14h
call dword_43A278
test ax, ax
jz short loc_402359
test esi, esi
jge short loc_40236D
cmp edi, 40h
jle short loc_402359
cmp edi, 5Bh
jge short loc_402359
mov [ebp+edi*4+var_8DC], 2
jmp loc_4024AD
; ---------------------------------------------------------------------------
loc_402359: ; CODE XREF: sub_4021FB+13E�j
; sub_4021FB+147�j ...
test esi, esi
jge short loc_40236D
mov [ebp+edi*4+var_8DC], 3
jmp loc_4024AD
; ---------------------------------------------------------------------------
loc_40236D: ; CODE XREF: sub_4021FB+142�j
; sub_4021FB+160�j
mov [ebp+edi*4+var_8DC], 4
jmp loc_4024AD
; ---------------------------------------------------------------------------
loc_40237D: ; CODE XREF: sub_4021FB+105�j
mov esi, [ebp+edi*4+var_8DC]
lea eax, [ebp+edi*4+var_8DC]
test esi, esi
jz loc_4024AD
and dword ptr [eax], 0
lea eax, [ebp+var_2DC]
cmp edi, 8
push eax
jnz short loc_4023B5
call sub_415CF0
and [ebp+eax+var_2DD], 0
pop ecx
jmp loc_4024AD
; ---------------------------------------------------------------------------
loc_4023B5: ; CODE XREF: sub_4021FB+1A5�j
call sub_415CF0
cmp eax, 1B9h
pop ecx
jbe short loc_4023E7
call dword_43A320
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call dword_43A334
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset dword_423C48
jmp short loc_402428
; ---------------------------------------------------------------------------
loc_4023E7: ; CODE XREF: sub_4021FB+1C5�j
cmp edi, 0Dh
jnz loc_40247F
lea eax, [ebp+var_2DC]
push eax
call sub_415CF0
test eax, eax
pop ecx
jz loc_4024AD
call dword_43A320
lea ecx, [ebp+var_48]
push 3Ch
push ecx
push eax
call dword_43A334
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_2DC]
push eax
push offset dword_423C34
loc_402428: ; CODE XREF: sub_4021FB+1EA�j
lea eax, [ebp+var_4DC]
push eax
call sub_4154E7
sub esp, 84h
lea esi, [ebp+var_DC]
lea eax, [ebp+var_4DC]
push 25h
pop ecx
mov edi, esp
push eax
rep movsd
call sub_40211A
mov [ebp+var_4], eax
push ebx
lea eax, [ebp+var_2DC]
push 0
push eax
call sub_415570
add esp, 0A4h
lea eax, [ebp+var_4DC]
push ebx
push 0
push eax
call sub_415570
add esp, 0Ch
jmp short loc_4024AD
; ---------------------------------------------------------------------------
loc_40247F: ; CODE XREF: sub_4021FB+1EF�j
cmp esi, 1
jz short loc_402498
cmp esi, 3
jz short loc_402498
cmp esi, 2
jz short loc_402493
cmp esi, 4
jnz short loc_4024AD
loc_402493: ; CODE XREF: sub_4021FB+291�j
push [ebp+arg_0]
jmp short loc_40249F
; ---------------------------------------------------------------------------
loc_402498: ; CODE XREF: sub_4021FB+287�j
; sub_4021FB+28C�j
mov eax, [ebp+arg_0]
add eax, 7
push eax
loc_40249F: ; CODE XREF: sub_4021FB+29B�j
lea eax, [ebp+var_2DC]
push eax
call sub_415C10
pop ecx
pop ecx
loc_4024AD: ; CODE XREF: sub_4021FB+12E�j
; sub_4021FB+159�j ...
add [ebp+arg_0], 14h
cmp [ebp+arg_0], offset dword_423BB4
jl loc_4022E5
cmp [ebp+var_4], 0
jz loc_402256
push [ebp+var_D8]
call sub_4152AF
pop ecx
push 0
call dword_421048
sub_4021FB endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024DC proc near ; DATA XREF: sub_40CE55+1C67�o
var_102B4 = byte ptr -102B4h
var_102AB = byte ptr -102ABh
var_102A8 = dword ptr -102A8h
var_102A0 = dword ptr -102A0h
var_10293 = byte ptr -10293h
var_1028C = byte ptr -1028Ch
var_2B4 = byte ptr -2B4h
var_B4 = dword ptr -0B4h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 102B4h
call sub_415D70
mov edx, [ebp+arg_0]
push esi
push edi
push 1
pop eax
mov esi, edx
push 25h
lea edi, [ebp+var_B4]
pop ecx
mov [ebp+var_8], eax
rep movsd
mov [edx+90h], eax
xor esi, esi
push 10h
lea eax, [ebp+var_1C]
push esi
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_1C], 2
push esi
call dword_43A398
push [ebp+var_B4]
mov [ebp+var_1A], ax
call sub_40A171
pop ecx
push eax
call dword_43A3D8
push esi
push 3
push 2
mov [ebp+var_18], eax
call dword_43A418
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jnz short loc_4025B1
call dword_43A32C
push eax
lea eax, [ebp+var_2B4]
push offset dword_42462C
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402594
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_412D4C
add esp, 14h
loc_402594: ; CODE XREF: sub_4024DC+96�j
lea eax, [ebp+var_2B4]
push eax
call sub_40B16D
push [ebp+var_30]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
loc_4025B1: ; CODE XREF: sub_4024DC+76�j
mov eax, [ebp+var_30]
push 10h
imul eax, 234h
mov dword_43F534[eax], edi
lea eax, [ebp+var_1C]
push eax
push edi
call dword_43A3C4
cmp eax, 0FFFFFFFFh
jnz short loc_402636
call dword_43A32C
push eax
lea eax, [ebp+var_2B4]
push offset dword_4245E4
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402612
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_412D4C
add esp, 14h
loc_402612: ; CODE XREF: sub_4024DC+114�j
lea eax, [ebp+var_2B4]
push eax
call sub_40B16D
pop ecx
push edi
call dword_43A430
push [ebp+var_30]
call sub_4152AF
pop ecx
push esi
call dword_421048
loc_402636: ; CODE XREF: sub_4024DC+F4�j
push esi
lea eax, [ebp+var_20]
push esi
push eax
push esi
push esi
lea eax, [ebp+var_8]
push 4
push eax
push 98000001h
push edi
call dword_43A344
cmp eax, 0FFFFFFFFh
jnz short loc_4026B9
call dword_43A32C
push eax
lea eax, [ebp+var_2B4]
push offset dword_424598
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_28], esi
jnz short loc_402695
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_412D4C
add esp, 14h
loc_402695: ; CODE XREF: sub_4024DC+197�j
lea eax, [ebp+var_2B4]
push eax
call sub_40B16D
pop ecx
push edi
call dword_43A430
push [ebp+var_30]
call sub_4152AF
pop ecx
push esi
call dword_421048
loc_4026B9: ; CODE XREF: sub_4024DC+177�j
push ebx
mov ebx, offset dword_423C90
loc_4026BF: ; CODE XREF: sub_4024DC+21B�j
; sub_4024DC+22D�j ...
mov edi, 0FFFFh
lea eax, [ebp+var_102B4]
push edi
push esi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_102B4]
push esi
push edi
push eax
push [ebp+var_4]
call dword_43A3B0
cmp eax, 0FFFFFFFFh
jz loc_4027D1
cmp [ebp+var_102AB], 6
jnz short loc_4026BF
mov eax, [ebp+var_102A8]
cmp [ebp+var_10293], 18h
mov [ebp+var_C], eax
jnz short loc_4026BF
lea eax, [ebp+var_1028C]
push offset dword_42458C
push eax
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jnz short loc_4026BF
mov eax, ebx
xor edi, edi
test eax, eax
jz short loc_4026BF
mov [ebp+arg_0], ebx
loc_40272D: ; CODE XREF: sub_4024DC+26C�j
push eax
lea eax, [ebp+var_1028C]
push eax
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jnz short loc_40274F
inc edi
add [ebp+arg_0], 18h
mov eax, [ebp+arg_0]
jnz short loc_40272D
jmp loc_4026BF
; ---------------------------------------------------------------------------
loc_40274F: ; CODE XREF: sub_4024DC+262�j
lea eax, [ebp+var_1028C]
push eax
push [ebp+var_102A0]
call dword_43A2D4
movzx eax, ax
push eax
push [ebp+var_C]
call dword_43A424
push eax
lea eax, [edi+edi*2]
mov eax, dword_423CA4[eax*8]
push dword_423C80[eax*4]
lea eax, [ebp+var_2B4]
push offset dword_424544
push 200h
push eax
call sub_415A6A
add esp, 1Ch
cmp [ebp+var_28], esi
jnz short loc_4027BF
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_412D4C
add esp, 14h
loc_4027BF: ; CODE XREF: sub_4024DC+2C1�j
lea eax, [ebp+var_2B4]
push eax
call sub_40B16D
pop ecx
jmp loc_4026BF
; ---------------------------------------------------------------------------
loc_4027D1: ; CODE XREF: sub_4024DC+20E�j
call dword_43A32C
push eax
push offset dword_4244FC
lea eax, [ebp+var_2B4]
push 200h
push eax
call sub_415A6A
add esp, 10h
cmp [ebp+var_28], esi
pop ebx
jnz short loc_402817
push esi
lea eax, [ebp+var_2B4]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+var_B4]
call sub_412D4C
add esp, 14h
loc_402817: ; CODE XREF: sub_4024DC+319�j
lea eax, [ebp+var_2B4]
push eax
call sub_40B16D
pop ecx
push [ebp+var_4]
call dword_43A430
push [ebp+var_30]
call sub_4152AF
pop ecx
push esi
call dword_421048
sub_4024DC endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40283D proc near ; CODE XREF: sub_402988+440�p
var_5A4 = byte ptr -5A4h
var_1A4 = byte ptr -1A4h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A4h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_14], 2
push eax
call dword_4211D8
mov [ebp+var_10], eax
mov ax, word_424F58
push eax
call dword_4211DC
push esi
push 1
push 2
mov [ebp+var_12], ax
call dword_4211E0
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_4], edi
jz loc_40295D
lea eax, [ebp+var_14]
push 10h
push eax
push edi
call dword_4211E4
cmp eax, 0FFFFFFFFh
jz loc_40295D
push esi
lea eax, [ebp+var_5A4]
push 400h
push eax
push edi
call dword_4211E8
mov esi, offset byte_42C1FC
mov ebx, 190h
push esi
push esi
push offset dword_42C25C
push offset dword_42C258
push offset dword_42C250
push offset dword_468994
push offset dword_425058
lea eax, [ebp+var_1A4]
push ebx
push eax
call sub_415A6A
add esp, 24h
lea eax, [ebp+var_1A4]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push edi
mov edi, dword_4211EC
call edi
cmp eax, 0FFFFFFFFh
jz short loc_40295D
push 1F4h
call dword_421060
push esi
push offset dword_425050
lea eax, [ebp+var_1A4]
push ebx
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_1A4]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1A4]
push eax
push [ebp+var_4]
call edi
cmp eax, 0FFFFFFFFh
jnz short loc_402961
loc_40295D: ; CODE XREF: sub_40283D+54�j
; sub_40283D+6A�j ...
xor al, al
jmp short loc_402983
; ---------------------------------------------------------------------------
loc_402961: ; CODE XREF: sub_40283D+11E�j
push 0
lea eax, [ebp+var_5A4]
push 400h
push eax
push [ebp+var_4]
call dword_4211E8
push [ebp+var_4]
call dword_4211F0
mov al, 1
loc_402983: ; CODE XREF: sub_40283D+122�j
pop edi
pop esi
pop ebx
leave
retn
sub_40283D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402988 proc near ; CODE XREF: sub_402DDD+11B�p
; sub_402DDD+13D�p
var_89B0 = byte ptr -89B0h
var_8948 = byte ptr -8948h
var_68D8 = byte ptr -68D8h
var_6868 = byte ptr -6868h
var_5DA4 = byte ptr -5DA4h
var_4800 = byte ptr -4800h
var_47FF = byte ptr -47FFh
var_376C = byte ptr -376Ch
var_2CA8 = byte ptr -2CA8h
var_2CA7 = byte ptr -2CA7h
var_2CA4 = byte ptr -2CA4h
var_2C28 = byte ptr -2C28h
var_2458 = byte ptr -2458h
var_1FAD = byte ptr -1FADh
var_1CC0 = byte ptr -1CC0h
var_14DC = byte ptr -14DCh
var_14CC = byte ptr -14CCh
var_11A8 = byte ptr -11A8h
var_11A4 = byte ptr -11A4h
var_1198 = byte ptr -1198h
var_F10 = byte ptr -0F10h
var_E70 = byte ptr -0E70h
var_764 = dword ptr -764h
var_754 = byte ptr -754h
var_740 = byte ptr -740h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
var_B0 = byte ptr -0B0h
var_AD = byte ptr -0ADh
var_83 = byte ptr -83h
var_81 = byte ptr -81h
var_80 = byte ptr -80h
var_38 = byte ptr -38h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B0h
call sub_415D70
mov eax, dword_4250D0
push ebx
mov [ebp+var_10], eax
mov eax, dword_4250D4
mov [ebp+var_C], eax
push esi
lea eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_38]
push offset dword_4250C4
push eax
call sub_4154E7
add esp, 0Ch
xor ecx, ecx
lea eax, [ebp+var_FF]
loc_4029C5: ; CODE XREF: sub_402988+4D�j
mov dl, [ebp+ecx+var_38]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, 28h
jl short loc_4029C5
push 60h
lea eax, [ebp+var_B0]
push offset dword_424B68
push eax
call sub_4155D0
lea eax, [ebp+var_38]
push eax
call sub_415CF0
shl eax, 1
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
call sub_4155D0
add esp, 1Ch
lea eax, [ebp+var_38]
push 9
push offset byte_424BBF
push eax
call sub_415CF0
pop ecx
lea eax, [ebp+eax*2+var_81]
push eax
call sub_4155D0
lea eax, [ebp+var_38]
push eax
call sub_415CF0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_AD]
push eax
call sub_4155D0
lea eax, [ebp+var_38]
push eax
call sub_415CF0
shl al, 1
add al, 9
push 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_83]
push eax
call sub_4155D0
mov ax, word_424F58
add esp, 2Ch
push eax
call dword_4211DC
xor eax, 9999h
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_424868
call sub_4155D0
add esp, 0Ch
cmp [ebp+arg_C0], 0
jz loc_402B7F
mov edi, 0DACh
lea eax, [ebp+var_1CC0]
push edi
push 90h
push eax
call sub_415570
mov eax, [ebp+arg_C0]
push 4
imul eax, 3Ch
lea ebx, dword_424F98[eax]
lea eax, [ebp+var_14DC]
push ebx
push eax
call sub_4155D0
mov esi, offset dword_4247B8
push esi
call sub_415CF0
push eax
lea eax, [ebp+var_14CC]
push esi
push eax
call sub_4155D0
push 4
lea eax, [ebp+var_11A8]
push offset dword_4250BC
push eax
call sub_4155D0
push 4
lea eax, [ebp+var_11A4]
push ebx
push eax
call sub_4155D0
add esp, 40h
push esi
call sub_415CF0
push eax
lea eax, [ebp+var_1198]
push esi
push eax
call sub_4155D0
add esp, 10h
xor ecx, ecx
lea eax, [ebp+var_47FF]
loc_402B35: ; CODE XREF: sub_402988+1BF�j
mov dl, [ebp+ecx+var_1CC0]
mov [eax-1], dl
and byte ptr [eax], 0
inc ecx
inc eax
inc eax
cmp ecx, edi
jl short loc_402B35
and [ebp+var_2CA8], 0
and [ebp+var_2CA7], 0
mov esi, 1C52h
lea eax, [ebp+var_89B0]
push esi
push 31h
push eax
call sub_415570
push esi
lea eax, [ebp+var_68D8]
push 31h
push eax
call sub_415570
add esp, 18h
jmp short loc_402BD6
; ---------------------------------------------------------------------------
loc_402B7F: ; CODE XREF: sub_402988+115�j
push 7D0h
lea eax, [ebp+var_F10]
push 90h
push eax
call sub_415570
mov esi, offset dword_4247B8
push esi
call sub_415CF0
push eax
lea eax, [ebp+var_E70]
push esi
push eax
call sub_4155D0
lea eax, [ebp+var_10]
push eax
call sub_415CF0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_754]
push eax
call sub_4155D0
mov eax, dword_424F98
add esp, 2Ch
mov [ebp+var_764], eax
loc_402BD6: ; CODE XREF: sub_402988+1F5�j
push 0E29h
lea eax, [ebp+var_2CA4]
push 31h
push eax
call sub_415570
movsx eax, [ebp+var_1]
add esp, 0Ch
add eax, 4
mov esi, dword_4211EC
push 0
push eax
lea eax, [ebp+var_B0]
push eax
push [ebp+arg_BC]
call esi
cmp eax, 0FFFFFFFFh
jnz short loc_402C17
loc_402C10: ; CODE XREF: sub_402988+2C0�j
; sub_402988+2EB�j ...
xor al, al
jmp loc_402DD8
; ---------------------------------------------------------------------------
loc_402C17: ; CODE XREF: sub_402988+286�j
mov edi, dword_4211E8
mov ebx, 640h
push 0
lea eax, [ebp+var_740]
push ebx
push eax
push [ebp+arg_BC]
call edi
push 0
push 68h
push offset dword_424BCC
push [ebp+arg_BC]
call esi
cmp eax, 0FFFFFFFFh
jz short loc_402C10
push 0
lea eax, [ebp+var_740]
push ebx
push eax
push [ebp+arg_BC]
call edi
push 0
push 0A0h
push offset dword_424C38
push [ebp+arg_BC]
call esi
cmp eax, 0FFFFFFFFh
jz short loc_402C10
push 0
lea eax, [ebp+var_740]
push ebx
push eax
push [ebp+arg_BC]
call edi
cmp [ebp+arg_C0], 0
jz loc_402D43
push 68h
lea eax, [ebp+var_89B0]
push offset dword_424DF0
push eax
call sub_4155D0
lea eax, [ebp+var_4800]
push 1B5Ah
push eax
lea eax, [ebp+var_8948]
push eax
call sub_4155D0
push 70h
lea eax, [ebp+var_68D8]
push offset dword_424E5C
push eax
call sub_4155D0
lea eax, [ebp+var_376C]
push 0A5Eh
push eax
lea eax, [ebp+var_6868]
push eax
call sub_4155D0
push 84h
lea eax, [ebp+var_5DA4]
push offset dword_424ED0
push eax
call sub_4155D0
add esp, 3Ch
lea eax, [ebp+var_89B0]
push 0
push 10FCh
push eax
push [ebp+arg_BC]
call esi
cmp eax, 0FFFFFFFFh
jz loc_402C10
push 0
lea eax, [ebp+var_740]
push ebx
push eax
push [ebp+arg_BC]
call edi
push 0
push 0FDCh
lea eax, [ebp+var_68D8]
jmp short loc_402D9B
; ---------------------------------------------------------------------------
loc_402D43: ; CODE XREF: sub_402988+306�j
push 7Ch
lea eax, [ebp+var_2CA4]
push offset dword_424CDC
push eax
call sub_4155D0
lea eax, [ebp+var_F10]
push 7D0h
push eax
lea eax, [ebp+var_2C28]
push eax
call sub_4155D0
push 90h
lea eax, [ebp+var_2458]
push offset dword_424D5C
push eax
call sub_4155D0
add esp, 24h
and [ebp+var_1FAD], 0
lea eax, [ebp+var_2CA4]
push 0
push 0CF8h
loc_402D9B: ; CODE XREF: sub_402988+3B9�j
push eax
push [ebp+arg_BC]
call esi
cmp eax, 0FFFFFFFFh
jz loc_402C10
push 12Ch
call dword_421060
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40283D
add esp, 0BCh
test al, al
setnz al
loc_402DD8: ; CODE XREF: sub_402988+28A�j
pop edi
pop esi
pop ebx
leave
retn
sub_402988 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402DDD proc near ; CODE XREF: .nsp0:00403E5C�p
var_858 = byte ptr -858h
var_814 = byte ptr -814h
var_218 = byte ptr -218h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_B0 = dword ptr 0B8h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push esi
push edi
xor edi, edi
push 10h
lea eax, [ebp+var_18]
push edi
push eax
mov [ebp+var_8], edi
call sub_415570
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_18], 2
push eax
call dword_4211D8
push [ebp+arg_A0]
mov [ebp+var_14], eax
call dword_4211DC
push 6
push 1
push 2
mov [ebp+var_16], ax
call dword_4211E0
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+var_4], esi
jz loc_402EDA
lea eax, [ebp+var_18]
push 10h
push eax
push esi
call dword_4211E4
cmp eax, 0FFFFFFFFh
jz loc_402EDA
mov ebx, dword_4211EC
push edi
push 89h
push offset dword_424950
push esi
call ebx
cmp eax, 0FFFFFFFFh
jz short loc_402EDA
push edi
mov edi, 640h
lea eax, [ebp+var_858]
push edi
push eax
push esi
mov esi, dword_4211E8
call esi
push 0
push 0A8h
push offset dword_4249DC
push [ebp+var_4]
call ebx
cmp eax, 0FFFFFFFFh
jz short loc_402EDA
push 0
lea eax, [ebp+var_858]
push edi
push eax
push [ebp+var_4]
call esi
push 0
push 0DEh
push offset dword_424A88
push [ebp+var_4]
call ebx
cmp eax, 0FFFFFFFFh
jz short loc_402EDA
mov ebx, [ebp+var_4]
push 0
lea eax, [ebp+var_858]
push edi
push eax
push ebx
call esi
movsx eax, [ebp+var_814]
sub eax, 30h
jz short loc_402EE5
dec eax
jz short loc_402EE1
loc_402EDA: ; CODE XREF: sub_402DDD+57�j
; sub_402DDD+6D�j ...
xor eax, eax
jmp loc_402F7F
; ---------------------------------------------------------------------------
loc_402EE1: ; CODE XREF: sub_402DDD+FB�j
push 0
jmp short loc_402F09
; ---------------------------------------------------------------------------
loc_402EE5: ; CODE XREF: sub_402DDD+F8�j
push 2
push ebx
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_402988
add esp, 0C4h
test al, al
jnz short loc_402F29
push 1
loc_402F09: ; CODE XREF: sub_402DDD+106�j
push ebx
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_402988
add esp, 0C4h
test al, al
jz short loc_402F30
loc_402F29: ; CODE XREF: sub_402DDD+128�j
mov [ebp+var_8], 1
loc_402F30: ; CODE XREF: sub_402DDD+14A�j
push ebx
call dword_4211F0
cmp [ebp+var_8], 0
jz short loc_402F7C
push 0
lea eax, [ebp+var_218]
push [ebp+arg_B0]
push eax
lea eax, [ebp+arg_14]
push eax
push [ebp+arg_0]
call sub_412D4C
lea eax, [ebp+var_218]
push eax
call sub_40B16D
mov eax, [ebp+arg_A8]
add esp, 18h
imul eax, 3Ch
inc dword_427340[eax]
lea eax, dword_427340[eax]
loc_402F7C: ; CODE XREF: sub_402DDD+15E�j
push 1
pop eax
loc_402F7F: ; CODE XREF: sub_402DDD+FF�j
pop edi
pop esi
pop ebx
leave
retn
sub_402DDD endp
; ---------------------------------------------------------------------------
push ebx
push esi
push edi
lea esi, [esp+10h]
sub esp, 0BCh
mov dword ptr [esp+16Ch], 87h
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_4033CB
push 2Fh
lea esi, [esp+0D0h]
pop ecx
mov dword ptr [esp+16Ch], 1BDh
mov edi, esp
mov ebx, eax
rep movsd
call sub_403C8B
add esp, 0BCh
test ebx, ebx
jnz short loc_402FD6
test eax, eax
jz short loc_402FD9
loc_402FD6: ; CODE XREF: .nsp0:00402FD0�j
push 1
pop eax
loc_402FD9: ; CODE XREF: .nsp0:00402FD4�j
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402FDD proc near ; CODE XREF: sub_4033CB+28�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 354h
push ebx
push esi
push edi
mov esi, offset dword_4255FC
lea edi, [ebp+var_C]
mov ecx, 8Ah
movsd
movsd
movsd
mov esi, offset dword_4255F4
lea edi, [ebp+var_354]
movsd
movsw
xor eax, eax
lea edi, [ebp+var_34E]
rep stosd
stosw
mov al, byte_438FBC
push 45h
mov [ebp+var_124], al
pop ecx
xor eax, eax
lea edi, [ebp+var_123]
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
push 0FFh
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
xor edi, edi
push edi
push edi
call dword_421064
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_415D9F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_415D9F
mov esi, [ebp+arg_4]
lea eax, [ebp+var_354]
add esp, 10h
mov [esi+14h], eax
mov eax, offset dword_438FB8
push edi
push eax
push eax
push esi
mov [esi+4], edi
mov [esi+10h], edi
mov [esi+1Ch], edi
call dword_43A438
cmp eax, 5
mov ebx, 4C3h
jz short loc_4030A1
cmp eax, ebx
jnz short loc_4030AB
loc_4030A1: ; CODE XREF: sub_402FDD+BE�j
push edi
push edi
push edi
push esi
call dword_43A438
loc_4030AB: ; CODE XREF: sub_402FDD+C2�j
cmp eax, 5
jz short loc_4030B9
cmp eax, ebx
jz short loc_4030B9
push 1
pop eax
jmp short loc_4030BB
; ---------------------------------------------------------------------------
loc_4030B9: ; CODE XREF: sub_402FDD+D1�j
; sub_402FDD+D5�j
xor eax, eax
loc_4030BB: ; CODE XREF: sub_402FDD+DA�j
pop edi
pop esi
pop ebx
leave
retn
sub_402FDD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4030C0 proc near ; CODE XREF: sub_4033CB+7A�p
; sub_4033CB+15A�p
var_354 = byte ptr -354h
var_34E = byte ptr -34Eh
var_124 = byte ptr -124h
var_123 = byte ptr -123h
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 354h
push esi
push edi
mov esi, offset dword_4255FC
lea edi, [ebp+var_C]
movsd
movsd
movsd
mov esi, offset dword_4255F4
lea edi, [ebp+var_354]
movsd
movsw
mov ecx, 8Ah
xor eax, eax
lea edi, [ebp+var_34E]
push 45h
rep stosd
stosw
mov al, byte_438FBC
pop ecx
mov [ebp+var_124], al
xor eax, eax
lea edi, [ebp+var_123]
push 0FFh
rep stosd
stosw
stosb
lea eax, [ebp+var_124]
xor esi, esi
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
push esi
push esi
call dword_421064
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_354]
push eax
call sub_415D9F
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_354]
push eax
call sub_415D9F
add esp, 10h
loc_403151: ; CODE XREF: sub_4030C0+AF�j
push esi
lea eax, [ebp+var_354]
push esi
push eax
call dword_43A2D8
test eax, eax
jz short loc_403171
push 7D0h
call dword_421060
jmp short loc_403151
; ---------------------------------------------------------------------------
loc_403171: ; CODE XREF: sub_4030C0+A2�j
push 1
pop eax
pop edi
pop esi
leave
retn
sub_4030C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403178 proc near ; CODE XREF: sub_4033CB+A9�p
; sub_4033CB+1E7�p
var_3004 = byte ptr -3004h
var_2004 = byte ptr -2004h
var_1FE0 = byte ptr -1FE0h
var_1FD4 = byte ptr -1FD4h
var_1F2D = byte ptr -1F2Dh
var_1004 = byte ptr -1004h
var_FFC = dword ptr -0FFCh
var_FF4 = dword ptr -0FF4h
var_F84 = dword ptr -0F84h
var_F80 = dword ptr -0F80h
var_F50 = dword ptr -0F50h
var_F4C = dword ptr -0F4Ch
var_F34 = dword ptr -0F34h
var_E78 = dword ptr -0E78h
var_CA4 = dword ptr -0CA4h
var_C9C = dword ptr -0C9Ch
var_C94 = byte ptr -0C94h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
arg_C4 = dword ptr 0CCh
push ebp
mov ebp, esp
mov eax, 3004h
call sub_415D70
push esi
push edi
push offset byte_42C1FC
mov esi, 0A7h
push [ebp+arg_0]
mov [ebp+var_4], esi
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_3004]
push 1000h
push eax
call sub_414E04
mov edi, eax
add esp, 10h
test edi, edi
jz loc_4033C7
push ebx
mov ebx, offset dword_425510
push 30h
lea eax, [ebp+var_2004]
push ebx
push eax
call sub_4155D0
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_415570
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+var_1F2D]
push eax
call sub_4155D0
add esp, 24h
lea esi, [edi+0D7h]
loc_4031FD: ; CODE XREF: sub_403178+D3�j
mov eax, esi
push 10h
cdq
pop ecx
idiv ecx
cmp edx, 0Ch
jz short loc_40324D
mov esi, [ebp+var_4]
push 30h
lea eax, [ebp+var_2004]
inc esi
push ebx
push eax
mov [ebp+var_4], esi
call sub_4155D0
push esi
lea eax, [ebp+var_1FD4]
push 0FFFFFF90h
push eax
call sub_415570
lea eax, [ebp+var_3004]
push edi
push eax
lea eax, [ebp+esi+var_1FD4]
push eax
call sub_4155D0
add esp, 24h
lea esi, [esi+edi+30h]
jmp short loc_4031FD
; ---------------------------------------------------------------------------
loc_40324D: ; CODE XREF: sub_403178+90�j
cmp [ebp+arg_C4], 0
jz short loc_403268
cmp [ebp+arg_C0], 3
jz short loc_403271
cmp [ebp+arg_C0], 0
jmp short loc_40326F
; ---------------------------------------------------------------------------
loc_403268: ; CODE XREF: sub_403178+DC�j
cmp [ebp+arg_C0], 3
loc_40326F: ; CODE XREF: sub_403178+EE�j
jnz short loc_40327A
loc_403271: ; CODE XREF: sub_403178+E5�j
push 4
push offset dword_4255F0
jmp short loc_403281
; ---------------------------------------------------------------------------
loc_40327A: ; CODE XREF: sub_403178:loc_40326F�j
push 4
push offset dword_4255EC
loc_403281: ; CODE XREF: sub_403178+100�j
lea eax, [ebp+var_1FE0]
push eax
call sub_4155D0
add esp, 0Ch
lea eax, [ebp+var_1004]
push 360h
push offset dword_425124
push eax
call sub_4155D0
push 10h
lea eax, [ebp+var_CA4]
push offset dword_425488
push eax
call sub_4155D0
lea eax, [ebp+var_2004]
push esi
push eax
lea eax, [ebp+var_C94]
push eax
call sub_4155D0
lea edi, [esi+370h]
push 3Ch
push offset dword_42549C
lea eax, [ebp+edi+var_1004]
push eax
call sub_4155D0
add edi, 3Ch
push 30h
push offset dword_4254DC
lea eax, [ebp+edi+var_1004]
push eax
call sub_4155D0
mov eax, esi
add edi, 30h
cdq
sub eax, edx
sar eax, 1
add [ebp+var_CA4], eax
add [ebp+var_C9C], eax
mov eax, [ebp+var_FFC]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FFC], eax
mov eax, [ebp+var_FF4]
lea eax, [eax+esi-0Ch]
mov [ebp+var_FF4], eax
mov eax, [ebp+var_F84]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F84], eax
mov eax, [ebp+var_F80]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F80], eax
mov eax, [ebp+var_F50]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F50], eax
mov eax, [ebp+var_F4C]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F4C], eax
mov eax, [ebp+var_F34]
lea eax, [eax+esi-0Ch]
mov [ebp+var_F34], eax
mov eax, [ebp+var_E78]
lea eax, [eax+esi-0Ch]
lea esi, [edi+1]
push esi
mov [ebp+var_E78], eax
call sub_415DC9
add esp, 40h
mov ebx, eax
push esi
push 0
push ebx
call sub_415570
lea eax, [ebp+var_1004]
push edi
push eax
push ebx
call sub_4155D0
mov eax, [ebp+arg_BC]
add esp, 18h
mov [eax], edi
mov eax, ebx
pop ebx
loc_4033C7: ; CODE XREF: sub_403178+3E�j
pop edi
pop esi
leave
retn
sub_403178 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4033CB proc near ; CODE XREF: .nsp0:00402FA3�p
var_1338 = byte ptr -1338h
var_338 = byte ptr -338h
var_138 = byte ptr -138h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_B0 = dword ptr 0B8h
arg_B4 = dword ptr 0BCh
push ebp
mov ebp, esp
mov eax, 1338h
call sub_415D70
cmp [ebp+arg_A0], 1BDh
push ebx
push esi
push edi
jnz loc_403539
lea eax, [ebp+var_34]
push eax
lea eax, [ebp+arg_4]
push eax
call sub_402FDD
pop ecx
test eax, eax
pop ecx
jz loc_403649
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_138]
push offset dword_425608
push eax
call sub_4154E7
add esp, 0Ch
xor ebx, ebx
lea eax, [ebp+var_138]
push ebx
push 80h
push 3
push ebx
push 1
push 0C0000000h
push eax
call dword_421078
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jnz short loc_403450
loc_403441: ; CODE XREF: sub_4033CB+126�j
lea eax, [ebp+arg_4]
push eax
call sub_4030C0
pop ecx
jmp loc_403649
; ---------------------------------------------------------------------------
loc_403450: ; CODE XREF: sub_4033CB+74�j
lea eax, [ebp+arg_4]
push 2
push eax
call sub_412B98
pop ecx
lea esi, [ebp+arg_0]
pop ecx
push 1
push eax
lea eax, [ebp+var_10]
push eax
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403178
add esp, 0C8h
cmp eax, ebx
mov [ebp+var_8], eax
jz short loc_4034E8
mov edi, 186A0h
push edi
call sub_415DC9
mov esi, eax
push edi
push ebx
push esi
call sub_415570
add esp, 10h
lea eax, [ebp+var_C]
mov edi, 2710h
push ebx
push eax
push edi
push esi
push 48h
push offset dword_4250D8
push [ebp+var_4]
call dword_421074
cmp byte ptr [esi+2], 0Ch
jnz short loc_4034D8
lea eax, [ebp+var_14]
push ebx
push eax
push [ebp+var_10]
push [ebp+var_8]
push [ebp+var_4]
call dword_421070
test eax, eax
jnz short loc_4034F6
loc_4034D8: ; CODE XREF: sub_4033CB+F3�j
push esi
call sub_415E3D
push [ebp+var_8]
call sub_415E3D
pop ecx
pop ecx
loc_4034E8: ; CODE XREF: sub_4033CB+B9�j
push [ebp+var_4]
call dword_42106C
jmp loc_403441
; ---------------------------------------------------------------------------
loc_4034F6: ; CODE XREF: sub_4033CB+10B�j
lea eax, [ebp+var_C]
push ebx
push eax
push edi
push esi
push [ebp+var_4]
call dword_421068
push [ebp+var_8]
mov edi, eax
call sub_415E3D
push esi
call sub_415E3D
pop ecx
pop ecx
push [ebp+var_4]
call dword_42106C
lea eax, [ebp+arg_4]
push eax
call sub_4030C0
cmp edi, 1
pop ecx
jnz loc_40365A
jmp loc_403649
; ---------------------------------------------------------------------------
loc_403539: ; CODE XREF: sub_4033CB+1A�j
lea eax, [ebp+arg_4]
push 1
push eax
call sub_412B98
mov esi, eax
pop ecx
cmp esi, 1
pop ecx
jz loc_403649
xor ebx, ebx
push ebx
push 1
push 2
call dword_43A418
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_403649
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+arg_A0]
call dword_43A398
mov [ebp+var_22], ax
lea eax, [ebp+arg_4]
push eax
call dword_43A3D8
mov [ebp+var_20], eax
push ebx
lea eax, [ebp+var_C]
push esi
push eax
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_403178
mov esi, eax
add esp, 0C8h
cmp esi, ebx
mov [ebp+var_8], esi
jnz short loc_4035CB
push [ebp+var_4]
jmp short loc_403643
; ---------------------------------------------------------------------------
loc_4035CB: ; CODE XREF: sub_4033CB+1F9�j
mov edi, [ebp+var_4]
lea eax, [ebp+var_24]
push 10h
push eax
push edi
call dword_43A340
cmp eax, 0FFFFFFFFh
jnz short loc_4035E3
loc_4035E0: ; CODE XREF: sub_4033CB+22A�j
push esi
jmp short loc_40363C
; ---------------------------------------------------------------------------
loc_4035E3: ; CODE XREF: sub_4033CB+213�j
push ebx
push 48h
push offset dword_4250D8
push edi
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_4035E0
mov esi, 1000h
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call dword_43A3B0
push ebx
push [ebp+var_C]
push [ebp+var_8]
push edi
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_403624
push [ebp+var_8]
jmp short loc_40363C
; ---------------------------------------------------------------------------
loc_403624: ; CODE XREF: sub_4033CB+252�j
push ebx
lea eax, [ebp+var_1338]
push esi
push eax
push edi
call dword_43A3B0
push [ebp+var_8]
cmp eax, 0FFFFFFFFh
jnz short loc_40364D
loc_40363C: ; CODE XREF: sub_4033CB+216�j
; sub_4033CB+257�j
call sub_415E3D
pop ecx
push edi
loc_403643: ; CODE XREF: sub_4033CB+1FE�j
call dword_43A430
loc_403649: ; CODE XREF: sub_4033CB+31�j
; sub_4033CB+80�j ...
xor eax, eax
jmp short loc_4036CA
; ---------------------------------------------------------------------------
loc_40364D: ; CODE XREF: sub_4033CB+26F�j
call sub_415E3D
pop ecx
push edi
call dword_43A430
loc_40365A: ; CODE XREF: sub_4033CB+163�j
xor esi, esi
loc_40365C: ; CODE XREF: sub_4033CB+2B1�j
lea eax, [ebp+var_338]
push eax
call sub_40B24D
test eax, eax
pop ecx
jnz short loc_403680
push 1388h
call dword_421060
inc esi
cmp esi, 6
jl short loc_40365C
jmp short loc_4036C7
; ---------------------------------------------------------------------------
loc_403680: ; CODE XREF: sub_4033CB+2A0�j
cmp [ebp+arg_B4], ebx
jnz short loc_4036A5
push ebx
lea eax, [ebp+var_338]
push [ebp+arg_B0]
push eax
lea eax, [ebp+arg_14]
push eax
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_4036A5: ; CODE XREF: sub_4033CB+2BB�j
lea eax, [ebp+var_338]
push eax
call sub_40B16D
mov eax, [ebp+arg_A8]
pop ecx
imul eax, 3Ch
inc dword_427340[eax]
lea eax, dword_427340[eax]
loc_4036C7: ; CODE XREF: sub_4033CB+2B3�j
push 1
pop eax
loc_4036CA: ; CODE XREF: sub_4033CB+280�j
pop edi
pop esi
pop ebx
leave
retn
sub_4033CB endp
; ---------------------------------------------------------------------------
jmp $+5
push 0BB80h
push 76Ch
call sub_414098
pop ecx
mov dword_438FC0, eax
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036EB proc near ; CODE XREF: sub_40384C+42A�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call dword_43A3D8
mov [ebp+var_C], eax
mov ax, word ptr dword_438FC0
push eax
call dword_43A398
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_43A418
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403825
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_43A340
cmp eax, 0FFFFFFFFh
jz loc_403825
push esi
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_43A3B0
mov esi, offset byte_42C1FC
push esi
push esi
push [ebp+arg_0]
call sub_40A171
pop ecx
mov edi, 190h
push eax
push offset dword_42605C
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_415A6A
add esp, 18h
push esi
push esi
push dword_438FDC
push [ebp+arg_0]
call sub_40A171
pop ecx
push eax
push offset dword_425FF0
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_415A6A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_403825
push 1F4h
call dword_421060
push esi
push offset dword_425050
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_403829
loc_403825: ; CODE XREF: sub_4036EB+51�j
; sub_4036EB+67�j ...
xor al, al
jmp short loc_403847
; ---------------------------------------------------------------------------
loc_403829: ; CODE XREF: sub_4036EB+138�j
push 0
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_43A3B0
push ebx
call dword_43A430
mov al, 1
loc_403847: ; CODE XREF: sub_4036EB+13C�j
pop edi
pop esi
pop ebx
leave
retn
sub_4036EB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40384C proc near ; CODE XREF: sub_403C8B+125�p
; sub_403C8B+147�p
var_89B4 = byte ptr -89B4h
var_894C = byte ptr -894Ch
var_68DC = byte ptr -68DCh
var_686C = byte ptr -686Ch
var_5DA8 = byte ptr -5DA8h
var_4804 = byte ptr -4804h
var_4803 = byte ptr -4803h
var_3770 = byte ptr -3770h
var_2CAC = byte ptr -2CACh
var_2CAB = byte ptr -2CABh
var_2CA8 = byte ptr -2CA8h
var_2C2C = byte ptr -2C2Ch
var_245C = byte ptr -245Ch
var_1FB1 = byte ptr -1FB1h
var_1CC4 = byte ptr -1CC4h
var_14E0 = byte ptr -14E0h
var_14D0 = byte ptr -14D0h
var_11AC = byte ptr -11ACh
var_11A8 = byte ptr -11A8h
var_119C = byte ptr -119Ch
var_F14 = byte ptr -0F14h
var_E74 = byte ptr -0E74h
var_768 = dword ptr -768h
var_758 = byte ptr -758h
var_744 = byte ptr -744h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_B4 = byte ptr -0B4h
var_B1 = byte ptr -0B1h
var_87 = byte ptr -87h
var_85 = byte ptr -85h
var_84 = byte ptr -84h
var_3C = byte ptr -3Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = byte ptr 8
arg_4 = byte ptr 0Ch
arg_BC = dword ptr 0C4h
arg_C0 = dword ptr 0C8h
push ebp
mov ebp, esp
mov eax, 89B4h
call sub_415D70
mov eax, dword_4250D0
push ebx
mov [ebp+var_10], eax
mov eax, dword_4250D4
mov [ebp+var_C], eax
push esi
lea eax, [ebp+arg_4]
push edi
push eax
lea eax, [ebp+var_3C]
push offset dword_4250C4
push eax
call sub_4154E7
add esp, 0Ch
xor ebx, ebx
xor esi, esi
lea eax, [ebp+var_103]
loc_40388B: ; CODE XREF: sub_40384C+4E�j
mov cl, [ebp+esi+var_3C]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, 28h
jl short loc_40388B
push 60h
lea eax, [ebp+var_B4]
push offset dword_425B10
push eax
call sub_4155D0
lea eax, [ebp+var_3C]
push eax
call sub_415CF0
shl eax, 1
push eax
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_84]
push eax
call sub_4155D0
add esp, 1Ch
lea eax, [ebp+var_3C]
push 9
push offset byte_425B67
push eax
call sub_415CF0
pop ecx
lea eax, [ebp+eax*2+var_85]
push eax
call sub_4155D0
lea eax, [ebp+var_3C]
push eax
call sub_415CF0
add al, 1Ah
push 1
shl al, 1
mov [ebp+var_1], al
lea eax, [ebp+var_1]
push eax
lea eax, [ebp+var_B1]
push eax
call sub_4155D0
lea eax, [ebp+var_3C]
push eax
call sub_415CF0
shl al, 1
add al, 9
push 1
mov [ebp+var_2], al
lea eax, [ebp+var_2]
push eax
lea eax, [ebp+var_87]
push eax
call sub_4155D0
mov ax, word ptr dword_438FC0
add esp, 2Ch
push eax
call dword_43A398
xor eax, 9999h
push 2
mov [ebp+var_8], eax
lea eax, [ebp+var_8]
push eax
push offset dword_425810
call sub_4155D0
add esp, 0Ch
cmp [ebp+arg_C0], ebx
jz loc_403A48
mov edi, 0DACh
lea eax, [ebp+var_1CC4]
push edi
push 90h
push eax
call sub_415570
mov eax, [ebp+arg_C0]
push 4
imul eax, 3Ch
lea eax, dword_425F38[eax]
mov [ebp+var_14], eax
push eax
lea eax, [ebp+var_14E0]
push eax
call sub_4155D0
mov esi, offset dword_425760
push esi
call sub_415CF0
push eax
lea eax, [ebp+var_14D0]
push esi
push eax
call sub_4155D0
push 4
lea eax, [ebp+var_11AC]
push offset dword_4250BC
push eax
call sub_4155D0
push 4
lea eax, [ebp+var_11A8]
push [ebp+var_14]
push eax
call sub_4155D0
add esp, 40h
push esi
call sub_415CF0
push eax
lea eax, [ebp+var_119C]
push esi
push eax
call sub_4155D0
add esp, 10h
xor esi, esi
lea eax, [ebp+var_4803]
loc_403A01: ; CODE XREF: sub_40384C+1C6�j
mov cl, [ebp+esi+var_1CC4]
inc esi
mov [eax-1], cl
mov [eax], bl
inc eax
inc eax
cmp esi, edi
jl short loc_403A01
mov esi, 1C52h
lea eax, [ebp+var_89B4]
push esi
push 31h
push eax
mov [ebp+var_2CAC], bl
mov [ebp+var_2CAB], bl
call sub_415570
push esi
lea eax, [ebp+var_68DC]
push 31h
push eax
call sub_415570
add esp, 18h
jmp short loc_403A9F
; ---------------------------------------------------------------------------
loc_403A48: ; CODE XREF: sub_40384C+118�j
push 7D0h
lea eax, [ebp+var_F14]
push 90h
push eax
call sub_415570
mov esi, offset dword_425760
push esi
call sub_415CF0
push eax
lea eax, [ebp+var_E74]
push esi
push eax
call sub_4155D0
lea eax, [ebp+var_10]
push eax
call sub_415CF0
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_758]
push eax
call sub_4155D0
mov eax, dword_425F38
add esp, 2Ch
mov [ebp+var_768], eax
loc_403A9F: ; CODE XREF: sub_40384C+1FA�j
push 0E29h
lea eax, [ebp+var_2CA8]
push 31h
push eax
call sub_415570
movsx eax, [ebp+var_1]
mov edi, [ebp+arg_BC]
add esp, 0Ch
add eax, 4
push ebx
push eax
lea eax, [ebp+var_B4]
push eax
push edi
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_403ADE
loc_403AD7: ; CODE XREF: sub_40384C+2B9�j
; sub_40384C+2E0�j ...
xor al, al
jmp loc_403C86
; ---------------------------------------------------------------------------
loc_403ADE: ; CODE XREF: sub_40384C+289�j
mov esi, 640h
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_43A3B0
push ebx
push 68h
push offset dword_425B74
push edi
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_403AD7
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_43A3B0
push ebx
push 0A0h
push offset dword_425BE0
push edi
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_403AD7
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_43A3B0
cmp [ebp+arg_C0], ebx
jz loc_403BF4
push 68h
lea eax, [ebp+var_89B4]
push offset dword_425D98
push eax
call sub_4155D0
lea eax, [ebp+var_4804]
push 1B5Ah
push eax
lea eax, [ebp+var_894C]
push eax
call sub_4155D0
push 70h
lea eax, [ebp+var_68DC]
push offset dword_425E04
push eax
call sub_4155D0
lea eax, [ebp+var_3770]
push 0A5Eh
push eax
lea eax, [ebp+var_686C]
push eax
call sub_4155D0
push 84h
lea eax, [ebp+var_5DA8]
push offset dword_425E78
push eax
call sub_4155D0
add esp, 3Ch
lea eax, [ebp+var_89B4]
push ebx
push 10FCh
push eax
push edi
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz loc_403AD7
push ebx
lea eax, [ebp+var_744]
push esi
push eax
push edi
call dword_43A3B0
push ebx
push 0FDCh
lea eax, [ebp+var_68DC]
jmp short loc_403C4A
; ---------------------------------------------------------------------------
loc_403BF4: ; CODE XREF: sub_40384C+2F8�j
push 7Ch
lea eax, [ebp+var_2CA8]
push offset dword_425C84
push eax
call sub_4155D0
lea eax, [ebp+var_F14]
push 7D0h
push eax
lea eax, [ebp+var_2C2C]
push eax
call sub_4155D0
push 90h
lea eax, [ebp+var_245C]
push offset dword_425D04
push eax
call sub_4155D0
add esp, 24h
mov [ebp+var_1FB1], bl
lea eax, [ebp+var_2CA8]
push ebx
push 0CF8h
loc_403C4A: ; CODE XREF: sub_40384C+3A6�j
push eax
push edi
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz loc_403AD7
push 12Ch
call dword_421060
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_4036EB
add esp, 0BCh
test al, al
setnz al
loc_403C86: ; CODE XREF: sub_40384C+28D�j
pop edi
pop esi
pop ebx
leave
retn
sub_40384C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C8B proc near ; CODE XREF: .nsp0:00402FC3�p
; .nsp0:00403E78�p ...
var_854 = byte ptr -854h
var_810 = byte ptr -810h
var_214 = byte ptr -214h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_B0 = dword ptr 0B8h
push ebp
mov ebp, esp
sub esp, 854h
push ebx
push esi
push edi
push 0BB80h
push 76Ch
call sub_414098
xor edi, edi
push 10h
lea eax, [ebp+var_14]
push edi
push eax
mov [ebp+var_4], edi
call sub_415570
add esp, 14h
lea eax, [ebp+arg_4]
mov [ebp+var_14], 2
push eax
call dword_43A3D8
push [ebp+arg_A0]
mov [ebp+var_10], eax
call dword_43A398
push 6
push 1
push 2
mov [ebp+var_12], ax
call dword_43A418
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_403D93
lea eax, [ebp+var_14]
push 10h
push eax
push ebx
call dword_43A340
cmp eax, 0FFFFFFFFh
jz loc_403D93
push edi
push 89h
push offset dword_4258F8
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_403D93
mov esi, 640h
push edi
lea eax, [ebp+var_854]
push esi
push eax
push ebx
call dword_43A3B0
push edi
push 0A8h
push offset dword_425984
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_403D93
push edi
lea eax, [ebp+var_854]
push esi
push eax
push ebx
call dword_43A3B0
push edi
push 0DEh
push offset dword_425A30
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_403D93
push edi
lea eax, [ebp+var_854]
push esi
push eax
push ebx
call dword_43A3B0
movsx eax, [ebp+var_810]
sub eax, 30h
jz short loc_403D9D
dec eax
jz short loc_403D9A
loc_403D93: ; CODE XREF: sub_403C8B+63�j
; sub_403C8B+79�j ...
xor eax, eax
jmp loc_403E37
; ---------------------------------------------------------------------------
loc_403D9A: ; CODE XREF: sub_403C8B+106�j
push edi
jmp short loc_403DC1
; ---------------------------------------------------------------------------
loc_403D9D: ; CODE XREF: sub_403C8B+103�j
push 2
push ebx
sub esp, 0BCh
lea esi, [ebp+arg_0]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40384C
add esp, 0C4h
test al, al
jnz short loc_403DE1
push 1
loc_403DC1: ; CODE XREF: sub_403C8B+110�j
push ebx
lea esi, [ebp+arg_0]
sub esp, 0BCh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_40384C
add esp, 0C4h
test al, al
jz short loc_403DE8
loc_403DE1: ; CODE XREF: sub_403C8B+132�j
mov [ebp+var_4], 1
loc_403DE8: ; CODE XREF: sub_403C8B+154�j
push ebx
call dword_43A430
cmp [ebp+var_4], 0
jz short loc_403E34
push 0
lea eax, [ebp+var_214]
push [ebp+arg_B0]
push eax
lea eax, [ebp+arg_14]
push eax
push [ebp+arg_0]
call sub_412D4C
lea eax, [ebp+var_214]
push eax
call sub_40B16D
mov eax, [ebp+arg_A8]
add esp, 18h
imul eax, 3Ch
inc dword_427340[eax]
lea eax, dword_427340[eax]
loc_403E34: ; CODE XREF: sub_403C8B+168�j
push 1
pop eax
loc_403E37: ; CODE XREF: sub_403C8B+10A�j
pop edi
pop esi
pop ebx
leave
retn
sub_403C8B endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
sub esp, 0BCh
lea esi, [ebp+8]
mov dword ptr [ebp+0A8h], 1BDh
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_402DDD
push 2Fh
lea esi, [ebp+8]
pop ecx
mov dword ptr [ebp+0A8h], 1BDh
mov edi, esp
mov [ebp-4], eax
rep movsd
call sub_403C8B
add esp, 0BCh
cmp dword ptr [ebp-4], 0
jnz short loc_403E8D
test eax, eax
jz short loc_403E90
loc_403E8D: ; CODE XREF: .nsp0:00403E87�j
push 1
pop eax
loc_403E90: ; CODE XREF: .nsp0:00403E8B�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
sub_403E94 proc near ; CODE XREF: sub_404108+E�p
; sub_404108+33�p ...
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax], 0
retn
sub_403E94 endp
; =============== S U B R O U T I N E =======================================
sub_403E9E proc near ; CODE XREF: sub_404108+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_4]
push esi
push edi
mov esi, ecx
push ebx
call sub_415DC9
mov edi, eax
pop ecx
test edi, edi
jz short loc_403ED0
push ebx
push 0
push edi
call sub_415570
push ebx
push [esp+1Ch+arg_0]
push edi
call sub_4155D0
add esp, 18h
mov [esi+4], ebx
mov [esi], edi
loc_403ED0: ; CODE XREF: sub_403E9E+14�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_403E9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403ED8 proc near ; CODE XREF: sub_403FD2+18�p
; sub_40404C+16�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, ecx
push esi
mov ecx, [ebp+arg_C]
push edi
lea edi, [eax+ecx]
push edi
call sub_415DC9
mov esi, eax
pop ecx
test esi, esi
jz short loc_403F24
push edi
push 0
push esi
call sub_415570
push [ebp+arg_4]
push [ebp+arg_0]
push esi
call sub_4155D0
push [ebp+arg_C]
mov eax, [ebp+arg_4]
add eax, esi
push [ebp+arg_8]
push eax
call sub_4155D0
add esp, 24h
mov [ebx+4], edi
mov [ebx], esi
loc_403F24: ; CODE XREF: sub_403ED8+1C�j
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn 10h
sub_403ED8 endp
; =============== S U B R O U T I N E =======================================
sub_403F2D proc near ; CODE XREF: sub_403FD2+5E�p
; sub_403FD2+6F�p ...
push esi
mov esi, ecx
mov eax, [esi]
test eax, eax
jz short loc_403F3D
push eax
call sub_415E3D
pop ecx
loc_403F3D: ; CODE XREF: sub_403F2D+7�j
and dword ptr [esi+4], 0
and dword ptr [esi], 0
pop esi
retn
sub_403F2D endp
; =============== S U B R O U T I N E =======================================
sub_403F46 proc near ; CODE XREF: sub_403FD2+20�p
; sub_4040AD+8�p ...
push ebx
push esi
mov esi, ecx
push edi
mov eax, [esi+4]
cmp eax, 0FFFFh
jge short loc_403F73
xor ebx, ebx
cmp eax, 7Fh
setnl bl
dec ebx
and ebx, 0FFFFFFFEh
add ebx, 3
add eax, ebx
push eax
call sub_415DC9
mov edi, eax
pop ecx
test edi, edi
jnz short loc_403F77
loc_403F73: ; CODE XREF: sub_403F46+D�j
xor al, al
jmp short loc_403FCE
; ---------------------------------------------------------------------------
loc_403F77: ; CODE XREF: sub_403F46+2B�j
mov eax, ebx
add eax, [esi+4]
push eax
push 0
push edi
call sub_415570
add esp, 0Ch
cmp ebx, 1
jnz short loc_403F9C
mov al, [esi+4]
mov [edi], al
push dword ptr [esi+4]
lea eax, [edi+1]
push dword ptr [esi]
jmp short loc_403FB6
; ---------------------------------------------------------------------------
loc_403F9C: ; CODE XREF: sub_403F46+45�j
mov byte ptr [edi], 82h
mov eax, [esi+4]
sar eax, 8
mov [edi+1], al
mov al, [esi+4]
mov [edi+2], al
push dword ptr [esi+4]
lea eax, [edi+3]
push dword ptr [esi]
loc_403FB6: ; CODE XREF: sub_403F46+54�j
push eax
call sub_4155D0
add esp, 0Ch
push dword ptr [esi]
call sub_415E3D
add [esi+4], ebx
pop ecx
mov [esi], edi
mov al, 1
loc_403FCE: ; CODE XREF: sub_403F46+2F�j
pop edi
pop esi
pop ebx
retn
sub_403F46 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403FD2 proc near ; CODE XREF: sub_404108+89�p
; sub_404108+E3�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push edi
lea ecx, [ebp+var_8]
push dword ptr [esi+4]
push dword ptr [esi]
push 1
push offset dword_438FD4
call sub_403ED8
lea ecx, [ebp+var_8]
call sub_403F46
mov eax, [ebp+var_4]
inc eax
push eax
call sub_415DC9
mov edi, eax
pop ecx
test edi, edi
jnz short loc_40400C
xor al, al
jmp short loc_404048
; ---------------------------------------------------------------------------
loc_40400C: ; CODE XREF: sub_403FD2+34�j
mov eax, [ebp+var_4]
inc eax
push eax
push 0
push edi
call sub_415570
mov byte ptr [edi], 3
push [ebp+var_4]
lea eax, [edi+1]
push [ebp+var_8]
push eax
call sub_4155D0
add esp, 18h
mov ecx, esi
call sub_403F2D
mov eax, [ebp+var_4]
lea ecx, [ebp+var_8]
inc eax
mov [esi], edi
mov [esi+4], eax
call sub_403F2D
mov al, 1
loc_404048: ; CODE XREF: sub_403FD2+38�j
pop edi
pop esi
leave
retn
sub_403FD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40404C proc near ; CODE XREF: sub_404080+14�p
; sub_40409D+8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
push [ebp+arg_4]
lea ecx, [ebp+var_8]
push [ebp+arg_0]
push dword ptr [esi+4]
push dword ptr [esi]
call sub_403ED8
mov ecx, esi
call sub_403F2D
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
pop esi
leave
retn 8
sub_40404C endp
; =============== S U B R O U T I N E =======================================
sub_404080 proc near ; CODE XREF: sub_404108+F0�p
; sub_404108+15B�p ...
arg_0 = dword ptr 4
push esi
mov esi, ecx
push [esp+4+arg_0]
call sub_415CF0
pop ecx
push eax
mov ecx, esi
push [esp+8+arg_0]
call sub_40404C
pop esi
retn 4
sub_404080 endp
; =============== S U B R O U T I N E =======================================
sub_40409D proc near ; CODE XREF: sub_4040E9+B�p
; sub_404108+1A1�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_40404C
retn 8
sub_40409D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040AD proc near ; CODE XREF: sub_4040E9+16�p
; sub_404108+91�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push esi
mov esi, ecx
call sub_403F46
test al, al
jz short loc_4040E6
push dword ptr [esi+4]
lea ecx, [ebp+var_8]
push dword ptr [esi]
push 1
push offset dword_4263DC
call sub_403ED8
mov ecx, esi
call sub_403F2D
mov eax, [ebp+var_8]
mov [esi], eax
mov eax, [ebp+var_4]
mov [esi+4], eax
mov al, 1
loc_4040E6: ; CODE XREF: sub_4040AD+F�j
pop esi
leave
retn
sub_4040AD endp
; =============== S U B R O U T I N E =======================================
sub_4040E9 proc near ; CODE XREF: sub_404108+134�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, ecx
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_40409D
test al, al
jz short loc_404104
mov ecx, esi
call sub_4040AD
loc_404104: ; CODE XREF: sub_4040E9+12�j
pop esi
retn 8
sub_4040E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404108 proc near ; CODE XREF: .nsp0:0040498D�p
var_858 = byte ptr -858h
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 858h
push ebx
push edi
lea ecx, [ebp+var_48]
call sub_403E94
mov edi, 408h
cmp [ebp+arg_8], edi
jg loc_40445C
mov ebx, [ebp+arg_10]
lea eax, [ebx+8]
cmp eax, edi
ja loc_40445C
push esi
lea ecx, [ebp+var_30]
call sub_403E94
lea ecx, [ebp+var_20]
call sub_403E94
lea ecx, [ebp+var_50]
call sub_403E94
lea ecx, [ebp+var_18]
call sub_403E94
lea ecx, [ebp+var_40]
call sub_403E94
lea ecx, [ebp+var_38]
call sub_403E94
lea ecx, [ebp+var_28]
call sub_403E94
push 4
push offset dword_42607C
lea ecx, [ebp+var_30]
call sub_40404C
push 3
push offset dword_426084
lea ecx, [ebp+var_30]
call sub_40404C
lea ecx, [ebp+var_30]
call sub_403FD2
lea ecx, [ebp+var_30]
call sub_4040AD
mov esi, 800h
lea eax, [ebp+var_858]
push esi
push 42h
push eax
call sub_415570
add esp, 0Ch
lea ecx, [ebp+var_20]
push 8
push offset dword_426070
call sub_40404C
push ebx
lea ecx, [ebp+var_20]
push [ebp+arg_C]
call sub_40404C
mov eax, 409h
lea ecx, [ebp+var_20]
sub eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_858]
push eax
call sub_40404C
lea ecx, [ebp+var_20]
call sub_403FD2
push offset dword_426404
lea ecx, [ebp+var_50]
call sub_404080
lea ecx, [ebp+var_50]
call sub_403FD2
push esi
lea eax, [ebp+var_858]
push 44h
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_58]
push 410h
push eax
call sub_403E9E
lea ecx, [ebp+var_58]
call sub_403FD2
push [ebp+var_54]
lea ecx, [ebp+var_50]
push [ebp+var_58]
call sub_4040E9
lea ecx, [ebp+var_58]
call sub_403F2D
push esi
lea eax, [ebp+var_858]
push 43h
push eax
call sub_415570
add esp, 0Ch
push offset dword_4263FC
lea ecx, [ebp+var_18]
call sub_404080
push 4
push offset dword_426088
lea ecx, [ebp+var_18]
call sub_40404C
push [ebp+arg_8]
lea ecx, [ebp+var_18]
push [ebp+arg_4]
call sub_40404C
sub edi, [ebp+arg_8]
lea eax, [ebp+var_858]
lea ecx, [ebp+var_18]
push edi
push eax
call sub_40404C
lea ecx, [ebp+var_18]
call sub_403FD2
push [ebp+var_14]
lea ecx, [ebp+var_40]
push [ebp+var_18]
call sub_40409D
push [ebp+var_4C]
lea ecx, [ebp+var_40]
push [ebp+var_50]
call sub_40409D
lea ecx, [ebp+var_40]
call sub_4040AD
lea ecx, [ebp+var_18]
call sub_403F2D
lea ecx, [ebp+var_50]
call sub_403F2D
push [ebp+var_1C]
lea ecx, [ebp+var_38]
push [ebp+var_20]
call sub_40409D
push [ebp+var_2C]
lea ecx, [ebp+var_38]
push [ebp+var_30]
call sub_40409D
push [ebp+var_3C]
lea ecx, [ebp+var_38]
push [ebp+var_40]
call sub_40409D
lea ecx, [ebp+var_38]
call sub_4040AD
lea ecx, [ebp+var_20]
call sub_403F2D
lea ecx, [ebp+var_30]
call sub_403F2D
lea ecx, [ebp+var_40]
call sub_403F2D
push esi
lea eax, [ebp+var_858]
push 41h
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_858]
lea ecx, [ebp+var_28]
push 400h
push eax
call sub_40404C
lea ecx, [ebp+var_28]
call sub_403FD2
push 2
push offset dword_4263F8
lea ecx, [ebp+var_28]
call sub_40404C
push [ebp+var_34]
lea ecx, [ebp+var_28]
push [ebp+var_38]
call sub_40409D
lea ecx, [ebp+var_28]
call sub_4040AD
lea ecx, [ebp+var_38]
call sub_403F2D
lea ecx, [ebp+var_10]
call sub_403E94
lea ecx, [ebp+var_8]
call sub_403E94
push [ebp+var_24]
lea ecx, [ebp+var_10]
push [ebp+var_28]
call sub_40409D
lea ecx, [ebp+var_10]
call sub_403F46
lea ecx, [ebp+var_28]
call sub_403F2D
push offset dword_4263F4
lea ecx, [ebp+var_8]
call sub_404080
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40409D
lea ecx, [ebp+var_8]
call sub_403F46
lea ecx, [ebp+var_10]
call sub_403F2D
push offset dword_4263F0
lea ecx, [ebp+var_10]
call sub_404080
push [ebp+var_4]
lea ecx, [ebp+var_10]
push [ebp+var_8]
call sub_40409D
lea ecx, [ebp+var_10]
call sub_403F46
lea ecx, [ebp+var_8]
call sub_403F2D
push offset dword_4263E4
lea ecx, [ebp+var_8]
call sub_404080
push [ebp+var_C]
lea ecx, [ebp+var_8]
push [ebp+var_10]
call sub_40409D
lea ecx, [ebp+var_8]
call sub_403F46
lea ecx, [ebp+var_10]
call sub_403F2D
push offset dword_4263E0
lea ecx, [ebp+var_48]
call sub_404080
push [ebp+var_4]
lea ecx, [ebp+var_48]
push [ebp+var_8]
call sub_40409D
lea ecx, [ebp+var_8]
call sub_403F2D
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
pop esi
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
jmp short loc_40446A
; ---------------------------------------------------------------------------
loc_40445C: ; CODE XREF: sub_404108+1B�j
; sub_404108+29�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+var_48]
mov [eax], ecx
mov ecx, [ebp+var_44]
mov [eax+4], ecx
loc_40446A: ; CODE XREF: sub_404108+352�j
pop edi
pop ebx
leave
retn
sub_404108 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40446E proc near ; CODE XREF: sub_404532+A1�p
; sub_404532+C2�p ...
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push esi
push edi
mov esi, [ebp+arg_0]
push 1
pop edi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_210]
and [ebp+var_4], 0
push eax
lea eax, [ebp+var_10C]
push 0
push eax
lea eax, [esi+1]
push eax
mov [ebp+var_108], esi
mov [ebp+var_10C], edi
mov [ebp+var_20C], esi
mov [ebp+var_210], edi
mov [ebp+var_8], 0Ah
call dword_4211D0
cmp eax, edi
jnz short loc_4044D5
lea eax, [ebp+var_10C]
push eax
push esi
call near ptr word_420106
test eax, eax
jnz short loc_4044D9
loc_4044D5: ; CODE XREF: sub_40446E+54�j
xor eax, eax
jmp short loc_4044E9
; ---------------------------------------------------------------------------
loc_4044D9: ; CODE XREF: sub_40446E+65�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call dword_43A3B0
loc_4044E9: ; CODE XREF: sub_40446E+69�j
pop edi
pop esi
leave
retn
sub_40446E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4044ED proc near ; CODE XREF: sub_404532+81�p
; sub_404532+AB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_8]
call dword_43A394
mov [ebp+var_4], eax
push 0
lea eax, [ebp+var_4]
push 4
push eax
push [ebp+arg_0]
call dword_43A3E8
cmp eax, 4
jz short loc_404517
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_404517: ; CODE XREF: sub_4044ED+24�j
push 0
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_43A3E8
sub eax, [ebp+arg_8]
neg eax
sbb eax, eax
inc eax
leave
retn
sub_4044ED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404532 proc near ; CODE XREF: sub_40460C+48�p
; .nsp0:00404A88�p
var_104 = byte ptr -104h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 104h
push ebx
push esi
push edi
mov edi, [ebp+arg_8]
lea ebx, [edi+41h]
push ebx
mov [ebp+var_4], ebx
call sub_415DC9
mov esi, eax
pop ecx
test esi, esi
jnz short loc_40455B
xor al, al
jmp loc_404607
; ---------------------------------------------------------------------------
loc_40455B: ; CODE XREF: sub_404532+20�j
push ebx
push 0
push esi
call sub_415570
push 2Fh
push offset dword_426118
push esi
call sub_4155D0
push 8
lea eax, [esi+31h]
push offset dword_426148
push eax
mov [esi+2Fh], di
call sub_4155D0
push edi
lea ebx, [esi+3Bh]
push [ebp+arg_4]
mov [esi+39h], di
push ebx
call sub_4155D0
push 6
add ebx, edi
push offset dword_438FCC
push ebx
call sub_4155D0
mov ebx, [ebp+arg_0]
push 85h
push offset dword_426090
push ebx
call sub_4044ED
add esp, 48h
test al, al
jnz short loc_4045C3
loc_4045BF: ; CODE XREF: sub_404532+B5�j
xor bl, bl
jmp short loc_4045FE
; ---------------------------------------------------------------------------
loc_4045C3: ; CODE XREF: sub_404532+8B�j
mov edi, 100h
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_40446E
push [ebp+var_4]
push esi
push ebx
call sub_4044ED
add esp, 1Ch
test al, al
jz short loc_4045BF
push 0
lea eax, [ebp+var_104]
push edi
push eax
push ebx
call sub_40446E
add esp, 10h
mov bl, 1
loc_4045FE: ; CODE XREF: sub_404532+8F�j
push esi
call sub_415E3D
pop ecx
mov al, bl
loc_404607: ; CODE XREF: sub_404532+24�j
pop edi
pop esi
pop ebx
leave
retn
sub_404532 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40460C proc near ; CODE XREF: .nsp0:00404A6E�p
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push 0
push 48h
push offset dword_426154
push [ebp+arg_0]
call dword_4211EC
cmp eax, 48h
jnz short loc_404647
push 0
lea eax, [ebp+var_20]
push 20h
push eax
push [ebp+arg_0]
call sub_40446E
add esp, 10h
cmp eax, 0FFFFFFFFh
jz short loc_404647
cmp [ebp+var_20], 82h
jz short loc_40464B
loc_404647: ; CODE XREF: sub_40460C+1B�j
; sub_40460C+33�j
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_40464B: ; CODE XREF: sub_40460C+39�j
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_404532
add esp, 0Ch
leave
retn
sub_40460C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40465E proc near ; CODE XREF: sub_4046AA+2D�p
var_10 = qword ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_0]
and dword ptr [ebp+var_8+4], 0
shl eax, 3
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
fmul dbl_421240
call sub_415F8C
and dword ptr [ebp+var_8+4], 0
mov dword ptr [ebp+var_8], eax
fild [ebp+var_8]
push ecx
push ecx ; double
fst [ebp+var_8]
fmul dbl_421238
fstp [esp+10h+var_10]
call sub_415E6C
fadd st, st
pop ecx
pop ecx
fadd [ebp+var_8]
call sub_415F8C
inc eax
leave
retn
sub_40465E endp
; =============== S U B R O U T I N E =======================================
sub_4046AA proc near ; CODE XREF: sub_40484C+24�p
var_40 = qword ptr -40h
mov eax, offset byte_420263
call sub_416458
sub esp, 2Ch
mov al, [ebp+13h]
push ebx
push esi
push edi
xor edi, edi
lea ecx, [ebp-38h]
push edi
mov [ebp-20h], edi
mov [ebp-38h], al
call sub_404D21
push 1
pop ebx
push dword ptr [ebp+10h]
mov [ebp-4], ebx
call sub_40465E
cmp [ebp-2Ch], eax
pop ecx
jnb short loc_4046EC
push edi
push eax
lea ecx, [ebp-38h]
call sub_404C9C
loc_4046EC: ; CODE XREF: sub_4046AA+36�j
cmp [ebp+10h], edi
mov [ebp-18h], edi
jbe loc_404809
mov ebx, [ebp+10h]
loc_4046FB: ; CODE XREF: sub_4046AA+156�j
cmp dword ptr [ebp+10h], 3
jb short loc_404705
push 3
jmp short loc_404717
; ---------------------------------------------------------------------------
loc_404705: ; CODE XREF: sub_4046AA+55�j
cmp dword ptr [ebp+10h], 2
jnz short loc_40470F
push 2
jmp short loc_404717
; ---------------------------------------------------------------------------
loc_40470F: ; CODE XREF: sub_4046AA+5F�j
cmp dword ptr [ebp+10h], 1
jnz short loc_404718
push 1
loc_404717: ; CODE XREF: sub_4046AA+59�j
; sub_4046AA+63�j
pop ebx
loc_404718: ; CODE XREF: sub_4046AA+69�j
mov [ebp-28h], ebx
mov [ebp-24h], edi
fild qword ptr [ebp-28h]
push ecx
push ecx ; double
fmul dbl_421250
fstp [esp+40h+var_40]
call sub_415FB3
pop ecx
pop ecx
call sub_415F8C
cmp ebx, edi
mov [ebp-1Ch], eax
jbe short loc_404757
mov esi, [ebp+0Ch]
mov ecx, ebx
mov edx, ecx
lea edi, [ebp-10h]
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
rep movsb
xor edi, edi
loc_404757: ; CODE XREF: sub_4046AA+93�j
mov cl, [ebp-10h]
mov dl, [ebp-10h]
sar cl, 2
and cl, 3Fh
and dl, 3
mov [ebp-14h], cl
mov cl, [ebp-0Fh]
sar cl, 4
and cl, 0Fh
add [ebp+0Ch], ebx
shl dl, 4
add cl, dl
mov dl, [ebp-0Fh]
mov [ebp-13h], cl
mov cl, [ebp-0Eh]
sar cl, 6
and dl, 0Fh
sub [ebp+10h], ebx
and cl, 3
xor esi, esi
shl dl, 2
add cl, dl
mov [ebp-12h], cl
mov cl, [ebp-0Eh]
and cl, 3Fh
cmp eax, edi
mov [ebp-11h], cl
jbe short loc_4047C5
add [ebp-18h], eax
loc_4047A9: ; CODE XREF: sub_4046AA+119�j
movsx eax, byte ptr [ebp+esi-14h]
lea ecx, [ebp-38h]
mov al, byte_4261A0[eax]
push eax
push 1
call sub_404B1E
inc esi
cmp esi, [ebp-1Ch]
jb short loc_4047A9
loc_4047C5: ; CODE XREF: sub_4046AA+FA�j
cmp dword ptr [ebp-18h], 48h
jb short loc_4047E3
push dword ptr [ebp+14h]
call sub_415CF0
pop ecx
push eax
lea ecx, [ebp-38h]
push dword ptr [ebp+14h]
call sub_404B77
mov [ebp-18h], edi
loc_4047E3: ; CODE XREF: sub_4046AA+11F�j
push 4
pop esi
cmp [ebp-1Ch], esi
jnb short loc_4047FD
sub esi, [ebp-1Ch]
loc_4047EE: ; CODE XREF: sub_4046AA+151�j
push 3Dh
push 1
lea ecx, [ebp-38h]
call sub_404B1E
dec esi
jnz short loc_4047EE
loc_4047FD: ; CODE XREF: sub_4046AA+13F�j
cmp [ebp+10h], edi
ja loc_4046FB
push 1
pop ebx
loc_404809: ; CODE XREF: sub_4046AA+48�j
mov esi, [ebp+8]
mov al, [ebp-38h]
push edi
mov ecx, esi
mov [esi], al
call sub_404D21
push dword_421248
lea eax, [ebp-38h]
mov ecx, esi
push edi
push eax
call sub_404BCE
mov [ebp-20h], ebx
and byte ptr [ebp-4], 0
push ebx
lea ecx, [ebp-38h]
call sub_404D21
mov ecx, [ebp-0Ch]
mov eax, esi
pop edi
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_4046AA endp
; =============== S U B R O U T I N E =======================================
sub_40484C proc near ; CODE XREF: .nsp0:00404A51�p
mov eax, offset dword_420280
call sub_416458
sub esp, 10h
push ebx
push esi
push edi
push offset byte_438FBC
lea eax, [ebp-1Ch]
push dword ptr [ebp+10h]
xor ebx, ebx
mov [ebp-4], ebx
push dword ptr [ebp+0Ch]
push eax
call sub_4046AA
mov eax, [ebp+1Ch]
mov ecx, [ebp-14h]
mov byte ptr [ebp-4], 1
lea esi, [ecx+eax+36h]
push esi
call sub_415DC9
mov edi, eax
add esp, 14h
cmp edi, ebx
jnz short loc_404896
xor bl, bl
jmp short loc_4048DA
; ---------------------------------------------------------------------------
loc_404896: ; CODE XREF: sub_40484C+44�j
mov ecx, [ebp-18h]
mov eax, offset dword_421258
cmp ecx, ebx
jnz short loc_4048A4
mov ecx, eax
loc_4048A4: ; CODE XREF: sub_40484C+54�j
cmp [ebp+18h], ebx
jz short loc_4048AC
mov eax, [ebp+18h]
loc_4048AC: ; CODE XREF: sub_40484C+5B�j
push ecx
push eax
push offset dword_4211F8
push esi
push edi
call sub_415A6A
add esp, 14h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call dword_43A3E8
cmp eax, esi
jz short loc_4048D1
xor bl, bl
jmp short loc_4048D3
; ---------------------------------------------------------------------------
loc_4048D1: ; CODE XREF: sub_40484C+7F�j
mov bl, 1
loc_4048D3: ; CODE XREF: sub_40484C+83�j
push edi
call sub_415E3D
pop ecx
loc_4048DA: ; CODE XREF: sub_40484C+48�j
and byte ptr [ebp-4], 0
push 1
lea ecx, [ebp-1Ch]
call sub_404D21
or dword ptr [ebp-4], 0FFFFFFFFh
push 1
lea ecx, [ebp+14h]
call sub_404D21
mov ecx, [ebp-0Ch]
pop edi
mov al, bl
pop esi
pop ebx
mov large fs:0, ecx
leave
retn
sub_40484C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 624h
and byte ptr [ebp-424h], 0
push ebx
push esi
push edi
mov ecx, 0FFh
xor eax, eax
lea edi, [ebp-423h]
push 8Fh
rep stosd
stosw
stosb
lea eax, [ebp-424h]
push offset dword_42634C
push eax
call sub_4155D0
add esp, 0Ch
mov eax, offset byte_42C1FC
push eax
push eax
push dword_438FDC
push dword ptr [ebp+8]
call sub_40A171
pop ecx
push eax
push offset dword_42641C
lea eax, [ebp-395h]
push 400h
push eax
call sub_415A6A
add eax, 90h
push eax
lea eax, [ebp-424h]
push eax
push 164h
lea eax, [ebp-24h]
push offset dword_4261E4
push eax
call sub_404108
mov ecx, [eax]
xor esi, esi
mov [ebp-8], ecx
add esp, 30h
mov eax, [eax+4]
cmp eax, esi
mov [ebp-4], eax
jnz short loc_4049AD
xor eax, eax
jmp loc_404B11
; ---------------------------------------------------------------------------
loc_4049AD: ; CODE XREF: .nsp0:004049A4�j
mov [ebp-0Ch], esi
loc_4049B0: ; CODE XREF: .nsp0:00404AB0�j
test esi, esi
jnz loc_404AB6
push 6
push 1
push 2
call dword_4211E0
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_404A9E
xor eax, eax
lea edi, [ebp-1Ah]
stosd
push dword ptr [ebp+0A8h]
stosd
stosd
stosw
mov word ptr [ebp-1Ch], 2
call dword_43A398
mov [ebp-1Ah], ax
lea eax, [ebp+0Ch]
push eax
call dword_43A3D8
mov [ebp-18h], eax
lea eax, [ebp-1Ch]
push 10h
push eax
push ebx
call dword_43A340
cmp eax, 0FFFFFFFFh
jz loc_404A93
cmp dword ptr [ebp+0A8h], 50h
jnz short loc_404A5B
mov al, [ebp+0C3h]
sub esp, 10h
mov esi, esp
mov [ebp-20h], esp
push 0
mov ecx, esi
mov [esi], al
call sub_404D21
lea eax, [ebp+0Ch]
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+0Ch]
push eax
mov ecx, esi
call sub_404D5D
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40484C
add esp, 1Ch
jmp short loc_404A90
; ---------------------------------------------------------------------------
loc_404A5B: ; CODE XREF: .nsp0:00404A19�j
cmp dword ptr [ebp+0A8h], 8Bh
jnz short loc_404A75
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_40460C
jmp short loc_404A8D
; ---------------------------------------------------------------------------
loc_404A75: ; CODE XREF: .nsp0:00404A65�j
cmp dword ptr [ebp+0A8h], 1BDh
jnz short loc_404A93
push dword ptr [ebp-4]
push dword ptr [ebp-8]
push ebx
call sub_404532
loc_404A8D: ; CODE XREF: .nsp0:00404A73�j
add esp, 0Ch
loc_404A90: ; CODE XREF: .nsp0:00404A59�j
movzx esi, al
loc_404A93: ; CODE XREF: .nsp0:00404A0C�j
; .nsp0:00404A7F�j
push ebx
call dword_43A430
test esi, esi
jnz short loc_404AA9
loc_404A9E: ; CODE XREF: .nsp0:004049C9�j
push 3E8h
call dword_421060
loc_404AA9: ; CODE XREF: .nsp0:00404A9C�j
inc dword ptr [ebp-0Ch]
cmp dword ptr [ebp-0Ch], 2
jl loc_4049B0
loc_404AB6: ; CODE XREF: .nsp0:004049B2�j
lea ecx, [ebp-8]
call sub_403F2D
test esi, esi
jz short loc_404B0F
lea eax, [ebp+0Ch]
push eax
mov eax, [ebp+0B0h]
imul eax, 3Ch
add eax, offset word_42731A
push eax
push offset dword_426410
lea eax, [ebp-624h]
push 200h
push eax
call sub_415A6A
lea eax, [ebp-624h]
push eax
call sub_40B16D
mov eax, [ebp+0B0h]
add esp, 18h
imul eax, 3Ch
inc dword_427340[eax]
lea eax, dword_427340[eax]
loc_404B0F: ; CODE XREF: .nsp0:00404AC0�j
mov eax, esi
loc_404B11: ; CODE XREF: .nsp0:004049A8�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push 1
call sub_404D21
retn
; =============== S U B R O U T I N E =======================================
sub_404B1E proc near ; CODE XREF: sub_4046AA+110�p
; sub_4046AA+14B�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
mov eax, dword_421248
push ebx
mov ebx, [esp+4+arg_0]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_404B38
call near ptr dword_41FDB0
loc_404B38: ; CODE XREF: sub_404B1E+13�j
test ebx, ebx
jbe short loc_404B6F
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_404C9C
test al, al
jz short loc_404B6F
movsx eax, [esp+0Ch+arg_4]
push ebx
push eax
mov eax, [esi+4]
add eax, [esi+8]
push eax
call sub_415570
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_404B6F: ; CODE XREF: sub_404B1E+1C�j
; sub_404B1E+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_404B1E endp
; =============== S U B R O U T I N E =======================================
sub_404B77 proc near ; CODE XREF: sub_4046AA+131�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, dword_421248
push ebx
mov ebx, [esp+4+arg_4]
push esi
mov esi, ecx
push edi
sub eax, [esi+8]
cmp eax, ebx
ja short loc_404B91
call near ptr dword_41FDB0
loc_404B91: ; CODE XREF: sub_404B77+13�j
test ebx, ebx
jbe short loc_404BC6
mov edi, ebx
push 0
add edi, [esi+8]
mov ecx, esi
push edi
call sub_404C9C
test al, al
jz short loc_404BC6
mov eax, [esi+8]
push ebx
push [esp+10h+arg_0]
add eax, [esi+4]
push eax
call sub_4155D0
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [edi+eax], 0
loc_404BC6: ; CODE XREF: sub_404B77+1C�j
; sub_404B77+2F�j
mov eax, esi
pop edi
pop esi
pop ebx
retn 8
sub_404B77 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404BCE proc near ; CODE XREF: sub_4046AA+17C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
mov edi, ecx
cmp [ebx+8], eax
jnb short loc_404BE6
call near ptr dword_41FFDC
loc_404BE6: ; CODE XREF: sub_404BCE+11�j
mov eax, [ebx+8]
mov ecx, [ebp+arg_4]
mov esi, eax
sub esi, ecx
cmp [ebp+arg_8], esi
jnb short loc_404BF8
mov esi, [ebp+arg_8]
loc_404BF8: ; CODE XREF: sub_404BCE+25�j
cmp edi, ebx
jnz short loc_404C1A
push dword_421248
add esi, ecx
mov ecx, edi
push esi
call sub_404D92
push [ebp+arg_4]
mov ecx, edi
push 0
call sub_404D92
jmp short loc_404C93
; ---------------------------------------------------------------------------
loc_404C1A: ; CODE XREF: sub_404BCE+2C�j
test esi, esi
jbe short loc_404C5D
cmp esi, eax
jnz short loc_404C5D
mov eax, [ebx+4]
test eax, eax
jnz short loc_404C2E
mov eax, offset dword_421258
loc_404C2E: ; CODE XREF: sub_404BCE+59�j
cmp byte ptr [eax-1], 0FEh
jnb short loc_404C5D
push 1
mov ecx, edi
call sub_404D21
mov eax, [ebx+4]
test eax, eax
jnz short loc_404C49
mov eax, offset dword_421258
loc_404C49: ; CODE XREF: sub_404BCE+74�j
mov [edi+4], eax
mov ecx, [ebx+8]
mov [edi+8], ecx
mov ecx, [ebx+0Ch]
mov [edi+0Ch], ecx
inc byte ptr [eax-1]
jmp short loc_404C93
; ---------------------------------------------------------------------------
loc_404C5D: ; CODE XREF: sub_404BCE+4E�j
; sub_404BCE+52�j ...
push 1
push esi
mov ecx, edi
call sub_404C9C
test al, al
jz short loc_404C93
mov eax, [ebx+4]
test eax, eax
jnz short loc_404C77
mov eax, offset dword_421258
loc_404C77: ; CODE XREF: sub_404BCE+A2�j
mov ecx, [ebp+arg_4]
push esi
add eax, ecx
push eax
push dword ptr [edi+4]
call sub_4155D0
mov eax, [edi+4]
add esp, 0Ch
mov [edi+8], esi
and byte ptr [eax+esi], 0
loc_404C93: ; CODE XREF: sub_404BCE+4A�j
; sub_404BCE+8D�j ...
mov eax, edi
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
sub_404BCE endp
; =============== S U B R O U T I N E =======================================
sub_404C9C proc near ; CODE XREF: sub_4046AA+3D�p
; sub_404B1E+28�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push esi
push edi
mov edi, [esp+8+arg_0]
mov esi, ecx
cmp edi, 0FFFFFFFDh
jbe short loc_404CAE
call near ptr dword_41FDB0
loc_404CAE: ; CODE XREF: sub_404C9C+B�j
mov ecx, [esi+4]
xor edx, edx
cmp ecx, edx
jz short loc_404CD7
mov al, [ecx-1]
cmp al, dl
jz short loc_404CD7
cmp al, 0FFh
jz short loc_404CD7
cmp edi, edx
jnz short loc_404D12
dec al
push edx
mov [ecx-1], al
loc_404CCC: ; CODE XREF: sub_404C9C+47�j
mov ecx, esi
call sub_404D21
loc_404CD3: ; CODE XREF: sub_404C9C+4B�j
; sub_404C9C+52�j
xor al, al
jmp short loc_404D1C
; ---------------------------------------------------------------------------
loc_404CD7: ; CODE XREF: sub_404C9C+19�j
; sub_404C9C+20�j ...
cmp edi, edx
jnz short loc_404CF0
cmp [esp+8+arg_4], dl
jz short loc_404CE5
push 1
jmp short loc_404CCC
; ---------------------------------------------------------------------------
loc_404CE5: ; CODE XREF: sub_404C9C+43�j
cmp ecx, edx
jz short loc_404CD3
mov [esi+8], edx
mov [ecx], dl
jmp short loc_404CD3
; ---------------------------------------------------------------------------
loc_404CF0: ; CODE XREF: sub_404C9C+3D�j
cmp [esp+8+arg_4], dl
jz short loc_404D0D
mov eax, [esi+0Ch]
cmp eax, 1Fh
ja short loc_404D02
cmp eax, edi
jnb short loc_404D1A
loc_404D02: ; CODE XREF: sub_404C9C+60�j
push 1
mov ecx, esi
call sub_404D21
jmp short loc_404D12
; ---------------------------------------------------------------------------
loc_404D0D: ; CODE XREF: sub_404C9C+58�j
cmp [esi+0Ch], edi
jnb short loc_404D1A
loc_404D12: ; CODE XREF: sub_404C9C+28�j
; sub_404C9C+6F�j
push edi
mov ecx, esi
call sub_404DF9
loc_404D1A: ; CODE XREF: sub_404C9C+64�j
; sub_404C9C+74�j
mov al, 1
loc_404D1C: ; CODE XREF: sub_404C9C+39�j
pop edi
pop esi
retn 8
sub_404C9C endp
; =============== S U B R O U T I N E =======================================
sub_404D21 proc near ; CODE XREF: sub_4046AA+1F�p
; sub_4046AA+16A�p ...
arg_0 = byte ptr 4
cmp [esp+arg_0], 0
push esi
mov esi, ecx
jz short loc_404D4D
mov eax, [esi+4]
test eax, eax
jz short loc_404D4D
lea ecx, [eax-1]
mov al, [eax-1]
test al, al
jz short loc_404D46
cmp al, 0FFh
jz short loc_404D46
dec al
mov [ecx], al
jmp short loc_404D4D
; ---------------------------------------------------------------------------
loc_404D46: ; CODE XREF: sub_404D21+19�j
; sub_404D21+1D�j
push ecx
call sub_416477
pop ecx
loc_404D4D: ; CODE XREF: sub_404D21+8�j
; sub_404D21+F�j ...
and dword ptr [esi+4], 0
and dword ptr [esi+8], 0
and dword ptr [esi+0Ch], 0
pop esi
retn 4
sub_404D21 endp
; =============== S U B R O U T I N E =======================================
sub_404D5D proc near ; CODE XREF: .nsp0:00404A45�p
; sub_404EB6+28�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push edi
mov edi, [esp+8+arg_4]
push 1
mov esi, ecx
push edi
call sub_404C9C
test al, al
jz short loc_404D8B
push edi
push [esp+0Ch+arg_0]
push dword ptr [esi+4]
call sub_4155D0
mov eax, [esi+4]
add esp, 0Ch
mov [esi+8], edi
and byte ptr [eax+edi], 0
loc_404D8B: ; CODE XREF: sub_404D5D+12�j
mov eax, esi
pop edi
pop esi
retn 8
sub_404D5D endp
; =============== S U B R O U T I N E =======================================
sub_404D92 proc near ; CODE XREF: sub_404BCE+39�p
; sub_404BCE+45�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
mov esi, [esp+8+arg_0]
push edi
mov edi, ecx
cmp [edi+8], esi
jnb short loc_404DA5
call near ptr dword_41FFDC
loc_404DA5: ; CODE XREF: sub_404D92+C�j
mov ecx, edi
call sub_404EB6
mov eax, [edi+8]
mov ebx, [esp+0Ch+arg_4]
sub eax, esi
cmp eax, ebx
jnb short loc_404DBB
mov ebx, eax
loc_404DBB: ; CODE XREF: sub_404D92+25�j
test ebx, ebx
jbe short loc_404DF1
mov ecx, [edi+4]
sub eax, ebx
add ecx, esi
push eax
lea eax, [ecx+ebx]
push eax
push ecx
call sub_416490
mov esi, [edi+8]
add esp, 0Ch
sub esi, ebx
mov ecx, edi
push 0
push esi
call sub_404C9C
test al, al
jz short loc_404DF1
mov eax, [edi+4]
mov [edi+8], esi
and byte ptr [esi+eax], 0
loc_404DF1: ; CODE XREF: sub_404D92+2B�j
; sub_404D92+53�j
mov eax, edi
pop edi
pop esi
pop ebx
retn 8
sub_404D92 endp
; =============== S U B R O U T I N E =======================================
sub_404DF9 proc near ; CODE XREF: sub_404C9C+79�p
mov eax, offset dword_42028C
call sub_416458
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+8]
or edi, 1Fh
mov esi, ecx
cmp edi, 0FFFFFFFDh
mov [ebp-10h], esp
mov [ebp-14h], esi
jbe short loc_404E1F
mov edi, [ebp+8]
loc_404E1F: ; CODE XREF: sub_404DF9+21�j
and dword ptr [ebp-4], 0
lea eax, [edi+2]
test eax, eax
jge short loc_404E2C
xor eax, eax
loc_404E2C: ; CODE XREF: sub_404DF9+2F�j
push eax
call sub_4167C5
pop ecx
mov [ebp+8], eax
jmp short loc_404E5D
; ---------------------------------------------------------------------------
mov eax, [ebp+8]
mov [ebp-18h], eax
add eax, 2
test eax, eax
jge short loc_404E47
xor eax, eax
loc_404E47: ; CODE XREF: sub_404DF9+4A�j
push eax
call sub_4167C5
mov [ebp+8], eax
pop ecx
mov eax, offset loc_404E57
retn
; ---------------------------------------------------------------------------
loc_404E57: ; DATA XREF: sub_404DF9+58�o
mov esi, [ebp-14h]
mov edi, [ebp-18h]
loc_404E5D: ; CODE XREF: sub_404DF9+3D�j
mov eax, [esi+8]
test eax, eax
jbe short loc_404E7B
cmp eax, edi
jbe short loc_404E6A
mov eax, edi
loc_404E6A: ; CODE XREF: sub_404DF9+6D�j
push eax
mov eax, [ebp+8]
push dword ptr [esi+4]
inc eax
push eax
call sub_4155D0
add esp, 0Ch
loc_404E7B: ; CODE XREF: sub_404DF9+69�j
mov ebx, [esi+8]
push 1
mov ecx, esi
call sub_404D21
mov eax, [ebp+8]
inc eax
mov [esi+4], eax
and byte ptr [eax-1], 0
cmp ebx, edi
mov [esi+0Ch], edi
ja short loc_404E9B
mov edi, ebx
loc_404E9B: ; CODE XREF: sub_404DF9+9E�j
mov eax, [esi+4]
mov ecx, [ebp-0Ch]
mov [esi+8], edi
and byte ptr [eax+edi], 0
pop edi
pop esi
mov large fs:0, ecx
pop ebx
leave
retn 4
sub_404DF9 endp
; =============== S U B R O U T I N E =======================================
sub_404EB6 proc near ; CODE XREF: sub_404D92+15�p
push esi
push edi
mov edi, ecx
mov esi, [edi+4]
test esi, esi
jz short loc_404EE3
mov al, [esi-1]
test al, al
jz short loc_404EE3
cmp al, 0FFh
jz short loc_404EE3
push 1
call sub_404D21
push esi
call sub_415CF0
pop ecx
push eax
push esi
mov ecx, edi
call sub_404D5D
loc_404EE3: ; CODE XREF: sub_404EB6+9�j
; sub_404EB6+10�j ...
pop edi
pop esi
retn
sub_404EB6 endp
; ---------------------------------------------------------------------------
test byte_46977C, 1
jnz short loc_404EF6
or byte_46977C, 1
loc_404EF6: ; CODE XREF: .nsp0:00404EED�j
jmp $+5
push offset nullsub_1
call sub_416840
pop ecx
retn
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F08 proc near ; CODE XREF: .nsp0:00405188�p
var_E3C = byte ptr -0E3Ch
var_A3C = byte ptr -0A3Ch
var_63C = byte ptr -63Ch
var_23C = byte ptr -23Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1A = byte ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_14 = byte ptr 1Ch
arg_A0 = dword ptr 0A8h
arg_A8 = dword ptr 0B0h
arg_B0 = dword ptr 0B8h
arg_B4 = dword ptr 0BCh
push ebp
mov ebp, esp
sub esp, 0E3Ch
mov al, byte_438FBC
push esi
mov [ebp+var_1], al
push edi
lea eax, [ebp+var_14]
xor edi, edi
push eax
mov esi, offset dword_4265B8
push edi
push 1
mov [ebp+var_3C], esi
mov [ebp+var_38], offset dword_4265B0
mov [ebp+var_34], offset dword_4265A8
mov [ebp+var_30], offset dword_426598
mov [ebp+var_2C], offset dword_426588
mov [ebp+var_28], offset dword_426578
mov [ebp+var_24], offset dword_426570
mov [ebp+var_20], edi
mov [ebp+var_18], edi
mov [ebp+var_10], edi
mov [ebp+var_8], edi
call dword_43A31C
test ax, ax
jnz short loc_404F84
push 0FFFFFFFAh
push 3
push 0C8h
push [ebp+var_14]
call dword_43A420
test ax, ax
jz short loc_404F8B
loc_404F84: ; CODE XREF: sub_404F08+63�j
xor eax, eax
jmp loc_405164
; ---------------------------------------------------------------------------
loc_404F8B: ; CODE XREF: sub_404F08+7A�j
lea eax, [ebp+var_10]
push eax
push [ebp+var_14]
push 2
call dword_43A31C
test ax, ax
jnz loc_405157
test esi, esi
push ebx
jz loc_405148
mov edi, dword_421060
lea eax, [ebp+var_3C]
mov [ebp+var_C], eax
mov ebx, offset byte_42C1FC
loc_404FBD: ; CODE XREF: sub_404F08+1EB�j
cmp dword_42C368, 0
jz loc_4050E7
mov eax, offset dword_42C368
mov esi, eax
loc_404FD1: ; CODE XREF: sub_404F08+13E�j
lea ecx, [ebp+var_1]
push ecx
push dword ptr [eax]
mov eax, [ebp+var_C]
push dword ptr [eax]
lea eax, [ebp+arg_4]
push [ebp+arg_A0]
push eax
lea eax, [ebp+var_A3C]
push offset dword_42653C
push eax
call sub_4154E7
add esp, 1Ch
lea eax, [ebp+var_1A]
push 0
push eax
lea eax, [ebp+var_E3C]
push 400h
push eax
lea eax, [ebp+var_A3C]
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_A3C]
push eax
push 0
push [ebp+var_10]
call dword_43A3D4
test ax, ax
jz short loc_40504D
cmp ax, 1
jz short loc_40504D
push 1F4h
call edi
add esi, 4
mov eax, esi
cmp dword ptr [esi], 0
jnz short loc_404FD1
jmp loc_4050E7
; ---------------------------------------------------------------------------
loc_40504D: ; CODE XREF: sub_404F08+127�j
; sub_404F08+12D�j
lea eax, [ebp+var_8]
push eax
push [ebp+var_10]
push 3
call dword_43A31C
push ebx
push ebx
call sub_415543
push eax
call sub_415543
push eax
push dword_438FDC
push [ebp+arg_0]
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_63C]
push offset dword_4264AC
push eax
call sub_4154E7
add esp, 20h
lea eax, [ebp+var_63C]
push 0FFFFFFFDh
push eax
push [ebp+var_8]
call dword_43A35C
test ax, ax
jz short loc_4050DC
mov esi, 1388h
push esi
call edi
push ebx
lea eax, [ebp+var_63C]
push offset dword_42648C
push eax
call sub_4154E7
add esp, 0Ch
lea eax, [ebp+var_63C]
push 0FFFFFFFDh
push eax
push [ebp+var_8]
call dword_43A35C
test ax, ax
jz short loc_4050F8
push esi
call edi
loc_4050DC: ; CODE XREF: sub_404F08+19B�j
push [ebp+var_8]
push 3
call dword_43A3B4
loc_4050E7: ; CODE XREF: sub_404F08+BC�j
; sub_404F08+140�j
add [ebp+var_C], 4
mov eax, [ebp+var_C]
cmp dword ptr [eax], 0
jz short loc_405148
jmp loc_404FBD
; ---------------------------------------------------------------------------
loc_4050F8: ; CODE XREF: sub_404F08+1CF�j
cmp [ebp+arg_B4], 0
mov [ebp+var_18], 1
jnz short loc_405126
push 0
lea eax, [ebp+var_23C]
push [ebp+arg_B0]
push eax
lea eax, [ebp+arg_14]
push eax
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_405126: ; CODE XREF: sub_404F08+1FE�j
lea eax, [ebp+var_23C]
push eax
call sub_40B16D
mov eax, [ebp+arg_A8]
pop ecx
imul eax, 3Ch
inc dword_427340[eax]
lea eax, dword_427340[eax]
loc_405148: ; CODE XREF: sub_404F08+9E�j
; sub_404F08+1E9�j
push [ebp+var_10]
push 2
call dword_43A3B4
mov edi, [ebp+var_18]
pop ebx
loc_405157: ; CODE XREF: sub_404F08+95�j
push [ebp+var_14]
push 1
call dword_43A3B4
mov eax, edi
loc_405164: ; CODE XREF: sub_404F08+7E�j
pop edi
pop esi
leave
retn
sub_404F08 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
sub esp, 0BCh
lea esi, [ebp+8]
mov dword ptr [ebp+0A8h], 599h
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_404F08
push 2Fh
lea esi, [ebp+8]
pop ecx
mov dword ptr [ebp+0A8h], 1BDh
mov edi, esp
mov [ebp-4], eax
rep movsd
call sub_403C8B
add esp, 0BCh
mov [ebp+0C0h], eax
push 1
pop eax
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4051BC proc near ; CODE XREF: .nsp0:004053BA�p
var_5A0 = byte ptr -5A0h
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 5A0h
push ebx
push esi
push edi
xor esi, esi
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+arg_4]
mov [ebp+var_10], 2
push eax
call dword_43A3D8
mov [ebp+var_C], eax
mov ax, word_426710
push eax
call dword_43A398
push esi
push 1
push 2
mov [ebp+var_E], ax
call dword_43A418
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_4052D5
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_43A340
cmp eax, 0FFFFFFFFh
jz loc_4052D5
push esi
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_43A3B0
mov esi, offset byte_42C1FC
push esi
push esi
push dword_438FDC
push [ebp+arg_0]
call sub_40A171
pop ecx
mov edi, 190h
push eax
push offset dword_425FF0
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_415A6A
add esp, 1Ch
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_4052D5
push 1F4h
call dword_421060
push esi
push offset dword_425050
lea eax, [ebp+var_1A0]
push edi
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_1A0]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1A0]
push eax
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_4052D9
loc_4052D5: ; CODE XREF: sub_4051BC+51�j
; sub_4051BC+67�j ...
xor al, al
jmp short loc_4052F7
; ---------------------------------------------------------------------------
loc_4052D9: ; CODE XREF: sub_4051BC+117�j
push 0
lea eax, [ebp+var_5A0]
push 400h
push eax
push ebx
call dword_43A3B0
push ebx
call dword_43A430
mov al, 1
loc_4052F7: ; CODE XREF: sub_4051BC+11B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4051BC endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
lea eax, [ebp+0Ch]
push edi
push eax
call dword_4211C8
mov esi, eax
test esi, esi
jnz short loc_405326
lea eax, [ebp+0Ch]
push eax
call dword_4211D8
mov ebx, eax
jmp short loc_40532C
; ---------------------------------------------------------------------------
loc_405326: ; CODE XREF: .nsp0:00405316�j
mov ebx, [ebp+0C0h]
loc_40532C: ; CODE XREF: .nsp0:00405324�j
push 11h
push 2
push 2
call dword_4211E0
test esi, esi
mov edi, eax
jz short loc_405356
movsx eax, word ptr [esi+0Ah]
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp-0Ch]
push eax
call sub_4155D0
add esp, 0Ch
jmp short loc_405359
; ---------------------------------------------------------------------------
loc_405356: ; CODE XREF: .nsp0:0040533C�j
mov [ebp-0Ch], ebx
loc_405359: ; CODE XREF: .nsp0:00405354�j
test esi, esi
jz short loc_405367
mov ax, [esi+8]
mov [ebp-10h], ax
jmp short loc_40536D
; ---------------------------------------------------------------------------
loc_405367: ; CODE XREF: .nsp0:0040535B�j
mov word ptr [ebp-10h], 2
loc_40536D: ; CODE XREF: .nsp0:00405365�j
push 598h
call dword_4211DC
mov [ebp-0Eh], ax
lea eax, [ebp-10h]
push 10h
push eax
push edi
call dword_4211E4
test eax, eax
jnz short loc_4053F2
push eax
push 152h
push offset dword_4265BC
push edi
call dword_4211EC
push 3E8h
call dword_421060
sub esp, 0BCh
lea esi, [ebp+8]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call sub_4051BC
add esp, 0BCh
test al, al
jz short loc_4053CE
push 1
pop eax
jmp short loc_405404
; ---------------------------------------------------------------------------
loc_4053CE: ; CODE XREF: .nsp0:004053C7�j
lea eax, [ebp-210h]
push eax
call sub_40B16D
mov eax, [ebp+0B0h]
pop ecx
imul eax, 3Ch
inc dword_427340[eax]
lea eax, dword_427340[eax]
jmp short loc_405402
; ---------------------------------------------------------------------------
loc_4053F2: ; CODE XREF: .nsp0:0040538B�j
push 1
push edi
call dword_4211CC
push edi
call dword_4211F0
loc_405402: ; CODE XREF: .nsp0:004053F0�j
xor eax, eax
loc_405404: ; CODE XREF: .nsp0:004053CC�j
pop edi
pop esi
pop ebx
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405409 proc near ; DATA XREF: sub_407276+226�o
var_A6C = byte ptr -0A6Ch
var_8DC = byte ptr -8DCh
var_6DC = dword ptr -6DCh
var_6D8 = byte ptr -6D8h
var_4C4 = byte ptr -4C4h
var_444 = dword ptr -444h
var_440 = dword ptr -440h
var_438 = dword ptr -438h
var_334 = byte ptr -334h
var_2D0 = byte ptr -2D0h
var_29C = byte ptr -29Ch
var_238 = byte ptr -238h
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_124 = byte ptr -124h
var_F8 = byte ptr -0F8h
var_C4 = byte ptr -0C4h
var_AC = byte ptr -0ACh
var_48 = byte ptr -48h
var_38 = word ptr -38h
var_36 = word ptr -36h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A6Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 1
mov ecx, 0A9h
mov esi, eax
lea edi, [ebp+var_6DC]
pop ebx
rep movsd
mov [eax+2A0h], ebx
lea eax, [ebp+var_A6C]
xor edi, edi
push eax
push 101h
mov [ebp+var_28], ebx
mov [ebp+var_18], ebx
mov [ebp+var_228], edi
mov [ebp+var_438], edi
call dword_4211B0
push edi
call sub_416AD4
push eax
call sub_415539
push 0FA00h
push 471h
call sub_414098
add esp, 10h
mov dword_438FDC, eax
push edi
push ebx
push 2
call dword_4211E0
mov esi, eax
lea eax, [ebp+var_28]
push 4
push eax
push 4
push 0FFFFh
push esi
mov [ebp+var_C], esi
call dword_4211B4
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
call dword_4211B8
mov ax, word ptr dword_438FDC
mov [ebp+var_38], 2
push eax
mov [ebp+var_34], edi
call dword_4211DC
mov [ebp+var_36], ax
lea eax, [ebp+var_38]
push 10h
push eax
push esi
call dword_4211BC
test eax, eax
jge short loc_4054DE
mov eax, ebx
jmp loc_405A05
; ---------------------------------------------------------------------------
loc_4054DE: ; CODE XREF: sub_405409+CC�j
push 0Ah
push esi
call dword_4211C0
mov [ebp+var_228], ebx
mov ebx, dword_4211EC
mov [ebp+var_224], esi
mov [ebp+var_4], esi
loc_4054FC: ; CODE XREF: sub_405409+12C�j
; sub_405409+5F4�j
push 41h
lea esi, [ebp+var_228]
pop ecx
lea edi, [ebp+var_438]
rep movsd
xor esi, esi
lea eax, [ebp+var_438]
push esi
push esi
push esi
push eax
mov eax, [ebp+var_4]
inc eax
push eax
call dword_4211D0
cmp eax, 0FFFFFFFFh
jz loc_405A02
xor edi, edi
cmp [ebp+var_4], esi
mov [ebp+arg_0], edi
jl short loc_4054FC
loc_405537: ; CODE XREF: sub_405409+5EE�j
xor esi, esi
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_415570
push 64h
lea eax, [ebp+var_AC]
push esi
push eax
call sub_415570
add esp, 18h
lea eax, [ebp+var_438]
push eax
push edi
call near ptr word_420106
test eax, eax
jz loc_4059F0
cmp edi, [ebp+var_C]
jnz short loc_4055EE
lea eax, [ebp+var_24]
mov [ebp+var_24], 10h
push eax
lea eax, [ebp+var_238]
push eax
push [ebp+var_C]
call dword_4211C4
cmp eax, 0FFFFFFFFh
jz loc_4059F0
xor ecx, ecx
cmp [ebp+var_228], esi
jbe short loc_4055B8
lea edx, [ebp+var_224]
loc_4055A8: ; CODE XREF: sub_405409+1AD�j
cmp [edx], eax
jz short loc_4055B8
inc ecx
add edx, 4
cmp ecx, [ebp+var_228]
jb short loc_4055A8
loc_4055B8: ; CODE XREF: sub_405409+197�j
; sub_405409+1A1�j
cmp ecx, [ebp+var_228]
jnz short loc_4055D6
cmp [ebp+var_228], 40h
jnb short loc_4055D6
mov [ebp+ecx*4+var_224], eax
inc [ebp+var_228]
loc_4055D6: ; CODE XREF: sub_405409+1B5�j
; sub_405409+1BE�j
cmp eax, [ebp+var_4]
jle short loc_4055DE
mov [ebp+var_4], eax
loc_4055DE: ; CODE XREF: sub_405409+1D0�j
push esi
push 15h
push offset dword_426998
push eax
call ebx
jmp loc_4059F0
; ---------------------------------------------------------------------------
loc_4055EE: ; CODE XREF: sub_405409+169�j
push esi
lea eax, [ebp+var_29C]
push 64h
push eax
push edi
call dword_4211E8
test eax, eax
jg short loc_405655
mov edx, [ebp+var_228]
xor ecx, ecx
cmp edx, esi
jbe short loc_405649
lea eax, [ebp+var_224]
loc_405615: ; CODE XREF: sub_405409+216�j
cmp [eax], edi
jz short loc_405623
inc ecx
add eax, 4
cmp ecx, edx
jb short loc_405615
jmp short loc_405649
; ---------------------------------------------------------------------------
loc_405623: ; CODE XREF: sub_405409+20E�j
dec edx
cmp ecx, edx
jnb short loc_405643
lea eax, [ebp+ecx*4+var_224]
loc_40562F: ; CODE XREF: sub_405409+238�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov edx, [ebp+var_228]
add eax, 4
dec edx
cmp ecx, edx
jb short loc_40562F
loc_405643: ; CODE XREF: sub_405409+21D�j
dec [ebp+var_228]
loc_405649: ; CODE XREF: sub_405409+204�j
; sub_405409+218�j
push edi
call dword_4211F0
jmp loc_4059F0
; ---------------------------------------------------------------------------
loc_405655: ; CODE XREF: sub_405409+1F8�j
lea eax, [ebp+var_334]
push eax
lea eax, [ebp+var_AC]
push eax
lea eax, [ebp+var_29C]
push offset dword_426990
push eax
call sub_416AA0
lea eax, [ebp+var_AC]
push offset dword_426988
push eax
call sub_415910
add esp, 18h
test eax, eax
jnz short loc_405699
push esi
push 16h
push offset dword_426970
jmp loc_4059DB
; ---------------------------------------------------------------------------
loc_405699: ; CODE XREF: sub_405409+281�j
lea eax, [ebp+var_AC]
push offset dword_426968
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_4056BD
push esi
push 14h
push offset dword_426950
jmp loc_4059DB
; ---------------------------------------------------------------------------
loc_4056BD: ; CODE XREF: sub_405409+2A5�j
lea eax, [ebp+var_AC]
push offset dword_426948
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_4056E1
push esi
push 0Dh
push offset dword_426938
jmp loc_4059DB
; ---------------------------------------------------------------------------
loc_4056E1: ; CODE XREF: sub_405409+2C9�j
lea eax, [ebp+var_AC]
push offset dword_426930
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_405705
push esi
push 10h
push offset dword_42691C
jmp loc_4059DB
; ---------------------------------------------------------------------------
loc_405705: ; CODE XREF: sub_405409+2ED�j
lea eax, [ebp+var_AC]
push offset dword_426918
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_405729
push esi
push 1Eh
push offset dword_4268F8
jmp loc_4059DB
; ---------------------------------------------------------------------------
loc_405729: ; CODE XREF: sub_405409+311�j
lea eax, [ebp+var_AC]
push offset dword_4268F0
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_405764
lea eax, [ebp+var_334]
push offset dword_4268EC
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_405764
push esi
push 13h
push offset dword_4268D8
jmp loc_4059DB
; ---------------------------------------------------------------------------
loc_405764: ; CODE XREF: sub_405409+335�j
; sub_405409+34C�j
lea eax, [ebp+var_AC]
push offset dword_4268F0
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40579F
lea eax, [ebp+var_334]
push offset dword_4268D4
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40579F
push esi
push 13h
push offset dword_4268C0
jmp loc_4059DB
; ---------------------------------------------------------------------------
loc_40579F: ; CODE XREF: sub_405409+370�j
; sub_405409+387�j
lea eax, [ebp+var_AC]
push offset dword_4268B8
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_4057ED
push 0Ah
mov esi, offset dword_42688C
pop ecx
lea edi, [ebp+var_124]
rep movsd
push eax
lea eax, [ebp+var_124]
push eax
movsw
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_124]
loc_4057DD: ; CODE XREF: sub_405409+423�j
push eax
push [ebp+arg_0]
call ebx
xor esi, esi
loc_4057E5: ; CODE XREF: sub_405409+4F3�j
mov edi, [ebp+arg_0]
jmp loc_4059DE
; ---------------------------------------------------------------------------
loc_4057ED: ; CODE XREF: sub_405409+3AB�j
lea eax, [ebp+var_AC]
push offset dword_426884
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40582E
push 5
mov esi, offset dword_42686C
pop ecx
lea edi, [ebp+var_C4]
rep movsd
movsw
push eax
lea eax, [ebp+var_C4]
push eax
movsb
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_C4]
jmp short loc_4057DD
; ---------------------------------------------------------------------------
loc_40582E: ; CODE XREF: sub_405409+3F9�j
lea eax, [ebp+var_AC]
push offset dword_426864
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_405901
lea eax, [ebp+var_2D0]
push eax
lea eax, [ebp+var_F8]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_29C]
push offset dword_42683C
push eax
call sub_416AA0
lea eax, [ebp+var_F8]
push eax
call sub_415A5F
mov edi, eax
lea eax, [ebp+var_2D0]
push eax
call sub_415A5F
mov [ebp+var_8], eax
push 32h
lea eax, [ebp+var_F8]
push esi
push eax
call sub_415570
push [ebp+var_8]
lea eax, [ebp+var_F8]
push edi
push offset dword_426834
push eax
call sub_4154E7
add esp, 44h
lea eax, [ebp+var_F8]
push 10h
push esi
push eax
call sub_416A89
mov [ebp+var_8], eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_48]
push offset dword_426828
push eax
call sub_4154E7
add esp, 24h
push esi
push 1Dh
push offset dword_426808
push [ebp+arg_0]
call ebx
jmp loc_4057E5
; ---------------------------------------------------------------------------
loc_405901: ; CODE XREF: sub_405409+43A�j
lea eax, [ebp+var_AC]
push offset dword_426800
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_4059BC
push esi
push 28h
push offset dword_4267D4
push edi
call ebx
push [ebp+var_8]
lea eax, [ebp+var_48]
push eax
call sub_405A0C
pop ecx
cmp eax, 1
pop ecx
jnz short loc_4059B2
call sub_405A89
cmp eax, 1
jnz loc_4059DE
push esi
push 17h
push offset dword_4267BC
push edi
call ebx
lea eax, [ebp+var_6D8]
push eax
lea eax, [ebp+var_48]
push dword_438FDC
push eax
lea eax, [ebp+var_8DC]
push offset dword_42675C
push eax
call sub_4154E7
add esp, 14h
cmp [ebp+var_440], esi
jnz short loc_4059A3
push esi
lea eax, [ebp+var_8DC]
push [ebp+var_444]
push eax
lea eax, [ebp+var_4C4]
push eax
push [ebp+var_6DC]
call sub_412D4C
add esp, 14h
loc_4059A3: ; CODE XREF: sub_405409+575�j
lea eax, [ebp+var_8DC]
push eax
call sub_40B16D
pop ecx
jmp short loc_4059DE
; ---------------------------------------------------------------------------
loc_4059B2: ; CODE XREF: sub_405409+52F�j
push esi
push 20h
push offset dword_426738
jmp short loc_4059DB
; ---------------------------------------------------------------------------
loc_4059BC: ; CODE XREF: sub_405409+50D�j
lea eax, [ebp+var_AC]
push offset dword_426730
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_4059DE
push esi
push 1Bh
push offset dword_426714
loc_4059DB: ; CODE XREF: sub_405409+28B�j
; sub_405409+2AF�j ...
push edi
call ebx
loc_4059DE: ; CODE XREF: sub_405409+3DF�j
; sub_405409+539�j ...
push 64h
lea eax, [ebp+var_29C]
push esi
push eax
call sub_415570
add esp, 0Ch
loc_4059F0: ; CODE XREF: sub_405409+160�j
; sub_405409+189�j ...
inc edi
cmp edi, [ebp+var_4]
mov [ebp+arg_0], edi
jle loc_405537
jmp loc_4054FC
; ---------------------------------------------------------------------------
loc_405A02: ; CODE XREF: sub_405409+11E�j
push 1
pop eax
loc_405A05: ; CODE XREF: sub_405409+D0�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_405409 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A0C proc near ; CODE XREF: sub_405409+525�p
var_1A0 = byte ptr -1A0h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1A0h
lea eax, [ebp+var_1A0]
push eax
push 101h
call dword_4211B0
push 0
push 1
push 2
call dword_4211E0
push [ebp+arg_0]
mov dword_438FD8, eax
mov [ebp+var_10], 2
call dword_4211D8
push [ebp+arg_4]
mov [ebp+var_C], eax
call dword_4211DC
mov [ebp+var_E], ax
lea eax, [ebp+var_10]
push 10h
push eax
push dword_438FD8
call dword_4211E4
cmp eax, 0FFFFFFFFh
jnz short loc_405A84
push dword_438FD8
call dword_4211F0
call dword_4211AC
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_405A84: ; CODE XREF: sub_405A0C+60�j
push 1
pop eax
leave
retn
sub_405A0C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405A89 proc near ; CODE XREF: sub_405409+531�p
var_504 = byte ptr -504h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 504h
push esi
lea eax, [ebp+var_104]
push 104h
push eax
push 0
call dword_42107C
lea eax, [ebp+var_104]
push offset dword_4269B0
push eax
call sub_415BE8
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_405B20
test byte ptr [esi+0Ch], 10h
jnz short loc_405B04
push edi
mov edi, 400h
loc_405ACC: ; CODE XREF: sub_405A89+78�j
push esi
push 1
lea eax, [ebp+var_504]
push edi
push eax
call sub_416BB0
add esp, 10h
lea eax, [ebp+var_504]
push 0
push edi
push eax
push dword_438FD8
call dword_4211EC
push 1
call dword_421060
test byte ptr [esi+0Ch], 10h
jz short loc_405ACC
pop edi
loc_405B04: ; CODE XREF: sub_405A89+3B�j
push esi
call sub_415B40
pop ecx
push dword_438FD8
call dword_4211F0
call dword_4211AC
push 1
pop eax
loc_405B20: ; CODE XREF: sub_405A89+35�j
pop esi
leave
retn
sub_405A89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405B23 proc near ; DATA XREF: sub_407276+333�o
; sub_40CE55+5068�o
var_28F0 = byte ptr -28F0h
var_18F0 = byte ptr -18F0h
var_8F0 = byte ptr -8F0h
var_6F0 = byte ptr -6F0h
var_5EC = dword ptr -5ECh
var_5E8 = byte ptr -5E8h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_23C = byte ptr -23Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_34 = byte ptr -34h
var_24 = word ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 28F0h
call sub_415D70
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_5EC]
push 1
rep movsd
pop esi
xor ebx, ebx
mov [eax+3ACh], esi
push 10h
lea eax, [ebp+var_24]
push ebx
push eax
mov [ebp+var_14], esi
call sub_415570
add esp, 0Ch
mov [ebp+var_24], 2
push [ebp+var_25C]
call dword_43A398
push ebx
push esi
push 2
mov [ebp+var_22], ax
mov [ebp+var_20], ebx
call dword_43A418
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_C], edi
jz loc_405F0E
mov eax, [ebp+var_254]
push 10h
imul eax, 234h
mov dword_43F534[eax], edi
lea eax, [ebp+var_24]
push eax
push edi
call dword_43A3C4
cmp eax, 0FFFFFFFFh
jz loc_405F0E
push 7FFFFFFFh
push edi
call dword_43A3C0
cmp eax, 0FFFFFFFFh
jz loc_405F0E
lea eax, [ebp+var_14]
push eax
push 8004667Eh
push edi
call dword_43A434
cmp eax, 0FFFFFFFFh
jz loc_405F0E
mov ebx, esi
mov [ebp+var_134], edi
mov [ebp+var_138], ebx
mov [ebp+var_8], edi
loc_405BFA: ; CODE XREF: sub_405B23+3E1�j
push 41h
xor eax, eax
pop ecx
lea esi, [ebp+var_138]
push eax
push eax
push eax
lea eax, [ebp+var_6F0]
push eax
mov eax, [ebp+var_8]
lea edi, [ebp+var_6F0]
inc eax
rep movsd
push eax
call dword_43A380
cmp eax, 0FFFFFFFFh
jz loc_405F09
xor esi, esi
mov [ebp+var_4], esi
loc_405C30: ; CODE XREF: sub_405B23+3DB�j
lea eax, [ebp+var_6F0]
push eax
push esi
call dword_43A290
test eax, eax
jz loc_405EF4
cmp esi, [ebp+var_C]
jnz short loc_405CB2
lea eax, [ebp+var_10]
mov [ebp+var_10], 10h
push eax
lea eax, [ebp+var_34]
push eax
push [ebp+var_C]
call dword_43A42C
cmp eax, 0FFFFFFFFh
jz loc_405EF4
xor ecx, ecx
test ebx, ebx
jbe short loc_405C84
lea edx, [ebp+var_134]
loc_405C78: ; CODE XREF: sub_405B23+15F�j
cmp [edx], eax
jz short loc_405C84
inc ecx
add edx, 4
cmp ecx, ebx
jb short loc_405C78
loc_405C84: ; CODE XREF: sub_405B23+14D�j
; sub_405B23+157�j
cmp ecx, ebx
jnz short loc_405CA1
cmp ebx, 40h
jnb short loc_405CA1
mov [ebp+ecx*4+var_134], eax
mov ebx, [ebp+var_138]
inc ebx
mov [ebp+var_138], ebx
loc_405CA1: ; CODE XREF: sub_405B23+163�j
; sub_405B23+168�j
cmp eax, [ebp+var_8]
jbe loc_405EF4
mov [ebp+var_8], eax
jmp loc_405EF4
; ---------------------------------------------------------------------------
loc_405CB2: ; CODE XREF: sub_405B23+126�j
mov edi, 1000h
lea eax, [ebp+var_28F0]
push edi
push 0
push eax
call sub_415570
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_415570
add esp, 18h
lea eax, [ebp+var_28F0]
push 0
push edi
push eax
push esi
call dword_43A3B0
test eax, eax
jg short loc_405D45
push esi
call dword_43A430
xor ecx, ecx
test ebx, ebx
jbe loc_405EF4
lea eax, [ebp+var_134]
loc_405D04: ; CODE XREF: sub_405B23+1EB�j
cmp [eax], esi
jz short loc_405D15
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_405D04
jmp loc_405EF4
; ---------------------------------------------------------------------------
loc_405D15: ; CODE XREF: sub_405B23+1E3�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_405D39
lea eax, [ebp+ecx*4+var_134]
loc_405D23: ; CODE XREF: sub_405B23+214�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_405D23
loc_405D39: ; CODE XREF: sub_405B23+1F7�j
dec ebx
mov [ebp+var_138], ebx
jmp loc_405EF4
; ---------------------------------------------------------------------------
loc_405D45: ; CODE XREF: sub_405B23+1C8�j
xor esi, esi
push 104h
lea eax, [ebp+var_23C]
push esi
push eax
call sub_415570
lea eax, [ebp+var_28F0]
mov [ebp+arg_0], esi
push eax
call sub_415CF0
add esp, 10h
test eax, eax
jbe loc_405EF4
loc_405D73: ; CODE XREF: sub_405B23+309�j
mov eax, [ebp+arg_0]
mov al, [ebp+eax+var_28F0]
cmp al, 0Ah
mov [ebp+esi+var_18F0], al
jnz loc_405E18
mov esi, offset dword_426A04
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jz short loc_405DEC
lea eax, [ebp+var_18F0]
push eax
call sub_415CF0
cmp eax, 5
pop ecx
jbe short loc_405DEC
mov eax, offset dword_426A00
push eax
push eax
lea eax, [ebp+var_18F0]
push esi
push eax
call sub_415AC0
pop ecx
pop ecx
push eax
call sub_415AC0
pop ecx
pop ecx
push eax
call sub_416C98
push eax
lea eax, [ebp+var_23C]
push eax
call sub_415C00
add esp, 10h
jmp short loc_405E03
; ---------------------------------------------------------------------------
loc_405DEC: ; CODE XREF: sub_405B23+27F�j
; sub_405B23+291�j
lea eax, [ebp+var_18F0]
push offset dword_4269FC
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_405E37
loc_405E03: ; CODE XREF: sub_405B23+2C7�j
push edi
lea eax, [ebp+var_18F0]
push 0
push eax
call sub_415570
add esp, 0Ch
or esi, 0FFFFFFFFh
loc_405E18: ; CODE XREF: sub_405B23+263�j
inc [ebp+arg_0]
lea eax, [ebp+var_28F0]
push eax
inc esi
call sub_415CF0
cmp [ebp+arg_0], eax
pop ecx
jb loc_405D73
jmp loc_405EF4
; ---------------------------------------------------------------------------
loc_405E37: ; CODE XREF: sub_405B23+2DE�j
xor ecx, ecx
test ebx, ebx
jbe short loc_405E81
lea eax, [ebp+var_134]
loc_405E43: ; CODE XREF: sub_405B23+32D�j
mov esi, [ebp+var_4]
cmp [eax], esi
jz short loc_405E54
inc ecx
add eax, 4
cmp ecx, ebx
jb short loc_405E43
jmp short loc_405E84
; ---------------------------------------------------------------------------
loc_405E54: ; CODE XREF: sub_405B23+325�j
lea eax, [ebx-1]
cmp ecx, eax
jnb short loc_405E78
lea eax, [ebp+ecx*4+var_134]
loc_405E62: ; CODE XREF: sub_405B23+353�j
mov edx, [eax+4]
inc ecx
mov [eax], edx
mov ebx, [ebp+var_138]
add eax, 4
lea edx, [ebx-1]
cmp ecx, edx
jb short loc_405E62
loc_405E78: ; CODE XREF: sub_405B23+336�j
dec ebx
mov [ebp+var_138], ebx
jmp short loc_405E84
; ---------------------------------------------------------------------------
loc_405E81: ; CODE XREF: sub_405B23+318�j
mov esi, [ebp+var_4]
loc_405E84: ; CODE XREF: sub_405B23+32F�j
; sub_405B23+35C�j
lea eax, [ebp+var_23C]
test eax, eax
jz short loc_405EED
lea eax, [ebp+var_360]
push eax
call sub_415CF0
mov edi, eax
lea eax, [ebp+var_23C]
push eax
call sub_415CF0
add edi, eax
pop ecx
cmp edi, 104h
pop ecx
jnb short loc_405EED
and [ebp+arg_0], 0
lea eax, [ebp+arg_0]
push eax
push 8004667Eh
push esi
call dword_43A434
push [ebp+var_254]
lea eax, [ebp+var_23C]
push [ebp+var_248]
push eax
lea eax, [ebp+var_360]
push eax
push esi
call sub_406100
add esp, 14h
jmp short loc_405EF4
; ---------------------------------------------------------------------------
loc_405EED: ; CODE XREF: sub_405B23+369�j
; sub_405B23+38F�j
push esi
call dword_43A430
loc_405EF4: ; CODE XREF: sub_405B23+11D�j
; sub_405B23+143�j ...
mov esi, [ebp+var_4]
inc esi
cmp esi, [ebp+var_8]
mov [ebp+var_4], esi
jbe loc_405C30
jmp loc_405BFA
; ---------------------------------------------------------------------------
loc_405F09: ; CODE XREF: sub_405B23+102�j
mov edi, [ebp+var_C]
xor ebx, ebx
loc_405F0E: ; CODE XREF: sub_405B23+6A�j
; sub_405B23+92�j ...
call dword_43A32C
push eax
lea eax, [ebp+var_8F0]
push offset dword_4269B4
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_24C], ebx
jnz short loc_405F54
push ebx
lea eax, [ebp+var_8F0]
push [ebp+var_250]
push eax
lea eax, [ebp+var_5E8]
push eax
push [ebp+var_5EC]
call sub_412D4C
add esp, 14h
loc_405F54: ; CODE XREF: sub_405B23+40C�j
lea eax, [ebp+var_8F0]
push eax
call sub_40B16D
pop ecx
push edi
call dword_43A430
push [ebp+var_254]
call sub_4152AF
pop ecx
push ebx
call dword_421048
pop edi
pop esi
pop ebx
sub_405B23 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F7E proc near ; DATA XREF: sub_406100+246�o
var_1654 = byte ptr -1654h
var_654 = byte ptr -654h
var_550 = byte ptr -550h
var_44C = dword ptr -44Ch
var_3C8 = byte ptr -3C8h
var_2C4 = byte ptr -2C4h
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_A4 = dword ptr -0A4h
var_9C = byte ptr -9Ch
var_68 = byte ptr -68h
var_20 = byte ptr -20h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1654h
call sub_415D70
mov eax, [ebp+arg_0]
push esi
push edi
mov ecx, 0ECh
mov esi, eax
lea edi, [ebp+var_44C]
rep movsd
mov dword ptr [eax+3ACh], 1
lea eax, [ebp+var_3C8]
push eax
lea eax, [ebp+var_550]
push eax
call sub_4154E7
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_654]
push eax
call sub_4154E7
xor edi, edi
add esp, 10h
cmp [ebp+var_A4], edi
jz short loc_405FE3
push offset dword_426C14
jmp short loc_405FE8
; ---------------------------------------------------------------------------
loc_405FE3: ; CODE XREF: sub_405F7E+5C�j
push offset dword_426BF8
loc_405FE8: ; CODE XREF: sub_405F7E+63�j
lea eax, [ebp+var_9C]
push eax
call sub_4154E7
pop ecx
lea eax, [ebp+var_68]
pop ecx
mov esi, 409h
push 46h
push eax
push offset dword_426BE4
push edi
push edi
push esi
call dword_421084
lea eax, [ebp+var_20]
push 1Eh
push eax
push offset dword_426BD8
push edi
push edi
push esi
call dword_421080
lea eax, [ebp+var_20]
cmp [ebp+var_B8], 0FFFFFFFFh
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_68]
push eax
jnz short loc_406061
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset dword_426AFC
push eax
call sub_4154E7
add esp, 24h
jmp short loc_406082
; ---------------------------------------------------------------------------
loc_406061: ; CODE XREF: sub_405F7E+C4�j
push [ebp+var_B8]
lea eax, [ebp+var_9C]
push eax
lea eax, [ebp+var_1654]
push offset dword_426A0C
push eax
call sub_4154E7
add esp, 28h
loc_406082: ; CODE XREF: sub_405F7E+E1�j
lea eax, [ebp+var_1654]
push edi
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1654]
push eax
push [ebp+var_44C]
call dword_43A3E8
cmp [ebp+var_A4], edi
jnz short loc_4060C2
lea eax, [ebp+var_550]
push eax
push [ebp+var_44C]
call sub_406A32
pop ecx
pop ecx
jmp short loc_4060DF
; ---------------------------------------------------------------------------
loc_4060C2: ; CODE XREF: sub_405F7E+12C�j
lea eax, [ebp+var_654]
push eax
push edi
push [ebp+var_44C]
lea eax, [ebp+var_550]
push eax
call sub_4063B0
add esp, 10h
loc_4060DF: ; CODE XREF: sub_405F7E+142�j
push [ebp+var_44C]
call dword_43A430
push [ebp+var_B4]
call sub_4152AF
pop ecx
push edi
call dword_421048
pop edi
pop esi
sub_405F7E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406100 proc near ; CODE XREF: sub_405B23+3C0�p
var_8C4 = byte ptr -8C4h
var_6C4 = dword ptr -6C4h
var_640 = byte ptr -640h
var_53C = byte ptr -53Ch
var_330 = dword ptr -330h
var_32C = dword ptr -32Ch
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = byte ptr -314h
var_211 = byte ptr -211h
var_210 = byte ptr -210h
var_10C = byte ptr -10Ch
var_10B = byte ptr -10Bh
var_10A = byte ptr -10Ah
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 8C4h
push ebx
push esi
push edi
xor edi, edi
push 104h
lea eax, [ebp+var_210]
push edi
push eax
mov [ebp+var_4], edi
call sub_415570
mov eax, [ebp+arg_8]
add esp, 0Ch
cmp byte ptr [eax], 2Fh
jz short loc_406136
push eax
push offset dword_426CC4
jmp short loc_40613F
; ---------------------------------------------------------------------------
loc_406136: ; CODE XREF: sub_406100+2C�j
push eax
mov byte ptr [eax], 5Ch
push offset dword_426CC0
loc_40613F: ; CODE XREF: sub_406100+34�j
lea eax, [ebp+var_10C]
push eax
call sub_4154E7
add esp, 0Ch
lea eax, [ebp+var_10C]
xor esi, esi
xor ebx, ebx
push eax
call sub_415CF0
test eax, eax
pop ecx
jbe short loc_4061DA
mov [ebp+arg_8], 2
loc_40616A: ; CODE XREF: sub_406100+D8�j
lea eax, [ebp+var_10C]
push eax
call sub_415CF0
cmp [ebp+arg_8], eax
pop ecx
jnb short loc_4061AA
cmp [ebp+esi+var_10C], 25h
jnz short loc_4061AA
cmp [ebp+esi+var_10B], 32h
jnz short loc_4061AA
cmp [ebp+esi+var_10A], 30h
jnz short loc_4061AA
inc esi
mov [ebp+ebx+var_210], 20h
inc esi
add [ebp+arg_8], 2
jmp short loc_4061C4
; ---------------------------------------------------------------------------
loc_4061AA: ; CODE XREF: sub_406100+7A�j
; sub_406100+84�j ...
mov al, [ebp+esi+var_10C]
cmp al, 2Fh
jnz short loc_4061BA
push 5Ch
pop eax
jmp short loc_4061BD
; ---------------------------------------------------------------------------
loc_4061BA: ; CODE XREF: sub_406100+B3�j
movsx eax, al
loc_4061BD: ; CODE XREF: sub_406100+B8�j
mov [ebp+ebx+var_210], al
loc_4061C4: ; CODE XREF: sub_406100+A8�j
lea eax, [ebp+var_10C]
inc esi
inc [ebp+arg_8]
push eax
inc ebx
call sub_415CF0
cmp esi, eax
pop ecx
jb short loc_40616A
loc_4061DA: ; CODE XREF: sub_406100+61�j
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_314]
push [ebp+arg_4]
push offset dword_426CB8
push eax
call sub_4154E7
lea eax, [ebp+var_314]
push offset dword_426CB4
push eax
call sub_416C98
add esp, 18h
lea eax, [ebp+var_314]
push eax
call dword_421094
push 1
cmp eax, 10h
pop esi
jz short loc_406228
cmp eax, 0FFFFFFFFh
jnz short loc_40622B
push [ebp+arg_0]
jmp short loc_4062A7
; ---------------------------------------------------------------------------
loc_406228: ; CODE XREF: sub_406100+11C�j
mov [ebp+var_4], esi
loc_40622B: ; CODE XREF: sub_406100+121�j
cmp [ebp+ebx+var_211], 5Ch
jnz short loc_406238
mov [ebp+var_4], esi
loc_406238: ; CODE XREF: sub_406100+133�j
mov ebx, [ebp+arg_0]
cmp [ebp+var_4], edi
mov [ebp+var_6C4], ebx
mov [ebp+var_318], edi
jz short loc_4062B2
cmp [ebp+arg_C], edi
jz short loc_4062A6
lea eax, [ebp+var_314]
push offset dword_426CB0
push eax
call sub_415C10
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_4154E7
lea eax, [ebp+var_210]
push eax
call sub_406AEF
lea eax, [ebp+var_210]
push eax
lea eax, [ebp+var_53C]
push eax
call sub_4154E7
add esp, 1Ch
or [ebp+var_330], 0FFFFFFFFh
mov [ebp+var_31C], esi
jmp short loc_406301
; ---------------------------------------------------------------------------
loc_4062A6: ; CODE XREF: sub_406100+14F�j
push ebx
loc_4062A7: ; CODE XREF: sub_406100+126�j
call dword_43A430
jmp loc_4063A9
; ---------------------------------------------------------------------------
loc_4062B2: ; CODE XREF: sub_406100+14A�j
push edi
push edi
push 3
push edi
push esi
lea eax, [ebp+var_314]
push 80000000h
push eax
call dword_421078
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_406301
lea eax, [ebp+var_314]
push eax
lea eax, [ebp+var_640]
push eax
call sub_4154E7
pop ecx
mov [ebp+var_31C], edi
pop ecx
push edi
push esi
call dword_421090
push esi
mov [ebp+var_330], eax
call dword_42106C
loc_406301: ; CODE XREF: sub_406100+1A4�j
; sub_406100+1CF�j
mov esi, [ebp+arg_10]
lea eax, [ebp+var_8C4]
push esi
push offset dword_426C6C
push eax
call sub_4154E7
push edi
lea eax, [ebp+var_8C4]
push 3
push eax
call sub_414F93
mov [ebp+var_32C], eax
imul eax, 234h
add esp, 18h
mov dword_43F52C[eax], esi
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_6C4]
push edi
push eax
push offset sub_405F7E
push edi
push edi
call dword_42108C
mov ecx, [ebp+var_32C]
imul ecx, 234h
cmp eax, edi
mov dword_43F53C[ecx], eax
jz short loc_40637B
loc_406369: ; CODE XREF: sub_406100+279�j
cmp [ebp+var_318], edi
jnz short loc_4063A9
push 5
call dword_421060
jmp short loc_406369
; ---------------------------------------------------------------------------
loc_40637B: ; CODE XREF: sub_406100+267�j
push ebx
call dword_43A430
call dword_421088
push eax
lea eax, [ebp+var_8C4]
push offset dword_426C20
push eax
call sub_4154E7
lea eax, [ebp+var_8C4]
push eax
call sub_40B16D
add esp, 10h
loc_4063A9: ; CODE XREF: sub_406100+1AD�j
; sub_406100+26F�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_406100 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4063B0 proc near ; CODE XREF: sub_405F7E+159�p
; sub_40CE55+464C�p
var_594 = byte ptr -594h
var_490 = byte ptr -490h
var_388 = dword ptr -388h
var_374 = byte ptr -374h
var_368 = dword ptr -368h
var_35C = byte ptr -35Ch
var_248 = byte ptr -248h
var_48 = byte ptr -48h
var_20 = byte ptr -20h
var_18 = word ptr -18h
var_16 = word ptr -16h
var_12 = word ptr -12h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 594h
push ebx
push esi
push edi
xor ebx, ebx
push 104h
lea eax, [ebp+var_594]
push ebx
push eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
call sub_415570
mov edi, [ebp+arg_0]
push offset dword_426CB4
push edi
call sub_416C98
add esp, 14h
cmp [ebp+arg_8], ebx
jz short loc_40640F
push edi
mov esi, 200h
push [ebp+arg_8]
lea eax, [ebp+var_248]
push offset dword_427114
push esi
push eax
call sub_415A6A
add esp, 14h
jmp loc_40650C
; ---------------------------------------------------------------------------
loc_40640F: ; CODE XREF: sub_4063B0+3A�j
cmp [ebp+arg_C], ebx
push edi
jz loc_4064F2
call sub_415CF0
mov [eax+edi-1], bl
push edi
mov esi, 200h
push offset dword_4270D4
lea eax, [ebp+var_248]
push esi
push eax
call sub_415A6A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
push edi
push offset dword_4270A8
lea eax, [ebp+var_248]
push esi
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
push edi
call sub_415CF0
push 3Ch
push 96h
mov byte ptr [eax+edi], 2Ah
push 0E6h
push offset dword_42700C
lea eax, [ebp+var_248]
push esi
push eax
call sub_415A6A
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
push offset dword_426FE0
lea eax, [ebp+var_248]
push esi
push eax
call sub_415A6A
add esp, 0Ch
jmp short loc_40650C
; ---------------------------------------------------------------------------
loc_4064F2: ; CODE XREF: sub_4063B0+63�j
mov esi, 200h
push offset dword_426FCC
lea eax, [ebp+var_248]
push esi
push eax
call sub_415A6A
add esp, 10h
loc_40650C: ; CODE XREF: sub_4063B0+5A�j
; sub_4063B0+140�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
cmp [ebp+arg_C], ebx
jz short loc_4065A4
push [ebp+arg_C]
call sub_415CF0
cmp eax, 2
pop ecx
jbe short loc_4065A4
push [ebp+arg_C]
call sub_415CF0
sub eax, 3
pop ecx
jz short loc_406558
loc_40654C: ; CODE XREF: sub_4063B0+1A6�j
mov ecx, [ebp+arg_C]
cmp byte ptr [eax+ecx], 2Fh
jz short loc_406558
dec eax
jnz short loc_40654C
loc_406558: ; CODE XREF: sub_4063B0+19A�j
; sub_4063B0+1A3�j
inc eax
push eax
lea eax, [ebp+var_594]
push [ebp+arg_C]
push eax
call sub_416D40
lea eax, [ebp+var_594]
push eax
push offset dword_426F78
lea eax, [ebp+var_248]
push esi
push eax
call sub_415A6A
add esp, 1Ch
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
loc_4065A4: ; CODE XREF: sub_4063B0+17E�j
; sub_4063B0+18C�j
lea eax, [ebp+var_388]
push eax
push edi
call dword_4210A8
lea ecx, [ebp+var_388]
mov [ebp+arg_0], eax
push ecx
push eax
call dword_4210A4
test eax, eax
jz loc_406995
mov edi, 1FFh
loc_4065D0: ; CODE XREF: sub_4063B0+5DF�j
cmp [ebp+var_388], ebx
jz loc_40697D
lea eax, [ebp+var_35C]
push offset dword_426F74
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40697D
lea eax, [ebp+var_35C]
push offset dword_426F70
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40697D
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_374]
push eax
call dword_4210A0
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_20]
push eax
call dword_42109C
mov ax, [ebp+var_10]
mov ecx, offset dword_426F6C
cmp ax, 0Ch
ja short loc_406645
mov ecx, offset dword_426F68
loc_406645: ; CODE XREF: sub_4063B0+28E�j
cmp ax, 0Ch
movzx eax, ax
jbe short loc_406651
sub eax, 0Ch
loc_406651: ; CODE XREF: sub_4063B0+29C�j
push ecx
movzx ecx, [ebp+var_E]
push ecx
push eax
movzx eax, [ebp+var_18]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_16]
push eax
lea eax, [ebp+var_48]
push offset dword_426F48
push eax
call sub_4154E7
add esp, 20h
test byte ptr [ebp+var_388], 10h
jz loc_4067FE
inc [ebp+var_8]
cmp [ebp+arg_8], ebx
jz short loc_4066D2
lea eax, [ebp+var_35C]
push eax
push offset dword_426F40
lea eax, [ebp+var_490]
push 106h
push eax
call sub_415A6A
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset dword_426F24
push esi
push eax
call sub_415A6A
add esp, 28h
jmp loc_40694E
; ---------------------------------------------------------------------------
loc_4066D2: ; CODE XREF: sub_4063B0+2DB�j
cmp [ebp+arg_C], ebx
jz loc_4067BC
push 0E6h
push offset dword_426F04
lea eax, [ebp+var_248]
push edi
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset dword_426EFC
push edi
push eax
call sub_415A6A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
lea eax, [ebp+var_35C]
push eax
call sub_415CF0
cmp eax, 1Eh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_406772
push offset dword_426EDC
jmp short loc_406777
; ---------------------------------------------------------------------------
loc_406772: ; CODE XREF: sub_4063B0+3B9�j
push offset dword_426EC4
loc_406777: ; CODE XREF: sub_4063B0+3C0�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset dword_426E5C
push edi
jmp loc_40693F
; ---------------------------------------------------------------------------
loc_4067BC: ; CODE XREF: sub_4063B0+325�j
lea eax, [ebp+var_35C]
push eax
push offset dword_426F40
lea eax, [ebp+var_490]
push 106h
push eax
call sub_415A6A
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_490]
push eax
push offset dword_426E4C
loc_4067E9: ; CODE XREF: sub_4063B0+476�j
lea eax, [ebp+var_248]
push esi
push eax
call sub_415A6A
add esp, 24h
jmp loc_40694E
; ---------------------------------------------------------------------------
loc_4067FE: ; CODE XREF: sub_4063B0+2CF�j
inc [ebp+var_4]
cmp [ebp+arg_8], ebx
jz short loc_406828
push ebx
push [ebp+var_368]
call sub_40C218
push eax
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push [ebp+arg_8]
push offset dword_426E24
jmp short loc_4067E9
; ---------------------------------------------------------------------------
loc_406828: ; CODE XREF: sub_4063B0+454�j
cmp [ebp+arg_C], ebx
jz loc_406928
push 0E6h
push offset dword_426F04
lea eax, [ebp+var_248]
push edi
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
lea eax, [ebp+var_35C]
push eax
lea eax, [ebp+var_248]
push [ebp+arg_C]
push offset dword_426CB8
push edi
push eax
call sub_415A6A
add esp, 14h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
lea eax, [ebp+var_35C]
push eax
call sub_415CF0
cmp eax, 1Fh
pop ecx
lea eax, [ebp+var_35C]
push eax
jbe short loc_4068C8
push offset dword_426E04
jmp short loc_4068CD
; ---------------------------------------------------------------------------
loc_4068C8: ; CODE XREF: sub_4063B0+50F�j
push offset dword_426DEC
loc_4068CD: ; CODE XREF: sub_4063B0+516�j
lea eax, [ebp+var_248]
push edi
push eax
call sub_415A6A
add esp, 10h
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
mov eax, [ebp+var_368]
shr eax, 0Ah
push eax
lea eax, [ebp+var_48]
push 3Ch
push eax
push 96h
push offset dword_426D84
lea eax, [ebp+var_248]
push edi
push eax
call sub_415A6A
add esp, 1Ch
jmp short loc_40694E
; ---------------------------------------------------------------------------
loc_406928: ; CODE XREF: sub_4063B0+47B�j
push [ebp+var_368]
lea eax, [ebp+var_48]
push eax
lea eax, [ebp+var_35C]
push eax
push offset dword_426D68
push esi
loc_40693F: ; CODE XREF: sub_4063B0+407�j
lea eax, [ebp+var_248]
push eax
call sub_415A6A
add esp, 18h
loc_40694E: ; CODE XREF: sub_4063B0+31D�j
; sub_4063B0+449�j ...
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
cmp [ebp+arg_8], ebx
jz short loc_40697D
push 7D0h
call dword_421060
loc_40697D: ; CODE XREF: sub_4063B0+226�j
; sub_4063B0+241�j ...
lea eax, [ebp+var_388]
push eax
push [ebp+arg_0]
call dword_4210A4
test eax, eax
jnz loc_4065D0
loc_406995: ; CODE XREF: sub_4063B0+215�j
push [ebp+arg_0]
call dword_421098
cmp [ebp+arg_8], ebx
jz short loc_4069D8
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40C218
pop ecx
pop ecx
push eax
mov eax, [ebp+var_4]
cdq
push edx
push eax
call sub_40C218
pop ecx
pop ecx
push eax
lea eax, [ebp+var_248]
push [ebp+arg_8]
push offset dword_426D38
push eax
call sub_4154E7
add esp, 14h
jmp short loc_406A0C
; ---------------------------------------------------------------------------
loc_4069D8: ; CODE XREF: sub_4063B0+5F1�j
cmp [ebp+arg_C], ebx
jz short loc_4069F2
lea eax, [ebp+var_248]
push offset dword_426CF0
push eax
call sub_4154E7
pop ecx
pop ecx
jmp short loc_406A0C
; ---------------------------------------------------------------------------
loc_4069F2: ; CODE XREF: sub_4063B0+62B�j
push [ebp+var_8]
lea eax, [ebp+var_248]
push [ebp+var_4]
push offset dword_426CC8
push eax
call sub_4154E7
add esp, 10h
loc_406A0C: ; CODE XREF: sub_4063B0+626�j
; sub_4063B0+640�j
lea eax, [ebp+var_248]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_248]
push eax
push [ebp+arg_4]
call dword_43A3E8
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn
sub_4063B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A32 proc near ; CODE XREF: sub_405F7E+13B�p
var_404 = byte ptr -404h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 404h
push ebx
push esi
xor esi, esi
push edi
push esi
push esi
push 3
push esi
push 1
push 80000000h
push [ebp+arg_4]
mov edi, 400h
mov [ebp+var_4], esi
call dword_421078
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_406AEA
push esi
push ebx
call dword_421090
cmp eax, esi
mov [ebp+arg_4], eax
jz short loc_406AE3
loc_406A77: ; CODE XREF: sub_406A32+AF�j
push 400h
lea eax, [ebp+var_404]
push esi
push eax
call sub_415570
add esp, 0Ch
cmp edi, [ebp+arg_4]
jbe short loc_406A94
mov edi, [ebp+arg_4]
loc_406A94: ; CODE XREF: sub_406A32+5D�j
mov eax, [ebp+arg_4]
push 2
neg eax
push esi
push eax
push ebx
call dword_4210AC
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_404]
push edi
push eax
push ebx
call dword_421068
push esi
lea eax, [ebp+var_404]
push edi
push eax
push [ebp+arg_0]
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_406ADE
call dword_43A32C
cmp eax, 2733h
jnz short loc_406AE3
xor eax, eax
loc_406ADE: ; CODE XREF: sub_406A32+9B�j
sub [ebp+arg_4], eax
jnz short loc_406A77
loc_406AE3: ; CODE XREF: sub_406A32+43�j
; sub_406A32+A8�j
push ebx
call dword_42106C
loc_406AEA: ; CODE XREF: sub_406A32+30�j
pop edi
pop esi
pop ebx
leave
retn
sub_406A32 endp
; =============== S U B R O U T I N E =======================================
sub_406AEF proc near ; CODE XREF: sub_406100+17C�p
arg_0 = dword ptr 4
push esi
push edi
mov edi, [esp+8+arg_0]
xor esi, esi
push edi
call sub_415CF0
test eax, eax
pop ecx
jbe short loc_406B18
loc_406B02: ; CODE XREF: sub_406AEF+27�j
cmp byte ptr [esi+edi], 5Ch
jnz short loc_406B0C
mov byte ptr [esi+edi], 2Fh
loc_406B0C: ; CODE XREF: sub_406AEF+17�j
push edi
inc esi
call sub_415CF0
cmp esi, eax
pop ecx
jb short loc_406B02
loc_406B18: ; CODE XREF: sub_406AEF+11�j
mov eax, edi
pop edi
pop esi
retn
sub_406AEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406B1D proc near ; CODE XREF: sub_40CE55+2AD5�p
var_4A0 = byte ptr -4A0h
var_310 = byte ptr -310h
var_110 = byte ptr -110h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 4A0h
push ebx
lea eax, [ebp+var_4A0]
push edi
push eax
push 101h
call dword_43A310
push 6
push 1
push 2
call dword_43A418
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_14]
call dword_43A398
push [ebp+arg_10]
mov [ebp+var_E], ax
call sub_40A05B
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_43A340
cmp eax, 0FFFFFFFFh
jz short loc_406BFA
mov eax, [ebp+arg_20]
cmp eax, edi
jnz short loc_406B96
mov eax, offset byte_438FBC
loc_406B96: ; CODE XREF: sub_406B1D+72�j
push esi
mov esi, 100h
push [ebp+arg_10]
push eax
lea eax, [ebp+var_110]
push [ebp+arg_1C]
push [ebp+arg_18]
push offset dword_427134
push esi
push eax
call sub_415A6A
add esp, 1Ch
lea eax, [ebp+var_110]
push edi
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_110]
push eax
push ebx
call dword_43A3E8
push esi
lea eax, [ebp+var_110]
push edi
push eax
call sub_4155D0
add esp, 0Ch
lea eax, [ebp+var_110]
push edi
push esi
push eax
push ebx
call dword_43A3B0
pop esi
loc_406BFA: ; CODE XREF: sub_406B1D+6B�j
push ebx
call dword_43A430
call dword_43A2F8
lea eax, [ebp+var_110]
push eax
lea eax, [ebp+var_310]
push eax
call sub_4154E7
cmp [ebp+arg_C], edi
pop ecx
pop ecx
jnz short loc_406C3A
push edi
lea eax, [ebp+var_310]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_406C3A: ; CODE XREF: sub_406B1D+102�j
pop edi
pop ebx
leave
retn
sub_406B1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406C3E proc near ; CODE XREF: sub_406C3E:loc_407129�p
; DATA XREF: sub_407276+107�o ...
var_884 = dword ptr -884h
var_880 = dword ptr -880h
var_780 = byte ptr -780h
var_580 = byte ptr -580h
var_57F = byte ptr -57Fh
var_57E = byte ptr -57Eh
var_57D = byte ptr -57Dh
var_57C = byte ptr -57Ch
var_37C = dword ptr -37Ch
var_378 = byte ptr -378h
var_274 = byte ptr -274h
var_170 = dword ptr -170h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = byte ptr -164h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_D8 = byte ptr -0D8h
var_D7 = byte ptr -0D7h
var_D6 = byte ptr -0D6h
var_D5 = byte ptr -0D5h
var_58 = byte ptr -58h
var_44 = word ptr -44h
var_42 = word ptr -42h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = byte ptr -2Ch
var_28 = dword ptr -28h
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 884h
push ebx
push esi
push edi
mov edx, [ebp+arg_0]
mov esi, offset dword_427304
lea edi, [ebp+var_1C]
movsd
push 1
xor ebx, ebx
movsw
pop eax
mov ecx, 0A9h
mov esi, edx
lea edi, [ebp+var_37C]
push ebx
push 2
rep movsd
inc [ebp+var_16C]
push 2
mov [ebp+var_C], eax
mov [edx+2A0h], eax
call dword_43A418
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_10], edi
jnz short loc_406D01
push 190h
call dword_421060
call dword_43A32C
push eax
lea eax, [ebp+var_780]
push offset dword_4272BC
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_E0], ebx
jnz short loc_406CE1
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_412D4C
add esp, 14h
loc_406CE1: ; CODE XREF: sub_406C3E+7E�j
lea eax, [ebp+var_780]
push eax
call sub_40B16D
push [ebp+var_170]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
loc_406D01: ; CODE XREF: sub_406C3E+50�j
mov eax, [ebp+var_170]
push 10h
imul eax, 234h
push ebx
mov dword_43F534[eax], edi
lea eax, [ebp+var_44]
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_44], 2
push [ebp+var_168]
call dword_43A398
mov [ebp+var_42], ax
lea eax, [ebp+var_44]
push 10h
push eax
push edi
mov [ebp+var_40], ebx
call dword_43A3C4
cmp eax, 0FFFFFFFFh
jnz short loc_406D66
push 1388h
call dword_421060
dec [ebp+var_16C]
push [ebp+arg_0]
jmp loc_407129
; ---------------------------------------------------------------------------
loc_406D66: ; CODE XREF: sub_406C3E+10D�j
lea eax, [ebp+var_378]
push offset dword_4269B0
push eax
call sub_415BE8
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_8], eax
jnz short loc_406DE4
push 190h
call dword_421060
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_780]
push offset dword_42726C
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_412D4C
lea eax, [ebp+var_780]
push eax
call sub_40B16D
push [ebp+var_170]
call sub_4152AF
add esp, 28h
push ebx
call dword_421048
loc_406DE4: ; CODE XREF: sub_406C3E+140�j
mov esi, 200h
loc_406DE9: ; CODE XREF: sub_406C3E+4A5�j
mov eax, [ebp+arg_0]
cmp [eax+2A0h], ebx
jz loc_4070E9
mov [ebp+var_880], edi
mov edi, 80h
push edi
lea eax, [ebp+var_D8]
push ebx
push eax
mov [ebp+var_34], 5
mov [ebp+var_30], 1388h
mov [ebp+var_884], 1
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_34]
push eax
push ebx
lea eax, [ebp+var_884]
push ebx
push eax
push ebx
call dword_43A380
test eax, eax
jle loc_4070DD
mov al, byte_438FBC
mov ecx, edi
mov [ebp+var_580], al
xor eax, eax
lea edi, [ebp+var_57F]
mov [ebp+var_4], 10h
rep stosd
stosw
stosb
mov edi, [ebp+var_10]
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_2C]
push eax
push ebx
lea eax, [ebp+var_D8]
push 80h
push eax
push edi
call dword_43A370
push [ebp+var_28]
mov [ebp+var_C], eax
call dword_43A424
push eax
lea eax, [ebp+var_58]
push eax
call sub_4154E7
cmp [ebp+var_D8], bl
pop ecx
pop ecx
jnz loc_4070C7
cmp [ebp+var_D7], 1
jnz loc_407013
lea eax, [ebp+var_274]
push eax
call sub_415CF0
lea eax, [ebp+eax+var_D5]
mov [ebp+var_14], eax
lea eax, [ebp+var_274]
push eax
call sub_415CF0
push eax
lea eax, [ebp+var_D6]
push eax
lea eax, [ebp+var_274]
push eax
call sub_416ED0
add esp, 14h
test eax, eax
jnz loc_406FCD
lea eax, [ebp+var_1C]
push eax
call sub_415CF0
push eax
lea eax, [ebp+var_1C]
push [ebp+var_14]
push eax
call sub_416ED0
add esp, 10h
test eax, eax
jnz loc_406FCD
push ebx
push ebx
push [ebp+var_8]
call sub_416E3E
push [ebp+var_8]
lea eax, [ebp+var_57C]
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
push esi
push 1
push eax
mov [ebp+var_57E], bl
mov [ebp+var_57D], 1
call sub_416BB0
add esp, 1Ch
lea ecx, [ebp+var_2C]
mov [ebp+var_C], eax
add eax, 4
push [ebp+var_4]
push ecx
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push edi
call dword_43A3FC
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_427218
loc_406F81: ; CODE XREF: sub_406C3E+484�j
lea eax, [ebp+var_780]
push eax
call sub_4154E7
add esp, 10h
cmp [ebp+var_E0], ebx
jnz short loc_406FBB
push ebx
lea eax, [ebp+var_780]
push [ebp+var_E4]
push eax
lea eax, [ebp+var_164]
push eax
push [ebp+var_37C]
call sub_412D4C
add esp, 14h
loc_406FBB: ; CODE XREF: sub_406C3E+358�j
lea eax, [ebp+var_780]
push eax
call sub_40B16D
pop ecx
jmp loc_4070DD
; ---------------------------------------------------------------------------
loc_406FCD: ; CODE XREF: sub_406C3E+2B6�j
; sub_406C3E+2D7�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 13h
push offset dword_427204
push edi
call dword_43A3FC
lea eax, [ebp+var_274]
push eax
lea eax, [ebp+var_58]
push eax
lea eax, [ebp+var_D8]
push offset dword_4271C8
push eax
call sub_4154E7
lea eax, [ebp+var_D8]
push eax
call sub_40B16D
add esp, 14h
jmp loc_4070DD
; ---------------------------------------------------------------------------
loc_407013: ; CODE XREF: sub_406C3E+275�j
cmp [ebp+var_D7], 4
jnz loc_4070C7
mov cl, [ebp+var_D5]
mov al, [ebp+var_D6]
cmp cl, 0FFh
mov [ebp+var_580], bl
mov [ebp+var_57F], 3
jnz short loc_407050
inc al
xor cl, cl
mov [ebp+var_57E], al
mov [ebp+var_57D], bl
jmp short loc_40705E
; ---------------------------------------------------------------------------
loc_407050: ; CODE XREF: sub_406C3E+3FE�j
inc cl
mov [ebp+var_57E], al
mov [ebp+var_57D], cl
loc_40705E: ; CODE XREF: sub_406C3E+410�j
movzx eax, al
movzx ecx, cl
shl eax, 8
add eax, ecx
push ebx
shl eax, 9
sub eax, esi
push eax
push [ebp+var_8]
call sub_416E3E
push [ebp+var_8]
lea eax, [ebp+var_57C]
push esi
push 1
push eax
call sub_416BB0
add esp, 1Ch
mov edi, eax
lea eax, [ebp+var_2C]
mov [ebp+var_C], edi
push [ebp+var_4]
push eax
lea eax, [edi+4]
push ebx
push eax
lea eax, [ebp+var_580]
push eax
push [ebp+var_10]
call dword_43A3FC
cmp edi, ebx
jnz short loc_4070DD
lea eax, [ebp+var_378]
push eax
lea eax, [ebp+var_58]
push eax
push offset dword_427178
jmp loc_406F81
; ---------------------------------------------------------------------------
loc_4070C7: ; CODE XREF: sub_406C3E+268�j
; sub_406C3E+3DC�j
push [ebp+var_4]
lea eax, [ebp+var_2C]
push eax
push ebx
push 9
push offset dword_42716C
push edi
call dword_43A3FC
loc_4070DD: ; CODE XREF: sub_406C3E+204�j
; sub_406C3E+38A�j ...
cmp [ebp+var_C], ebx
mov edi, [ebp+var_10]
jg loc_406DE9
loc_4070E9: ; CODE XREF: sub_406C3E+1B4�j
push edi
call dword_43A430
push [ebp+var_8]
call sub_415B40
mov esi, [ebp+arg_0]
dec [ebp+var_16C]
pop ecx
cmp [esi+2A0h], ebx
jnz short loc_40711D
push [ebp+var_170]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_40711D: ; CODE XREF: sub_406C3E+4CA�j
push 3E8h
call dword_421060
push esi
loc_407129: ; CODE XREF: sub_406C3E+123�j
call sub_406C3E
pop edi
pop esi
pop ebx
leave
retn 4
sub_406C3E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407135 proc near ; CODE XREF: sub_40CE55+5799�p
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 400h
push ebx
push edi
lea eax, [ebp+var_200]
push offset dword_4276DC
push eax
xor ebx, ebx
call sub_4154E7
cmp dword_427338, ebx
pop ecx
pop ecx
mov edi, 200h
jz short loc_4071A3
push esi
mov esi, offset dword_427340
loc_407168: ; CODE XREF: sub_407135+6B�j
mov eax, [esi]
add ebx, eax
push eax
lea eax, [esi-26h]
push eax
lea eax, [ebp+var_400]
push offset dword_4276D0
push eax
call sub_4154E7
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_416F10
add esi, 3Ch
add esp, 1Ch
cmp dword ptr [esi-8], 0
jnz short loc_407168
pop esi
loc_4071A3: ; CODE XREF: sub_407135+2B�j
push dword_468818
call sub_40A9B2
push eax
push ebx
lea eax, [ebp+var_400]
push offset dword_4276BC
push eax
call sub_4154E7
lea eax, [ebp+var_400]
push edi
push eax
lea eax, [ebp+var_200]
push eax
call sub_416F10
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
lea eax, [ebp+var_200]
push eax
call sub_40B16D
add esp, 38h
pop edi
pop ebx
leave
retn
sub_407135 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4071FF proc near ; CODE XREF: sub_40CE55+5106�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push 8
call sub_4151DB
test eax, eax
pop ecx
jle short loc_40723B
mov eax, [ebp+arg_C]
push dword_438FE8[eax*8]
call dword_43A424
push eax
lea eax, [ebp+var_200]
push offset dword_427748
push eax
call sub_4154E7
add esp, 0Ch
jmp short loc_40724E
; ---------------------------------------------------------------------------
loc_40723B: ; CODE XREF: sub_4071FF+13�j
lea eax, [ebp+var_200]
push offset dword_427714
push eax
call sub_4154E7
pop ecx
pop ecx
loc_40724E: ; CODE XREF: sub_4071FF+3A�j
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
lea eax, [ebp+var_200]
push eax
call sub_40B16D
add esp, 18h
leave
retn
sub_4071FF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407276 proc near ; CODE XREF: sub_40799F+4F�p
var_210 = dword ptr -210h
var_204 = byte ptr -204h
var_4 = byte ptr -4
arg_10 = byte ptr 18h
arg_90 = byte ptr 98h
arg_110 = dword ptr 118h
arg_130 = dword ptr 138h
arg_138 = dword ptr 140h
arg_13C = dword ptr 144h
push ebp
mov ebp, esp
sub esp, 204h
mov eax, [ebp+arg_130]
push ebx
cmp eax, 0FFFFFFFFh
push esi
jz loc_407606
imul eax, 3Ch
xor ebx, ebx
cmp dword_427344[eax], ebx
jz loc_4074E7
push 4
call sub_4151DB
test eax, eax
pop ecx
jnz loc_407606
mov eax, dword_42C188
push edi
mov edi, offset dword_439964
push 104h
push edi
push ebx
mov dword_439B74, eax
mov dword_439B70, ebx
call dword_42107C
push 103h
mov esi, offset dword_439A68
push offset byte_42C1FC
push esi
call sub_416D40
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_439960, eax
mov eax, [ebp+arg_138]
push 7Fh
mov dword_439BF8, eax
jnz short loc_407329
lea eax, [ebp+arg_10]
push eax
push offset dword_439B78
call sub_416D40
add esp, 0Ch
mov dword_439BFC, 1
jmp short loc_407343
; ---------------------------------------------------------------------------
loc_407329: ; CODE XREF: sub_407276+94�j
lea eax, [ebp+arg_90]
push eax
push offset dword_439B78
call sub_416D40
add esp, 0Ch
mov dword_439BFC, ebx
loc_407343: ; CODE XREF: sub_407276+B1�j
push esi
push edi
push dword_439B74
lea eax, [ebp+var_204]
push offset dword_4278F4
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_204]
push 4
push eax
call sub_414F93
add esp, 20h
mov dword_439B6C, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_439960
push offset sub_406C3E
push ebx
push ebx
call dword_42108C
mov ecx, dword_439B6C
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_4073B2
loc_4073A0: ; CODE XREF: sub_407276+13A�j
cmp dword_439C00, ebx
jnz short loc_4073CD
push 32h
call dword_421060
jmp short loc_4073A0
; ---------------------------------------------------------------------------
loc_4073B2: ; CODE XREF: sub_407276+128�j
call dword_421088
push eax
lea eax, [ebp+var_204]
push offset dword_4278AC
push eax
call sub_4154E7
add esp, 0Ch
loc_4073CD: ; CODE XREF: sub_407276+130�j
lea eax, [ebp+var_204]
push eax
call sub_40B16D
mov edi, offset dword_439FBC
mov [esp+210h+var_210], 104h
push edi
push ebx
mov dword_43A1C8, ebx
call dword_42107C
push 103h
mov esi, offset dword_43A0C0
push offset byte_42C1FC
push esi
call sub_416D40
mov eax, [ebp+arg_110]
add esp, 0Ch
cmp [ebp+arg_90], bl
mov dword_439FB8, eax
mov eax, [ebp+arg_138]
push 7Fh
mov dword_43A250, eax
jnz short loc_407448
lea eax, [ebp+arg_10]
push eax
push offset dword_43A1D0
call sub_416D40
add esp, 0Ch
mov dword_43A254, 1
jmp short loc_407462
; ---------------------------------------------------------------------------
loc_407448: ; CODE XREF: sub_407276+1B3�j
lea eax, [ebp+arg_90]
push eax
push offset dword_43A1D0
call sub_416D40
add esp, 0Ch
mov dword_43A254, ebx
loc_407462: ; CODE XREF: sub_407276+1D0�j
push esi
push edi
push dword_43A1CC
lea eax, [ebp+var_204]
push offset dword_427858
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_204]
push 5
push eax
call sub_414F93
add esp, 20h
mov dword_43A1C4, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_439FB8
push offset sub_405409
push ebx
push ebx
call dword_42108C
mov ecx, dword_43A1C4
pop edi
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_4074D6
loc_4074C0: ; CODE XREF: sub_407276+25E�j
cmp dword_43A258, ebx
jnz loc_4075F9
push 32h
call dword_421060
jmp short loc_4074C0
; ---------------------------------------------------------------------------
loc_4074D6: ; CODE XREF: sub_407276+248�j
call dword_421088
push eax
push offset dword_427814
jmp loc_4075EA
; ---------------------------------------------------------------------------
loc_4074E7: ; CODE XREF: sub_407276+25�j
cmp dword_427348[eax], ebx
jz loc_407606
push 3
call sub_4151DB
test eax, eax
pop ecx
jnz loc_407606
mov esi, offset dword_439E94
push 104h
push esi
push ebx
call dword_42107C
push 5Ch
push esi
call sub_417040
pop ecx
cmp eax, ebx
pop ecx
jz short loc_407525
mov [eax], bl
loc_407525: ; CODE XREF: sub_407276+2AB�j
mov eax, dword_42C18C
mov dword_439FAC, ebx
mov dword_439F98, eax
lea eax, [ebp+arg_10]
push eax
push offset dword_439C0C
call sub_4154E7
mov eax, [ebp+arg_110]
pop ecx
pop ecx
mov dword_439C08, eax
mov ecx, [ebp+arg_138]
push esi
push dword_439F98
mov dword_439FA4, ecx
mov ecx, [ebp+arg_13C]
push eax
mov dword_439FA8, ecx
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_204]
push offset dword_4277C4
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_204]
push 3
push eax
call sub_414F93
add esp, 20h
mov dword_439FA0, eax
lea eax, [ebp+var_4]
push eax
push ebx
push offset dword_439C08
push offset sub_405B23
push ebx
push ebx
call dword_42108C
mov ecx, dword_439FA0
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_4075DE
loc_4075CC: ; CODE XREF: sub_407276+366�j
cmp dword_439FB4, ebx
jnz short loc_4075F9
push 32h
call dword_421060
jmp short loc_4075CC
; ---------------------------------------------------------------------------
loc_4075DE: ; CODE XREF: sub_407276+354�j
call dword_421088
push eax
push offset dword_42777C
loc_4075EA: ; CODE XREF: sub_407276+26C�j
lea eax, [ebp+var_204]
push eax
call sub_4154E7
add esp, 0Ch
loc_4075F9: ; CODE XREF: sub_407276+250�j
; sub_407276+35C�j
lea eax, [ebp+var_204]
push eax
call sub_40B16D
pop ecx
loc_407606: ; CODE XREF: sub_407276+14�j
; sub_407276+35�j ...
pop esi
pop ebx
leave
retn
sub_407276 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40760A proc near ; CODE XREF: sub_40778B:loc_4077FC�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
push esi
push 4
lea esi, ds:438FE8h[eax*8]
lea eax, [ebp+arg_0]
push esi
push eax
call sub_4155D0
add esp, 0Ch
push [ebp+arg_0]
call dword_43A2CC
inc eax
push eax
mov [ebp+arg_0], eax
call dword_43A394
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
push esi
call sub_4155D0
mov eax, [esi]
add esp, 0Ch
pop esi
pop ebp
retn
sub_40760A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407652 proc near ; CODE XREF: sub_40778B+69�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
or esi, 0FFFFFFFFh
push [ebp+arg_0]
mov [ebp+var_C], esi
mov [ebp+var_8], esi
mov [ebp+var_4], esi
mov [ebp+var_10], esi
call sub_415CF0
cmp eax, 0Fh
pop ecx
jbe short loc_40767A
xor eax, eax
jmp short loc_4076EB
; ---------------------------------------------------------------------------
loc_40767A: ; CODE XREF: sub_407652+22�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_C]
push eax
push offset dword_427948
push [ebp+arg_0]
call sub_416AA0
add esp, 18h
cmp [ebp+var_C], esi
jnz short loc_4076A7
call sub_415543
mov [ebp+var_C], eax
loc_4076A7: ; CODE XREF: sub_407652+4B�j
cmp [ebp+var_8], esi
jnz short loc_4076B4
call sub_415543
mov [ebp+var_8], eax
loc_4076B4: ; CODE XREF: sub_407652+58�j
cmp [ebp+var_4], esi
jnz short loc_4076C1
call sub_415543
mov [ebp+var_4], eax
loc_4076C1: ; CODE XREF: sub_407652+65�j
mov eax, [ebp+var_10]
cmp eax, esi
jnz short loc_4076CD
call sub_415543
loc_4076CD: ; CODE XREF: sub_407652+74�j
shl eax, 8
add eax, [ebp+var_4]
mov ecx, [ebp+var_C]
shl eax, 8
add eax, [ebp+var_8]
shl eax, 8
add eax, ecx
mov ecx, [ebp+arg_4]
mov dword_438FE8[ecx*8], eax
loc_4076EB: ; CODE XREF: sub_407652+26�j
pop esi
leave
retn
sub_407652 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4076EE proc near ; CODE XREF: sub_40778B+B8�p
; sub_412B98+30�p
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_1C = word ptr -1Ch
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 120h
push ebx
push esi
push edi
push 1
pop edi
xor ebx, ebx
push ebx
push edi
push 2
mov [ebp+var_4], edi
call dword_43A418
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_407717
xor eax, eax
jmp short loc_407786
; ---------------------------------------------------------------------------
loc_407717: ; CODE XREF: sub_4076EE+23�j
mov eax, [ebp+arg_0]
push [ebp+arg_4]
mov [ebp+var_1C], 2
mov [ebp+var_18], eax
call dword_43A398
mov [ebp+var_1A], ax
lea eax, [ebp+var_4]
push eax
push 8004667Eh
push esi
call dword_43A434
lea eax, [ebp+var_1C]
push 10h
push eax
push esi
call dword_43A340
mov eax, [ebp+arg_8]
mov [ebp+var_8], ebx
mov [ebp+var_C], eax
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_120]
push ebx
push eax
push ebx
push ebx
mov [ebp+var_11C], esi
mov [ebp+var_120], edi
call dword_43A380
push esi
mov edi, eax
call dword_43A430
xor eax, eax
cmp edi, ebx
setnle al
loc_407786: ; CODE XREF: sub_4076EE+27�j
pop edi
pop esi
pop ebx
leave
retn
sub_4076EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40778B proc near ; DATA XREF: sub_40799F+13B�o
var_2A8 = dword ptr -2A8h
var_28C = byte ptr -28Ch
var_20C = dword ptr -20Ch
var_208 = byte ptr -208h
var_1F8 = byte ptr -1F8h
var_178 = byte ptr -178h
var_16C = dword ptr -16Ch
var_168 = dword ptr -168h
var_164 = dword ptr -164h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_150 = byte ptr -150h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_150]
rep movsd
mov esi, [ebp+var_2C]
mov dword ptr [eax+148h], 1
mov eax, [ebp+var_28]
mov [ebp+var_4], esi
mov [ebp+arg_0], eax
call dword_42104C
push eax
call sub_415539
mov ebx, esi
pop ecx
imul ebx, 234h
loc_4077D2: ; CODE XREF: sub_40778B+200�j
mov eax, dword_43F52C[ebx]
cmp dword_438FEC[eax*8], 0
jz loc_407990
cmp [ebp+var_10], 0
push eax
jz short loc_4077FC
lea eax, [ebp+var_150]
push eax
call sub_407652
pop ecx
jmp short loc_407801
; ---------------------------------------------------------------------------
loc_4077FC: ; CODE XREF: sub_40778B+60�j
call sub_40760A
loc_407801: ; CODE XREF: sub_40778B+6F�j
pop ecx
mov edi, eax
push [ebp+arg_0]
push dword_43F52C[ebx]
push [ebp+var_3C]
push edi
call dword_43A424
push eax
lea eax, [ebp+var_28C]
push offset dword_427990
push eax
call sub_4154E7
lea eax, [ebp+var_28C]
push eax
lea eax, dword_43F328[ebx]
push eax
call sub_4154E7
push [ebp+var_38]
push [ebp+var_3C]
push edi
call sub_4076EE
add esp, 2Ch
cmp eax, 1
jnz loc_407980
cmp [ebp+var_20], 0FFFFFFFFh
jnz short loc_4078D5
push offset dword_439948
call dword_4210B4
push [ebp+var_3C]
push edi
call dword_43A424
push eax
lea eax, [ebp+var_28C]
push offset dword_427954
push eax
call sub_4154E7
add esp, 10h
cmp [ebp+var_14], 0
jnz short loc_4078B7
cmp [ebp+var_C0], 0
push 1
push [ebp+var_18]
lea eax, [ebp+var_28C]
push eax
lea eax, [ebp+var_C0]
jnz short loc_4078AB
lea eax, [ebp+var_140]
loc_4078AB: ; CODE XREF: sub_40778B+118�j
push eax
push [ebp+var_40]
call sub_412D4C
add esp, 14h
loc_4078B7: ; CODE XREF: sub_40778B+FD�j
lea eax, [ebp+var_28C]
push eax
call sub_40B16D
mov [esp+2A8h+var_2A8], offset dword_439948
call dword_4210B0
jmp loc_407980
; ---------------------------------------------------------------------------
loc_4078D5: ; CODE XREF: sub_40778B+CD�j
push edi
call dword_43A424
push eax
lea eax, [ebp+var_208]
push eax
call sub_4154E7
mov eax, [ebp+var_20]
imul eax, 3Ch
add eax, offset dword_427310
push eax
lea eax, [ebp+var_178]
push eax
call sub_4154E7
add esp, 10h
cmp [ebp+var_C0], 0
lea eax, [ebp+var_C0]
jnz short loc_407919
lea eax, [ebp+var_140]
loc_407919: ; CODE XREF: sub_40778B+186�j
push eax
lea eax, [ebp+var_1F8]
push eax
call sub_4154E7
mov eax, [ebp+var_40]
pop ecx
mov [ebp+var_20C], eax
mov eax, [ebp+var_18]
mov [ebp+var_15C], eax
mov eax, [ebp+var_14]
mov [ebp+var_158], eax
mov eax, [ebp+var_3C]
mov [ebp+var_16C], eax
mov eax, [ebp+var_20]
pop ecx
mov [ebp+var_164], eax
imul eax, 3Ch
sub esp, 0BCh
mov [ebp+var_168], esi
lea esi, [ebp+var_20C]
push 2Fh
pop ecx
mov edi, esp
rep movsd
call dword_42733C[eax]
mov esi, [ebp+var_4]
add esp, 0BCh
loc_407980: ; CODE XREF: sub_40778B+C3�j
; sub_40778B+145�j
push 7D0h
call dword_421060
jmp loc_4077D2
; ---------------------------------------------------------------------------
loc_407990: ; CODE XREF: sub_40778B+55�j
push esi
call sub_4152AF
pop ecx
push 0
call dword_421048
sub_40778B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40799F proc near ; DATA XREF: sub_40CE55+31D4�o
; sub_40CE55+4D64�o
var_1DC = dword ptr -1DCh
var_1CC = byte ptr -1CCh
var_14C = byte ptr -14Ch
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1CCh
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 53h
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
push 1
pop ebx
rep movsd
mov [eax+144h], ebx
lea eax, [ebp+var_14C]
push eax
call dword_43A3D8
mov ecx, [ebp+var_2C]
sub esp, 14Ch
lea esi, [ebp+var_14C]
push 53h
mov dword_438FE8[ecx*8], eax
pop ecx
mov edi, esp
rep movsd
call sub_407276
push 8
call sub_4151DB
add esp, 150h
cmp eax, ebx
jnz short loc_407A6D
mov esi, offset dword_439948
push esi
call dword_4210BC
push 80000400h
push esi
call dword_4210B8
test eax, eax
jnz short loc_407A6D
lea eax, [ebp+var_1CC]
push offset dword_427AD4
push eax
call sub_4154E7
xor ebx, ebx
pop ecx
cmp [ebp+var_10], ebx
pop ecx
jnz short loc_407A57
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_412D4C
add esp, 14h
loc_407A57: ; CODE XREF: sub_40799F+99�j
lea eax, [ebp+var_1CC]
push eax
call sub_40B16D
pop ecx
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
; ---------------------------------------------------------------------------
loc_407A6D: ; CODE XREF: sub_40799F+63�j
; sub_40799F+7F�j
mov eax, [ebp+var_2C]
mov esi, dword_421060
mov edi, ebx
mov dword_438FEC[eax*8], ebx
xor ebx, ebx
cmp [ebp+var_20], 1
jb loc_407B3A
loc_407A8B: ; CODE XREF: sub_40799F+195�j
push edi
lea eax, [ebp+var_14C]
push [ebp+var_2C]
mov [ebp+var_24], edi
push [ebp+var_38]
push eax
lea eax, [ebp+var_1CC]
push offset dword_427A88
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_1CC]
push 8
push eax
call sub_414F93
mov [ebp+var_28], eax
imul eax, 234h
mov ecx, [ebp+var_2C]
add esp, 24h
mov dword_43F52C[eax], ecx
lea eax, [ebp+var_14C]
push ebx
push ebx
push eax
push offset sub_40778B
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_28]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_407B05
loc_407AFA: ; CODE XREF: sub_40799F+164�j
cmp [ebp+var_4], ebx
jnz short loc_407B2C
push 1Eh
call esi
jmp short loc_407AFA
; ---------------------------------------------------------------------------
loc_407B05: ; CODE XREF: sub_40799F+159�j
call dword_421088
push eax
lea eax, [ebp+var_1CC]
push offset dword_427A38
push eax
call sub_4154E7
lea eax, [ebp+var_1CC]
push eax
call sub_40B16D
add esp, 10h
loc_407B2C: ; CODE XREF: sub_40799F+15E�j
push 1Eh
call esi
inc edi
cmp edi, [ebp+var_20]
jbe loc_407A8B
loc_407B3A: ; CODE XREF: sub_40799F+E6�j
cmp [ebp+var_30], ebx
jz loc_407BE4
mov eax, [ebp+var_30]
imul eax, 0EA60h
push eax
call esi
loc_407B4F: ; CODE XREF: sub_40799F+250�j
push [ebp+var_30]
mov eax, [ebp+var_2C]
push [ebp+var_38]
mov eax, dword_438FE8[eax*8]
push eax
call dword_43A424
push eax
lea eax, [ebp+var_1CC]
push offset dword_4279E0
push eax
call sub_4154E7
add esp, 14h
cmp [ebp+var_10], ebx
jnz short loc_407B9D
push ebx
lea eax, [ebp+var_1CC]
push [ebp+var_14]
push eax
lea eax, [ebp+var_13C]
push eax
push [ebp+var_3C]
call sub_412D4C
add esp, 14h
loc_407B9D: ; CODE XREF: sub_40799F+1DF�j
lea eax, [ebp+var_1CC]
push eax
call sub_40B16D
mov eax, [ebp+var_2C]
mov [esp+1DCh+var_1DC], 0BB8h
mov dword_438FEC[eax*8], ebx
call esi
push 8
call sub_4151DB
cmp eax, 1
pop ecx
jnz short loc_407BD4
push offset dword_439948
call dword_4210BC
loc_407BD4: ; CODE XREF: sub_40799F+228�j
push [ebp+var_2C]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_407BE4: ; CODE XREF: sub_40799F+19E�j
; sub_40799F+25D�j
mov eax, [ebp+var_2C]
cmp dword_438FEC[eax*8], 1
jnz loc_407B4F
push 7D0h
call esi
jmp short loc_407BE4
sub_40799F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407BFE proc near ; DATA XREF: sub_40CE55+35AB�o
var_34C = byte ptr -34Ch
var_14C = byte ptr -14Ch
var_148 = dword ptr -148h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = byte ptr -14h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 34Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_14C]
rep movsd
push 1
xor esi, esi
pop edi
push 10h
mov [eax+120h], edi
pop ebx
lea eax, [ebp+var_10]
push ebx
push esi
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_40]
call dword_43A398
push 6
push edi
push 2
mov [ebp+var_E], ax
mov [ebp+var_C], esi
mov [ebp+arg_0], ebx
call dword_43A418
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz loc_407D62
mov eax, [ebp+var_3C]
push edi
imul eax, 234h
push 401h
push esi
push ebx
mov dword_43F534[eax], ebx
call dword_43A2B4
lea eax, [ebp+var_10]
push 10h
push eax
push ebx
call dword_43A3C4
test eax, eax
jnz loc_407D62
push 0Ah
push ebx
call dword_43A3C0
test eax, eax
jnz loc_407D62
loc_407CA8: ; CODE XREF: sub_407BFE+BE�j
; sub_407BFE+13F�j
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_24]
push eax
push ebx
call dword_43A42C
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_407CA8
movzx eax, [ebp+var_22]
push [ebp+var_3C]
mov [ebp+var_148], edi
mov [ebp+var_2C], esi
push eax
push [ebp+var_20]
call dword_43A424
push eax
lea eax, [ebp+var_34C]
push offset dword_427B70
push eax
call sub_4154E7
push edi
lea eax, [ebp+var_34C]
push 10h
push eax
call sub_414F93
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov dword_43F52C[eax], ecx
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_14C]
push esi
push eax
push offset sub_407D86
push esi
push esi
call dword_42108C
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43F53C[ecx], eax
jz short loc_407D4D
loc_407D3A: ; CODE XREF: sub_407BFE+14D�j
cmp [ebp+var_2C], esi
jnz loc_407CA8
push 32h
call dword_421060
jmp short loc_407D3A
; ---------------------------------------------------------------------------
loc_407D4D: ; CODE XREF: sub_407BFE+13A�j
call dword_421088
push eax
push offset dword_427B20
call sub_40B1E1
pop ecx
pop ecx
jmp short loc_407D65
; ---------------------------------------------------------------------------
loc_407D62: ; CODE XREF: sub_407BFE+61�j
; sub_407BFE+93�j ...
mov edi, [ebp+arg_0]
loc_407D65: ; CODE XREF: sub_407BFE+162�j
push edi
call dword_43A430
push ebx
call dword_43A430
push [ebp+var_3C]
call sub_4152AF
pop ecx
push esi
call dword_421048
pop edi
pop esi
pop ebx
sub_407BFE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407D86 proc near ; DATA XREF: sub_407BFE+11C�o
var_1344 = byte ptr -1344h
var_344 = byte ptr -344h
var_144 = byte ptr -144h
var_13C = byte ptr -13Ch
var_3C = dword ptr -3Ch
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1344h
call sub_415D70
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 4Ah
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
mov ebx, [ebp+var_30]
push 1
pop ecx
mov [ebp+var_4], ebx
push 6
push ecx
push 2
mov [eax+120h], ecx
call dword_43A418
mov esi, eax
xor edi, edi
cmp esi, 0FFFFFFFFh
mov [ebp+arg_0], esi
jz loc_407F3C
push 10h
lea eax, [ebp+var_18]
push edi
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_18], 2
push [ebp+var_3C]
call dword_43A398
mov [ebp+var_16], ax
lea eax, [ebp+var_13C]
push eax
call dword_43A3D8
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_407E16
lea eax, [ebp+var_13C]
push eax
call dword_43A41C
jmp short loc_407E24
; ---------------------------------------------------------------------------
loc_407E16: ; CODE XREF: sub_407D86+7F�j
push 2
lea eax, [ebp+var_8]
push 4
push eax
call dword_43A350
loc_407E24: ; CODE XREF: sub_407D86+8E�j
cmp eax, edi
jz loc_407F3C
mov eax, [eax+0Ch]
push 10h
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_14], eax
lea eax, [ebp+var_18]
push eax
push esi
call dword_43A340
cmp eax, 0FFFFFFFFh
jz loc_407F3C
movzx eax, [ebp+var_16]
push [ebp+var_34]
mov [ebp+var_20], edi
push eax
push [ebp+var_14]
call dword_43A424
push eax
lea eax, [ebp+var_344]
push offset dword_427C1C
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_344]
push 10h
push eax
call sub_414F93
imul ebx, 234h
mov [ebp+var_30], eax
imul eax, 234h
mov ecx, [ebp+var_34]
lea esi, dword_43F534[ebx]
mov dword_43F52C[eax], ecx
add esp, 20h
mov ecx, [esi]
mov dword_43F538[eax], ecx
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_144]
push edi
push eax
push offset sub_407F6D
push edi
push edi
call dword_42108C
mov ecx, [ebp+var_30]
imul ecx, 234h
cmp eax, edi
mov dword_43F53C[ecx], eax
jz short loc_407F29
loc_407ED6: ; CODE XREF: sub_407D86+15D�j
cmp [ebp+var_20], edi
jnz short loc_407EE5
push 32h
call dword_421060
jmp short loc_407ED6
; ---------------------------------------------------------------------------
loc_407EE5: ; CODE XREF: sub_407D86+153�j
mov ebx, 1000h
loc_407EEA: ; CODE XREF: sub_407D86+19F�j
push ebx
lea eax, [ebp+var_1344]
push edi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_1344]
push edi
push ebx
push eax
push dword ptr [esi]
call dword_43A3B0
cmp eax, edi
jle short loc_407F3C
push edi
push eax
lea eax, [ebp+var_1344]
push eax
push [ebp+arg_0]
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_407EEA
jmp short loc_407F3C
; ---------------------------------------------------------------------------
loc_407F29: ; CODE XREF: sub_407D86+14E�j
call dword_421088
push eax
push offset dword_427BC8
call sub_40B1E1
pop ecx
pop ecx
loc_407F3C: ; CODE XREF: sub_407D86+44�j
; sub_407D86+A0�j ...
mov eax, [ebp+var_4]
imul eax, 234h
push dword_43F534[eax]
call dword_43A430
push [ebp+arg_0]
call dword_43A430
push [ebp+var_4]
call sub_4152AF
pop ecx
push edi
call dword_421048
pop edi
pop esi
pop ebx
sub_407D86 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F6D proc near ; DATA XREF: sub_407D86+130�o
var_1128 = byte ptr -1128h
var_128 = byte ptr -128h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1128h
call sub_415D70
mov eax, [ebp+arg_0]
push esi
push edi
push 4Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_128]
rep movsd
mov esi, [ebp+var_14]
mov dword ptr [eax+124h], 1
imul esi, 234h
mov edi, 1000h
loc_407FA4: ; CODE XREF: sub_407F6D+7C�j
push edi
lea eax, [ebp+var_1128]
push 0
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_1128]
push 0
push edi
push eax
push dword_43F538[esi]
call dword_43A3B0
test eax, eax
jle short loc_407FEB
push 0
push eax
lea eax, [ebp+var_1128]
push eax
push dword_43F534[esi]
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_407FA4
loc_407FEB: ; CODE XREF: sub_407F6D+61�j
push dword_43F538[esi]
call dword_43A430
push [ebp+var_14]
call sub_4152AF
pop ecx
push 0
call dword_421048
pop edi
pop esi
sub_407F6D endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40800A proc near ; DATA XREF: sub_40CE55+58AB�o
var_2D4 = byte ptr -2D4h
var_D4 = dword ptr -0D4h
var_D0 = byte ptr -0D0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_22 = word ptr -22h
var_20 = dword ptr -20h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 10h
mov esi, eax
pop ebx
lea edi, [ebp+var_D4]
push 2Ch
mov [ebp+var_4], ebx
pop ecx
rep movsd
push 1
xor esi, esi
pop edi
mov [eax+0A8h], edi
push ebx
lea eax, [ebp+var_14]
push esi
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_14], 2
push [ebp+var_40]
call dword_43A398
push 6
push edi
push 2
mov [ebp+var_12], ax
mov [ebp+var_10], esi
call dword_43A418
mov edi, eax
mov eax, [ebp+var_3C]
imul eax, 234h
push ebx
mov dword_43F534[eax], edi
lea eax, [ebp+var_14]
push eax
push edi
call dword_43A3C4
test eax, eax
jnz loc_4081AC
push 0Ah
push edi
call dword_43A3C0
test eax, eax
jnz loc_4081AC
push [ebp+var_40]
push [ebp+var_D4]
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_2D4]
push offset dword_427D5C
push eax
call sub_4154E7
add esp, 10h
cmp [ebp+var_30], esi
jnz short loc_4080E5
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_412D4C
add esp, 14h
loc_4080E5: ; CODE XREF: sub_40800A+B9�j
; sub_40800A+172�j ...
lea eax, [ebp+var_2D4]
push eax
call sub_40B16D
pop ecx
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
push edi
call dword_43A42C
push [ebp+var_3C]
mov ebx, eax
movzx eax, [ebp+var_22]
push eax
mov [ebp+var_28], esi
push [ebp+var_20]
call dword_43A424
push eax
lea eax, [ebp+var_2D4]
push offset dword_427D04
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2D4]
push 11h
push eax
call sub_414F93
mov [ebp+var_38], eax
imul eax, 234h
mov ecx, [ebp+var_3C]
add esp, 20h
mov dword_43F52C[eax], ecx
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_D4]
push esi
push eax
push offset sub_40820F
push esi
push esi
call dword_42108C
mov ecx, [ebp+var_38]
imul ecx, 234h
cmp eax, esi
mov dword_43F53C[ecx], eax
jz short loc_40818C
loc_408179: ; CODE XREF: sub_40800A+180�j
cmp [ebp+var_28], esi
jnz loc_4080E5
push 5
call dword_421060
jmp short loc_408179
; ---------------------------------------------------------------------------
loc_40818C: ; CODE XREF: sub_40800A+16D�j
call dword_421088
push eax
lea eax, [ebp+var_2D4]
push offset dword_427CB8
push eax
call sub_4154E7
add esp, 0Ch
jmp loc_4080E5
; ---------------------------------------------------------------------------
loc_4081AC: ; CODE XREF: sub_40800A+7B�j
; sub_40800A+8C�j
push edi
call dword_43A430
push [ebp+var_40]
lea eax, [ebp+var_2D4]
push offset dword_427C74
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_4081EF
push esi
lea eax, [ebp+var_2D4]
push [ebp+var_34]
push eax
lea eax, [ebp+var_D0]
push eax
push [ebp+var_D4]
call sub_412D4C
add esp, 14h
loc_4081EF: ; CODE XREF: sub_40800A+1C3�j
lea eax, [ebp+var_2D4]
push eax
call sub_40B16D
push [ebp+var_3C]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
pop edi
pop esi
pop ebx
sub_40800A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40820F proc near ; DATA XREF: sub_40800A+14F�o
var_5D4 = dword ptr -5D4h
var_5D0 = dword ptr -5D0h
var_4D0 = byte ptr -4D0h
var_4CF = byte ptr -4CFh
var_4CE = word ptr -4CEh
var_4CC = dword ptr -4CCh
var_4C8 = byte ptr -4C8h
var_C8 = byte ptr -0C8h
var_44 = byte ptr -44h
var_2C = dword ptr -2Ch
var_18 = word ptr -18h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 5D4h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 2Ch
mov esi, eax
pop ecx
lea edi, [ebp+var_C8]
rep movsd
mov esi, [ebp+var_2C]
push 1
mov [ebp+arg_0], esi
imul esi, 234h
pop edi
lea esi, dword_43F534[esi]
mov [eax+0ACh], edi
xor ebx, ebx
mov eax, [esi]
mov [ebp+var_8], 5
mov [ebp+var_5D0], eax
lea eax, [ebp+var_8]
push eax
push ebx
lea eax, [ebp+var_5D4]
push ebx
push eax
push ebx
mov [ebp+var_4], ebx
mov [ebp+var_5D4], edi
call dword_43A380
test eax, eax
jnz short loc_408290
push dword ptr [esi]
call dword_43A430
push [ebp+arg_0]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_408290: ; CODE XREF: sub_40820F+67�j
push ebx
lea eax, [ebp+var_4D0]
push 408h
push eax
push dword ptr [esi]
call dword_43A3B0
test eax, eax
jg short loc_4082C1
push dword ptr [esi]
call dword_43A430
push [ebp+arg_0]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_4082C1: ; CODE XREF: sub_40820F+98�j
cmp [ebp+var_4D0], 4
jnz loc_4084BB
cmp [ebp+var_4CF], 1
jnz loc_4084BB
cmp [ebp+var_44], bl
jz short loc_408357
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_408357
lea eax, [ebp+var_44]
push eax
lea eax, [ebp+var_4C8]
push eax
push offset dword_427E3C
call sub_40B1E1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Dh
call sub_415570
add esp, 18h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_43A3E8
push dword ptr [esi]
call dword_43A430
push [ebp+arg_0]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_408357: ; CODE XREF: sub_40820F+CF�j
; sub_40820F+E5�j
push 10h
lea eax, [ebp+var_18]
push ebx
push eax
call sub_415570
mov ax, [ebp+var_4CE]
add esp, 0Ch
mov [ebp+var_16], ax
mov eax, [ebp+var_4CC]
push 6
push edi
push 2
mov [ebp+var_18], 2
mov [ebp+var_14], eax
call dword_43A418
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_4083EF
call dword_43A32C
push eax
push offset dword_427DEC
call sub_40B1E1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_415570
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_43A3E8
push dword ptr [esi]
call dword_43A430
push [ebp+arg_0]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_4083EF: ; CODE XREF: sub_40820F+181�j
lea eax, [ebp+var_18]
push 10h
push eax
push edi
call dword_43A340
cmp eax, 0FFFFFFFFh
jnz short loc_40845E
call dword_43A32C
push eax
push offset dword_427D98
call sub_40B1E1
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Bh
call sub_415570
add esp, 14h
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_43A3E8
push dword ptr [esi]
call dword_43A430
push [ebp+arg_0]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_40845E: ; CODE XREF: sub_40820F+1F0�j
push 400h
lea eax, [ebp+var_4C8]
push ebx
push eax
mov [ebp+var_4D0], bl
mov [ebp+var_4CF], 5Ah
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_4D0]
push ebx
push 8
push eax
push dword ptr [esi]
call dword_43A3E8
push dword ptr [esi]
push edi
call sub_4084D3
pop ecx
pop ecx
push edi
call dword_43A430
push dword ptr [esi]
call dword_43A430
push [ebp+arg_0]
call sub_4152AF
pop ecx
push ebx
call dword_421048
loc_4084BB: ; CODE XREF: sub_40820F+B9�j
; sub_40820F+C6�j
push dword ptr [esi]
call dword_43A430
push [ebp+arg_0]
call sub_4152AF
pop ecx
push ebx
call dword_421048
sub_40820F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4084D3 proc near ; CODE XREF: sub_40820F+286�p
var_504 = byte ptr -504h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 504h
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
mov esi, 400h
loc_4084E9: ; CODE XREF: sub_4084D3+C5�j
; sub_4084D3+F5�j
mov [ebp+var_100], ebx
mov [ebp+var_104], 1
xor ecx, ecx
lea eax, [ebp+var_100]
loc_408501: ; CODE XREF: sub_4084D3+3C�j
mov edx, [ebp+arg_0]
cmp [eax], edx
jz short loc_408511
inc ecx
add eax, 4
cmp ecx, 1
jb short loc_408501
loc_408511: ; CODE XREF: sub_4084D3+33�j
cmp ecx, 1
jnz short loc_408526
mov [ebp+var_FC], edx
mov [ebp+var_104], 2
loc_408526: ; CODE XREF: sub_4084D3+41�j
push esi
lea eax, [ebp+var_504]
push edi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_104]
push edi
push edi
push edi
push eax
push edi
call dword_43A380
lea eax, [ebp+var_104]
push eax
push ebx
call dword_43A290
test eax, eax
jz short loc_408586
push edi
lea eax, [ebp+var_504]
push esi
push eax
push ebx
call dword_43A3B0
cmp eax, 0FFFFFFFFh
jz short loc_4085CE
push edi
push eax
lea eax, [ebp+var_504]
push eax
push [ebp+arg_0]
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jz short loc_4085CE
loc_408586: ; CODE XREF: sub_4084D3+85�j
lea eax, [ebp+var_104]
push eax
push [ebp+arg_0]
call dword_43A290
test eax, eax
jz loc_4084E9
push edi
lea eax, [ebp+var_504]
push esi
push eax
push [ebp+arg_0]
call dword_43A3B0
cmp eax, 0FFFFFFFFh
jz short loc_4085CE
push edi
push eax
lea eax, [ebp+var_504]
push eax
push ebx
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz loc_4084E9
loc_4085CE: ; CODE XREF: sub_4084D3+9A�j
; sub_4084D3+B1�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4084D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085D3 proc near ; CODE XREF: sub_40CE55+52B0�p
var_3F4 = byte ptr -3F4h
var_2F0 = byte ptr -2F0h
var_F0 = byte ptr -0F0h
var_70 = byte ptr -70h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3F4h
push ebx
xor ebx, ebx
cmp dword_427E94, ebx
mov [ebp+var_C], 80h
jz loc_408785
push esi
push edi
mov eax, offset dword_427E94
mov esi, offset dword_427EA0
mov edi, offset dword_4290A8
loc_408603: ; CODE XREF: sub_4085D3+1AA�j
lea ecx, [ebp+var_4]
push ecx
push 20019h
push ebx
push dword ptr [eax]
push dword ptr [esi-10h]
call dword_43A408
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_F0]
push eax
push ebx
push ebx
push dword ptr [esi-8]
push [ebp+var_4]
call dword_43A2A4
test eax, eax
jnz loc_40876B
mov eax, [esi]
cmp eax, ebx
jz loc_40872F
push eax
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_3F4]
push offset dword_4290A0
push eax
call sub_4154E7
lea eax, [ebp+var_3F4]
push offset dword_42909C
push eax
call sub_415BE8
add esp, 18h
cmp eax, ebx
mov [ebp+var_8], eax
jz loc_40876B
push eax
loc_40867C: ; CODE XREF: sub_4085D3+D4�j
lea eax, [ebp+var_70]
push 64h
push eax
call sub_41713C
add esp, 0Ch
test eax, eax
jz loc_408724
push dword ptr [esi+4]
lea eax, [ebp+var_70]
push eax
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jz short loc_4086A9
push [ebp+var_8]
jmp short loc_40867C
; ---------------------------------------------------------------------------
loc_4086A9: ; CODE XREF: sub_4085D3+CF�j
push 3Dh
push dword ptr [esi+4]
call sub_417080
pop ecx
test eax, eax
pop ecx
jz short loc_4086E8
lea eax, [ebp+var_70]
push offset dword_429098
push eax
call sub_416C98
push offset dword_429098
push ebx
call sub_416C98
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_4154E7
add esp, 20h
jmp short loc_4086FF
; ---------------------------------------------------------------------------
loc_4086E8: ; CODE XREF: sub_4085D3+E4�j
lea eax, [ebp+var_70]
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_4154E7
add esp, 10h
loc_4086FF: ; CODE XREF: sub_4085D3+113�j
push ebx
lea eax, [ebp+var_2F0]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
lea eax, [ebp+var_2F0]
push eax
call sub_40B16D
add esp, 18h
loc_408724: ; CODE XREF: sub_4085D3+B9�j
push [ebp+var_8]
call sub_415B40
pop ecx
jmp short loc_40876B
; ---------------------------------------------------------------------------
loc_40872F: ; CODE XREF: sub_4085D3+6A�j
lea eax, [ebp+var_F0]
push eax
lea eax, [ebp+var_2F0]
push dword ptr [esi-4]
push edi
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2F0]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
lea eax, [ebp+var_2F0]
push eax
call sub_40B16D
add esp, 28h
loc_40876B: ; CODE XREF: sub_4085D3+60�j
; sub_4085D3+A2�j ...
push [ebp+var_4]
call dword_43A374
add esi, 18h
cmp [esi-0Ch], ebx
lea eax, [esi-0Ch]
jnz loc_408603
pop edi
pop esi
loc_408785: ; CODE XREF: sub_4085D3+19�j
pop ebx
leave
retn
sub_4085D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408788 proc near ; DATA XREF: sub_40CE55+3C21�o
var_49C = byte ptr -49Ch
var_29C = dword ptr -29Ch
var_298 = byte ptr -298h
var_218 = byte ptr -218h
var_115 = byte ptr -115h
var_114 = byte ptr -114h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 49Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0A7h
mov esi, eax
lea edi, [ebp+var_29C]
rep movsd
mov dword ptr [eax+298h], 1
lea eax, [ebp+var_114]
push eax
call sub_415CF0
xor ebx, ebx
cmp [ebp+eax+var_115], 5Ch
pop ecx
jnz short loc_4087DD
lea eax, [ebp+var_114]
push eax
call sub_415CF0
pop ecx
mov [ebp+eax+var_115], bl
loc_4087DD: ; CODE XREF: sub_408788+3F�j
lea eax, [ebp+var_218]
push eax
push offset dword_4290F0
lea eax, [ebp+var_49C]
push 200h
push eax
call sub_415A6A
add esp, 10h
cmp [ebp+var_8], ebx
jnz short loc_408822
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_412D4C
add esp, 14h
loc_408822: ; CODE XREF: sub_408788+78�j
lea eax, [ebp+var_114]
push ebx
push eax
lea eax, [ebp+var_218]
push eax
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
push [ebp+var_29C]
call sub_4088A0
push eax
lea eax, [ebp+var_49C]
push offset dword_4290BC
push eax
call sub_4154E7
add esp, 24h
cmp [ebp+var_8], ebx
jnz short loc_408880
push ebx
lea eax, [ebp+var_49C]
push [ebp+var_C]
push eax
lea eax, [ebp+var_298]
push eax
push [ebp+var_29C]
call sub_412D4C
add esp, 14h
loc_408880: ; CODE XREF: sub_408788+D6�j
lea eax, [ebp+var_49C]
push eax
call sub_40B16D
push [ebp+var_10]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
pop edi
pop esi
pop ebx
sub_408788 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088A0 proc near ; CODE XREF: sub_408788+B9�p
; sub_4088A0+9E�p
var_54C = byte ptr -54Ch
var_34C = byte ptr -34Ch
var_248 = byte ptr -248h
var_144 = byte ptr -144h
var_118 = byte ptr -118h
var_117 = byte ptr -117h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 54Ch
push ebx
push esi
push edi
mov esi, 104h
push [ebp+arg_10]
lea eax, [ebp+var_248]
push offset dword_42913C
push esi
push eax
call sub_415A6A
mov edi, dword_4210A8
add esp, 10h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
mov ebx, offset dword_4290A0
jz short loc_40895D
loc_4088EC: ; CODE XREF: sub_4088A0+BB�j
test [ebp+var_144], 10h
jz short loc_408949
cmp [ebp+var_118], 2Eh
jnz short loc_408910
cmp [ebp+var_117], 0
jz short loc_408949
cmp [ebp+var_117], 2Eh
jz short loc_408949
loc_408910: ; CODE XREF: sub_4088A0+5C�j
lea eax, [ebp+var_118]
push eax
lea eax, [ebp+var_34C]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_415A6A
push [ebp+arg_14]
lea eax, [ebp+var_34C]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4088A0
add esp, 2Ch
mov [ebp+arg_14], eax
loc_408949: ; CODE XREF: sub_4088A0+53�j
; sub_4088A0+65�j ...
lea eax, [ebp+var_144]
push eax
push [ebp+var_4]
call dword_4210A4
test eax, eax
jnz short loc_4088EC
loc_40895D: ; CODE XREF: sub_4088A0+4A�j
push [ebp+var_4]
call dword_421098
push [ebp+arg_C]
lea eax, [ebp+var_248]
push [ebp+arg_10]
push ebx
push esi
push eax
call sub_415A6A
add esp, 14h
lea eax, [ebp+var_144]
push eax
lea eax, [ebp+var_248]
push eax
call edi
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_4089E3
loc_408994: ; CODE XREF: sub_4088A0+141�j
lea eax, [ebp+var_118]
inc [ebp+arg_14]
push eax
lea eax, [ebp+var_54C]
push [ebp+arg_10]
push offset dword_42912C
push 200h
push eax
call sub_415A6A
push 1
lea eax, [ebp+var_54C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 28h
lea eax, [ebp+var_144]
push eax
push esi
call dword_4210A4
test eax, eax
jnz short loc_408994
loc_4089E3: ; CODE XREF: sub_4088A0+F2�j
push esi
call dword_421098
mov eax, [ebp+arg_14]
pop edi
pop esi
pop ebx
leave
retn
sub_4088A0 endp
; =============== S U B R O U T I N E =======================================
sub_4089F2 proc near ; CODE XREF: sub_40C682+55�p
push ebx
push ebp
mov ebp, dword_4210C8
push esi
push edi
push offset dword_4299FC
call ebp
mov esi, dword_4210C4
mov edi, eax
xor ebx, ebx
cmp edi, ebx
jz loc_408B12
push offset dword_4299EC
push edi
call esi
push offset dword_4299D0
push edi
mov dword_43A444, eax
call esi
push offset dword_4299C0
push edi
mov dword_43A3B8, eax
call esi
push offset dword_4299B0
push edi
mov dword_43A39C, eax
call esi
push offset dword_4299A0
push edi
mov dword_43A2B8, eax
call esi
push offset dword_42998C
push edi
mov dword_43A264, eax
call esi
push offset dword_429974
push edi
mov dword_43A294, eax
call esi
push offset dword_429964
push edi
mov dword_43A308, eax
call esi
push offset dword_429958
push edi
mov dword_43A3F8, eax
call esi
push offset dword_429940
push edi
mov dword_43A454, eax
call esi
push offset dword_429924
push edi
mov dword_43A2C4, eax
call esi
cmp dword_43A444, ebx
mov dword_43A2AC, eax
jz short loc_408AF0
cmp dword_43A3B8, ebx
jz short loc_408AF0
cmp dword_43A39C, ebx
jz short loc_408AF0
cmp dword_43A2B8, ebx
jz short loc_408AF0
cmp dword_43A294, ebx
jz short loc_408AF0
cmp dword_43A308, ebx
jz short loc_408AF0
cmp dword_43A3F8, ebx
jz short loc_408AF0
cmp dword_43A454, ebx
jz short loc_408AF0
cmp dword_43A2C4, ebx
jz short loc_408AF0
cmp eax, ebx
jnz short loc_408AFA
loc_408AF0: ; CODE XREF: sub_4089F2+B8�j
; sub_4089F2+C0�j ...
mov dword_43A458, 1
loc_408AFA: ; CODE XREF: sub_4089F2+FC�j
push offset dword_42990C
push edi
call esi
cmp eax, ebx
mov dword_43A3D0, eax
jz short loc_408B27
push 1
push ebx
call eax
jmp short loc_408B27
; ---------------------------------------------------------------------------
loc_408B12: ; CODE XREF: sub_4089F2+1D�j
call dword_421088
mov dword_43A45C, eax
mov dword_43A458, 1
loc_408B27: ; CODE XREF: sub_4089F2+117�j
; sub_4089F2+11E�j
push offset dword_429900
call dword_4210C0
mov edi, eax
cmp edi, ebx
jz loc_408C3C
push offset dword_4298F0
push edi
call esi
push offset dword_4298E4
push edi
mov dword_43A3F4, eax
call esi
push offset dword_4298D8
push edi
mov dword_43A3A4, eax
call esi
push offset dword_4298C8
push edi
mov dword_43A338, eax
call esi
push offset dword_4298B8
push edi
mov dword_43A448, eax
call esi
push offset dword_4298A4
push edi
mov dword_43A368, eax
call esi
push offset dword_429894
push edi
mov dword_43A388, eax
call esi
push offset dword_429884
push edi
mov dword_43A3EC, eax
call esi
cmp dword_43A3F4, ebx
mov dword_43A2E0, eax
jz short loc_408BE0
cmp dword_43A3A4, ebx
jz short loc_408BE0
cmp dword_43A338, ebx
jz short loc_408BE0
cmp dword_43A448, ebx
jz short loc_408BE0
cmp dword_43A368, ebx
jz short loc_408BE0
cmp dword_43A388, ebx
jz short loc_408BE0
cmp dword_43A3EC, ebx
jz short loc_408BE0
cmp eax, ebx
jnz short loc_408BEA
loc_408BE0: ; CODE XREF: sub_4089F2+1B8�j
; sub_4089F2+1C0�j ...
mov dword_43A460, 1
loc_408BEA: ; CODE XREF: sub_4089F2+1EC�j
push offset dword_429870
push edi
call esi
push offset dword_429864
push edi
mov dword_43A364, eax
call esi
push offset dword_429854
push edi
mov dword_43A278, eax
call esi
push offset dword_429840
push edi
mov dword_43A334, eax
call esi
cmp dword_43A364, ebx
mov dword_43A320, eax
jz short loc_408C47
cmp dword_43A278, ebx
jz short loc_408C47
cmp dword_43A334, ebx
jz short loc_408C47
cmp eax, ebx
jnz short loc_408C51
jmp short loc_408C47
; ---------------------------------------------------------------------------
loc_408C3C: ; CODE XREF: sub_4089F2+144�j
call dword_421088
mov dword_43A464, eax
loc_408C47: ; CODE XREF: sub_4089F2+232�j
; sub_4089F2+23A�j ...
mov dword_43A460, 1
loc_408C51: ; CODE XREF: sub_4089F2+246�j
push offset dword_429830
call ebp
mov edi, eax
cmp edi, ebx
jz loc_408DEC
push offset dword_429820
push edi
call esi
push offset dword_429810
push edi
mov dword_43A408, eax
call esi
push offset dword_429800
push edi
mov dword_43A34C, eax
call esi
push offset dword_4297EC
push edi
mov dword_43A3BC, eax
call esi
push offset dword_4297DC
push edi
mov dword_43A2A4, eax
call esi
push offset dword_4297D0
push edi
mov dword_43A304, eax
call esi
cmp dword_43A408, ebx
mov dword_43A374, eax
jz short loc_408CDC
cmp dword_43A34C, ebx
jz short loc_408CDC
cmp dword_43A3BC, ebx
jz short loc_408CDC
cmp dword_43A2A4, ebx
jz short loc_408CDC
cmp dword_43A304, ebx
jz short loc_408CDC
cmp eax, ebx
jnz short loc_408CE6
loc_408CDC: ; CODE XREF: sub_4089F2+2C4�j
; sub_4089F2+2CC�j ...
mov dword_43A468, 1
loc_408CE6: ; CODE XREF: sub_4089F2+2E8�j
push offset dword_4297BC
push edi
call esi
push offset dword_4297A4
push edi
mov dword_43A37C, eax
call esi
push offset dword_42978C
push edi
mov dword_43A354, eax
call esi
cmp dword_43A37C, ebx
mov dword_43A404, eax
jz short loc_408D21
cmp dword_43A354, ebx
jz short loc_408D21
cmp eax, ebx
jnz short loc_408D2B
loc_408D21: ; CODE XREF: sub_4089F2+321�j
; sub_4089F2+329�j
mov dword_43A468, 1
loc_408D2B: ; CODE XREF: sub_4089F2+32D�j
push offset dword_42977C
push edi
call esi
push offset dword_42976C
push edi
mov dword_43A38C, eax
call esi
push offset dword_42975C
push edi
mov dword_43A280, eax
call esi
push offset dword_42974C
push edi
mov dword_43A288, eax
call esi
push offset dword_42973C
push edi
mov dword_43A2E8, eax
call esi
push offset dword_429728
push edi
mov dword_43A2EC, eax
call esi
push offset dword_429714
push edi
mov dword_43A29C, eax
call esi
push offset dword_4296F8
push edi
mov dword_43A358, eax
call esi
cmp dword_43A38C, ebx
mov dword_43A28C, eax
jz short loc_408DCF
cmp dword_43A280, ebx
jz short loc_408DCF
cmp dword_43A288, ebx
jz short loc_408DCF
cmp dword_43A2E8, ebx
jz short loc_408DCF
cmp dword_43A2EC, ebx
jz short loc_408DCF
cmp dword_43A29C, ebx
jz short loc_408DCF
cmp dword_43A358, ebx
jz short loc_408DCF
cmp eax, ebx
jnz short loc_408DD9
loc_408DCF: ; CODE XREF: sub_4089F2+3A7�j
; sub_4089F2+3AF�j ...
mov dword_43A468, 1
loc_408DD9: ; CODE XREF: sub_4089F2+3DB�j
push offset dword_4296E8
push edi
call esi
cmp eax, ebx
mov dword_43A284, eax
jnz short loc_408E01
jmp short loc_408DF7
; ---------------------------------------------------------------------------
loc_408DEC: ; CODE XREF: sub_4089F2+26A�j
call dword_421088
mov dword_43A46C, eax
loc_408DF7: ; CODE XREF: sub_4089F2+3F8�j
mov dword_43A468, 1
loc_408E01: ; CODE XREF: sub_4089F2+3F6�j
push offset dword_4296DC
call ebp
mov edi, eax
cmp edi, ebx
jz loc_408ECD
push offset dword_4296D0
push edi
call esi
push offset dword_4296BC
push edi
mov dword_43A384, eax
call esi
push offset dword_4296A8
push edi
mov dword_43A3DC, eax
call esi
push offset dword_429698
push edi
mov dword_43A3E4, eax
call esi
push offset dword_429684
push edi
mov dword_43A3A0, eax
call esi
push offset dword_429674
push edi
mov dword_43A2C8, eax
call esi
push offset dword_42966C
push edi
mov dword_43A274, eax
call esi
push offset dword_429660
push edi
mov dword_43A3E0, eax
call esi
push offset dword_429650
push edi
mov dword_43A260, eax
call esi
cmp dword_43A384, ebx
mov dword_43A2FC, eax
jz short loc_408ED8
cmp dword_43A3DC, ebx
jz short loc_408ED8
cmp dword_43A3E4, ebx
jz short loc_408ED8
cmp dword_43A3A0, ebx
jz short loc_408ED8
cmp dword_43A2C8, ebx
jz short loc_408ED8
cmp dword_43A274, ebx
jz short loc_408ED8
cmp dword_43A3E0, ebx
jz short loc_408ED8
cmp dword_43A260, ebx
jz short loc_408ED8
cmp eax, ebx
jnz short loc_408EE2
jmp short loc_408ED8
; ---------------------------------------------------------------------------
loc_408ECD: ; CODE XREF: sub_4089F2+41A�j
call dword_421088
mov dword_43A474, eax
loc_408ED8: ; CODE XREF: sub_4089F2+49B�j
; sub_4089F2+4A3�j ...
mov dword_43A470, 1
loc_408EE2: ; CODE XREF: sub_4089F2+4D7�j
mov ebp, dword_4210C0
push offset dword_429644
call ebp
mov edi, eax
cmp edi, ebx
jz loc_40919E
push offset dword_429638
push edi
call esi
push offset dword_42962C
push edi
mov dword_43A310, eax
call esi
push offset dword_42961C
push edi
mov dword_43A43C, eax
call esi
push offset dword_42960C
push edi
mov dword_43A2B4, eax
call esi
push offset dword_429600
push edi
mov dword_43A290, eax
call esi
push offset dword_4295F0
push edi
mov dword_43A344, eax
call esi
push offset dword_4295E4
push edi
mov dword_43A32C, eax
call esi
push offset dword_4295DC
push edi
mov dword_43A2F8, eax
call esi
push offset dword_4295D0
push edi
mov dword_43A418, eax
call esi
push offset dword_4295C8
push edi
mov dword_43A434, eax
call esi
push offset dword_4295BC
push edi
mov dword_43A340, eax
call esi
push offset dword_4295B0
push edi
mov dword_43A424, eax
call esi
push offset dword_4295A8
push edi
mov dword_43A3D8, eax
call esi
push offset dword_4295A0
push edi
mov dword_43A398, eax
call esi
push offset dword_429598
push edi
mov dword_43A394, eax
call esi
push offset dword_429590
push edi
mov dword_43A2D4, eax
call esi
push offset dword_429588
push edi
mov dword_43A2CC, eax
call esi
push offset dword_429580
push edi
mov dword_43A3E8, eax
call esi
push offset dword_429578
push edi
mov dword_43A3FC, eax
call esi
push offset dword_42956C
push edi
mov dword_43A3B0, eax
call esi
mov dword_43A370, eax
push offset dword_429564
push edi
call esi
push offset dword_42955C
push edi
mov dword_43A3C4, eax
call esi
push offset dword_429554
push edi
mov dword_43A380, eax
call esi
push offset dword_42954C
push edi
mov dword_43A3C0, eax
call esi
push offset dword_429540
push edi
mov dword_43A42C, eax
call esi
push offset dword_429534
push edi
mov dword_43A378, eax
call esi
push offset dword_429528
push edi
mov dword_43A33C, eax
call esi
push offset dword_429518
push edi
mov dword_43A3AC, eax
call esi
push offset dword_429508
push edi
mov dword_43A41C, eax
call esi
push offset dword_4294FC
push edi
mov dword_43A350, eax
call esi
push offset dword_4294F0
push edi
mov dword_43A2F4, eax
call esi
cmp dword_43A310, ebx
mov dword_43A430, eax
jz loc_4091A9
cmp dword_43A43C, ebx
jz loc_4091A9
cmp dword_43A2B4, ebx
jz loc_4091A9
cmp dword_43A344, ebx
jz loc_4091A9
cmp dword_43A32C, ebx
jz loc_4091A9
cmp dword_43A2F8, ebx
jz loc_4091A9
cmp dword_43A418, ebx
jz loc_4091A9
cmp dword_43A434, ebx
jz loc_4091A9
cmp dword_43A340, ebx
jz loc_4091A9
cmp dword_43A424, ebx
jz loc_4091A9
cmp dword_43A3D8, ebx
jz loc_4091A9
cmp dword_43A398, ebx
jz loc_4091A9
cmp dword_43A394, ebx
jz loc_4091A9
cmp dword_43A2D4, ebx
jz short loc_4091A9
cmp dword_43A3E8, ebx
jz short loc_4091A9
cmp dword_43A3FC, ebx
jz short loc_4091A9
cmp dword_43A3B0, ebx
jz short loc_4091A9
cmp dword_43A370, ebx
jz short loc_4091A9
cmp dword_43A3C4, ebx
jz short loc_4091A9
cmp dword_43A380, ebx
jz short loc_4091A9
cmp dword_43A3C0, ebx
jz short loc_4091A9
cmp dword_43A42C, ebx
jz short loc_4091A9
cmp dword_43A378, ebx
jz short loc_4091A9
cmp dword_43A33C, ebx
jz short loc_4091A9
cmp dword_43A3AC, ebx
jz short loc_4091A9
cmp dword_43A41C, ebx
jz short loc_4091A9
cmp dword_43A350, ebx
jz short loc_4091A9
cmp eax, ebx
jnz short loc_4091B3
jmp short loc_4091A9
; ---------------------------------------------------------------------------
loc_40919E: ; CODE XREF: sub_4089F2+501�j
call dword_421088
mov dword_43A47C, eax
loc_4091A9: ; CODE XREF: sub_4089F2+6A0�j
; sub_4089F2+6AC�j ...
mov dword_43A478, 1
loc_4091B3: ; CODE XREF: sub_4089F2+7A8�j
push offset dword_4294E4
call ebp
mov edi, eax
cmp edi, ebx
jz loc_4092B8
push offset dword_4294C8
push edi
call esi
push offset dword_4294AC
push edi
mov dword_43A2DC, eax
call esi
push offset dword_429498
push edi
mov dword_43A268, eax
call esi
push offset dword_429484
push edi
mov dword_43A360, eax
call esi
push offset dword_429470
push edi
mov dword_43A314, eax
call esi
push offset dword_429460
push edi
mov dword_43A36C, eax
call esi
push offset dword_42944C
push edi
mov dword_43A330, eax
call esi
push offset dword_429438
push edi
mov dword_43A2A8, eax
call esi
push offset dword_429424
push edi
mov dword_43A2A0, eax
call esi
push offset dword_429410
push edi
mov dword_43A2B0, eax
call esi
cmp dword_43A2DC, ebx
mov ecx, dword_43A330
mov dword_43A3CC, eax
jz short loc_409294
cmp dword_43A268, ebx
jz short loc_409294
cmp dword_43A360, ebx
jz short loc_409294
cmp dword_43A314, ebx
jz short loc_409294
cmp dword_43A36C, ebx
jz short loc_409294
cmp ecx, ebx
jz short loc_409294
cmp dword_43A2A8, ebx
jz short loc_409294
cmp dword_43A2A0, ebx
jz short loc_409294
cmp dword_43A2B0, ebx
jz short loc_409294
cmp eax, ebx
jnz short loc_40929E
loc_409294: ; CODE XREF: sub_4089F2+860�j
; sub_4089F2+868�j ...
mov dword_43A480, 1
loc_40929E: ; CODE XREF: sub_4089F2+8A0�j
cmp ecx, ebx
jz short loc_4092D3
push ebx
push ebx
push ebx
push ebx
push offset dword_4293F4
call ecx
cmp eax, ebx
mov dword_43A348, eax
jnz short loc_4092D3
jmp short loc_4092CD
; ---------------------------------------------------------------------------
loc_4092B8: ; CODE XREF: sub_4089F2+7CC�j
call dword_421088
mov dword_43A484, eax
mov dword_43A480, 1
loc_4092CD: ; CODE XREF: sub_4089F2+8C4�j
mov dword_43A348, ebx
loc_4092D3: ; CODE XREF: sub_4089F2+8AE�j
; sub_4089F2+8C2�j
push offset dword_4293E8
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40931D
push offset dword_4293D8
push edi
call esi
push offset dword_4293C8
push edi
mov dword_43A324, eax
call esi
push offset dword_4293B8
push edi
mov dword_43A450, eax
call esi
cmp dword_43A324, ebx
mov dword_43A2BC, eax
jz short loc_409328
cmp dword_43A450, ebx
jz short loc_409328
cmp eax, ebx
jnz short loc_409332
jmp short loc_409328
; ---------------------------------------------------------------------------
loc_40931D: ; CODE XREF: sub_4089F2+8EC�j
call dword_421088
mov dword_43A48C, eax
loc_409328: ; CODE XREF: sub_4089F2+91B�j
; sub_4089F2+923�j ...
mov dword_43A488, 1
loc_409332: ; CODE XREF: sub_4089F2+927�j
push offset dword_4293A8
call ebp
mov edi, eax
cmp edi, ebx
jz loc_409428
push offset dword_42939C
push edi
call esi
push offset dword_429390
push edi
mov dword_43A298, eax
call esi
push offset dword_429380
push edi
mov dword_43A270, eax
call esi
push offset dword_42936C
push edi
mov dword_43A2E4, eax
call esi
push offset dword_429358
push edi
mov dword_43A318, eax
call esi
push offset dword_429348
push edi
mov dword_43A428, eax
call esi
push offset dword_42933C
push edi
mov dword_43A2D0, eax
call esi
push offset dword_429330
push edi
mov dword_43A27C, eax
call esi
push offset dword_429324
push edi
mov dword_43A26C, eax
call esi
push offset dword_429314
push edi
mov dword_43A300, eax
call esi
push offset dword_4292FC
push edi
mov dword_43A3F0, eax
call esi
cmp dword_43A298, ebx
mov dword_43A3A8, eax
jz short loc_409433
cmp dword_43A270, ebx
jz short loc_409433
cmp dword_43A2E4, ebx
jz short loc_409433
cmp dword_43A318, ebx
jz short loc_409433
cmp dword_43A428, ebx
jz short loc_409433
cmp dword_43A2D0, ebx
jz short loc_409433
cmp dword_43A27C, ebx
jz short loc_409433
cmp dword_43A26C, ebx
jz short loc_409433
cmp dword_43A300, ebx
jz short loc_409433
cmp dword_43A3F0, ebx
jz short loc_409433
cmp eax, ebx
jnz short loc_40943D
jmp short loc_409433
; ---------------------------------------------------------------------------
loc_409428: ; CODE XREF: sub_4089F2+94B�j
call dword_421088
mov dword_43A494, eax
loc_409433: ; CODE XREF: sub_4089F2+9E6�j
; sub_4089F2+9EE�j ...
mov dword_43A490, 1
loc_40943D: ; CODE XREF: sub_4089F2+A32�j
push offset dword_4292F0
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_409472
push offset dword_4292D8
push edi
call esi
push offset dword_4292B8
push edi
mov dword_43A2C0, eax
call esi
cmp dword_43A2C0, ebx
mov dword_43A390, eax
jz short loc_40947D
cmp eax, ebx
jnz short loc_409487
jmp short loc_40947D
; ---------------------------------------------------------------------------
loc_409472: ; CODE XREF: sub_4089F2+A56�j
call dword_421088
mov dword_43A49C, eax
loc_40947D: ; CODE XREF: sub_4089F2+A78�j
; sub_4089F2+A7E�j
mov dword_43A498, 1
loc_409487: ; CODE XREF: sub_4089F2+A7C�j
push offset dword_4292A8
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_4094BC
push offset dword_429298
push edi
call esi
push offset dword_429284
push edi
mov dword_43A414, eax
call esi
cmp dword_43A414, ebx
mov dword_43A410, eax
jz short loc_4094C7
cmp eax, ebx
jnz short loc_4094D1
jmp short loc_4094C7
; ---------------------------------------------------------------------------
loc_4094BC: ; CODE XREF: sub_4089F2+AA0�j
call dword_421088
mov dword_43A4A4, eax
loc_4094C7: ; CODE XREF: sub_4089F2+AC2�j
; sub_4089F2+AC8�j
mov dword_43A4A0, 1
loc_4094D1: ; CODE XREF: sub_4089F2+AC6�j
push offset dword_42927C
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_409530
push offset dword_429268
push edi
call esi
push offset dword_429254
push edi
mov dword_43A440, eax
call esi
push offset dword_42923C
push edi
mov dword_43A438, eax
call esi
push offset dword_429224
push edi
mov dword_43A400, eax
call esi
cmp dword_43A440, ebx
mov dword_43A2D8, eax
jz short loc_40953B
cmp dword_43A438, ebx
jz short loc_40953B
cmp dword_43A400, ebx
jz short loc_40953B
cmp eax, ebx
jnz short loc_409545
jmp short loc_40953B
; ---------------------------------------------------------------------------
loc_409530: ; CODE XREF: sub_4089F2+AEA�j
call dword_421088
mov dword_43A4AC, eax
loc_40953B: ; CODE XREF: sub_4089F2+B26�j
; sub_4089F2+B2E�j ...
mov dword_43A4A8, 1
loc_409545: ; CODE XREF: sub_4089F2+B3A�j
push offset dword_429218
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_40957A
push offset dword_429208
push edi
call esi
push offset dword_4291F8
push edi
mov dword_43A30C, eax
call esi
cmp dword_43A30C, ebx
mov dword_43A40C, eax
jz short loc_409585
cmp eax, ebx
jnz short loc_40958F
jmp short loc_409585
; ---------------------------------------------------------------------------
loc_40957A: ; CODE XREF: sub_4089F2+B5E�j
call dword_421088
mov dword_43A4B4, eax
loc_409585: ; CODE XREF: sub_4089F2+B80�j
; sub_4089F2+B86�j
mov dword_43A4B0, 1
loc_40958F: ; CODE XREF: sub_4089F2+B84�j
push offset dword_4291EC
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_409618
push offset dword_4291D8
push edi
call esi
push offset dword_4291C8
push edi
mov dword_43A3D4, eax
call esi
push offset dword_4291B8
push edi
mov dword_43A420, eax
call esi
push offset dword_4291A8
push edi
mov dword_43A35C, eax
call esi
push offset dword_429198
push edi
mov dword_43A31C, eax
call esi
push offset dword_429188
push edi
mov dword_43A3B4, eax
call esi
cmp dword_43A3D4, ebx
mov dword_43A328, eax
jz short loc_409623
cmp dword_43A420, ebx
jz short loc_409623
cmp dword_43A35C, ebx
jz short loc_409623
cmp dword_43A31C, ebx
jz short loc_409623
cmp dword_43A3B4, ebx
jz short loc_409623
cmp eax, ebx
jnz short loc_40962D
jmp short loc_409623
; ---------------------------------------------------------------------------
loc_409618: ; CODE XREF: sub_4089F2+BA8�j
call dword_421088
mov dword_43A4BC, eax
loc_409623: ; CODE XREF: sub_4089F2+BFE�j
; sub_4089F2+C06�j ...
mov dword_43A4B8, 1
loc_40962D: ; CODE XREF: sub_4089F2+C22�j
push offset dword_429178
call ebp
mov edi, eax
cmp edi, ebx
jz short loc_409662
push offset dword_429160
push edi
call esi
push offset dword_429144
push edi
mov dword_43A2F0, eax
call esi
cmp dword_43A2F0, ebx
mov dword_43A3C8, eax
jz short loc_40966D
cmp eax, ebx
jnz short loc_409677
jmp short loc_40966D
; ---------------------------------------------------------------------------
loc_409662: ; CODE XREF: sub_4089F2+C46�j
call dword_421088
mov dword_43A4C4, eax
loc_40966D: ; CODE XREF: sub_4089F2+C68�j
; sub_4089F2+C6E�j
mov dword_43A4C0, 1
loc_409677: ; CODE XREF: sub_4089F2+C6C�j
push 1
pop eax
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4089F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40967F proc near ; CODE XREF: sub_40CE55+51F9�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push ebx
mov ebx, [ebp+arg_4]
push esi
xor esi, esi
cmp dword_43A458, esi
push edi
mov edi, [ebp+arg_8]
jz short loc_4096C7
push dword_43A45C
lea eax, [ebp+var_200]
push offset dword_429B90
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_4096C7: ; CODE XREF: sub_40967F+1A�j
cmp dword_43A460, esi
jz short loc_4096FB
push dword_43A464
lea eax, [ebp+var_200]
push offset dword_429B78
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_4096FB: ; CODE XREF: sub_40967F+4E�j
cmp dword_43A468, esi
jz short loc_40972F
push dword_43A46C
lea eax, [ebp+var_200]
push offset dword_429B5C
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_40972F: ; CODE XREF: sub_40967F+82�j
cmp dword_43A470, esi
jz short loc_409763
push dword_43A474
lea eax, [ebp+var_200]
push offset dword_429B44
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_409763: ; CODE XREF: sub_40967F+B6�j
cmp dword_43A478, esi
jz short loc_409797
push dword_43A47C
lea eax, [ebp+var_200]
push offset dword_429B2C
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_409797: ; CODE XREF: sub_40967F+EA�j
cmp dword_43A480, esi
jz short loc_4097CB
push dword_43A484
lea eax, [ebp+var_200]
push offset dword_429B10
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_4097CB: ; CODE XREF: sub_40967F+11E�j
cmp dword_43A488, esi
jz short loc_4097FF
push dword_43A48C
lea eax, [ebp+var_200]
push offset dword_429AF8
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_4097FF: ; CODE XREF: sub_40967F+152�j
cmp dword_43A490, esi
jz short loc_409833
push dword_43A494
lea eax, [ebp+var_200]
push offset dword_429ADC
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_409833: ; CODE XREF: sub_40967F+186�j
cmp dword_43A498, esi
jz short loc_409867
push dword_43A49C
lea eax, [ebp+var_200]
push offset dword_429AC4
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_409867: ; CODE XREF: sub_40967F+1BA�j
cmp dword_43A4A0, esi
jz short loc_40989B
push dword_43A4A4
lea eax, [ebp+var_200]
push offset dword_429AA8
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_40989B: ; CODE XREF: sub_40967F+1EE�j
cmp dword_43A4A8, esi
jz short loc_4098CF
push dword_43A4AC
lea eax, [ebp+var_200]
push offset dword_429A90
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_4098CF: ; CODE XREF: sub_40967F+222�j
cmp dword_43A4B0, esi
jz short loc_409903
push dword_43A4B4
lea eax, [ebp+var_200]
push offset dword_429A74
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_409903: ; CODE XREF: sub_40967F+256�j
cmp dword_43A4B8, esi
jz short loc_409937
push dword_43A4BC
lea eax, [ebp+var_200]
push offset dword_429A5C
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_409937: ; CODE XREF: sub_40967F+28A�j
cmp dword_43A4C0, esi
jz short loc_40996B
push dword_43A4C4
lea eax, [ebp+var_200]
push offset dword_429A40
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
loc_40996B: ; CODE XREF: sub_40967F+2BE�j
lea eax, [ebp+var_200]
push offset dword_429A0C
push eax
call sub_4154E7
cmp [ebp+arg_C], esi
pop ecx
pop ecx
jnz short loc_409998
push esi
lea eax, [ebp+var_200]
push edi
push eax
push ebx
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_409998: ; CODE XREF: sub_40967F+302�j
lea eax, [ebp+var_200]
push eax
call sub_40B16D
pop ecx
pop edi
pop esi
pop ebx
leave
retn
sub_40967F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4099AA proc near ; CODE XREF: sub_40CE55+C50�p
; sub_40CE55+C84�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_0]
xor esi, esi
cmp edi, esi
jz short loc_409A35
mov eax, [ebp+arg_4]
cmp eax, esi
jz short loc_409A35
cmp [ebp+arg_8], esi
jz short loc_409A35
cmp byte ptr [eax], 0
jz short loc_409A35
push ebx
push edi
call near ptr byte_41FD7B
mov ebx, eax
pop ecx
test ebx, ebx
jz short loc_409A30
push [ebp+arg_4]
push edi
call sub_415AC0
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_409A29
sub eax, edi
push eax
push edi
push ebx
call sub_416D40
push [ebp+arg_8]
mov eax, ebx
sub eax, edi
and byte ptr [eax+esi], 0
call sub_415CF0
push eax
push [ebp+arg_8]
push ebx
call sub_416F10
push [ebp+arg_4]
call sub_415CF0
add eax, esi
push eax
push ebx
call sub_415C10
push ebx
push edi
call sub_415C00
add esp, 30h
mov esi, edi
loc_409A29: ; CODE XREF: sub_4099AA+3C�j
push ebx
call sub_415E3D
pop ecx
loc_409A30: ; CODE XREF: sub_4099AA+2B�j
mov eax, esi
pop ebx
jmp short loc_409A37
; ---------------------------------------------------------------------------
loc_409A35: ; CODE XREF: sub_4099AA+C�j
; sub_4099AA+13�j ...
xor eax, eax
loc_409A37: ; CODE XREF: sub_4099AA+89�j
pop edi
pop esi
pop ebp
retn
sub_4099AA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409A3B proc near ; CODE XREF: sub_40CCDD+E9�p
var_7D0 = dword ptr -7D0h
var_7CC = byte ptr -7CCh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7D0h
push ebx
push esi
push 7D0h
lea eax, [ebp+var_7D0]
push 0
push eax
call sub_415570
mov esi, [ebp+arg_0]
push esi
call sub_415CF0
add esp, 10h
push 1
pop ebx
cmp eax, ebx
jge short loc_409A71
or eax, 0FFFFFFFFh
jmp short loc_409AE4
; ---------------------------------------------------------------------------
loc_409A71: ; CODE XREF: sub_409A3B+2F�j
xor ecx, ecx
mov [ebp+var_7D0], esi
test eax, eax
jle short loc_409A93
loc_409A7D: ; CODE XREF: sub_409A3B+56�j
mov dl, [ecx+esi]
cmp dl, 0Ah
jz short loc_409A8A
cmp dl, 0Dh
jnz short loc_409A8E
loc_409A8A: ; CODE XREF: sub_409A3B+48�j
and byte ptr [ecx+esi], 0
loc_409A8E: ; CODE XREF: sub_409A3B+4D�j
inc ecx
cmp ecx, eax
jl short loc_409A7D
loc_409A93: ; CODE XREF: sub_409A3B+40�j
xor edx, edx
push edi
test eax, eax
jle short loc_409AC4
lea edi, [ebp+var_7CC]
loc_409AA0: ; CODE XREF: sub_409A3B+87�j
cmp byte ptr [edx+esi], 0
jnz short loc_409ABF
cmp byte ptr [edx+esi+1], 0
lea ecx, [edx+esi+1]
jz short loc_409ABF
cmp ebx, 1F4h
jge short loc_409AC4
mov [edi], ecx
inc ebx
add edi, 4
loc_409ABF: ; CODE XREF: sub_409A3B+69�j
; sub_409A3B+74�j
inc edx
cmp edx, eax
jl short loc_409AA0
loc_409AC4: ; CODE XREF: sub_409A3B+5D�j
; sub_409A3B+7C�j
cmp [ebp+arg_4], 0
pop edi
jz short loc_409AE2
lea eax, [ebp+var_7D0]
push 7D0h
push eax
push [ebp+arg_4]
call sub_4155D0
add esp, 0Ch
loc_409AE2: ; CODE XREF: sub_409A3B+8E�j
mov eax, ebx
loc_409AE4: ; CODE XREF: sub_409A3B+34�j
pop esi
pop ebx
leave
retn
sub_409A3B endp
; =============== S U B R O U T I N E =======================================
sub_409AE8 proc near ; CODE XREF: sub_409B42+33�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_4]
push esi
push edi
mov edi, [esp+8+arg_8]
mov ecx, 1F4h
xor esi, esi
rep stosd
lea edi, [eax-1]
test edi, edi
jl short loc_409B21
push ebx
mov ebx, edi
loc_409B05: ; CODE XREF: sub_409AE8+36�j
mov eax, [esp+0Ch+arg_0]
mov al, [esi+eax]
push eax
call sub_409B24
pop ecx
inc esi
mov ecx, [esp+0Ch+arg_8]
mov [ecx+eax*4], ebx
dec ebx
cmp esi, edi
jle short loc_409B05
pop ebx
loc_409B21: ; CODE XREF: sub_409AE8+18�j
pop edi
pop esi
retn
sub_409AE8 endp
; =============== S U B R O U T I N E =======================================
sub_409B24 proc near ; CODE XREF: sub_409AE8+25�p
; sub_409B42+6B�p
arg_0 = byte ptr 4
movsx eax, [esp+arg_0]
push eax
call sub_417193
cmp al, 61h
pop ecx
jl short loc_409B3F
cmp al, 7Ah
jg short loc_409B3F
movsx eax, al
sub eax, 60h
retn
; ---------------------------------------------------------------------------
loc_409B3F: ; CODE XREF: sub_409B24+E�j
; sub_409B24+12�j
xor eax, eax
retn
sub_409B24 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409B42 proc near ; CODE XREF: sub_40B24D+10�p
; sub_40B27F+A0�p
var_100C = dword ptr -100Ch
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 100Ch
call sub_415D70
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_415CF0
push [ebp+arg_4]
mov [ebp+var_4], eax
call sub_415CF0
mov esi, eax
lea eax, [ebp+var_100C]
push eax
push esi
push [ebp+arg_4]
mov [ebp+var_C], esi
call sub_409AE8
add esp, 14h
dec esi
mov edi, esi
loc_409B80: ; CODE XREF: sub_409B42+B6�j
test esi, esi
jle short loc_409BFE
mov eax, [ebp+arg_4]
movsx eax, byte ptr [esi+eax]
push eax
call sub_417193
mov ebx, eax
mov eax, [ebp+arg_0]
movsx eax, byte ptr [edi+eax]
push eax
call sub_417193
pop ecx
cmp eax, ebx
pop ecx
jz short loc_409BF6
loc_409BA6: ; CODE XREF: sub_409B42+B2�j
mov ebx, [ebp+arg_0]
mov al, [edi+ebx]
push eax
call sub_409B24
mov edx, [ebp+var_C]
mov eax, [ebp+eax*4+var_100C]
pop ecx
mov ecx, edx
sub ecx, esi
cmp ecx, eax
jle short loc_409BC7
mov eax, ecx
loc_409BC7: ; CODE XREF: sub_409B42+81�j
add edi, eax
cmp edi, [ebp+var_4]
jge short loc_409BFA
mov eax, [ebp+arg_4]
lea esi, [edx-1]
movsx eax, byte ptr [esi+eax]
push eax
call sub_417193
mov edx, eax
movsx eax, byte ptr [edi+ebx]
push eax
mov [ebp+var_8], edx
call sub_417193
pop ecx
pop ecx
mov ecx, [ebp+var_8]
cmp eax, ecx
jnz short loc_409BA6
loc_409BF6: ; CODE XREF: sub_409B42+62�j
dec edi
dec esi
jmp short loc_409B80
; ---------------------------------------------------------------------------
loc_409BFA: ; CODE XREF: sub_409B42+8A�j
xor eax, eax
jmp short loc_409C03
; ---------------------------------------------------------------------------
loc_409BFE: ; CODE XREF: sub_409B42+40�j
mov eax, [ebp+arg_0]
add eax, edi
loc_409C03: ; CODE XREF: sub_409B42+BA�j
pop edi
pop esi
pop ebx
leave
retn
sub_409B42 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409C08 proc near ; CODE XREF: sub_40CE55+3B4E�p
; sub_40CE55+4755�p
var_100 = byte ptr -100h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 100h
push esi
call dword_421088
mov esi, eax
push 0
lea eax, [ebp+var_100]
push 100h
push eax
push 400h
push esi
push 0
push 1200h
call dword_4210CC
lea eax, [ebp+var_100]
loc_409C41: ; CODE XREF: sub_409C08+46�j
mov cl, [eax]
cmp cl, 1Fh
jg short loc_409C4D
cmp cl, 9
jnz short loc_409C50
loc_409C4D: ; CODE XREF: sub_409C08+3E�j
inc eax
jmp short loc_409C41
; ---------------------------------------------------------------------------
loc_409C50: ; CODE XREF: sub_409C08+43�j
; sub_409C08+5B�j ...
and byte ptr [eax], 0
dec eax
lea ecx, [ebp+var_100]
cmp eax, ecx
jb short loc_409C6A
mov cl, [eax]
cmp cl, 2Eh
jz short loc_409C50
cmp cl, 21h
jl short loc_409C50
loc_409C6A: ; CODE XREF: sub_409C08+54�j
lea eax, [ebp+var_100]
push esi
push eax
mov esi, offset dword_43A4C8
push [ebp+arg_0]
push offset dword_429BAC
push 200h
push esi
call sub_415A6A
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_409C08 endp
; =============== S U B R O U T I N E =======================================
sub_409C92 proc near ; CODE XREF: sub_40CE55+5185�p
push esi
push 0
call dword_43A368
test eax, eax
jz short loc_409CC9
push 1
call dword_43A388
mov esi, eax
test esi, esi
jz short loc_409CC9
push edi
push esi
call dword_4210D4
push esi
mov edi, eax
call dword_4210D0
call dword_43A3EC
mov eax, edi
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_409CC9: ; CODE XREF: sub_409C92+B�j
; sub_409C92+19�j
xor eax, eax
pop esi
retn
sub_409C92 endp
; =============== S U B R O U T I N E =======================================
sub_409CCD proc near ; CODE XREF: sub_40CE55+4545�p
arg_0 = dword ptr 4
push ebp
push esi
push edi
xor esi, esi
mov edi, offset dword_429BC0
push esi
push edi
call dword_43A3A4
mov ebp, eax
cmp ebp, esi
jz short loc_409D49
push ebx
push edi
push 1000h
push esi
push 4
push esi
push 0FFFFFFFFh
call dword_4210E0
push esi
push esi
mov edi, eax
push esi
push 0F001Fh
push edi
call dword_4210DC
push [esp+10h+arg_0]
mov ebx, eax
push ebx
call sub_4154E7
pop ecx
pop ecx
push esi
push 1
push 4C8h
push ebp
call dword_43A3F4
push esi
push 1
push 4C9h
push ebp
call dword_43A3F4
push ebx
call dword_4210D8
push edi
call dword_42106C
push 1
pop eax
pop ebx
jmp short loc_409D4B
; ---------------------------------------------------------------------------
loc_409D49: ; CODE XREF: sub_409CCD+16�j
xor eax, eax
loc_409D4B: ; CODE XREF: sub_409CCD+7A�j
pop edi
pop esi
pop ebp
retn
sub_409CCD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409D4F proc near ; CODE XREF: sub_40C682+21C�p
var_11C = byte ptr -11Ch
var_18 = byte ptr -18h
var_10 = byte ptr -10h
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
xor esi, esi
push edi
lea eax, [ebp+var_11C]
push esi
push eax
push 104h
push esi
push offset dword_429BC8
push esi
call dword_43A454
test eax, eax
jz short loc_409DEE
mov edi, 80h
push esi
push edi
push 3
push esi
mov esi, dword_421078
push 1
lea eax, [ebp+var_11C]
push 80000000h
push eax
call esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_409DEE
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push ebx
call dword_4210E8
push ebx
mov ebx, dword_42106C
call ebx
push 0
push edi
push 3
push 0
push 2
push 40000000h
push [ebp+arg_0]
call esi
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_409DEE
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_10]
push eax
push esi
call dword_4210E4
push esi
call ebx
loc_409DEE: ; CODE XREF: sub_409D4F+2A�j
; sub_409D4F+51�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_409D4F endp
; =============== S U B R O U T I N E =======================================
sub_409DF3 proc near ; CODE XREF: sub_40CE55+13B6�p
push 1
push offset dword_429BD8
call sub_413D67
pop ecx
pop ecx
push 50005h
push 6
call dword_43A2E0
neg eax
sbb eax, eax
neg eax
retn
sub_409DF3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409E15 proc near ; CODE XREF: sub_40BCEF+472�p
; sub_40CE55+5405�p
var_764 = byte ptr -764h
var_364 = byte ptr -364h
var_260 = byte ptr -260h
var_15C = byte ptr -15Ch
var_58 = dword ptr -58h
var_4C = dword ptr -4Ch
var_2C = dword ptr -2Ch
var_28 = word ptr -28h
var_14 = byte ptr -14h
var_4 = byte ptr -4
push ebp
mov ebp, esp
sub esp, 764h
push esi
xor esi, esi
cmp dword_42C198, esi
push edi
jz short loc_409E39
cmp dword_43A468, esi
jnz short loc_409E39
push esi
call sub_40B3AE
pop ecx
loc_409E39: ; CODE XREF: sub_409E15+13�j
; sub_409E15+1B�j
call sub_41515C
lea eax, [ebp+var_764]
push eax
push 400h
call dword_4210F8
lea eax, [ebp+var_764]
push eax
lea eax, [ebp+var_260]
push offset dword_429C48
push eax
call sub_4154E7
add esp, 0Ch
lea eax, [ebp+var_260]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call dword_421078
mov edi, eax
cmp edi, esi
jbe loc_409F99
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset dword_429C04
push eax
call sub_4154E7
add esp, 0Ch
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_764]
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_764]
push eax
push edi
call dword_421070
push edi
call dword_42106C
push 10h
lea eax, [ebp+var_14]
push esi
push eax
call sub_415570
push 44h
lea eax, [ebp+var_58]
pop edi
push edi
push esi
push eax
call sub_415570
add esp, 18h
mov [ebp+var_58], edi
mov edi, 104h
lea eax, [ebp+var_15C]
push edi
push eax
push esi
mov [ebp+var_4C], offset byte_438FBC
mov [ebp+var_2C], 1
mov [ebp+var_28], si
call dword_4210C8
push eax
call dword_42107C
lea eax, [ebp+var_15C]
push eax
call dword_421094
cmp eax, 0FFFFFFFFh
jz short loc_409F41
lea eax, [ebp+var_15C]
push 80h
push eax
call dword_4210F4
loc_409F41: ; CODE XREF: sub_409E15+118�j
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_764]
push offset dword_429BEC
push eax
call sub_4154E7
add esp, 10h
lea eax, [ebp+var_364]
push edi
push eax
lea eax, [ebp+var_764]
push eax
call dword_4210F0
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_58]
push eax
push esi
push esi
push 4008h
push 1
push esi
lea eax, [ebp+var_364]
push esi
push eax
push esi
call dword_4210EC
loc_409F99: ; CODE XREF: sub_409E15+72�j
pop edi
pop esi
leave
retn
sub_409E15 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_409F9D proc near ; CODE XREF: sub_40C682+31�p
var_1860 = byte ptr -1860h
var_158 = byte ptr -158h
var_58 = byte ptr -58h
var_48 = dword ptr -48h
var_1C = dword ptr -1Ch
var_18 = word ptr -18h
var_4 = byte ptr -4
push ebp
mov ebp, esp
mov eax, 1860h
call sub_415D70
push esi
push edi
mov ecx, 5C1h
mov esi, offset dword_429C60
lea edi, [ebp+var_1860]
lea eax, [ebp+var_158]
rep movsd
movsw
push offset dword_429C54
push eax
movsb
call sub_4154E7
pop ecx
xor esi, esi
pop ecx
lea eax, [ebp+var_158]
push esi
push esi
push 2
push esi
push esi
push 40000000h
push eax
call dword_421078
mov edi, eax
cmp edi, esi
jbe short loc_40A057
lea eax, [ebp+var_4]
push esi
push eax
lea eax, [ebp+var_1860]
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_1860]
push eax
push edi
call dword_421070
push edi
call dword_42106C
push 44h
lea eax, [ebp+var_48]
pop edi
push edi
push esi
push eax
call sub_415570
add esp, 0Ch
lea ecx, [ebp+var_58]
mov [ebp+var_48], edi
mov [ebp+var_18], si
push 1
pop eax
push ecx
lea ecx, [ebp+var_48]
push ecx
push esi
push esi
push 28h
mov [ebp+var_1C], eax
push eax
push esi
lea eax, [ebp+var_158]
push esi
push eax
push esi
call dword_4210EC
loc_40A057: ; CODE XREF: sub_409F9D+55�j
pop edi
pop esi
leave
retn
sub_409F9D endp
; =============== S U B R O U T I N E =======================================
sub_40A05B proc near ; CODE XREF: sub_4013E9+7�p
; sub_401B7C+7�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43A3D8
cmp eax, 0FFFFFFFFh
jnz short locret_40A083
push [esp+arg_0]
call dword_43A41C
test eax, eax
jnz short loc_40A07C
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_40A07C: ; CODE XREF: sub_40A05B+1B�j
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
locret_40A083: ; CODE XREF: sub_40A05B+D�j
retn
sub_40A05B endp
; =============== S U B R O U T I N E =======================================
sub_40A084 proc near ; CODE XREF: sub_40CB75+D6�p
mov ecx, dword_43A2C0
xor eax, eax
test ecx, ecx
jz short locret_40A092
call ecx
locret_40A092: ; CODE XREF: sub_40A084+A�j
retn
sub_40A084 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A093 proc near ; CODE XREF: sub_40CE55:loc_411F8C�p
var_88 = byte ptr -88h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
push 1
pop ebx
lea eax, [ebp+var_8]
xor edi, edi
push ebx
push eax
push edi
xor esi, esi
mov [ebp+var_8], edi
mov [ebp+var_4], ebx
call dword_43A414
mov ecx, eax
sub ecx, edi
jz loc_40A159
sub ecx, 32h
jz loc_40A152
sub ecx, 48h
jz short loc_40A0F3
sub ecx, 6Eh
jz short loc_40A0EC
loc_40A0D5: ; CODE XREF: sub_40A093+8B�j
push eax
lea eax, [ebp+var_88]
push offset dword_42B428
push eax
call sub_4154E7
add esp, 0Ch
jmp short loc_40A133
; ---------------------------------------------------------------------------
loc_40A0EC: ; CODE XREF: sub_40A093+40�j
push offset dword_42B3F0
jmp short loc_40A125
; ---------------------------------------------------------------------------
loc_40A0F3: ; CODE XREF: sub_40A093+3B�j
push [ebp+var_8]
call sub_415DC9
push [ebp+var_8]
mov esi, eax
push edi
push esi
call sub_415570
add esp, 10h
cmp esi, edi
jz short loc_40A120
lea eax, [ebp+var_8]
push ebx
push eax
push esi
call dword_43A414
cmp eax, edi
jz short loc_40A159
jmp short loc_40A0D5
; ---------------------------------------------------------------------------
loc_40A120: ; CODE XREF: sub_40A093+79�j
push offset dword_42B3AC
loc_40A125: ; CODE XREF: sub_40A093+5E�j
; sub_40A093+C4�j
lea eax, [ebp+var_88]
push eax
call sub_4154E7
pop ecx
pop ecx
loc_40A133: ; CODE XREF: sub_40A093+57�j
lea eax, [ebp+var_88]
mov [ebp+var_4], edi
push eax
call sub_40B16D
pop ecx
loc_40A143: ; CODE XREF: sub_40A093+C8�j
; sub_40A093+DC�j
push esi
call sub_415E3D
mov eax, [ebp+var_4]
pop ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40A152: ; CODE XREF: sub_40A093+32�j
push offset dword_42B368
jmp short loc_40A125
; ---------------------------------------------------------------------------
loc_40A159: ; CODE XREF: sub_40A093+29�j
; sub_40A093+89�j
cmp [esi], edi
jbe short loc_40A143
lea ebx, [esi+4]
loc_40A160: ; CODE XREF: sub_40A093+DA�j
push ebx
call dword_43A410
inc edi
add ebx, 18h
cmp edi, [esi]
jb short loc_40A160
jmp short loc_40A143
sub_40A093 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A171 proc near ; CODE XREF: sub_401447+243�p
; sub_401BD6+268�p ...
var_14 = byte ptr -14h
var_10 = byte ptr -10h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push esi
push 10h
pop eax
mov [ebp+var_4], eax
push eax
lea eax, [ebp+var_14]
push 0
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
call dword_43A33C
movzx eax, [ebp+var_D]
push eax
mov esi, offset dword_43A6CC
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_F]
push eax
movzx eax, [ebp+var_10]
push eax
push offset dword_427948
push esi
call sub_4154E7
add esp, 18h
mov eax, esi
pop esi
leave
retn
sub_40A171 endp
; =============== S U B R O U T I N E =======================================
sub_40A1CA proc near ; CODE XREF: sub_4010B2+24C�p
; sub_4010B2+292�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_4]
xor eax, eax
cmp esi, 1
jle short loc_40A1F3
mov ecx, esi
push edi
shr ecx, 1
mov edx, ecx
neg edx
lea esi, [esi+edx*2]
mov edx, [esp+8+arg_0]
loc_40A1E6: ; CODE XREF: sub_40A1CA+24�j
movzx edi, word ptr [edx]
add eax, edi
inc edx
inc edx
dec ecx
jnz short loc_40A1E6
pop edi
jmp short loc_40A1F7
; ---------------------------------------------------------------------------
loc_40A1F3: ; CODE XREF: sub_40A1CA+A�j
mov edx, [esp+4+arg_0]
loc_40A1F7: ; CODE XREF: sub_40A1CA+27�j
test esi, esi
pop esi
jz short loc_40A201
movzx ecx, byte ptr [edx]
add eax, ecx
loc_40A201: ; CODE XREF: sub_40A1CA+30�j
mov ecx, eax
and eax, 0FFFFh
shr ecx, 10h
add ecx, eax
mov eax, ecx
shr eax, 10h
add eax, ecx
not eax
retn
sub_40A1CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A217 proc near ; DATA XREF: sub_40CE55+2D34�o
var_10320 = byte ptr -10320h
var_344 = byte ptr -344h
var_144 = dword ptr -144h
var_140 = byte ptr -140h
var_C0 = byte ptr -0C0h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = byte ptr -20h
var_18 = dword ptr -18h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10320h
call sub_415D70
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_144]
rep movsd
push 1
pop edi
mov [eax+120h], edi
call dword_43A324
mov [ebp+arg_0], eax
lea eax, [ebp+var_C0]
push eax
call dword_43A3D8
mov esi, eax
xor ebx, ebx
xor eax, eax
cmp esi, 0FFFFFFFFh
jnz short loc_40A272
lea eax, [ebp+var_C0]
push eax
call dword_43A41C
cmp eax, ebx
jz short loc_40A278
loc_40A272: ; CODE XREF: sub_40A217+48�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_40A2D5
loc_40A278: ; CODE XREF: sub_40A217+59�j
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset dword_42B4AC
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40A2B8
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_412D4C
add esp, 14h
loc_40A2B8: ; CODE XREF: sub_40A217+7F�j
lea eax, [ebp+var_344]
push eax
call sub_40B16D
push [ebp+var_30]
call sub_4152AF
pop ecx
pop ecx
push edi
call dword_421048
loc_40A2D5: ; CODE XREF: sub_40A217+5F�j
cmp eax, ebx
jz short loc_40A2E5
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_4], eax
jmp short loc_40A2E8
; ---------------------------------------------------------------------------
loc_40A2E5: ; CODE XREF: sub_40A217+C0�j
mov [ebp+var_4], esi
loc_40A2E8: ; CODE XREF: sub_40A217+CC�j
push 1Ch
lea eax, [ebp+var_20]
push ebx
push eax
call sub_415570
or [ebp+var_18], 0FFFFFFFFh
mov eax, 0FFDCh
add esp, 0Ch
cmp [ebp+var_3C], eax
jle short loc_40A308
mov [ebp+var_3C], eax
loc_40A308: ; CODE XREF: sub_40A217+EC�j
cmp [ebp+var_38], edi
jge short loc_40A310
mov [ebp+var_38], edi
loc_40A310: ; CODE XREF: sub_40A217+F4�j
xor esi, esi
cmp [ebp+var_40], ebx
jle short loc_40A33D
loc_40A317: ; CODE XREF: sub_40A217+124�j
push [ebp+var_38]
lea eax, [ebp+var_20]
push 1Ch
push eax
push ebx
lea eax, [ebp+var_10320]
push [ebp+var_3C]
push eax
push [ebp+var_4]
push [ebp+arg_0]
call dword_43A2BC
inc esi
cmp esi, [ebp+var_40]
jl short loc_40A317
loc_40A33D: ; CODE XREF: sub_40A217+FE�j
push [ebp+arg_0]
call dword_43A450
lea eax, [ebp+var_C0]
push eax
lea eax, [ebp+var_344]
push offset dword_42B46C
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_28], ebx
jnz short loc_40A386
push ebx
lea eax, [ebp+var_344]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_140]
push eax
push [ebp+var_144]
call sub_412D4C
add esp, 14h
loc_40A386: ; CODE XREF: sub_40A217+14D�j
lea eax, [ebp+var_344]
push eax
call sub_40B16D
push [ebp+var_30]
call sub_4152AF
pop ecx
pop ecx
push ebx
call dword_421048
sub_40A217 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A3A3 proc near ; DATA XREF: sub_40CE55+2E7B�o
var_10312 = byte ptr -10312h
var_10310 = byte ptr -10310h
var_334 = byte ptr -334h
var_134 = dword ptr -134h
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10310h
call sub_415D70
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 49h
mov esi, eax
pop ecx
lea edi, [ebp+var_134]
rep movsd
push 1
pop esi
mov [eax+120h], esi
call dword_42104C
push eax
call sub_415539
pop ecx
push 11h
push 2
push 2
call dword_43A418
mov ebx, eax
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_B0]
mov [ebp+var_10], 2
push eax
call dword_43A3D8
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jnz short loc_40A488
lea eax, [ebp+var_B0]
push eax
call dword_43A41C
cmp eax, edi
jnz short loc_40A481
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_42B528
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40A464
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_412D4C
add esp, 14h
loc_40A464: ; CODE XREF: sub_40A3A3+9F�j
lea eax, [ebp+var_334]
push eax
call sub_40B16D
push [ebp+var_20]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
loc_40A481: ; CODE XREF: sub_40A3A3+7F�j
mov eax, [eax+0Ch]
mov eax, [eax]
jmp short loc_40A48B
; ---------------------------------------------------------------------------
loc_40A488: ; CODE XREF: sub_40A3A3+6E�j
lea eax, [ebp+arg_0]
loc_40A48B: ; CODE XREF: sub_40A3A3+E3�j
mov eax, [eax]
cmp [ebp+var_24], edi
mov [ebp+var_C], eax
jnz short loc_40A4A6
call sub_415543
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
jmp short loc_40A4A9
; ---------------------------------------------------------------------------
loc_40A4A6: ; CODE XREF: sub_40A3A3+F0�j
push [ebp+var_24]
loc_40A4A9: ; CODE XREF: sub_40A3A3+101�j
call dword_43A398
cmp [ebp+var_24], esi
mov [ebp+var_E], ax
jge short loc_40A4BB
mov [ebp+var_24], esi
loc_40A4BB: ; CODE XREF: sub_40A3A3+113�j
mov eax, 0FFFFh
cmp [ebp+var_24], eax
jle short loc_40A4C8
mov [ebp+var_24], eax
loc_40A4C8: ; CODE XREF: sub_40A3A3+120�j
mov eax, [ebp+var_30]
push 0Ah
cdq
pop ecx
idiv ecx
cmp [ebp+var_28], edi
mov [ebp+var_30], eax
jnz short loc_40A4DC
mov [ebp+var_28], esi
loc_40A4DC: ; CODE XREF: sub_40A3A3+134�j
xor esi, esi
cmp [ebp+var_2C], edi
jle short loc_40A4FD
loc_40A4E3: ; CODE XREF: sub_40A3A3+158�j
call sub_415543
cdq
mov ecx, 0FFh
idiv ecx
inc esi
cmp esi, [ebp+var_2C]
mov [ebp+esi-10311h], dl
jl short loc_40A4E3
loc_40A4FD: ; CODE XREF: sub_40A3A3+13E�j
; sub_40A3A3+19C�j ...
mov eax, [ebp+var_30]
dec [ebp+var_30]
test eax, eax
jle short loc_40A55C
push 0Bh
pop esi
loc_40A50A: ; CODE XREF: sub_40A3A3+197�j
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call sub_415543
push 0Ah
cdq
pop ecx
idiv ecx
mov eax, [ebp+var_2C]
sub eax, edx
push eax
lea eax, [ebp+var_10310]
push eax
push ebx
call dword_43A3FC
push [ebp+var_28]
call dword_421060
dec esi
jnz short loc_40A50A
cmp [ebp+var_24], edi
jnz short loc_40A4FD
call sub_415543
cdq
mov ecx, 0FFDCh
idiv ecx
inc edx
push edx
call dword_43A398
mov [ebp+var_E], ax
jmp short loc_40A4FD
; ---------------------------------------------------------------------------
loc_40A55C: ; CODE XREF: sub_40A3A3+162�j
lea eax, [ebp+var_B0]
push eax
lea eax, [ebp+var_334]
push offset dword_42B4E8
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_18], edi
jnz short loc_40A59C
push edi
lea eax, [ebp+var_334]
push [ebp+var_1C]
push eax
lea eax, [ebp+var_130]
push eax
push [ebp+var_134]
call sub_412D4C
add esp, 14h
loc_40A59C: ; CODE XREF: sub_40A3A3+1D7�j
lea eax, [ebp+var_334]
push eax
call sub_40B16D
push [ebp+var_20]
call sub_4152AF
pop ecx
pop ecx
push edi
call dword_421048
sub_40A3A3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40A5B9 proc near ; CODE XREF: sub_40A5E9+2A�p
; sub_40A621+7E�p ...
mov eax, dword_43A6E4
push esi
mov esi, dword_42106C
cmp eax, 0FFFFFFFFh
jz short loc_40A5CD
push eax
call esi
loc_40A5CD: ; CODE XREF: sub_40A5B9+F�j
mov eax, dword_43A6EC
cmp eax, 0FFFFFFFFh
jz short loc_40A5DA
push eax
call esi
loc_40A5DA: ; CODE XREF: sub_40A5B9+1C�j
mov eax, dword_43A6E0
cmp eax, 0FFFFFFFFh
jz short loc_40A5E7
push eax
call esi
loc_40A5E7: ; CODE XREF: sub_40A5B9+29�j
pop esi
retn
sub_40A5B9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A5E9 proc near ; CODE XREF: sub_40B551+14A�p
; sub_40CE55+4507�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push [ebp+arg_0]
call sub_415CF0
pop ecx
mov [ebp+var_4], eax
lea ecx, [ebp+var_4]
push 0
push ecx
push eax
push [ebp+arg_0]
push dword_43A6E8
call dword_421070
test eax, eax
jnz short loc_40A61C
call sub_40A5B9
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_40A61C: ; CODE XREF: sub_40A5E9+28�j
push 1
pop eax
leave
retn
sub_40A5E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A621 proc near ; CODE XREF: sub_40A6A8+D3�p
; sub_40A6A8+F2�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push offset byte_438FBC
push [ebp+arg_4]
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40A664
push 7D0h
call dword_421060
push [ebp+arg_8]
lea eax, [ebp+var_200]
push [ebp+arg_4]
push offset dword_42B564
push eax
call sub_4154E7
add esp, 10h
jmp short loc_40A67B
; ---------------------------------------------------------------------------
loc_40A664: ; CODE XREF: sub_40A621+1A�j
push [ebp+arg_8]
lea eax, [ebp+var_200]
push offset dword_426CC0
push eax
call sub_4154E7
add esp, 0Ch
loc_40A67B: ; CODE XREF: sub_40A621+41�j
lea eax, [ebp+var_200]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A3E8
test eax, eax
jg short loc_40A6A4
call sub_40A5B9
loc_40A6A4: ; CODE XREF: sub_40A621+7C�j
xor eax, eax
leave
retn
sub_40A621 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A6A8 proc near ; DATA XREF: sub_40A7FD+170�o
var_20C = byte ptr -20Ch
var_C = byte ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20Ch
push ebx
push esi
push edi
mov esi, 200h
xor edi, edi
mov ebx, offset dword_43A6F0
loc_40A6C0: ; CODE XREF: sub_40A6A8+79�j
; sub_40A6A8+DB�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_4]
push edi
push edi
push eax
lea eax, [ebp+var_20C]
push esi
push eax
push dword_43A6E4
call dword_4210FC
test eax, eax
jz loc_40A78E
cmp [ebp+var_4], edi
jnz short loc_40A723
lea eax, [ebp+var_8]
push eax
push dword_43A6E0
call dword_421000
test eax, eax
jz short loc_40A719
cmp [ebp+var_8], 103h
jnz loc_40A7B2
loc_40A719: ; CODE XREF: sub_40A6A8+62�j
push 0Ah
call dword_421060
jmp short loc_40A6C0
; ---------------------------------------------------------------------------
loc_40A723: ; CODE XREF: sub_40A6A8+4E�j
xor eax, eax
cmp [ebp+var_4], edi
jbe short loc_40A73A
loc_40A72A: ; CODE XREF: sub_40A6A8+90�j
cmp [ebp+eax+var_20C], 0Ah
jz short loc_40A788
inc eax
cmp eax, [ebp+var_4]
jb short loc_40A72A
loc_40A73A: ; CODE XREF: sub_40A6A8+80�j
mov [ebp+var_4], esi
loc_40A73D: ; CODE XREF: sub_40A6A8+E4�j
push esi
lea eax, [ebp+var_20C]
push edi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_C]
push edi
push eax
push [ebp+var_4]
lea eax, [ebp+var_20C]
push eax
push dword_43A6E4
call dword_421068
test eax, eax
jz short loc_40A7DA
lea eax, [ebp+var_20C]
push eax
push ebx
push dword_43A724
call sub_40A621
add esp, 0Ch
jmp loc_40A6C0
; ---------------------------------------------------------------------------
loc_40A788: ; CODE XREF: sub_40A6A8+8A�j
inc eax
mov [ebp+var_4], eax
jmp short loc_40A73D
; ---------------------------------------------------------------------------
loc_40A78E: ; CODE XREF: sub_40A6A8+45�j
push offset dword_42B5F4
push ebx
push dword_43A724
call sub_40A621
push [ebp+arg_0]
call sub_4152AF
add esp, 10h
push 1
call dword_421048
loc_40A7B2: ; CODE XREF: sub_40A6A8+6B�j
call sub_40A5B9
push offset dword_42B5B8
push ebx
push dword_43A724
call sub_40A621
push [ebp+arg_0]
call sub_4152AF
add esp, 10h
push edi
call dword_421048
loc_40A7DA: ; CODE XREF: sub_40A6A8+C3�j
push offset dword_42B574
push ebx
push dword_43A724
call sub_40A621
push [ebp+arg_0]
call sub_4152AF
add esp, 10h
push edi
call dword_421048
sub_40A6A8 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A7FD proc near ; CODE XREF: sub_40B551+99�p
; sub_40CE55+51BF�p
var_378 = byte ptr -378h
var_178 = byte ptr -178h
var_74 = dword ptr -74h
var_48 = dword ptr -48h
var_44 = word ptr -44h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = byte ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 378h
push ebx
push esi
push edi
call sub_40A5B9
xor esi, esi
lea eax, [ebp+var_178]
push esi
push eax
push 104h
push esi
push offset dword_42B6B4
push esi
call dword_43A454
test eax, eax
jz loc_40A8F7
push 1
lea eax, [ebp+var_1C]
pop ebx
mov edi, dword_421108
push esi
push eax
lea eax, [ebp+var_C]
mov [ebp+var_1C], 0Ch
push eax
lea eax, [ebp+var_10]
push eax
mov [ebp+var_14], ebx
mov [ebp+var_18], esi
call edi
test eax, eax
jz loc_40A8F7
lea eax, [ebp+var_1C]
push esi
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
call edi
test eax, eax
jz loc_40A8F7
mov edi, dword_421104
push 3
push esi
push esi
push offset dword_43A6E8
call edi
push eax
push [ebp+var_8]
call edi
push eax
call dword_421100
test eax, eax
jz short loc_40A8F7
push 10h
lea eax, [ebp+var_2C]
push esi
push eax
call sub_415570
push 44h
lea eax, [ebp+var_74]
pop edi
push edi
push esi
push eax
call sub_415570
mov eax, [ebp+var_4]
add esp, 18h
mov [ebp+var_3C], eax
mov eax, [ebp+var_C]
mov [ebp+var_38], eax
mov [ebp+var_34], eax
lea eax, [ebp+var_2C]
mov [ebp+var_74], edi
push eax
lea eax, [ebp+var_74]
push eax
push esi
push esi
push esi
push ebx
push esi
mov ebx, offset byte_438FBC
push esi
lea eax, [ebp+var_178]
push ebx
push eax
mov [ebp+var_48], 101h
mov [ebp+var_44], si
call dword_4210EC
test eax, eax
jnz short loc_40A8FF
loc_40A8F7: ; CODE XREF: sub_40A7FD+2F�j
; sub_40A7FD+5C�j ...
or eax, 0FFFFFFFFh
jmp loc_40A9AD
; ---------------------------------------------------------------------------
loc_40A8FF: ; CODE XREF: sub_40A7FD+F8�j
push [ebp+var_4]
mov edi, dword_42106C
call edi
mov eax, [ebp+var_10]
push [ebp+var_28]
mov dword_43A6E4, eax
mov eax, [ebp+var_8]
mov dword_43A6EC, eax
mov eax, [ebp+var_2C]
mov dword_43A6E0, eax
call edi
mov eax, [ebp+arg_0]
cmp [ebp+arg_4], esi
mov dword_43A724, eax
jz short loc_40A939
push [ebp+arg_4]
jmp short loc_40A93A
; ---------------------------------------------------------------------------
loc_40A939: ; CODE XREF: sub_40A7FD+135�j
push ebx
loc_40A93A: ; CODE XREF: sub_40A7FD+13A�j
push offset dword_43A6F0
call sub_4154E7
pop ecx
pop ecx
push esi
push 7
push offset dword_42B680
call sub_414F93
mov edi, eax
mov ecx, [ebp+var_24]
imul edi, 234h
add esp, 0Ch
mov dword_43F530[edi], ecx
lea ecx, [ebp+var_30]
push ecx
push esi
push eax
push offset sub_40A6A8
push esi
push esi
call dword_42108C
cmp eax, esi
mov dword_43F53C[edi], eax
jnz short loc_40A9AB
call dword_421088
push eax
lea eax, [ebp+var_378]
push offset dword_42B638
push eax
call sub_4154E7
lea eax, [ebp+var_378]
push eax
call sub_40B16D
add esp, 10h
loc_40A9AB: ; CODE XREF: sub_40A7FD+185�j
xor eax, eax
loc_40A9AD: ; CODE XREF: sub_40A7FD+FD�j
pop edi
pop esi
pop ebx
leave
retn
sub_40A7FD endp
; =============== S U B R O U T I N E =======================================
sub_40A9B2 proc near ; CODE XREF: sub_407135+74�p
; sub_40AAD1+217�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
call dword_42104C
xor edx, edx
mov ecx, 3E8h
div ecx
mov ebx, 15180h
xor edx, edx
mov esi, ebx
mov edi, 0E10h
mov ebp, edi
push 3Ch
mov ecx, eax
sub ecx, [esp+14h+arg_0]
mov eax, ecx
div esi
mov esi, edx
xor edx, edx
mov eax, esi
div ebp
pop ebp
mov eax, edx
xor edx, edx
div ebp
xor edx, edx
push eax
mov eax, esi
div edi
xor edx, edx
mov esi, offset dword_43A72C
push eax
mov eax, ecx
div ebx
push eax
push offset dword_42B6BC
push 32h
push esi
call sub_415A6A
add esp, 18h
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_40A9B2 endp
; =============== S U B R O U T I N E =======================================
sub_40AA1B proc near ; CODE XREF: sub_40AAD1+290�p
push ebx
push esi
push edi
mov esi, 0F4240h
loc_40AA23: ; CODE XREF: sub_40AA1B+2F�j
; sub_40AA1B+35�j
rdtsc
push 3E8h
mov edi, edx
mov ebx, eax
call dword_421060
rdtsc
sub eax, ebx
push 0
sbb edx, edi
push esi
push edx
push eax
call sub_4172E0
mov edi, edx
mov ebx, eax
test edi, edi
ja short loc_40AA23
jb short loc_40AA52
cmp ebx, esi
ja short loc_40AA23
loc_40AA52: ; CODE XREF: sub_40AA1B+31�j
push 0
push 64h
push edi
push ebx
call sub_417260
mov ecx, edx
push 64h
xor edx, edx
mov esi, eax
test ecx, ecx
pop eax
ja short loc_40AAC5
jb short loc_40AA71
cmp esi, 50h
jnb short loc_40AA76
loc_40AA71: ; CODE XREF: sub_40AA1B+4F�j
push 4Bh
xor edx, edx
pop eax
loc_40AA76: ; CODE XREF: sub_40AA1B+54�j
test ecx, ecx
ja short loc_40AAC5
jb short loc_40AA81
cmp esi, 47h
jnb short loc_40AA86
loc_40AA81: ; CODE XREF: sub_40AA1B+5F�j
push 42h
xor edx, edx
pop eax
loc_40AA86: ; CODE XREF: sub_40AA1B+64�j
test ecx, ecx
ja short loc_40AAC5
jb short loc_40AA91
cmp esi, 37h
jnb short loc_40AA96
loc_40AA91: ; CODE XREF: sub_40AA1B+6F�j
push 32h
xor edx, edx
pop eax
loc_40AA96: ; CODE XREF: sub_40AA1B+74�j
test ecx, ecx
ja short loc_40AAC5
jb short loc_40AAA1
cmp esi, 26h
jnb short loc_40AAA6
loc_40AAA1: ; CODE XREF: sub_40AA1B+7F�j
push 21h
xor edx, edx
pop eax
loc_40AAA6: ; CODE XREF: sub_40AA1B+84�j
test ecx, ecx
ja short loc_40AAC5
jb short loc_40AAB1
cmp esi, 1Eh
jnb short loc_40AAB6
loc_40AAB1: ; CODE XREF: sub_40AA1B+8F�j
push 19h
xor edx, edx
pop eax
loc_40AAB6: ; CODE XREF: sub_40AA1B+94�j
test ecx, ecx
ja short loc_40AAC5
jb short loc_40AAC1
cmp esi, 0Ah
jnb short loc_40AAC5
loc_40AAC1: ; CODE XREF: sub_40AA1B+9F�j
xor eax, eax
xor edx, edx
loc_40AAC5: ; CODE XREF: sub_40AA1B+4D�j
; sub_40AA1B+5D�j ...
sub eax, esi
sbb edx, ecx
add eax, ebx
adc edx, edi
pop edi
pop esi
pop ebx
retn
sub_40AA1B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AAD1 proc near ; CODE XREF: sub_40CE55+541F�p
var_7E8 = byte ptr -7E8h
var_668 = byte ptr -668h
var_5E8 = byte ptr -5E8h
var_568 = byte ptr -568h
var_4E8 = byte ptr -4E8h
var_3E4 = byte ptr -3E4h
var_2E8 = byte ptr -2E8h
var_25C = word ptr -25Ch
var_25A = byte ptr -25Ah
var_15C = byte ptr -15Ch
var_114 = byte ptr -114h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = byte ptr -0B8h
var_38 = byte ptr -38h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 7E8h
push ebx
push esi
lea eax, [ebp+var_CC]
push edi
push eax
mov [ebp+var_4], offset byte_438FBC
mov [ebp+var_CC], 94h
call dword_42110C
xor ebx, ebx
cmp [ebp+var_C8], 4
jnz short loc_40AB58
cmp [ebp+var_C4], ebx
jnz short loc_40AB34
cmp [ebp+var_BC], 1
jnz short loc_40AB1E
mov [ebp+var_4], offset dword_42B7F0
loc_40AB1E: ; CODE XREF: sub_40AAD1+44�j
cmp [ebp+var_BC], 2
jnz loc_40ABD3
mov [ebp+var_4], offset dword_42B7EC
jmp short loc_40ABA4
; ---------------------------------------------------------------------------
loc_40AB34: ; CODE XREF: sub_40AAD1+3B�j
cmp [ebp+var_C4], 0Ah
jnz short loc_40AB46
mov [ebp+var_4], offset dword_42B7E8
jmp short loc_40AB9B
; ---------------------------------------------------------------------------
loc_40AB46: ; CODE XREF: sub_40AAD1+6A�j
cmp [ebp+var_C4], 5Ah
jnz short loc_40AB94
mov [ebp+var_4], offset dword_42B7E4
jmp short loc_40AB9B
; ---------------------------------------------------------------------------
loc_40AB58: ; CODE XREF: sub_40AAD1+33�j
cmp [ebp+var_C8], 5
jnz short loc_40AB94
cmp [ebp+var_C4], ebx
jnz short loc_40AB72
mov [ebp+var_4], offset dword_42B7E0
jmp short loc_40AB9B
; ---------------------------------------------------------------------------
loc_40AB72: ; CODE XREF: sub_40AAD1+96�j
cmp [ebp+var_C4], 1
jnz short loc_40AB84
mov [ebp+var_4], offset dword_42B7DC
jmp short loc_40AB9B
; ---------------------------------------------------------------------------
loc_40AB84: ; CODE XREF: sub_40AAD1+A8�j
cmp [ebp+var_C4], 2
mov [ebp+var_4], offset dword_42B7D4
jz short loc_40AB9B
loc_40AB94: ; CODE XREF: sub_40AAD1+7C�j
; sub_40AAD1+8E�j
mov [ebp+var_4], offset dword_42B7D0
loc_40AB9B: ; CODE XREF: sub_40AAD1+73�j
; sub_40AAD1+85�j ...
cmp [ebp+var_BC], 2
jnz short loc_40ABD3
loc_40ABA4: ; CODE XREF: sub_40AAD1+61�j
cmp [ebp+var_B8], bl
jz short loc_40ABD3
lea eax, [ebp+var_B8]
push eax
lea eax, [ebp+var_2E8]
push [ebp+var_4]
push offset dword_42B7C8
push eax
call sub_4154E7
lea eax, [ebp+var_2E8]
add esp, 10h
mov [ebp+var_4], eax
loc_40ABD3: ; CODE XREF: sub_40AAD1+54�j
; sub_40AAD1+D1�j ...
mov ax, word_42B7C4
push 3Fh
mov [ebp+var_25C], ax
pop ecx
xor eax, eax
lea edi, [ebp+var_25A]
rep stosd
stosw
mov eax, dword_43A284
mov [ebp+var_C], 100h
cmp eax, ebx
jz short loc_40AC0C
lea ecx, [ebp+var_C]
push ecx
lea ecx, [ebp+var_25C]
push ecx
call eax
loc_40AC0C: ; CODE XREF: sub_40AAD1+12C�j
push [ebp+arg_4]
call sub_40A171
pop ecx
push eax
call dword_43A3D8
mov [ebp+var_8], eax
push 2
lea eax, [ebp+var_8]
push 4
push eax
call dword_43A350
cmp eax, ebx
jz short loc_40AC35
push dword ptr [eax]
jmp short loc_40AC3A
; ---------------------------------------------------------------------------
loc_40AC35: ; CODE XREF: sub_40AAD1+15E�j
push offset dword_42B7AC
loc_40AC3A: ; CODE XREF: sub_40AAD1+162�j
lea eax, [ebp+var_3E4]
push eax
call sub_4154E7
pop ecx
lea eax, [ebp+var_4E8]
pop ecx
push 104h
push eax
call dword_421058
lea eax, [ebp+var_114]
push 46h
push eax
push offset dword_42B7A0
push ebx
mov esi, 409h
push ebx
push esi
call dword_421084
lea eax, [ebp+var_15C]
push 46h
push eax
push offset dword_426BD8
push ebx
push ebx
push esi
call dword_421080
push 20h
lea eax, [ebp+var_38]
push ebx
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_38]
push eax
call dword_421110
push ebx
push ebx
lea eax, [ebp+var_18]
push ebx
push eax
lea eax, [ebp+var_4E8]
push eax
call sub_417348
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_7E8]
push eax
call sub_40C328
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_7E8]
rep movsd
push 60h
lea esi, [ebp+var_7E8]
pop ecx
lea edi, [ebp+var_668]
rep movsd
push ebx
call sub_40A9B2
add esp, 20h
push eax
lea eax, [ebp+var_15C]
push eax
lea eax, [ebp+var_114]
push eax
lea eax, [ebp+var_25C]
push eax
push [ebp+arg_4]
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_3E4]
push eax
lea eax, [ebp+var_4E8]
push eax
lea eax, [ebp+var_5E8]
push [ebp+var_C0]
push [ebp+var_C4]
push [ebp+var_C8]
push [ebp+var_4]
push eax
lea eax, [ebp+var_568]
push eax
mov eax, [ebp+var_2C]
shr eax, 0Ah
push ebx
push eax
call sub_40C218
pop ecx
pop ecx
push eax
mov eax, [ebp+var_30]
shr eax, 0Ah
push ebx
push eax
call sub_40C218
pop ecx
pop ecx
push eax
call sub_40AA1B
push edx
push eax
push offset dword_42B6C8
push 200h
push [ebp+arg_0]
call sub_415A6A
mov eax, [ebp+arg_0]
add esp, 50h
pop edi
pop esi
pop ebx
leave
retn
sub_40AAD1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AD85 proc near ; CODE XREF: sub_40CE55+4422�p
; sub_40CE55+544D�p
var_8C = byte ptr -8Ch
var_C = byte ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8Ch
push esi
mov esi, 80h
push esi
lea eax, [ebp+var_8C]
push 0
push eax
call sub_415570
add esp, 0Ch
cmp dword_43A480, 0
jnz short loc_40ADF9
push 0
lea eax, [ebp+var_8C]
push esi
push eax
lea eax, [ebp+var_C]
push eax
call dword_43A268
test eax, eax
jnz short loc_40ADDA
lea eax, [ebp+var_8C]
push offset dword_42B844
push eax
call sub_4154E7
pop ecx
pop ecx
loc_40ADDA: ; CODE XREF: sub_40AD85+40�j
test [ebp+var_C], 1
jz short loc_40ADF2
push offset dword_42B83C
loc_40ADE5: ; CODE XREF: sub_40AD85+72�j
lea eax, [ebp+var_8]
push eax
call sub_4154E7
pop ecx
pop ecx
jmp short loc_40AE18
; ---------------------------------------------------------------------------
loc_40ADF2: ; CODE XREF: sub_40AD85+59�j
push offset dword_42B838
jmp short loc_40ADE5
; ---------------------------------------------------------------------------
loc_40ADF9: ; CODE XREF: sub_40AD85+28�j
mov esi, offset dword_42B834
lea eax, [ebp+var_8]
push esi
push eax
call sub_4154E7
lea eax, [ebp+var_8C]
push esi
push eax
call sub_4154E7
add esp, 10h
loc_40AE18: ; CODE XREF: sub_40AD85+6B�j
push [ebp+arg_4]
push [ebp+arg_8]
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_8]
push eax
push offset dword_42B7F4
push 200h
push [ebp+arg_0]
call sub_415A6A
mov eax, [ebp+arg_0]
add esp, 1Ch
pop esi
leave
retn
sub_40AD85 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40AE4B proc near ; DATA XREF: sub_40CE55+45F7�o
var_65C = byte ptr -65Ch
var_55C = byte ptr -55Ch
var_35C = dword ptr -35Ch
var_358 = byte ptr -358h
var_2D8 = byte ptr -2D8h
var_258 = byte ptr -258h
var_1D8 = dword ptr -1D8h
var_1D4 = dword ptr -1D4h
var_1D0 = dword ptr -1D0h
var_1C8 = byte ptr -1C8h
var_148 = byte ptr -148h
var_C8 = byte ptr -0C8h
var_48 = dword ptr -48h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 65Ch
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 65h
mov esi, eax
pop ecx
lea edi, [ebp+var_35C]
rep movsd
push 1
mov edi, 80h
pop esi
xor ebx, ebx
mov [eax+190h], esi
push edi
lea eax, [ebp+var_148]
push ebx
push eax
mov [ebp+var_C], ebx
mov [ebp+var_4], ebx
mov [ebp+var_8], offset dword_42B988
call sub_415570
push edi
lea eax, [ebp+var_1C8]
push ebx
push eax
call sub_415570
push edi
lea eax, [ebp+var_C8]
push ebx
push eax
call sub_415570
push 100h
lea eax, [ebp+var_65C]
push ebx
push eax
call sub_415570
push 3Ch
lea eax, [ebp+var_48]
pop edi
push edi
push ebx
push eax
call sub_415570
add esp, 3Ch
lea eax, [ebp+var_48]
mov [ebp+var_48], edi
mov [ebp+var_34], esi
push eax
lea eax, [ebp+var_358]
push ebx
push eax
mov [ebp+var_28], esi
mov [ebp+var_20], esi
mov [ebp+var_18], esi
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_358]
push eax
call dword_43A2A0
test eax, eax
jz loc_40AFE5
cmp [ebp+var_34], ebx
jbe short loc_40AF22
push [ebp+var_34]
lea eax, [ebp+var_148]
push [ebp+var_38]
push eax
call sub_416D40
add esp, 0Ch
loc_40AF22: ; CODE XREF: sub_40AE4B+C0�j
cmp [ebp+var_28], ebx
movzx esi, [ebp+var_30]
jbe short loc_40AF40
push [ebp+var_28]
lea eax, [ebp+var_1C8]
push [ebp+var_2C]
push eax
call sub_416D40
add esp, 0Ch
loc_40AF40: ; CODE XREF: sub_40AE4B+DE�j
cmp [ebp+var_20], ebx
jbe short loc_40AF5A
push [ebp+var_20]
lea eax, [ebp+var_C8]
push [ebp+var_24]
push eax
call sub_416D40
add esp, 0Ch
loc_40AF5A: ; CODE XREF: sub_40AE4B+F8�j
cmp [ebp+var_18], ebx
jbe short loc_40AF74
push [ebp+var_18]
lea eax, [ebp+var_65C]
push [ebp+var_1C]
push eax
call sub_416D40
add esp, 0Ch
loc_40AF74: ; CODE XREF: sub_40AE4B+112�j
push ebx
push ebx
lea eax, [ebp+var_C8]
push 3
push eax
lea eax, [ebp+var_1C8]
push eax
lea eax, [ebp+var_148]
push esi
push eax
push dword_43A348
call dword_43A36C
mov esi, eax
cmp esi, ebx
jz short loc_40AFFD
push ebx
lea eax, [ebp+var_8]
push 200h
push eax
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_65C]
push ebx
push eax
push ebx
push esi
call dword_43A360
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40B004
push ebx
push ebx
push ebx
push ebx
push eax
call dword_43A314
test eax, eax
jz short loc_40AFDE
push offset dword_42B958
jmp short loc_40B009
; ---------------------------------------------------------------------------
loc_40AFDE: ; CODE XREF: sub_40AE4B+18A�j
push offset dword_42B908
jmp short loc_40B009
; ---------------------------------------------------------------------------
loc_40AFE5: ; CODE XREF: sub_40AE4B+B7�j
lea eax, [ebp+var_55C]
push offset dword_42B8D8
push eax
call sub_4154E7
mov esi, [ebp+var_C]
pop ecx
pop ecx
jmp short loc_40B017
; ---------------------------------------------------------------------------
loc_40AFFD: ; CODE XREF: sub_40AE4B+153�j
push offset dword_42B898
jmp short loc_40B009
; ---------------------------------------------------------------------------
loc_40B004: ; CODE XREF: sub_40AE4B+17B�j
push offset dword_42B854
loc_40B009: ; CODE XREF: sub_40AE4B+191�j
; sub_40AE4B+198�j ...
lea eax, [ebp+var_55C]
push eax
call sub_4154E7
pop ecx
pop ecx
loc_40B017: ; CODE XREF: sub_40AE4B+1B0�j
cmp [ebp+var_1D4], ebx
jnz short loc_40B042
push ebx
lea eax, [ebp+var_55C]
push [ebp+var_1D0]
push eax
lea eax, [ebp+var_258]
push eax
push [ebp+var_35C]
call sub_412D4C
add esp, 14h
loc_40B042: ; CODE XREF: sub_40AE4B+1D2�j
lea eax, [ebp+var_55C]
push eax
call sub_40B16D
pop ecx
push esi
call dword_43A3CC
push [ebp+var_4]
call dword_43A3CC
push [ebp+var_1D8]
call sub_4152AF
pop ecx
push ebx
call dword_421048
pop edi
pop esi
pop ebx
sub_40AE4B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B075 proc near ; CODE XREF: sub_40CE55+4355�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push esi
push edi
mov esi, offset dword_43E7A8
mov edi, 0B8h
loc_40B089: ; CODE XREF: sub_40B075+33�j
cmp byte ptr [esi], 0
jz short loc_40B0AC
push [ebp+arg_0]
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40B0AC
inc [ebp+var_4]
add esi, edi
cmp esi, offset dword_43F328
jl short loc_40B089
jmp short loc_40B0EE
; ---------------------------------------------------------------------------
loc_40B0AC: ; CODE XREF: sub_40B075+17�j
; sub_40B075+26�j
mov esi, [ebp+var_4]
push ebx
imul esi, 0B8h
push edi
push 0
lea ebx, dword_43E7A8[esi]
push ebx
call sub_415570
push 17h
push [ebp+arg_0]
push ebx
call sub_416D40
push 9Fh
lea eax, dword_43E7C0[esi]
push [ebp+arg_4]
push eax
call sub_416D40
add esp, 24h
inc dword_42E7A4
pop ebx
loc_40B0EE: ; CODE XREF: sub_40B075+35�j
mov eax, [ebp+var_4]
pop edi
pop esi
leave
retn
sub_40B075 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B0F5 proc near ; CODE XREF: sub_40CE55+5588�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_42B998
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
xor edi, edi
mov esi, offset dword_43E7A8
loc_40B11F: ; CODE XREF: sub_40B0F5+72�j
cmp byte ptr [esi], 0
jz short loc_40B15A
lea eax, [esi+18h]
push eax
push esi
push edi
push offset dword_42B98C
lea eax, [ebp+var_200]
push 200h
push eax
call sub_415A6A
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 2Ch
loc_40B15A: ; CODE XREF: sub_40B0F5+2D�j
add esi, 0B8h
inc edi
cmp esi, offset dword_43F328
jl short loc_40B11F
pop edi
pop esi
leave
retn
sub_40B0F5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B16D proc near ; CODE XREF: sub_401000+97�p
; sub_4010B2+314�p ...
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
lea eax, [ebp+var_10]
push edi
push eax
call dword_42105C
mov ebx, offset dword_43E764
mov edi, 80h
mov esi, offset dword_43A764
loc_40B18F: ; CODE XREF: sub_40B16D+3D�j
cmp byte ptr [ebx], 0
jz short loc_40B1A6
push 7Fh
lea eax, [ebx+80h]
push ebx
push eax
call sub_416D40
add esp, 0Ch
loc_40B1A6: ; CODE XREF: sub_40B16D+25�j
sub ebx, edi
cmp ebx, esi
jge short loc_40B18F
movzx eax, [ebp+var_4]
push [ebp+arg_0]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_10]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
push offset dword_42B9A8
push edi
push esi
call sub_415A6A
add esp, 28h
pop edi
pop esi
pop ebx
leave
retn
sub_40B16D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B1E1 proc near ; CODE XREF: sub_407BFE+15B�p
; sub_407D86+1AF�p ...
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 80h
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_80]
push [ebp+arg_0]
push 80h
push eax
call sub_41748F
lea eax, [ebp+var_80]
push eax
call sub_40B16D
add esp, 14h
leave
retn
sub_40B1E1 endp
; =============== S U B R O U T I N E =======================================
sub_40B20D proc near ; CODE XREF: sub_40CE55+5482�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, offset dword_43A764
xor ecx, ecx
loc_40B214: ; CODE XREF: sub_40B20D+13�j
mov [eax], cl
add eax, 80h
cmp eax, offset dword_43E764
jl short loc_40B214
cmp [esp+arg_C], ecx
push esi
mov esi, offset dword_42B9CC
jnz short loc_40B244
push ecx
push [esp+8+arg_8]
push esi
push [esp+10h+arg_4]
push [esp+14h+arg_0]
call sub_412D4C
add esp, 14h
loc_40B244: ; CODE XREF: sub_40B20D+1F�j
push esi
call sub_40B16D
pop ecx
pop esi
retn
sub_40B20D endp
; =============== S U B R O U T I N E =======================================
sub_40B24D proc near ; CODE XREF: sub_4033CB+298�p
arg_0 = dword ptr 4
push esi
mov esi, offset dword_43A764
loc_40B253: ; CODE XREF: sub_40B24D+27�j
cmp byte ptr [esi], 0
jz short loc_40B268
push [esp+4+arg_0]
push esi
call sub_409B42
pop ecx
test eax, eax
pop ecx
jnz short loc_40B27A
loc_40B268: ; CODE XREF: sub_40B24D+9�j
add esi, 80h
cmp esi, offset dword_43E764
jl short loc_40B253
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40B27A: ; CODE XREF: sub_40B24D+19�j
push 1
pop eax
pop esi
retn
sub_40B24D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B27F proc near ; DATA XREF: sub_40CE55+5532�o
var_31C = byte ptr -31Ch
var_11C = dword ptr -11Ch
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 31Ch
mov eax, [ebp+arg_0]
push esi
push edi
push 45h
pop ecx
mov esi, eax
lea edi, [ebp+var_11C]
push 1
rep movsd
xor edx, edx
pop edi
cmp [ebp+var_10], edx
mov [ebp+var_8], 80h
mov [ebp+var_4], edx
mov [eax+110h], edi
jnz short loc_40B2D2
push edx
lea eax, [ebp+var_118]
push [ebp+var_14]
push offset dword_42BA34
push eax
push [ebp+var_11C]
call sub_412D4C
add esp, 14h
loc_40B2D2: ; CODE XREF: sub_40B27F+33�j
cmp [ebp+var_98], 0
jz short loc_40B2F2
lea eax, [ebp+var_98]
push eax
call sub_415A5F
test eax, eax
pop ecx
mov [ebp+var_4], eax
jz short loc_40B2F2
mov [ebp+var_8], eax
loc_40B2F2: ; CODE XREF: sub_40B27F+5A�j
; sub_40B27F+6E�j
and [ebp+arg_0], 0
mov esi, offset dword_43A764
loc_40B2FB: ; CODE XREF: sub_40B27F+D4�j
mov eax, [ebp+arg_0]
cmp eax, [ebp+var_8]
jge short loc_40B355
cmp byte ptr [esi], 0
jz short loc_40B344
cmp [ebp+var_98], 0
jz short loc_40B32A
cmp [ebp+var_4], 0
jnz short loc_40B32A
lea eax, [ebp+var_98]
push eax
push esi
call sub_409B42
pop ecx
test eax, eax
pop ecx
jz short loc_40B344
loc_40B32A: ; CODE XREF: sub_40B27F+90�j
; sub_40B27F+96�j
push edi
lea eax, [ebp+var_118]
push [ebp+var_14]
push esi
push eax
push [ebp+var_11C]
call sub_412D4C
add esp, 14h
loc_40B344: ; CODE XREF: sub_40B27F+87�j
; sub_40B27F+A9�j
inc [ebp+arg_0]
add esi, 80h
cmp esi, offset dword_43E764
jl short loc_40B2FB
loc_40B355: ; CODE XREF: sub_40B27F+82�j
lea eax, [ebp+var_31C]
push offset dword_42BA04
push eax
call sub_4154E7
xor esi, esi
pop ecx
cmp [ebp+var_10], esi
pop ecx
jnz short loc_40B38F
push esi
lea eax, [ebp+var_31C]
push [ebp+var_14]
push eax
lea eax, [ebp+var_118]
push eax
push [ebp+var_11C]
call sub_412D4C
add esp, 14h
loc_40B38F: ; CODE XREF: sub_40B27F+EE�j
lea eax, [ebp+var_31C]
push eax
call sub_40B16D
push [ebp+var_18]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
pop edi
pop esi
sub_40B27F endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B3AE proc near ; CODE XREF: sub_409E15+1E�p
; sub_40C682+350�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, offset dword_42BA58
xor esi, esi
mov ebx, offset dword_42C21C
loc_40B3C1: ; CODE XREF: sub_40B3AE+69�j
lea eax, [ebp+var_4]
push esi
push eax
push esi
push 0F003Fh
push esi
push esi
push esi
push dword ptr [edi+4]
push dword ptr [edi]
call dword_43A34C
cmp [ebp+arg_0], esi
jz short loc_40B3FB
push [ebp+arg_0]
call sub_415CF0
pop ecx
push eax
push [ebp+arg_0]
push 1
push esi
push ebx
push [ebp+var_4]
call dword_43A3BC
jmp short loc_40B405
; ---------------------------------------------------------------------------
loc_40B3FB: ; CODE XREF: sub_40B3AE+2F�j
push ebx
push [ebp+var_4]
call dword_43A304
loc_40B405: ; CODE XREF: sub_40B3AE+4B�j
push [ebp+var_4]
call dword_43A374
add edi, 8
cmp edi, offset dword_42BA70
jl short loc_40B3C1
pop edi
pop esi
pop ebx
leave
retn
sub_40B3AE endp
; =============== S U B R O U T I N E =======================================
sub_40B41E proc near ; CODE XREF: sub_40B459+56�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov edx, [esp+arg_0]
push esi
or esi, 0FFFFFFFFh
test eax, eax
jz short loc_40B453
push ebx
push edi
lea edi, [eax]
mov ecx, 0FFh
loc_40B437: ; CODE XREF: sub_40B41E+31�j
mov al, [edx]
mov ebx, esi
and eax, ecx
and ebx, ecx
xor eax, ebx
shr esi, 8
mov eax, dword_42125C[eax*4]
xor esi, eax
inc edx
dec edi
jnz short loc_40B437
pop edi
pop ebx
loc_40B453: ; CODE XREF: sub_40B41E+E�j
mov eax, esi
pop esi
not eax
retn
sub_40B41E endp
; =============== S U B R O U T I N E =======================================
sub_40B459 proc near ; CODE XREF: sub_40BCEF+24A�p
var_10 = dword ptr -10h
arg_0 = dword ptr 4
push ebx
push esi
xor ebx, ebx
push edi
push ebx
call sub_415DC9
mov [esp+10h+var_10], offset dword_4269B0
push [esp+10h+arg_0]
mov esi, eax
call sub_415BE8
mov edi, eax
pop ecx
test edi, edi
pop ecx
jz short loc_40B4A8
loc_40B47E: ; CODE XREF: sub_40B459+4D�j
test byte ptr [edi+0Ch], 10h
jnz short loc_40B4AC
inc ebx
push ebx
push esi
call sub_4174DF
mov esi, eax
pop ecx
test esi, esi
pop ecx
jz short loc_40B4A8
push edi
push 1
lea eax, [esi+ebx-1]
push 1
push eax
call sub_416BB0
add esp, 10h
jmp short loc_40B47E
; ---------------------------------------------------------------------------
loc_40B4A8: ; CODE XREF: sub_40B459+23�j
; sub_40B459+39�j
xor eax, eax
jmp short loc_40B4C7
; ---------------------------------------------------------------------------
loc_40B4AC: ; CODE XREF: sub_40B459+29�j
dec ebx
push ebx
push esi
call sub_40B41E
push esi
mov ebx, eax
call sub_415E3D
push edi
call sub_415B40
add esp, 10h
mov eax, ebx
loc_40B4C7: ; CODE XREF: sub_40B459+51�j
pop edi
pop esi
pop ebx
retn
sub_40B459 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B4CB proc near ; CODE XREF: sub_40B551+33�p
; sub_40BAB4+BC�p
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
push 0
push 1
push 2
call dword_43A418
mov edi, eax
or esi, 0FFFFFFFFh
cmp edi, esi
jz short loc_40B547
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+arg_4]
call dword_43A398
push [ebp+arg_0]
mov [ebp+var_E], ax
call dword_43A3D8
cmp eax, esi
jnz short loc_40B52C
push [ebp+arg_0]
call dword_43A41C
test eax, eax
jz short loc_40B547
mov eax, [eax+0Ch]
mov eax, [eax]
mov eax, [eax]
loc_40B52C: ; CODE XREF: sub_40B4CB+4B�j
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push edi
call dword_43A340
cmp eax, esi
jnz short loc_40B54B
push edi
call dword_43A430
loc_40B547: ; CODE XREF: sub_40B4CB+1B�j
; sub_40B4CB+58�j
mov eax, esi
jmp short loc_40B54D
; ---------------------------------------------------------------------------
loc_40B54B: ; CODE XREF: sub_40B4CB+73�j
mov eax, edi
loc_40B54D: ; CODE XREF: sub_40B4CB+7E�j
pop edi
pop esi
leave
retn
sub_40B4CB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B551 proc near ; DATA XREF: sub_40CE55+A79�o
var_11B4 = byte ptr -11B4h
var_1B4 = byte ptr -1B4h
var_1AC = byte ptr -1ACh
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 11B4h
call sub_415D70
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1B4]
rep movsd
push 1
pop esi
push [ebp+var_14]
mov [eax+1B0h], esi
lea eax, [ebp+var_1AC]
push eax
call sub_40B4CB
mov ebx, eax
pop ecx
cmp ebx, 0FFFFFFFFh
pop ecx
jnz short loc_40B5E4
lea eax, [ebp+var_11B4]
push offset dword_42BAFC
push eax
call sub_4154E7
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40B5C7
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_412D4C
add esp, 14h
loc_40B5C7: ; CODE XREF: sub_40B551+59�j
lea eax, [ebp+var_11B4]
push eax
call sub_40B16D
push [ebp+var_10]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
loc_40B5E4: ; CODE XREF: sub_40B551+3F�j
push offset byte_438FBC
push ebx
call sub_40A7FD
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_40B64F
lea eax, [ebp+var_11B4]
push offset dword_42BAB8
push eax
call sub_4154E7
xor edi, edi
pop ecx
cmp [ebp+var_8], edi
pop ecx
jnz short loc_40B62B
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_412D4C
add esp, 14h
loc_40B62B: ; CODE XREF: sub_40B551+BD�j
lea eax, [ebp+var_11B4]
push eax
call sub_40B16D
pop ecx
push ebx
call dword_43A430
push [ebp+var_10]
call sub_4152AF
pop ecx
push esi
call dword_421048
loc_40B64F: ; CODE XREF: sub_40B551+A3�j
push 64h
call dword_421060
xor edi, edi
mov esi, 1000h
loc_40B65E: ; CODE XREF: sub_40B551+168�j
push esi
lea eax, [ebp+var_11B4]
push edi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_11B4]
push edi
push esi
push eax
push ebx
call dword_43A3B0
test eax, eax
jle short loc_40B6BB
lea eax, [ebp+var_11B4]
push offset dword_426CB4
push eax
call sub_415C10
lea eax, [ebp+var_11B4]
push eax
call sub_40A5E9
add esp, 0Ch
test eax, eax
jz short loc_40B6BB
push 64h
call dword_421060
push 7
call sub_4151DB
test eax, eax
pop ecx
jnz short loc_40B65E
loc_40B6BB: ; CODE XREF: sub_40B551+130�j
; sub_40B551+154�j
lea eax, [ebp+var_11B4]
push offset dword_42BA70
push eax
call sub_4154E7
cmp [ebp+var_8], edi
pop ecx
pop ecx
jnz short loc_40B6EE
push edi
lea eax, [ebp+var_11B4]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push ebx
call sub_412D4C
add esp, 14h
loc_40B6EE: ; CODE XREF: sub_40B551+180�j
lea eax, [ebp+var_11B4]
push eax
call sub_40B16D
pop ecx
push ebx
call dword_43A430
push [ebp+var_10]
call sub_4152AF
pop ecx
push edi
call dword_421048
sub_40B551 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B712 proc near ; DATA XREF: sub_40CE55+46F3�o
var_A04 = byte ptr -0A04h
var_604 = byte ptr -604h
var_500 = dword ptr -500h
var_4FC = dword ptr -4FCh
var_3FC = byte ptr -3FCh
var_1FC = dword ptr -1FCh
var_1F8 = dword ptr -1F8h
var_1E0 = byte ptr -1E0h
var_DC = byte ptr -0DCh
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_48 = byte ptr -48h
var_44 = dword ptr -44h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = word ptr -30h
var_2E = dword ptr -2Eh
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0A04h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1FC]
rep movsd
push 1
xor esi, esi
pop ebx
mov [ebp+var_10], esi
push esi
push ebx
push 2
mov [eax+1B0h], ebx
mov [ebp+var_C], esi
mov [ebp+var_20], esi
call dword_43A418
mov edi, eax
cmp edi, 0FFFFFFFFh
mov [ebp+var_18], edi
jnz short loc_40B760
push offset dword_42BC9C
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B760: ; CODE XREF: sub_40B712+42�j
push 10h
lea eax, [ebp+var_30]
push esi
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_30], 2
push esi
call dword_43A398
mov word ptr [ebp+var_2E], ax
lea eax, [ebp+var_30]
push 10h
push eax
push edi
mov [ebp+var_2E+2], esi
call dword_43A3C4
test eax, eax
jz short loc_40B79E
push offset dword_42BC64
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B79E: ; CODE XREF: sub_40B712+80�j
lea eax, [ebp+var_1C]
mov [ebp+var_1C], 10h
push eax
lea eax, [ebp+var_30]
push eax
push edi
call dword_43A33C
push [ebp+var_2E]
call dword_43A2D4
mov [ebp+var_4], eax
lea eax, [ebp+var_1E0]
push eax
mov [ebp+arg_0], esi
call sub_415CF0
pop ecx
loc_40B7D0: ; CODE XREF: sub_40B712+EF�j
mov ecx, [ebp+arg_0]
mov al, [ebp+ecx+var_1E0]
cmp al, 20h
jnz short loc_40B7E3
push 5Fh
pop eax
jmp short loc_40B7E6
; ---------------------------------------------------------------------------
loc_40B7E3: ; CODE XREF: sub_40B712+CA�j
movsx eax, al
loc_40B7E6: ; CODE XREF: sub_40B712+CF�j
mov [ebp+ecx+var_604], al
lea eax, [ebp+var_1E0]
inc ecx
push eax
mov [ebp+arg_0], ecx
call sub_415CF0
cmp [ebp+arg_0], eax
pop ecx
jbe short loc_40B7D0
push ebx
push edi
call dword_43A3C0
test eax, eax
jz short loc_40B819
push offset dword_42BAFC
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B819: ; CODE XREF: sub_40B712+FB�j
push esi
push esi
push 3
push esi
push ebx
lea eax, [ebp+var_1E0]
push 80000000h
push eax
call dword_421078
cmp eax, 0FFFFFFFFh
mov [ebp+var_8], eax
jnz short loc_40B843
push offset dword_42BC30
jmp loc_40B919
; ---------------------------------------------------------------------------
loc_40B843: ; CODE XREF: sub_40B712+125�j
push esi
push eax
call dword_421090
mov [ebp+arg_0], eax
push eax
movzx eax, word ptr [ebp+var_4]
push eax
push [ebp+var_1FC]
call sub_40A171
pop ecx
push eax
call dword_43A3D8
push eax
call dword_43A394
push eax
lea eax, [ebp+var_1E0]
push eax
lea eax, [ebp+var_3FC]
push offset dword_42BC18
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_3FC]
push esi
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_412D4C
add esp, 2Ch
lea eax, [ebp+var_38]
mov [ebp+var_38], 3Ch
mov [ebp+var_34], esi
push eax
push esi
lea eax, [ebp+var_500]
push esi
push eax
push esi
mov [ebp+var_4FC], edi
mov [ebp+var_500], ebx
call dword_43A380
test eax, eax
jg short loc_40B8F3
push esi
lea eax, [ebp+var_DC]
push [ebp+var_54]
push offset dword_42BBEC
push eax
push [ebp+var_1FC]
call sub_412D4C
jmp loc_40BA17
; ---------------------------------------------------------------------------
loc_40B8F3: ; CODE XREF: sub_40B712+1BF�j
lea eax, [ebp+var_14]
mov [ebp+var_14], 10h
push eax
lea eax, [ebp+var_48]
push eax
push edi
call dword_43A42C
cmp eax, 0FFFFFFFFh
mov [ebp+var_1F8], eax
jnz short loc_40B92C
push offset dword_42BBB4
loc_40B919: ; CODE XREF: sub_40B712+49�j
; sub_40B712+87�j ...
lea eax, [ebp+var_3FC]
push eax
call sub_4154E7
pop ecx
pop ecx
jmp loc_40BA1A
; ---------------------------------------------------------------------------
loc_40B92C: ; CODE XREF: sub_40B712+200�j
push edi
call dword_43A430
cmp [ebp+arg_0], esi
jz loc_40B9DE
mov edi, 400h
loc_40B941: ; CODE XREF: sub_40B712+2C3�j
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
cmp eax, edi
jge short loc_40B94E
mov [ebp+var_4], eax
loc_40B94E: ; CODE XREF: sub_40B712+237�j
push edi
lea eax, [ebp+var_A04]
push esi
push eax
call sub_415570
mov eax, [ebp+arg_0]
add esp, 0Ch
neg eax
push 2
push esi
push eax
push [ebp+var_8]
call dword_4210AC
lea eax, [ebp+var_20]
push esi
push eax
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_8]
call dword_421068
push esi
lea eax, [ebp+var_A04]
push [ebp+var_4]
push eax
push [ebp+var_1F8]
call dword_43A3E8
mov [ebp+var_4], eax
push esi
cdq
add [ebp+var_10], eax
lea eax, [ebp+var_A04]
push edi
push eax
push [ebp+var_1F8]
adc [ebp+var_C], edx
call dword_43A3B0
cmp eax, ebx
jl loc_40BA73
mov eax, [ebp+var_4]
cmp eax, ebx
jl loc_40BA73
sub [ebp+arg_0], eax
jnz loc_40B941
mov edi, [ebp+var_18]
loc_40B9DE: ; CODE XREF: sub_40B712+224�j
push [ebp+var_8]
call dword_42106C
push [ebp+var_C]
push [ebp+var_10]
call sub_40C218
pop ecx
pop ecx
push eax
lea eax, [ebp+var_1E0]
push eax
push [ebp+var_44]
call dword_43A424
push eax
lea eax, [ebp+var_3FC]
push offset dword_42BB60
push eax
call sub_4154E7
loc_40BA17: ; CODE XREF: sub_40B712+1DC�j
add esp, 14h
loc_40BA1A: ; CODE XREF: sub_40B712+215�j
cmp [ebp+var_50], esi
jnz short loc_40BA3F
push esi
lea eax, [ebp+var_3FC]
push [ebp+var_54]
push eax
lea eax, [ebp+var_DC]
push eax
push [ebp+var_1FC]
call sub_412D4C
add esp, 14h
loc_40BA3F: ; CODE XREF: sub_40B712+30B�j
lea eax, [ebp+var_3FC]
push eax
call sub_40B16D
cmp edi, esi
pop ecx
jbe short loc_40BA57
push edi
call dword_43A430
loc_40BA57: ; CODE XREF: sub_40B712+33C�j
push [ebp+var_1F8]
call dword_43A430
push [ebp+var_58]
call sub_4152AF
pop ecx
push esi
call dword_421048
loc_40BA73: ; CODE XREF: sub_40B712+2AF�j
; sub_40B712+2BA�j
push esi
mov esi, offset dword_42BB34
push [ebp+var_54]
lea eax, [ebp+var_DC]
push esi
push eax
push [ebp+var_1FC]
call sub_412D4C
push esi
call sub_40B16D
add esp, 18h
push [ebp+var_1F8]
call dword_43A430
push [ebp+var_58]
call sub_4152AF
pop ecx
push ebx
call dword_421048
sub_40B712 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BAB4 proc near ; DATA XREF: sub_40CE55+7B7�o
var_14C4 = byte ptr -14C4h
var_4C4 = byte ptr -4C4h
var_2C4 = byte ptr -2C4h
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 14C4h
call sub_415D70
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 6Dh
mov esi, eax
pop ecx
lea edi, [ebp+var_1C0]
rep movsd
push 1
xor ebx, ebx
pop esi
mov [ebp+var_8], ebx
mov [eax+1B0h], esi
lea eax, [ebp+var_2C4]
push 104h
push eax
call dword_421058
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_2C4]
push eax
lea eax, [ebp+var_2C4]
push offset dword_426CB8
push eax
call sub_4154E7
add esp, 10h
lea eax, [ebp+var_2C4]
push ebx
push 80h
push 2
push ebx
push esi
push 40000000h
push eax
call dword_421078
cmp eax, 0FFFFFFFFh
jnz short loc_40BB3E
push offset dword_42BDA4
jmp short loc_40BB84
; ---------------------------------------------------------------------------
loc_40BB3E: ; CODE XREF: sub_40BAB4+81�j
push eax
call dword_42106C
lea eax, [ebp+var_2C4]
push offset dword_42BDA0
push eax
call sub_415BE8
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_4], eax
jnz short loc_40BB66
push offset dword_42BD60
jmp short loc_40BB84
; ---------------------------------------------------------------------------
loc_40BB66: ; CODE XREF: sub_40BAB4+A9�j
push [ebp+var_20]
lea eax, [ebp+var_1B8]
push eax
call sub_40B4CB
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+arg_0], eax
jnz short loc_40BB97
push offset dword_42BD2C
loc_40BB84: ; CODE XREF: sub_40BAB4+88�j
; sub_40BAB4+B0�j
lea eax, [ebp+var_4C4]
push eax
call sub_4154E7
pop ecx
pop ecx
jmp loc_40BC91
; ---------------------------------------------------------------------------
loc_40BB97: ; CODE XREF: sub_40BAB4+C9�j
mov esi, 1000h
loc_40BB9C: ; CODE XREF: sub_40BAB4+14E�j
push esi
lea eax, [ebp+var_14C4]
push ebx
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_14C4]
push ebx
push esi
push eax
push [ebp+arg_0]
call dword_43A3B0
mov edi, eax
cmp edi, ebx
jz loc_40BC63
cmp edi, 0FFFFFFFFh
jz short loc_40BC04
push [ebp+var_4]
lea eax, [ebp+var_14C4]
push edi
push 1
push eax
call sub_4175FF
add [ebp+var_8], edi
add esp, 10h
push [ebp+var_8]
call dword_43A394
mov [ebp+var_C], eax
push ebx
lea eax, [ebp+var_C]
push 4
push eax
push [ebp+arg_0]
call dword_43A3E8
jmp short loc_40BB9C
; ---------------------------------------------------------------------------
loc_40BC04: ; CODE XREF: sub_40BAB4+118�j
lea eax, [ebp+var_4C4]
push offset dword_42BB34
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_412D4C
lea eax, [ebp+var_4C4]
push eax
call sub_40B16D
push [ebp+var_4]
call sub_415B40
add esp, 24h
push [ebp+arg_0]
call dword_43A430
push [ebp+var_1C]
call sub_4152AF
pop ecx
push 1
call dword_421048
loc_40BC63: ; CODE XREF: sub_40BAB4+10F�j
mov eax, [ebp+var_8]
cdq
push edx
push eax
call sub_40C218
push eax
lea eax, [ebp+var_1A4]
push eax
lea eax, [ebp+var_1B8]
push eax
lea eax, [ebp+var_4C4]
push offset dword_42BCD4
push eax
call sub_4154E7
add esp, 1Ch
loc_40BC91: ; CODE XREF: sub_40BAB4+DE�j
cmp [ebp+var_14], ebx
jnz short loc_40BCB6
push ebx
lea eax, [ebp+var_4C4]
push [ebp+var_18]
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+var_1C0]
call sub_412D4C
add esp, 14h
loc_40BCB6: ; CODE XREF: sub_40BAB4+1E0�j
lea eax, [ebp+var_4C4]
push eax
call sub_40B16D
cmp [ebp+var_4], ebx
pop ecx
jz short loc_40BCD1
push [ebp+var_4]
call sub_415B40
pop ecx
loc_40BCD1: ; CODE XREF: sub_40BAB4+212�j
cmp [ebp+arg_0], ebx
jbe short loc_40BCDF
push [ebp+arg_0]
call dword_43A430
loc_40BCDF: ; CODE XREF: sub_40BAB4+220�j
push [ebp+var_1C]
call sub_4152AF
pop ecx
push ebx
call dword_421048
sub_40BAB4 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BCEF proc near ; DATA XREF: sub_40CE55+36E9�o
; sub_40CE55+3E36�o
var_590 = qword ptr -590h
var_584 = qword ptr -584h
var_510 = byte ptr -510h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_2E4 = dword ptr -2E4h
var_2E0 = word ptr -2E0h
var_2CC = dword ptr -2CCh
var_2C8 = byte ptr -2C8h
var_248 = byte ptr -248h
var_148 = byte ptr -148h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 510h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov ecx, 0AAh
mov esi, eax
lea edi, [ebp+var_2CC]
push 1
rep movsd
pop edi
xor esi, esi
push esi
mov [eax+2A4h], edi
push esi
push esi
lea eax, [ebp+var_248]
push esi
push eax
push dword_43A348
call dword_43A2A8
cmp eax, esi
mov [ebp+var_18], eax
jz loc_40C17B
push esi
push esi
push 2
push esi
push esi
lea eax, [ebp+var_148]
push 40000000h
push eax
call dword_421078
cmp eax, edi
mov [ebp+var_20], eax
jnb short loc_40BDB6
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_42C060
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40BD99
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_412D4C
add esp, 14h
loc_40BD99: ; CODE XREF: sub_40BCEF+88�j
lea eax, [ebp+var_510]
push eax
call sub_40B16D
push [ebp+var_48]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
loc_40BDB6: ; CODE XREF: sub_40BCEF+68�j
xor edi, edi
call dword_42104C
mov ebx, 7D000h
mov dword ptr [ebp+var_8+4], eax
push ebx
call sub_415DC9
pop ecx
mov [ebp+var_1C], eax
loc_40BDD0: ; CODE XREF: sub_40BCEF+1B4�j
push 200h
lea eax, [ebp+var_510]
push esi
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_510]
push 200h
push eax
push [ebp+var_18]
call dword_43A2B0
cmp [ebp+var_34], esi
jz short loc_40BE14
push [ebp+arg_0]
lea eax, [ebp+var_510]
push eax
call sub_40C1E1
pop ecx
pop ecx
loc_40BE14: ; CODE XREF: sub_40BCEF+112�j
lea eax, [ebp+var_24]
push esi
push eax
lea eax, [ebp+var_510]
push [ebp+arg_0]
push eax
push [ebp+var_20]
call dword_421070
cmp edi, ebx
jnb short loc_40BE52
mov eax, ebx
sub eax, edi
cmp eax, [ebp+arg_0]
jbe short loc_40BE3C
mov eax, [ebp+arg_0]
loc_40BE3C: ; CODE XREF: sub_40BCEF+148�j
push eax
lea eax, [ebp+var_510]
push eax
mov eax, [ebp+var_1C]
add eax, edi
push eax
call sub_4155D0
add esp, 0Ch
loc_40BE52: ; CODE XREF: sub_40BCEF+13F�j
add edi, [ebp+arg_0]
cmp [ebp+var_3C], esi
jz short loc_40BE5F
cmp edi, [ebp+var_3C]
ja short loc_40BEA9
loc_40BE5F: ; CODE XREF: sub_40BCEF+169�j
cmp [ebp+var_44], 1
mov eax, edi
jz short loc_40BE79
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset dword_42C014
jmp short loc_40BE89
; ---------------------------------------------------------------------------
loc_40BE79: ; CODE XREF: sub_40BCEF+176�j
shr eax, 0Ah
push eax
lea eax, [ebp+var_248]
push eax
push offset dword_42BFD0
loc_40BE89: ; CODE XREF: sub_40BCEF+188�j
mov eax, [ebp+var_48]
imul eax, 234h
add eax, offset dword_43F328
push eax
call sub_4154E7
add esp, 10h
cmp [ebp+arg_0], esi
ja loc_40BDD0
loc_40BEA9: ; CODE XREF: sub_40BCEF+16E�j
cmp [ebp+var_3C], esi
mov [ebp+var_14], 1
jz short loc_40BEFE
cmp edi, [ebp+var_3C]
jz short loc_40BEFE
push [ebp+var_3C]
lea eax, [ebp+var_510]
mov [ebp+var_14], esi
push edi
push offset dword_42BF88
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_412D4C
lea eax, [ebp+var_510]
push eax
call sub_40B16D
add esp, 28h
loc_40BEFE: ; CODE XREF: sub_40BCEF+1C4�j
; sub_40BCEF+1C9�j
call dword_42104C
sub eax, dword ptr [ebp+var_8+4]
xor edx, edx
mov ecx, 3E8h
push [ebp+var_20]
div ecx
xor edx, edx
mov ecx, eax
mov eax, edi
inc ecx
div ecx
mov ebx, eax
call dword_42106C
push [ebp+var_1C]
call sub_415E3D
cmp [ebp+var_38], esi
pop ecx
jz short loc_40BF88
lea eax, [ebp+var_148]
push eax
call sub_40B459
cmp eax, [ebp+var_38]
pop ecx
jz short loc_40BF88
push [ebp+var_38]
mov [ebp+var_14], esi
push eax
lea eax, [ebp+var_510]
push offset dword_42BF4C
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_412D4C
lea eax, [ebp+var_510]
push eax
call sub_40B16D
add esp, 28h
loc_40BF88: ; CODE XREF: sub_40BCEF+241�j
; sub_40BCEF+253�j
cmp [ebp+var_14], esi
jz loc_40C1C8
cmp [ebp+var_44], 1
jz loc_40C083
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul dbl_421660
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul dbl_421660
fstp [esp+590h+var_590]
push offset dword_42BF00
push eax
call sub_4154E7
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40C003
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_412D4C
add esp, 14h
loc_40C003: ; CODE XREF: sub_40BCEF+2F2�j
lea eax, [ebp+var_510]
push eax
call sub_40B16D
cmp [ebp+var_40], 1
pop ecx
jnz loc_40C1C8
push 5
push esi
lea eax, [ebp+var_148]
push esi
push eax
push offset dword_42BEF8
push esi
call dword_43A30C
cmp [ebp+var_30], esi
jnz loc_40C1C8
lea eax, [ebp+var_148]
push eax
lea eax, [ebp+var_510]
push offset dword_42BEC8
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_412D4C
lea eax, [ebp+var_510]
push eax
call sub_40B16D
add esp, 24h
jmp loc_40C1C8
; ---------------------------------------------------------------------------
loc_40C083: ; CODE XREF: sub_40BCEF+2A6�j
mov dword ptr [ebp+var_8], ebx
mov dword ptr [ebp+var_8+4], esi
fild [ebp+var_8]
push ecx
push ecx
mov dword ptr [ebp+var_8], edi
mov dword ptr [ebp+var_8+4], esi
fmul dbl_421660
lea eax, [ebp+var_148]
fstp [esp+584h+var_584]
fild [ebp+var_8]
push eax
push ecx
push ecx
lea eax, [ebp+var_510]
fmul dbl_421660
fstp [esp+590h+var_590]
push offset dword_42BE74
push eax
call sub_4154E7
add esp, 1Ch
cmp [ebp+var_30], esi
jnz short loc_40C0EB
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_412D4C
add esp, 14h
loc_40C0EB: ; CODE XREF: sub_40BCEF+3DA�j
lea eax, [ebp+var_510]
push eax
call sub_40B16D
push 10h
lea eax, [ebp+var_10]
push esi
push eax
call sub_415570
push 44h
lea eax, [ebp+var_310]
pop edi
push edi
push esi
push eax
call sub_415570
add esp, 1Ch
mov [ebp+var_310], edi
lea eax, [ebp+var_10]
mov [ebp+var_304], offset byte_438FBC
push 1
mov [ebp+var_2E0], si
pop edi
push eax
lea eax, [ebp+var_310]
push eax
push esi
push esi
push 28h
push esi
push esi
lea eax, [ebp+var_148]
push esi
push eax
push esi
mov [ebp+var_2E4], edi
call dword_4210EC
cmp eax, edi
jnz short loc_40C16D
call dword_43A2F8
call sub_409E15
push esi
call dword_421114
loc_40C16D: ; CODE XREF: sub_40BCEF+46A�j
lea eax, [ebp+var_148]
push eax
push offset dword_42BE28
jmp short loc_40C187
; ---------------------------------------------------------------------------
loc_40C17B: ; CODE XREF: sub_40BCEF+45�j
lea eax, [ebp+var_248]
push eax
push offset dword_42BDE8
loc_40C187: ; CODE XREF: sub_40BCEF+48A�j
lea eax, [ebp+var_510]
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_30], esi
jnz short loc_40C1BB
push esi
lea eax, [ebp+var_510]
push [ebp+var_2C]
push eax
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_2CC]
call sub_412D4C
add esp, 14h
loc_40C1BB: ; CODE XREF: sub_40BCEF+4AA�j
lea eax, [ebp+var_510]
push eax
call sub_40B16D
pop ecx
loc_40C1C8: ; CODE XREF: sub_40BCEF+29C�j
; sub_40BCEF+325�j ...
push [ebp+var_18]
call dword_43A3CC
push [ebp+var_48]
call sub_4152AF
pop ecx
push esi
call dword_421048
sub_40BCEF endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40C1E1 proc near ; CODE XREF: sub_40BCEF+11E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
xor ecx, ecx
cmp [esp+arg_4], ecx
jle short locret_40C1FD
loc_40C1ED: ; CODE XREF: sub_40C1E1+1A�j
mov dl, byte_42C19C
xor [ecx+eax], dl
inc ecx
cmp ecx, [esp+arg_4]
jl short loc_40C1ED
locret_40C1FD: ; CODE XREF: sub_40C1E1+A�j
retn
sub_40C1E1 endp
; =============== S U B R O U T I N E =======================================
sub_40C1FE proc near ; CODE XREF: sub_40CE55+293C�p
; sub_40CE55+2A93�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_417709
pop ecx
pop ecx
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
mov eax, ecx
retn
sub_40C1FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C218 proc near ; CODE XREF: sub_4063B0+45D�p
; sub_4063B0+5F9�p ...
var_38 = byte ptr -38h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 38h
and [ebp+var_4], 0
push ebx
push esi
push edi
push 32h
mov edi, offset dword_43E768
push 0
push edi
call sub_415570
mov ebx, [ebp+arg_0]
add esp, 0Ch
lea esi, [ebp+var_38]
loc_40C23D: ; CODE XREF: sub_40C218+5B�j
; sub_40C218+61�j
push 0
push 0Ah
push [ebp+arg_4]
push ebx
call sub_417260
push 0
push 0Ah
push [ebp+arg_4]
add al, 30h
mov [esi], al
inc esi
push ebx
call sub_4172E0
mov ebx, eax
or eax, edx
mov [ebp+arg_4], edx
jz short loc_40C27B
inc [ebp+var_4]
push 3
mov eax, [ebp+var_4]
pop ecx
cdq
idiv ecx
test edx, edx
jnz short loc_40C23D
mov byte ptr [esi], 2Ch
inc esi
jmp short loc_40C23D
; ---------------------------------------------------------------------------
loc_40C27B: ; CODE XREF: sub_40C218+4B�j
dec esi
mov eax, edi
loc_40C27E: ; CODE XREF: sub_40C218+73�j
lea ecx, [ebp+var_38]
cmp esi, ecx
jb short loc_40C28D
mov cl, [esi]
mov [eax], cl
inc eax
dec esi
jmp short loc_40C27E
; ---------------------------------------------------------------------------
loc_40C28D: ; CODE XREF: sub_40C218+6B�j
and byte ptr [eax], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40C218 endp
; =============== S U B R O U T I N E =======================================
sub_40C297 proc near ; CODE XREF: sub_40C443+51�p
; sub_40C443+87�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_43A3F8
sub eax, 0
jz short loc_40C2DA
dec eax
jz short loc_40C2D4
dec eax
dec eax
jz short loc_40C2CE
dec eax
jz short loc_40C2C8
dec eax
jz short loc_40C2C2
dec eax
jz short loc_40C2BC
mov eax, offset word_42B7C4
retn
; ---------------------------------------------------------------------------
loc_40C2BC: ; CODE XREF: sub_40C297+1D�j
mov eax, offset dword_42C0C4
retn
; ---------------------------------------------------------------------------
loc_40C2C2: ; CODE XREF: sub_40C297+1A�j
mov eax, offset dword_42C0BC
retn
; ---------------------------------------------------------------------------
loc_40C2C8: ; CODE XREF: sub_40C297+17�j
mov eax, offset dword_42C0B4
retn
; ---------------------------------------------------------------------------
loc_40C2CE: ; CODE XREF: sub_40C297+14�j
mov eax, offset dword_42C0AC
retn
; ---------------------------------------------------------------------------
loc_40C2D4: ; CODE XREF: sub_40C297+10�j
mov eax, offset dword_42C0A4
retn
; ---------------------------------------------------------------------------
loc_40C2DA: ; CODE XREF: sub_40C297+D�j
mov eax, offset dword_42C09C
retn
sub_40C297 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C2E0 proc near ; CODE XREF: sub_40C328+12�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 18h
or eax, 0FFFFFFFFh
mov [ebp+var_18], eax
mov [ebp+var_14], eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov [ebp+var_8], eax
mov [ebp+var_4], eax
mov eax, dword_43A294
test eax, eax
jz short loc_40C315
lea ecx, [ebp+var_10]
push ecx
lea ecx, [ebp+var_8]
push ecx
lea ecx, [ebp+var_18]
push ecx
push [ebp+arg_4]
call eax
loc_40C315: ; CODE XREF: sub_40C2E0+22�j
mov eax, [ebp+arg_0]
push esi
push edi
push 6
pop ecx
lea esi, [ebp+var_18]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40C2E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C328 proc near ; CODE XREF: sub_40AAD1+1F3�p
; sub_40C443+17�p
var_198 = byte ptr -198h
var_118 = byte ptr -118h
var_98 = byte ptr -98h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 198h
push esi
push edi
push [ebp+arg_4]
lea eax, [ebp+var_18]
push eax
call sub_40C2E0
pop ecx
mov esi, eax
pop ecx
lea edi, [ebp+var_18]
push 6
pop ecx
rep movsd
mov eax, [ebp+var_18]
and eax, [ebp+var_14]
cmp eax, 0FFFFFFFFh
jz loc_40C400
mov eax, [ebp+var_10]
and eax, [ebp+var_C]
cmp eax, 0FFFFFFFFh
jz loc_40C400
mov eax, [ebp+var_8]
and eax, [ebp+var_4]
cmp eax, 0FFFFFFFFh
jz loc_40C400
push ebx
mov ebx, 400h
push 0
push ebx
push [ebp+var_14]
push [ebp+var_18]
call sub_417750
push edx
push eax
call sub_40C218
mov edi, offset dword_42C0D0
push eax
mov esi, 80h
push edi
lea eax, [ebp+var_198]
push esi
push eax
call sub_415A6A
add esp, 18h
push 0
push ebx
push [ebp+var_C]
push [ebp+var_10]
call sub_417750
push edx
push eax
call sub_40C218
push eax
push edi
lea eax, [ebp+var_118]
push esi
push eax
call sub_415A6A
add esp, 18h
push 0
push ebx
push [ebp+var_4]
push [ebp+var_8]
call sub_417750
push edx
push eax
call sub_40C218
push eax
push edi
lea eax, [ebp+var_98]
push esi
push eax
call sub_415A6A
add esp, 18h
pop ebx
jmp short loc_40C42F
; ---------------------------------------------------------------------------
loc_40C400: ; CODE XREF: sub_40C328+2C�j
; sub_40C328+3B�j ...
mov esi, offset dword_42C0C8
lea eax, [ebp+var_198]
push esi
push eax
call sub_4154E7
lea eax, [ebp+var_118]
push esi
push eax
call sub_4154E7
lea eax, [ebp+var_98]
push esi
push eax
call sub_4154E7
add esp, 18h
loc_40C42F: ; CODE XREF: sub_40C328+D6�j
mov eax, [ebp+arg_0]
push 60h
pop ecx
lea esi, [ebp+var_198]
mov edi, eax
rep movsd
pop edi
pop esi
leave
retn
sub_40C328 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C443 proc near ; CODE XREF: sub_40C515+17�p
; sub_40C515+60�p
var_500 = byte ptr -500h
var_300 = byte ptr -300h
var_180 = byte ptr -180h
var_100 = byte ptr -100h
var_80 = byte ptr -80h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 500h
push ebx
mov ebx, [ebp+arg_C]
push esi
push edi
lea eax, [ebp+var_300]
push ebx
push eax
call sub_40C328
push 60h
mov esi, eax
pop ecx
lea edi, [ebp+var_300]
rep movsd
push 60h
lea esi, [ebp+var_300]
pop ecx
lea edi, [ebp+var_180]
lea eax, [ebp+var_80]
push offset dword_42C0C8
rep movsd
push eax
call sub_415910
add esp, 10h
test eax, eax
jnz short loc_40C4B6
push ebx
push ebx
call sub_40C297
pop ecx
push eax
push offset dword_42C128
lea eax, [ebp+var_500]
push 200h
push eax
call sub_415A6A
add esp, 14h
jmp short loc_40C4EA
; ---------------------------------------------------------------------------
loc_40C4B6: ; CODE XREF: sub_40C443+4D�j
lea eax, [ebp+var_180]
push eax
lea eax, [ebp+var_100]
push eax
lea eax, [ebp+var_80]
push eax
push ebx
push ebx
call sub_40C297
pop ecx
push eax
push offset dword_42C0D8
lea eax, [ebp+var_500]
push 200h
push eax
call sub_415A6A
add esp, 20h
loc_40C4EA: ; CODE XREF: sub_40C443+71�j
push 1
lea eax, [ebp+var_500]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
lea eax, [ebp+var_500]
push eax
call sub_40B16D
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_40C443 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C515 proc near ; CODE XREF: sub_40CE55+5216�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
xor ebx, ebx
cmp [ebp+arg_C], ebx
jz short loc_40C536
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C443
add esp, 10h
jmp short loc_40C597
; ---------------------------------------------------------------------------
loc_40C536: ; CODE XREF: sub_40C515+9�j
push esi
push edi
push ebx
push ebx
call dword_43A308
lea esi, [eax+2]
push esi
call sub_415DC9
pop ecx
mov edi, eax
push edi
push esi
call dword_43A308
cmp [edi], bl
mov esi, edi
jz short loc_40C58E
loc_40C55A: ; CODE XREF: sub_40C515+77�j
push offset dword_42C178
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40C57D
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C443
add esp, 10h
loc_40C57D: ; CODE XREF: sub_40C515+54�j
push esi
call sub_415CF0
cmp [esi+eax+1], bl
lea esi, [esi+eax+1]
pop ecx
jnz short loc_40C55A
loc_40C58E: ; CODE XREF: sub_40C515+43�j
push edi
call sub_415E3D
pop ecx
pop edi
pop esi
loc_40C597: ; CODE XREF: sub_40C515+1F�j
pop ebx
pop ebp
retn
sub_40C515 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C59A proc near ; DATA XREF: sub_40C682+11�o
var_2B8 = dword ptr -2B8h
var_25C = byte ptr -25Ch
var_158 = byte ptr -158h
var_54 = dword ptr -54h
var_48 = dword ptr -48h
var_28 = dword ptr -28h
var_24 = word ptr -24h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 25Ch
push ebx
push esi
push edi
push dword_43F534
call dword_43A430
call sub_41515C
call dword_43A2F8
call dword_43A2F8
mov ebx, dword_421060
push 64h
call ebx
xor edi, edi
push 10h
lea eax, [ebp+var_10]
push edi
push eax
call sub_415570
push 44h
lea eax, [ebp+var_54]
pop esi
push esi
push edi
push eax
call sub_415570
add esp, 18h
mov [ebp+var_54], esi
mov esi, 104h
lea eax, [ebp+var_25C]
push esi
push eax
mov [ebp+var_48], offset byte_438FBC
mov [ebp+var_28], 1
mov [ebp+var_24], di
call dword_421058
lea eax, [ebp+var_158]
push esi
push eax
push edi
call dword_42107C
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_54]
push eax
lea eax, [ebp+var_25C]
push eax
push edi
push 28h
push 1
push edi
lea eax, [ebp+var_158]
push edi
push eax
push edi
call dword_4210EC
test eax, eax
jz short loc_40C65F
push 64h
call ebx
push [ebp+var_10]
mov esi, dword_42106C
call esi
push [ebp+var_C]
call esi
loc_40C65F: ; CODE XREF: sub_40C59A+AF�j
mov eax, [ebp+arg_8]
mov dword ptr [eax+0B0h], offset dword_43E7A0
mov eax, [esp+2B8h+var_2B8]
mov large fs:0, eax
add esp, 8
push edi
call dword_421114
pop edi
pop esi
pop ebx
sub_40C59A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C682 proc near ; CODE XREF: .nsp0:00417BC1�p
var_988 = byte ptr -988h
var_884 = byte ptr -884h
var_883 = byte ptr -883h
var_6F4 = byte ptr -6F4h
var_5F4 = byte ptr -5F4h
var_4F0 = byte ptr -4F0h
var_3F0 = byte ptr -3F0h
var_2EC = byte ptr -2ECh
var_1E8 = byte ptr -1E8h
var_E4 = byte ptr -0E4h
var_64 = dword ptr -64h
var_58 = dword ptr -58h
var_38 = dword ptr -38h
var_34 = word ptr -34h
var_20 = byte ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 988h
push ebx
xor ebx, ebx
push esi
push edi
mov [ebp+var_C], ebx
mov [ebp+var_8], offset sub_40C59A
push [ebp+var_8]
push large dword ptr fs:0
mov large fs:0, esp
cmp dword_42C190, ebx
jz short loc_40C6B8
call sub_409F9D
loc_40C6B8: ; CODE XREF: sub_40C682+2F�j
mov esi, dword_42104C
call esi
xor edx, edx
mov ecx, 3E8h
div ecx
mov dword_468818, eax
call esi
push eax
call sub_415539
pop ecx
call sub_4089F2
push 2
call dword_43A444
push 7530h
push offset dword_42C1A8
push ebx
push ebx
call dword_42112C
push eax
call dword_421128
cmp eax, 102h
jnz short loc_40C70C
push 1
call dword_421114
loc_40C70C: ; CODE XREF: sub_40C682+80�j
lea eax, [ebp+var_884]
push eax
push 202h
call dword_43A310
cmp eax, ebx
mov [ebp+var_8], eax
jnz loc_40CB6C
cmp [ebp+var_884], 2
jnz loc_40CB66
xor eax, eax
mov al, [ebp+var_883]
cmp al, 2
jnz loc_40CB66
mov esi, 104h
lea eax, [ebp+var_3F0]
push esi
push eax
call dword_421058
lea eax, [ebp+var_2EC]
push esi
push eax
push ebx
call dword_4210C8
push eax
call dword_42107C
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push ebx
lea eax, [ebp+var_2EC]
push ebx
push eax
call sub_417348
lea eax, [ebp+var_4F0]
push eax
lea eax, [ebp+var_6F4]
push eax
push offset dword_426CB8
lea eax, [ebp+var_5F4]
push esi
push eax
call sub_415A6A
lea eax, [ebp+var_3F0]
push eax
lea eax, [ebp+var_2EC]
push eax
call sub_415AC0
add esp, 30h
test eax, eax
jnz loc_40C96F
cmp dword_468988, ebx
mov esi, offset byte_42C1FC
jz short loc_40C807
push esi
xor edi, edi
call sub_415CF0
sub eax, 4
pop ecx
jz short loc_40C807
loc_40C7E4: ; CODE XREF: sub_40C682+183�j
call sub_415543
push 1Ah
cdq
pop ecx
idiv ecx
push esi
add dl, 61h
mov byte_42C1FC[edi], dl
inc edi
call sub_415CF0
sub eax, 4
pop ecx
cmp edi, eax
jb short loc_40C7E4
loc_40C807: ; CODE XREF: sub_40C682+152�j
; sub_40C682+160�j
lea eax, [ebp+var_3F0]
push esi
push eax
lea eax, [ebp+var_1E8]
push offset dword_4290A0
push eax
call sub_4154E7
add esp, 10h
lea eax, [ebp+var_1E8]
push eax
call dword_421094
cmp eax, 0FFFFFFFFh
jz short loc_40C847
lea eax, [ebp+var_1E8]
push 80h
push eax
call dword_4210F4
loc_40C847: ; CODE XREF: sub_40C682+1B1�j
mov esi, dword_421124
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
xor edi, edi
push eax
loc_40C85E: ; CODE XREF: sub_40C682+213�j
call esi
test eax, eax
jnz short loc_40C897
call dword_421088
cmp edi, ebx
jnz short loc_40C897
cmp eax, 20h
jz short loc_40C878
cmp eax, 5
jnz short loc_40C897
loc_40C878: ; CODE XREF: sub_40C682+1EF�j
push 1
pop edi
push 3A98h
call dword_421060
lea eax, [ebp+var_1E8]
push ebx
push eax
lea eax, [ebp+var_2EC]
push eax
jmp short loc_40C85E
; ---------------------------------------------------------------------------
loc_40C897: ; CODE XREF: sub_40C682+1E0�j
; sub_40C682+1EA�j ...
lea eax, [ebp+var_1E8]
push eax
call sub_409D4F
pop ecx
lea eax, [ebp+var_1E8]
push 7
push eax
call dword_4210F4
push 10h
lea eax, [ebp+var_1C]
push ebx
push eax
call sub_415570
push 44h
lea eax, [ebp+var_64]
pop esi
push esi
push ebx
push eax
call sub_415570
add esp, 18h
mov [ebp+var_64], esi
mov [ebp+var_58], offset byte_438FBC
mov [ebp+var_34], bx
push 1
pop esi
mov [ebp+var_38], esi
call dword_421120
push eax
push esi
push 100000h
call dword_42111C
lea ecx, [ebp+var_2EC]
push ecx
push eax
lea eax, [ebp+var_1E8]
push eax
lea eax, [ebp+var_988]
push offset dword_433150
push eax
call sub_4154E7
add esp, 14h
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_64]
push eax
lea eax, [ebp+var_3F0]
push eax
push ebx
push 28h
push esi
push ebx
lea eax, [ebp+var_988]
push ebx
push eax
lea eax, [ebp+var_1E8]
push eax
call dword_4210EC
test eax, eax
jz short loc_40C96F
push 0C8h
call dword_421060
push [ebp+var_1C]
mov esi, dword_42106C
call esi
push [ebp+var_18]
call esi
call dword_43A2F8
push ebx
call dword_421114
loc_40C96F: ; CODE XREF: sub_40C682+141�j
; sub_40C682+2C3�j
cmp dword_4694B0, 2
jle short loc_40C9BB
mov eax, dword_4694B4
push dword ptr [eax+4]
call sub_415A5F
pop ecx
mov esi, eax
push 0FFFFFFFFh
push esi
call dword_421128
push esi
call dword_42106C
mov eax, dword_4694B4
cmp [eax+8], ebx
jz short loc_40C9BB
push 7D0h
call dword_421060
mov eax, dword_4694B4
push dword ptr [eax+8]
call dword_421118
loc_40C9BB: ; CODE XREF: sub_40C682+2F4�j
; sub_40C682+31E�j
cmp dword_42C198, ebx
jz short loc_40C9D8
cmp dword_43A468, ebx
jnz short loc_40C9D8
lea eax, [ebp+var_5F4]
push eax
call sub_40B3AE
pop ecx
loc_40C9D8: ; CODE XREF: sub_40C682+33F�j
; sub_40C682+347�j
lea eax, [ebp+var_E4]
push offset dword_433124
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_E4]
push ebx
push eax
call sub_414F93
lea eax, [ebp+var_E4]
push eax
call sub_40B16D
push 0B80h
push ebx
push offset dword_43E7A8
call sub_415570
call sub_415543
push 7Fh
push offset dword_42C1C0
push offset dword_468824
mov dword_46899C, ebx
call sub_416D40
mov eax, dword_42C17C
push 3Fh
mov edi, offset dword_4688A4
push offset dword_42C1D0
push edi
mov dword_468974, eax
call sub_416D40
push 3Fh
mov esi, offset dword_4688E4
push offset dword_42C1D4
push esi
call sub_416D40
add esp, 48h
mov dword_468978, ebx
loc_40CA66: ; CODE XREF: sub_40C682+48A�j
; sub_40C682+495�j ...
mov [ebp+var_4], ebx
loc_40CA69: ; CODE XREF: sub_40C682+43E�j
cmp dword_43A480, ebx
jnz short loc_40CA87
lea eax, [ebp+var_20]
push ebx
push eax
call dword_43A2DC
test eax, eax
jnz short loc_40CA87
push 7530h
jmp short loc_40CAB3
; ---------------------------------------------------------------------------
loc_40CA87: ; CODE XREF: sub_40C682+3ED�j
; sub_40C682+3FC�j
push offset dword_468820
mov dword_468998, ebx
call sub_40CB75
cmp eax, 2
mov [ebp+var_8], eax
jz loc_40CB61
cmp dword_468998, ebx
jz short loc_40CAAE
dec [ebp+var_4]
loc_40CAAE: ; CODE XREF: sub_40C682+427�j
push 0BB8h
loc_40CAB3: ; CODE XREF: sub_40C682+403�j
call dword_421060
inc [ebp+var_4]
cmp [ebp+var_4], 6
jl short loc_40CA69
cmp [ebp+var_8], 2
jz loc_40CB61
cmp [ebp+var_C], ebx
jz short loc_40CB11
push 7Fh
push offset dword_42C1C0
push offset dword_468824
call sub_416D40
mov eax, dword_42C17C
push 3Fh
push offset dword_42C1D0
push edi
mov dword_468974, eax
call sub_416D40
push 3Fh
push offset dword_42C1D4
push esi
call sub_416D40
add esp, 24h
mov [ebp+var_C], ebx
jmp loc_40CA66
; ---------------------------------------------------------------------------
loc_40CB11: ; CODE XREF: sub_40C682+44D�j
cmp byte_42C1DC, bl
jz loc_40CA66
push 7Fh
push offset byte_42C1DC
push offset dword_468824
call sub_416D40
mov eax, dword_42C180
push 3Fh
push offset dword_42C1F0
push edi
mov dword_468974, eax
call sub_416D40
push 3Fh
push offset dword_42C1F4
push esi
call sub_416D40
add esp, 24h
mov [ebp+var_C], 1
jmp loc_40CA66
; ---------------------------------------------------------------------------
loc_40CB61: ; CODE XREF: sub_40C682+41B�j
; sub_40C682+444�j
call sub_41515C
loc_40CB66: ; CODE XREF: sub_40C682+AE�j
; sub_40C682+BE�j
call dword_43A2F8
loc_40CB6C: ; CODE XREF: sub_40C682+A1�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 10h
sub_40C682 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CB75 proc near ; CODE XREF: sub_40C682+410�p
; DATA XREF: sub_40CE55+39D7�o
var_190 = dword ptr -190h
var_18C = byte ptr -18Ch
var_10C = byte ptr -10Ch
var_CC = byte ptr -0CCh
var_8C = byte ptr -8Ch
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_2C = byte ptr -2Ch
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 190h
mov eax, [ebp+arg_0]
push esi
push edi
push 59h
pop ecx
mov esi, eax
lea edi, [ebp+var_190]
rep movsd
mov dword ptr [eax+160h], 1
loc_40CB9A: ; CODE XREF: sub_40CB75+E6�j
; sub_40CB75+136�j ...
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_3C]
call dword_43A398
mov [ebp+var_E], ax
lea eax, [ebp+var_18C]
push eax
call sub_40A05B
test eax, eax
pop ecx
mov [ebp+var_C], eax
jz loc_40CCC7
push 1Ch
lea eax, [ebp+var_2C]
push 0
push eax
call sub_415570
push 0
lea eax, [ebp+var_2C]
push dword_46898C
push dword_42C1A4
push eax
call sub_414433
mov edi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 1Bh
add eax, offset byte_43F540
push edi
push eax
call sub_416D40
add esp, 28h
push 6
push 1
push 2
call dword_43A418
mov esi, eax
mov eax, [ebp+var_34]
imul eax, 234h
push 10h
mov dword_43F534[eax], esi
lea eax, [ebp+var_10]
push eax
push esi
call dword_43A340
cmp eax, 0FFFFFFFFh
jnz short loc_40CC60
push esi
call dword_43A430
call sub_40A084
push 7D0h
loc_40CC55: ; CODE XREF: sub_40CB75+146�j
call dword_421060
jmp loc_40CB9A
; ---------------------------------------------------------------------------
loc_40CC60: ; CODE XREF: sub_40CB75+CD�j
lea eax, [ebp+var_18C]
push eax
push offset dword_43315C
call sub_40B1E1
push [ebp+var_38]
lea eax, [ebp+var_18C]
push eax
lea eax, [ebp+var_8C]
push eax
lea eax, [ebp+var_CC]
push [ebp+var_190]
push edi
push eax
lea eax, [ebp+var_10C]
push eax
push esi
call sub_40CCDD
add esp, 28h
mov edi, eax
push esi
call dword_43A430
test edi, edi
jz loc_40CB9A
cmp edi, 1
jnz short loc_40CCBD
push 0DBBA0h
jmp short loc_40CC55
; ---------------------------------------------------------------------------
loc_40CCBD: ; CODE XREF: sub_40CB75+13F�j
cmp edi, 2
jz short loc_40CCCB
jmp loc_40CB9A
; ---------------------------------------------------------------------------
loc_40CCC7: ; CODE XREF: sub_40CB75+5A�j
xor eax, eax
jmp short loc_40CCD7
; ---------------------------------------------------------------------------
loc_40CCCB: ; CODE XREF: sub_40CB75+14B�j
push [ebp+var_34]
call sub_4152AF
pop ecx
push 2
pop eax
loc_40CCD7: ; CODE XREF: sub_40CB75+154�j
pop edi
pop esi
leave
retn 4
sub_40CB75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CCDD proc near ; CODE XREF: sub_40CB75+123�p
var_1A10 = byte ptr -1A10h
var_A10 = byte ptr -0A10h
var_240 = byte ptr -240h
var_1A0 = byte ptr -1A0h
var_A0 = byte ptr -0A0h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 1A10h
call sub_415D70
push ebx
push esi
push edi
xor ebx, ebx
push 2
mov [ebp+var_8], ebx
lea eax, [ebp+var_1A0]
pop ecx
loc_40CCFB: ; CODE XREF: sub_40CCDD+26�j
mov [eax], bl
add eax, 80h
dec ecx
jnz short loc_40CCFB
cmp byte_468990, bl
jz short loc_40CD22
push offset byte_468990
push offset dword_4331A8
push [ebp+arg_0]
call sub_412D06
add esp, 0Ch
loc_40CD22: ; CODE XREF: sub_40CCDD+2E�j
push [ebp+arg_C]
lea eax, [ebp+var_20]
push ebx
push ebx
push 2
push eax
call sub_414433
add esp, 10h
push eax
lea eax, [ebp+var_A0]
push [ebp+arg_C]
push offset dword_43318C
push eax
call sub_4154E7
add esp, 14h
lea eax, [ebp+var_A0]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_A0]
push eax
push [ebp+arg_0]
call dword_43A3E8
cmp eax, 0FFFFFFFFh
jnz short loc_40CD8C
push [ebp+arg_0]
call dword_43A430
push 1388h
call dword_421060
loc_40CD85: ; CODE XREF: sub_40CCDD+D9�j
; sub_40CCDD+153�j
xor eax, eax
loc_40CD87: ; CODE XREF: sub_40CCDD+173�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40CD8C: ; CODE XREF: sub_40CCDD+92�j
; sub_40CCDD+F8�j ...
mov esi, 1000h
lea eax, [ebp+var_1A10]
push esi
push ebx
push eax
call sub_415570
add esp, 0Ch
lea eax, [ebp+var_1A10]
push ebx
push esi
push eax
push [ebp+arg_0]
call dword_43A3B0
test eax, eax
jle short loc_40CD85
lea eax, [ebp+var_A10]
push eax
lea eax, [ebp+var_1A10]
push eax
call sub_409A3B
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+var_C], eax
mov [ebp+var_4], ebx
jle short loc_40CD8C
lea edi, [ebp+var_A10]
loc_40CDDD: ; CODE XREF: sub_40CCDD+165�j
push 1
pop esi
loc_40CDE0: ; CODE XREF: sub_40CCDD+144�j
push [ebp+arg_1C]
lea eax, [ebp+var_8]
push esi
push eax
lea eax, [ebp+var_240]
push eax
lea eax, [ebp+var_1A0]
push eax
push [ebp+arg_18]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push dword ptr [edi]
call sub_40CE55
add esp, 2Ch
dec eax
mov esi, eax
cmp esi, ebx
jle short loc_40CE23
push 7D0h
call dword_421060
jmp short loc_40CDE0
; ---------------------------------------------------------------------------
loc_40CE23: ; CODE XREF: sub_40CCDD+137�j
cmp esi, 0FFFFFFFDh
jz short loc_40CE4D
cmp esi, 0FFFFFFFEh
jz short loc_40CE49
cmp esi, 0FFFFFFFFh
jz loc_40CD85
inc [ebp+var_4]
add edi, 4
mov eax, [ebp+var_4]
cmp eax, [ebp+var_C]
jl short loc_40CDDD
jmp loc_40CD8C
; ---------------------------------------------------------------------------
loc_40CE49: ; CODE XREF: sub_40CCDD+14E�j
push 1
jmp short loc_40CE4F
; ---------------------------------------------------------------------------
loc_40CE4D: ; CODE XREF: sub_40CCDD+149�j
push 2
loc_40CE4F: ; CODE XREF: sub_40CCDD+16E�j
pop eax
jmp loc_40CD87
sub_40CCDD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40CE55 proc near ; CODE XREF: sub_40CCDD+12A�p
var_159C = byte ptr -159Ch
var_119C = byte ptr -119Ch
var_F9C = byte ptr -0F9Ch
var_D9C = byte ptr -0D9Ch
var_C9C = byte ptr -0C9Ch
var_C98 = byte ptr -0C98h
var_B98 = byte ptr -0B98h
var_B94 = byte ptr -0B94h
var_A94 = byte ptr -0A94h
var_A14 = byte ptr -0A14h
var_9B3 = byte ptr -9B3h
var_9B2 = byte ptr -9B2h
var_9B0 = byte ptr -9B0h
var_9AF = byte ptr -9AFh
var_9A6 = byte ptr -9A6h
var_9A4 = byte ptr -9A4h
var_9A2 = byte ptr -9A2h
var_9A1 = byte ptr -9A1h
var_914 = dword ptr -914h
var_910 = byte ptr -910h
var_80C = dword ptr -80Ch
var_808 = dword ptr -808h
var_804 = byte ptr -804h
var_800 = dword ptr -800h
var_7FC = byte ptr -7FCh
var_7F8 = dword ptr -7F8h
var_7F4 = dword ptr -7F4h
var_7F0 = byte ptr -7F0h
var_788 = byte ptr -788h
var_77C = byte ptr -77Ch
var_778 = dword ptr -778h
var_774 = byte ptr -774h
var_770 = byte ptr -770h
var_718 = dword ptr -718h
var_710 = byte ptr -710h
var_704 = dword ptr -704h
var_700 = byte ptr -700h
var_6FC = byte ptr -6FCh
var_6F8 = dword ptr -6F8h
var_6F4 = byte ptr -6F4h
var_6F0 = byte ptr -6F0h
var_689 = byte ptr -689h
var_688 = byte ptr -688h
var_680 = byte ptr -680h
var_678 = byte ptr -678h
var_674 = byte ptr -674h
var_670 = byte ptr -670h
var_600 = byte ptr -600h
var_5FC = dword ptr -5FCh
var_5F8 = dword ptr -5F8h
var_5F4 = dword ptr -5F4h
var_5F0 = byte ptr -5F0h
var_588 = dword ptr -588h
var_584 = dword ptr -584h
var_580 = dword ptr -580h
var_57C = dword ptr -57Ch
var_578 = dword ptr -578h
var_574 = dword ptr -574h
var_570 = dword ptr -570h
var_56C = dword ptr -56Ch
var_568 = dword ptr -568h
var_564 = byte ptr -564h
var_548 = byte ptr -548h
var_4F8 = dword ptr -4F8h
var_4F4 = byte ptr -4F4h
var_4F0 = dword ptr -4F0h
var_4EC = byte ptr -4ECh
var_4E0 = dword ptr -4E0h
var_4DC = dword ptr -4DCh
var_4D8 = dword ptr -4D8h
var_4D4 = byte ptr -4D4h
var_4AC = byte ptr -4ACh
var_48C = dword ptr -48Ch
var_474 = byte ptr -474h
var_46C = dword ptr -46Ch
var_468 = dword ptr -468h
var_464 = dword ptr -464h
var_460 = dword ptr -460h
var_45C = dword ptr -45Ch
var_458 = dword ptr -458h
var_454 = dword ptr -454h
var_450 = dword ptr -450h
var_44C = dword ptr -44Ch
var_448 = byte ptr -448h
var_444 = byte ptr -444h
var_430 = byte ptr -430h
var_420 = byte ptr -420h
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
var_3F8 = dword ptr -3F8h
var_3F4 = byte ptr -3F4h
var_3E8 = byte ptr -3E8h
var_3E4 = byte ptr -3E4h
var_3C4 = byte ptr -3C4h
var_3A0 = byte ptr -3A0h
var_384 = byte ptr -384h
var_374 = byte ptr -374h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_304 = dword ptr -304h
var_300 = dword ptr -300h
var_2FC = dword ptr -2FCh
var_2F8 = dword ptr -2F8h
var_2F4 = dword ptr -2F4h
var_2F0 = dword ptr -2F0h
var_2EC = dword ptr -2ECh
var_2E8 = dword ptr -2E8h
var_2E4 = byte ptr -2E4h
var_2D8 = word ptr -2D8h
var_2D6 = word ptr -2D6h
var_2D4 = dword ptr -2D4h
var_2C8 = byte ptr -2C8h
var_C8 = dword ptr -0C8h
var_C4 = byte ptr -0C4h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = byte ptr -0A4h
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_54 = byte ptr -54h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = dword ptr 30h
push ebp
mov ebp, esp
mov eax, 159Ch
call sub_415D70
push ebx
push esi
mov esi, 200h
push edi
xor ebx, ebx
push esi
lea eax, [ebp+var_2C8]
push ebx
push eax
mov [ebp+var_AC], 3
mov [ebp+var_10], ebx
mov [ebp+var_98], ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov [ebp+var_C8], ebx
call sub_415570
push 1Bh
lea eax, [ebp+var_564]
push [ebp+arg_10]
push eax
call sub_416D40
add esp, 18h
cmp [ebp+arg_0], ebx
jz loc_40D219
push esi
lea eax, [ebp+var_F9C]
push ebx
push eax
call sub_415570
dec esi
lea eax, [ebp+var_F9C]
push esi
push [ebp+arg_0]
push eax
call sub_416D40
lea eax, [ebp+var_F9C]
push offset dword_436588
push eax
call sub_415AC0
mov [ebp+var_C], eax
lea eax, [ebp+var_F9C]
push esi
push eax
lea eax, [ebp+var_119C]
push eax
call sub_416D40
mov esi, offset dword_426A00
lea eax, [ebp+var_119C]
push esi
push eax
call sub_416C98
add esp, 34h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+var_A8], 1Fh
loc_40CF28: ; CODE XREF: sub_40CE55+E7�j
push esi
push ebx
call sub_416C98
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+var_A8]
pop ecx
jnz short loc_40CF28
mov esi, [ebp+var_94]
cmp esi, ebx
jz loc_40D219
cmp [ebp+var_90], ebx
jz loc_40D219
push 100h
lea eax, [ebp+var_A14]
push ebx
push eax
call sub_415570
add esp, 0Ch
lea ecx, [ebp+var_18]
push 1Fh
pop edx
push 1
pop edi
loc_40CF76: ; CODE XREF: sub_40CE55+153�j
mov eax, [ecx]
cmp eax, ebx
jz short loc_40CFA2
cmp byte ptr [eax], 2Dh
jnz short loc_40CFAA
cmp [eax+2], bl
jnz short loc_40CFAA
movsx esi, byte ptr [eax+1]
mov [ecx], ebx
mov [ebp+esi+var_A14], 1
mov esi, [ebp+var_94]
mov [eax], bl
mov [eax+1], bl
mov [eax+2], bl
loc_40CFA2: ; CODE XREF: sub_40CE55+125�j
dec edx
sub ecx, 4
cmp edx, ebx
jge short loc_40CF76
loc_40CFAA: ; CODE XREF: sub_40CE55+12A�j
; sub_40CE55+12F�j
cmp [ebp+var_9A1], bl
jz short loc_40CFB5
mov [ebp+var_8], edi
loc_40CFB5: ; CODE XREF: sub_40CE55+15B�j
cmp [ebp+var_9A6], bl
jz short loc_40CFC3
mov [ebp+var_8], ebx
mov [ebp+var_4], edi
loc_40CFC3: ; CODE XREF: sub_40CE55+166�j
cmp byte ptr [esi], 0Ah
jz short loc_40CFFD
push 7Fh
lea eax, [ebp+var_A94]
push esi
push eax
call sub_416D40
lea eax, [esi+1]
push 17h
push eax
lea eax, [ebp+var_C4]
push eax
call sub_416D40
lea eax, [ebp+var_C4]
push offset dword_42F3E4
push eax
call sub_416C98
add esp, 20h
loc_40CFFD: ; CODE XREF: sub_40CE55+171�j
push esi
push offset dword_436580
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D04E
push [ebp+var_90]
mov byte ptr [esi+1], 4Fh
push offset dword_436574
push [ebp+arg_4]
call sub_412D06
mov eax, [ebp+arg_20]
add esp, 0Ch
cmp [eax], ebx
jnz loc_40D0F2
push [ebp+arg_C]
push [ebp+arg_8]
push offset dword_436564
push [ebp+arg_4]
call sub_412D06
add esp, 10h
jmp loc_40D0F2
; ---------------------------------------------------------------------------
loc_40D04E: ; CODE XREF: sub_40CE55+1B7�j
mov esi, [ebp+var_90]
push esi
push offset dword_42F2C8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412B1A
push esi
push offset dword_42F2B8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412B1A
push esi
push offset dword_436560
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D0B9
push offset dword_42F3AC
push [ebp+var_88]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40D0F2
inc eax
push 9Fh
push eax
push [ebp+arg_1C]
call sub_416D40
add esp, 0Ch
jmp short loc_40D0F2
; ---------------------------------------------------------------------------
loc_40D0B9: ; CODE XREF: sub_40CE55+238�j
push esi
push offset dword_43655C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D0F9
push ebx
push dword_46898C
push dword_42C1A4
push [ebp+arg_10]
call sub_414433
push [ebp+arg_10]
push offset dword_436550
push [ebp+arg_4]
call sub_412D06
add esp, 1Ch
loc_40D0F2: ; CODE XREF: sub_40CE55+1D8�j
; sub_40CE55+1F4�j ...
mov eax, edi
jmp loc_40D21C
; ---------------------------------------------------------------------------
loc_40D0F9: ; CODE XREF: sub_40CE55+273�j
mov esi, [ebp+arg_18]
mov [ebp+var_A8], 2
mov edi, 80h
loc_40D10B: ; CODE XREF: sub_40CE55+2DB�j
lea eax, [ebp+var_A94]
push eax
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D128
mov [ebp+var_98], 1
loc_40D128: ; CODE XREF: sub_40CE55+2C7�j
add esi, edi
dec [ebp+var_A8]
jnz short loc_40D10B
mov esi, [ebp+var_90]
push esi
push offset dword_436548
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D221
mov esi, [ebp+arg_18]
mov [ebp+arg_24], 2
loc_40D157: ; CODE XREF: sub_40CE55+38F�j
cmp [esi], bl
jz loc_40D1DF
push 7Fh
lea eax, [ebp+var_A94]
push esi
push eax
call sub_416D40
lea eax, [ebp+var_C4]
add esp, 0Ch
test eax, eax
jz short loc_40D1DF
cmp [ebp+var_88], ebx
jz short loc_40D1DF
push [ebp+var_88]
lea eax, [ebp+var_C4]
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D1DF
lea eax, [ebp+var_C4]
mov [esi], bl
push eax
lea eax, [ebp+var_2C8]
push offset dword_436514
push eax
call sub_4154E7
lea eax, [ebp+var_2C8]
push eax
lea eax, [ebp+var_C4]
push eax
push offset dword_436504
push [ebp+arg_4]
call sub_412D06
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
add esp, 20h
loc_40D1DF: ; CODE XREF: sub_40CE55+304�j
; sub_40CE55+324�j ...
add esi, edi
dec [ebp+arg_24]
jnz loc_40D157
push [ebp+var_88]
push [ebp+arg_10]
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D219
push [ebp+arg_C]
mov eax, [ebp+arg_20]
push [ebp+arg_8]
mov [eax], ebx
push offset dword_436564
loc_40D20E: ; CODE XREF: sub_40CE55+615�j
; sub_40CE55+96C�j
push [ebp+arg_4]
call sub_412D06
loc_40D216: ; CODE XREF: sub_40CE55+51FE�j
; sub_40CE55+521B�j ...
add esp, 10h
loc_40D219: ; CODE XREF: sub_40CE55+5B�j
; sub_40CE55+F1�j ...
push 1
loc_40D21B: ; CODE XREF: sub_40CE55+5745�j
pop eax
loc_40D21C: ; CODE XREF: sub_40CE55+29F�j
; sub_40CE55+2164�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_40D221: ; CODE XREF: sub_40CE55+2F2�j
push esi
push offset dword_4364FC
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D377
mov eax, [ebp+var_8C]
mov esi, [ebp+arg_18]
inc eax
mov [ebp+arg_0], 2
mov [ebp+arg_24], eax
loc_40D24A: ; CODE XREF: sub_40CE55+447�j
lea eax, [ebp+var_A94]
push eax
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D297
lea eax, [ebp+var_A94]
push 21h
push eax
call sub_417080
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_1C], eax
jz short loc_40D297
push [ebp+arg_24]
lea edi, [esi+2]
mov byte ptr [esi], 3Ah
lea eax, [edi-1]
push eax
call sub_415C00
push [ebp+arg_1C]
push edi
call sub_415C10
add esp, 10h
mov edi, 80h
loc_40D297: ; CODE XREF: sub_40CE55+406�j
; sub_40CE55+41D�j
add esi, edi
dec [ebp+arg_0]
jnz short loc_40D24A
lea eax, [ebp+var_C4]
test eax, eax
jz loc_40D219
cmp [ebp+arg_24], ebx
jz loc_40D219
push [ebp+arg_10]
lea eax, [ebp+var_C4]
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D2DF
push 0Fh
push [ebp+arg_24]
push [ebp+arg_10]
call sub_416D40
add esp, 0Ch
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_40D2DF: ; CODE XREF: sub_40CE55+473�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40D2E4: ; CODE XREF: sub_40CE55+4B0�j
cmp [edi], bl
jz short loc_40D2FB
lea eax, [ebp+var_A94]
push eax
push edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40D30C
loc_40D2FB: ; CODE XREF: sub_40CE55+491�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40D2E4
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_40D30C: ; CODE XREF: sub_40CE55+4A4�j
lea eax, [ebp+var_A94]
push 21h
push eax
call sub_417080
pop ecx
cmp eax, ebx
pop ecx
mov [ebp+arg_0], eax
jz loc_40D219
push eax
call sub_415CF0
push [ebp+arg_24]
mov edi, eax
call sub_415CF0
add edi, eax
pop ecx
cmp edi, 7Eh
pop ecx
ja loc_40D219
push [ebp+arg_0]
shl esi, 7
push [ebp+arg_24]
add esi, [ebp+arg_18]
push offset dword_4364F4
push esi
call sub_4154E7
push ebx
lea eax, [ebp+var_4AC]
push ebx
push eax
push [ebp+arg_8]
push [ebp+arg_4]
call sub_412D4C
add esp, 24h
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_40D377: ; CODE XREF: sub_40CE55+3DB�j
push esi
push offset dword_4364EC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40D399
push esi
push offset dword_426730
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D3C0
loc_40D399: ; CODE XREF: sub_40CE55+531�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40D39E: ; CODE XREF: sub_40CE55+569�j
cmp [edi], bl
jz short loc_40D3B4
push [ebp+var_94]
push edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40D40E
loc_40D3B4: ; CODE XREF: sub_40CE55+54B�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40D39E
loc_40D3C0: ; CODE XREF: sub_40CE55+542�j
push [ebp+var_90]
push offset dword_4364E8
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D46F
push [ebp+var_84]
push [ebp+arg_8]
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D3F7
mov eax, [ebp+arg_20]
mov dword ptr [eax], 1
loc_40D3F7: ; CODE XREF: sub_40CE55+597�j
push [ebp+var_84]
push offset dword_4364B4
loc_40D402: ; CODE XREF: sub_40CE55+5577�j
; sub_40CE55+58F0�j ...
call sub_40B1E1
pop ecx
loc_40D408: ; CODE XREF: sub_40CE55+5A05�j
pop ecx
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_40D40E: ; CODE XREF: sub_40CE55+55D�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C8]
push offset dword_436480
push eax
call sub_4154E7
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
push [ebp+var_90]
push offset dword_4364EC
call sub_415910
add esp, 18h
test eax, eax
jnz loc_40D219
lea eax, [ebp+var_2C8]
push eax
mov eax, [ebp+var_94]
inc eax
push eax
push offset dword_436504
jmp loc_40D20E
; ---------------------------------------------------------------------------
loc_40D46F: ; CODE XREF: sub_40CE55+57F�j
push [ebp+var_90]
mov esi, offset dword_436478
push esi
call sub_415910
pop ecx
mov edi, offset dword_436470
test eax, eax
pop ecx
jz short loc_40D4C3
push [ebp+var_90]
push edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40D4C3
push [ebp+var_90]
push offset dword_43646C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_41298E
cmp dword_42C194, ebx
jz loc_41298E
loc_40D4C3: ; CODE XREF: sub_40CE55+634�j
; sub_40CE55+646�j
push [ebp+var_90]
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40D649
push [ebp+var_90]
push edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40D649
mov eax, [ebp+var_88]
inc [ebp+var_84]
push 4
mov [ebp+var_8C], eax
pop esi
mov [ebp+var_AC], esi
loc_40D50A: ; CODE XREF: sub_40CE55+8B0�j
; sub_40CE55+941�j ...
shl esi, 2
mov eax, [ebp+esi+var_94]
lea edi, [ebp+esi+var_94]
push eax
push offset dword_436464
mov [ebp+arg_8], eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D943
push [ebp+esi+var_90]
push offset dword_43645C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D801
cmp [ebp+var_98], ebx
jz loc_40D7D7
push [ebp+esi+var_8C]
mov edi, offset dword_426CC0
lea eax, [ebp+var_6FC]
push edi
push eax
call sub_4154E7
push [ebp+esi+var_88]
lea eax, [ebp+var_710]
push edi
push eax
call sub_4154E7
push [ebp+esi+var_84]
call sub_415A5F
mov [ebp+var_578], eax
mov eax, [ebp+arg_4]
mov [ebp+var_718], eax
lea eax, [ebp+var_C4]
push 7Fh
push eax
lea eax, [ebp+var_5F8]
push eax
call sub_416D40
mov eax, [ebp+var_4]
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
mov [ebp+var_56C], eax
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6FC]
push eax
lea eax, [ebp+var_2C8]
push offset dword_43641C
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 12h
push eax
call sub_414F93
add esp, 44h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_718]
push ebx
push eax
push offset sub_40BAB4
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz loc_40D7C6
loc_40D633: ; CODE XREF: sub_40CE55+7F2�j
cmp [ebp+var_568], ebx
jnz loc_40D7F9
push 32h
call dword_421060
jmp short loc_40D633
; ---------------------------------------------------------------------------
loc_40D649: ; CODE XREF: sub_40CE55+67E�j
; sub_40CE55+694�j
push [ebp+var_90]
push edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40D662
mov [ebp+var_4], 1
loc_40D662: ; CODE XREF: sub_40CE55+804�j
cmp [ebp+var_8C], ebx
jz loc_40D219
push offset dword_4263DC
push [ebp+var_8C]
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jz short loc_40D689
cmp [ebp+var_4], ebx
jz short loc_40D695
loc_40D689: ; CODE XREF: sub_40CE55+82D�j
lea eax, [ebp+var_C4]
mov [ebp+var_8C], eax
loc_40D695: ; CODE XREF: sub_40CE55+832�j
cmp [ebp+var_88], ebx
jz loc_40D219
inc [ebp+var_88]
jz short loc_40D6E1
cmp [ebp+arg_10], ebx
jz short loc_40D6E1
lea eax, [ebp+var_564]
push eax
call sub_415CF0
push eax
lea eax, [ebp+var_564]
push [ebp+var_88]
push eax
call sub_416ED0
mov esi, eax
add esp, 10h
neg esi
sbb esi, esi
add esi, 4
mov [ebp+var_AC], esi
jmp short loc_40D6E7
; ---------------------------------------------------------------------------
loc_40D6E1: ; CODE XREF: sub_40CE55+852�j
; sub_40CE55+857�j
mov esi, [ebp+var_AC]
loc_40D6E7: ; CODE XREF: sub_40CE55+88A�j
mov edi, [ebp+esi*4+var_94]
cmp edi, ebx
jz loc_40D219
push edi
push offset dword_436410
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D50A
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz short loc_40D787
mov eax, dword_46899C
mov eax, dword_42C264[eax*4]
cmp [eax], bl
jz short loc_40D787
push eax
push ecx
push offset dword_4363F4
push [ebp+arg_4]
call sub_412D06
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C8]
push offset dword_4363D8
push eax
call sub_4154E7
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
add esp, 20h
cmp [ebp+var_98], ebx
jnz loc_40D219
push ebx
lea eax, [ebp+var_2C8]
push 1
push eax
push offset dword_4688A4
loc_40D777: ; CODE XREF: sub_40CE55+52F2�j
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_40D787: ; CODE XREF: sub_40CE55+8BF�j
; sub_40CE55+8CF�j
push edi
push offset dword_4363D0
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D50A
mov eax, [ebp+esi*4+var_90]
cmp eax, ebx
jz loc_40D50A
mov ecx, [ebp+var_8C]
cmp byte ptr [ecx], 23h
jz loc_40D50A
push eax
push ecx
push offset dword_4363B8
jmp loc_40D20E
; ---------------------------------------------------------------------------
loc_40D7C6: ; CODE XREF: sub_40CE55+7D8�j
call dword_421088
push eax
push offset dword_43636C
jmp loc_40D92F
; ---------------------------------------------------------------------------
loc_40D7D7: ; CODE XREF: sub_40CE55+6FF�j
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C8]
push [ebp+esi+var_8C]
push offset dword_436318
push eax
call sub_4154E7
add esp, 10h
loc_40D7F9: ; CODE XREF: sub_40CE55+7E4�j
; sub_40CE55+AA2�j ...
push 1
pop esi
jmp loc_40EFAA
; ---------------------------------------------------------------------------
loc_40D801: ; CODE XREF: sub_40CE55+6F3�j
push [ebp+esi+var_90]
push offset dword_436310
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40D959
cmp [ebp+var_98], ebx
jz loc_40D923
push 13h
call sub_4151DB
test eax, eax
pop ecx
jnz loc_40D915
push [ebp+esi+var_88]
lea eax, [ebp+var_710]
push offset dword_426CC0
push eax
call sub_4154E7
push [ebp+esi+var_84]
call sub_415A5F
mov [ebp+var_578], eax
mov eax, [ebp+arg_4]
mov [ebp+var_718], eax
lea eax, [ebp+var_C4]
push 7Fh
push eax
lea eax, [ebp+var_5F8]
push eax
call sub_416D40
mov eax, [ebp+var_4]
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
mov [ebp+var_56C], eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_2C8]
push offset dword_4362DC
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 13h
push eax
call sub_414F93
add esp, 34h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_718]
push ebx
push eax
push offset sub_40B551
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_40D907
loc_40D8F1: ; CODE XREF: sub_40CE55+AB0�j
cmp [ebp+var_568], ebx
jnz loc_40D7F9
push 32h
call dword_421060
jmp short loc_40D8F1
; ---------------------------------------------------------------------------
loc_40D907: ; CODE XREF: sub_40CE55+A9A�j
call dword_421088
push eax
push offset dword_436294
jmp short loc_40D92F
; ---------------------------------------------------------------------------
loc_40D915: ; CODE XREF: sub_40CE55+9DD�j
lea eax, [ebp+var_C4]
push eax
push offset dword_436250
jmp short loc_40D92F
; ---------------------------------------------------------------------------
loc_40D923: ; CODE XREF: sub_40CE55+9CD�j
lea eax, [ebp+var_C4]
push eax
push offset dword_43620C
loc_40D92F: ; CODE XREF: sub_40CE55+97D�j
; sub_40CE55+ABE�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
jmp loc_40D7F9
; ---------------------------------------------------------------------------
loc_40D943: ; CODE XREF: sub_40CE55+6D8�j
mov eax, [ebp+arg_8]
lea ecx, [eax+1]
mov al, [eax]
cmp al, byte_42C19C
mov [edi], ecx
jnz loc_40D219
loc_40D959: ; CODE XREF: sub_40CE55+9C1�j
mov edi, [edi]
push edi
push offset dword_436204
mov [ebp+arg_8], edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412996
push edi
push offset dword_436200
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412996
cmp [ebp+var_98], ebx
jnz short loc_40D9AA
push [ebp+var_90]
push offset dword_43646C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_41298E
loc_40D9AA: ; CODE XREF: sub_40CE55+B39�j
cmp [ebp+arg_28], ebx
jnz loc_41298E
xor edi, edi
cmp dword_42E7A4, ebx
jle loc_40DB56
mov [ebp+arg_20], offset dword_43E7A8
loc_40D9C8: ; CODE XREF: sub_40CE55+B92�j
push [ebp+arg_8]
push [ebp+arg_20]
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40D9EE
add [ebp+arg_20], 0B8h
inc edi
cmp edi, dword_42E7A4
jl short loc_40D9C8
jmp loc_40DB56
; ---------------------------------------------------------------------------
loc_40D9EE: ; CODE XREF: sub_40CE55+B82�j
push offset dword_436588
push [ebp+arg_0]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz loc_40D219
mov cl, byte_42C19C
imul edi, 0B8h
mov [eax+2], cl
mov cl, byte_42C19C
mov [eax+3], cl
lea ecx, dword_43E7C0[edi]
push 9Fh
add eax, 4
push ecx
push eax
call sub_416D40
lea eax, [ebp+esi+var_54]
add esp, 0Ch
mov [ebp+arg_20], 0Fh
mov [ebp+arg_C], eax
loc_40DA43: ; CODE XREF: sub_40CE55+C96�j
push [ebp+arg_20]
lea eax, [ebp+var_A4]
push offset dword_4361F8
push eax
call sub_4154E7
lea eax, [ebp+var_A4]
push eax
push [ebp+arg_0]
call sub_415AC0
add esp, 14h
test eax, eax
jz short loc_40DAAF
mov eax, [ebp+arg_C]
cmp [eax], ebx
jz short loc_40DAAF
lea eax, dword_43E7A8[edi]
push eax
call sub_415CF0
add [ebp+var_C], eax
pop ecx
jz short loc_40DAE1
mov eax, [ebp+arg_C]
push dword ptr [eax-4]
push [ebp+var_C]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_40DAE1
push eax
lea eax, [ebp+var_A4]
push eax
push [ebp+arg_0]
call sub_4099AA
add esp, 0Ch
jmp short loc_40DAE1
; ---------------------------------------------------------------------------
loc_40DAAF: ; CODE XREF: sub_40CE55+C16�j
; sub_40CE55+C1D�j
mov eax, [ebp+arg_C]
cmp [eax], ebx
jnz short loc_40DAE1
lea eax, [ebp+var_A4]
push 2
push eax
lea eax, [ebp+var_14]
push eax
call sub_416D40
lea eax, [ebp+var_14]
mov [ebp+var_12], bl
push eax
lea eax, [ebp+var_A4]
push eax
push [ebp+arg_0]
call sub_4099AA
add esp, 18h
loc_40DAE1: ; CODE XREF: sub_40CE55+C2F�j
; sub_40CE55+C43�j ...
dec [ebp+arg_20]
sub [ebp+arg_C], 4
cmp [ebp+arg_20], ebx
jg loc_40DA43
lea eax, [ebp+esi+var_54]
mov [ebp+arg_20], 10h
mov edi, eax
loc_40DAFE: ; CODE XREF: sub_40CE55+CF5�j
push [ebp+arg_20]
lea eax, [ebp+var_A4]
push offset dword_4361F4
push eax
call sub_4154E7
lea eax, [ebp+var_A4]
push eax
push [ebp+arg_0]
call sub_415AC0
add esp, 14h
test eax, eax
jz short loc_40DB41
mov eax, [edi]
cmp eax, ebx
jz short loc_40DB41
push eax
lea eax, [ebp+var_A4]
push eax
push [ebp+arg_0]
call sub_4099AA
add esp, 0Ch
loc_40DB41: ; CODE XREF: sub_40CE55+CD1�j
; sub_40CE55+CD7�j
dec [ebp+arg_20]
sub edi, 4
cmp [ebp+arg_20], ebx
jg short loc_40DAFE
mov [ebp+var_C8], 1
loc_40DB56: ; CODE XREF: sub_40CE55+B66�j
; sub_40CE55+B94�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, byte_42C19C
jz short loc_40DB6F
cmp [ebp+var_C8], ebx
jz loc_40DD54
loc_40DB6F: ; CODE XREF: sub_40CE55+D0C�j
push [ebp+arg_10]
mov edi, [ebp+arg_0]
push offset dword_4361F0
push edi
call sub_4099AA
lea eax, [ebp+var_C4]
push eax
push offset dword_4361E8
push edi
call sub_4099AA
push [ebp+var_8C]
push offset dword_4361E0
push edi
call sub_4099AA
push ebx
push ebx
lea eax, [ebp+var_A4]
push 2
push eax
call sub_414433
push eax
push offset dword_4361D4
push edi
call sub_4099AA
add esp, 40h
push [ebp+arg_14]
push offset dword_4361CC
push edi
call sub_4099AA
mov edi, offset dword_4361C4
push edi
push [ebp+arg_0]
call sub_415AC0
add esp, 14h
loc_40DBE1: ; CODE XREF: sub_40CE55+E78�j
test eax, eax
jz loc_40DCD2
push edi
push [ebp+arg_0]
call sub_415AC0
mov [ebp+arg_10], eax
add eax, 5
push 4
push eax
lea eax, [ebp+var_A4]
push eax
call sub_416D40
lea eax, [ebp+var_A4]
push offset dword_4361C0
push eax
call sub_416C98
add esp, 1Ch
cmp [ebp+var_A4], 30h
jl short loc_40DC2D
cmp [ebp+var_A4], 39h
jle short loc_40DC43
loc_40DC2D: ; CODE XREF: sub_40CE55+DCD�j
push 3
lea eax, [ebp+var_A4]
push offset dword_4361BC
push eax
call sub_416D40
add esp, 0Ch
loc_40DC43: ; CODE XREF: sub_40CE55+DD6�j
lea eax, [ebp+var_A4]
push eax
call sub_415A5F
test eax, eax
pop ecx
jle short loc_40DC66
lea eax, [ebp+var_A4]
push eax
call sub_415A5F
pop ecx
mov [ebp+var_14], al
jmp short loc_40DC77
; ---------------------------------------------------------------------------
loc_40DC66: ; CODE XREF: sub_40CE55+DFD�j
call sub_415543
push 60h
cdq
pop ecx
idiv ecx
add dl, 20h
mov [ebp+var_14], dl
loc_40DC77: ; CODE XREF: sub_40CE55+E0F�j
lea eax, [ebp+var_A4]
mov [ebp+var_13], bl
push eax
call sub_415CF0
mov [ebp+arg_20], eax
push 0Ch
lea eax, [ebp+var_A4]
push ebx
push eax
call sub_415570
mov eax, [ebp+arg_20]
add eax, 6
push eax
lea eax, [ebp+var_A4]
push [ebp+arg_10]
push eax
call sub_416D40
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_A4]
push eax
push [ebp+arg_0]
call sub_4099AA
push edi
push [ebp+arg_0]
call sub_415AC0
add esp, 30h
jmp loc_40DBE1
; ---------------------------------------------------------------------------
loc_40DCD2: ; CODE XREF: sub_40CE55+D8E�j
mov edi, 1FFh
lea eax, [ebp+var_F9C]
push edi
push [ebp+arg_0]
push eax
call sub_416D40
lea eax, [ebp+var_F9C]
push edi
push eax
lea eax, [ebp+var_119C]
push eax
call sub_416D40
lea eax, [ebp+var_119C]
push offset dword_426A00
push eax
call sub_416C98
add esp, 20h
mov [ebp+var_94], eax
lea edi, [ebp+var_90]
mov [ebp+arg_10], 1Fh
loc_40DD22: ; CODE XREF: sub_40CE55+EE2�j
push offset dword_426A00
push ebx
call sub_416C98
mov [edi], eax
pop ecx
add edi, 4
dec [ebp+arg_10]
pop ecx
jnz short loc_40DD22
mov ecx, [ebp+esi+var_94]
lea eax, [ebp+esi+var_94]
cmp ecx, ebx
jz loc_40D219
add ecx, 3
mov [eax], ecx
loc_40DD54: ; CODE XREF: sub_40CE55+D14�j
mov edi, [ebp+esi+var_94]
push edi
push offset dword_4361B0
mov [ebp+arg_8], edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412941
push edi
push offset dword_4361A8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412941
push edi
push offset dword_43619C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41291F
push edi
push offset dword_436194
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41291F
push edi
push offset dword_436188
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41287D
push edi
push offset dword_436180
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41287D
push edi
push offset dword_436174
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41285F
push edi
push offset dword_43616C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41285F
push edi
push offset dword_436160
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41274A
push edi
push offset dword_436158
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41274A
push edi
push offset dword_436148
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41274A
push edi
push offset dword_436140
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41274A
push edi
push offset dword_43612C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412628
push edi
push offset dword_43611C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412628
push edi
push offset dword_436108
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DEC4
push [ebp+esi+var_90]
push 11h
push offset dword_436100
push offset dword_4360F0
loc_40DEA8: ; CODE XREF: sub_40CE55+1093�j
; sub_40CE55+10B9�j ...
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_415221
add esp, 20h
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_40DEC4: ; CODE XREF: sub_40CE55+103E�j
push edi
push offset dword_4360DC
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DEEA
push [ebp+esi+var_90]
push 6
push offset dword_436100
push offset dword_4360CC
jmp short loc_40DEA8
; ---------------------------------------------------------------------------
loc_40DEEA: ; CODE XREF: sub_40CE55+107E�j
push edi
push offset dword_4360BC
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DF10
push [ebp+esi+var_90]
push 3
push offset dword_436100
push offset dword_4360B0
jmp short loc_40DEA8
; ---------------------------------------------------------------------------
loc_40DF10: ; CODE XREF: sub_40CE55+10A4�j
push edi
push offset dword_4360A8
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DF39
push [ebp+esi+var_90]
push 1Ch
push offset dword_43609C
push offset dword_436090
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40DF39: ; CODE XREF: sub_40CE55+10CA�j
push edi
push offset dword_43607C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DF62
push [ebp+esi+var_90]
push 10h
push offset dword_43606C
push offset dword_43605C
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40DF62: ; CODE XREF: sub_40CE55+10F3�j
push edi
push offset dword_436050
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DF8B
push [ebp+esi+var_90]
push 0Ah
push offset dword_436044
push offset dword_436038
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40DF8B: ; CODE XREF: sub_40CE55+111C�j
push edi
push offset dword_436028
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DFB4
push [ebp+esi+var_90]
push 0Bh
push offset dword_43601C
push offset dword_436010
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40DFB4: ; CODE XREF: sub_40CE55+1145�j
push edi
push offset dword_436000
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40DFDD
push [ebp+esi+var_90]
push 0Fh
push offset dword_435FF4
push offset dword_435FE8
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40DFDD: ; CODE XREF: sub_40CE55+116E�j
push edi
push offset dword_435FD8
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E006
push [ebp+esi+var_90]
push 0Eh
push offset dword_435FCC
push offset dword_435FC0
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40E006: ; CODE XREF: sub_40CE55+1197�j
push edi
push offset dword_435FB0
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E02F
push [ebp+esi+var_90]
push 4
push offset dword_436100
push offset dword_435FA4
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40E02F: ; CODE XREF: sub_40CE55+11C0�j
push edi
push offset dword_435F90
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412610
push edi
push offset dword_435F84
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412610
push edi
push offset dword_435F74
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4125F8
push edi
push offset dword_435F68
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4125F8
push edi
push offset dword_435F5C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E0AC
push [ebp+esi+var_90]
push 17h
push offset dword_435F54
push offset dword_435F44
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40E0AC: ; CODE XREF: sub_40CE55+123D�j
push edi
push offset dword_435F34
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E0D5
push [ebp+esi+var_90]
push 19h
push offset dword_435F2C
push offset dword_435F1C
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40E0D5: ; CODE XREF: sub_40CE55+1266�j
push edi
push offset dword_435F10
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E0FE
push [ebp+esi+var_90]
push 8
push offset dword_435F08
push offset dword_435EF8
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40E0FE: ; CODE XREF: sub_40CE55+128F�j
push edi
push offset dword_435EEC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4125E2
push edi
push offset dword_435EE4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4125E2
push edi
push offset dword_435ED8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4125C1
push edi
push offset dword_435ED0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4125C1
push edi
push offset dword_435EC4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41259F
push edi
push offset dword_435EBC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41259F
push edi
push offset dword_435EAC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412557
push edi
push offset dword_435EA0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412557
push edi
push offset dword_435E94
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412519
push edi
push offset dword_435E8C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412519
push edi
push offset dword_435E84
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4124E2
push edi
push offset dword_435E7C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4124E2
push edi
push offset dword_435E70
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E24C
call sub_409DF3
test eax, eax
mov eax, offset dword_435E40
jnz short loc_40E21E
mov eax, offset dword_435E08
loc_40E21E: ; CODE XREF: sub_40CE55+13C2�j
push eax
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 1Ch
jmp loc_40D7F9
; ---------------------------------------------------------------------------
loc_40E24C: ; CODE XREF: sub_40CE55+13B4�j
push edi
push offset dword_435DF8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4123F1
push edi
push offset dword_435DEC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4123F1
push edi
push offset dword_435DE0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4123D1
push edi
push offset dword_435DD8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4123D1
push edi
push offset dword_435DD0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4122E1
push edi
push offset dword_435DC8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4122E1
push edi
push offset dword_435DB8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4122C8
push edi
push offset dword_435DAC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4122C8
push edi
push offset dword_435DA0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412291
push edi
push offset dword_435D98
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412291
push edi
push offset dword_435D8C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412266
push edi
push offset dword_435D84
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412266
push edi
push offset dword_435D78
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41222C
push edi
push offset dword_435D70
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41222C
push edi
push offset dword_435D64
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412123
push edi
push offset dword_435D5C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412123
push edi
push offset dword_435D50
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4120F9
push edi
push offset dword_435D48
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4120F9
push edi
push offset dword_435D3C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412075
push edi
push offset dword_435D34
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412075
push edi
push offset dword_435D24
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412058
push edi
push offset dword_435D1C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_412058
push edi
push offset dword_435D0C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41203F
push edi
push offset dword_435D04
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41203F
push edi
push offset dword_435CF8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411FF8
push edi
push offset dword_435CEC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411FF8
push edi
push offset dword_435CDC
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E497
push [ebp+esi+var_90]
push 7
push offset dword_435CCC
push offset dword_435CC4
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_40E497: ; CODE XREF: sub_40CE55+1628�j
push edi
push offset dword_435CBC
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40E524
cmp [ebp+var_8], ebx
jnz short loc_40E4C7
push ebx
push [ebp+var_4]
push offset dword_435CAC
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_40E4C7: ; CODE XREF: sub_40CE55+1656�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_40E4CC: ; CODE XREF: sub_40CE55+16BD�j
cmp [edi], bl
lea eax, [edi+1]
jnz short loc_40E4D8
mov eax, offset dword_435CA4
loc_40E4D8: ; CODE XREF: sub_40CE55+167C�j
push eax
push esi
lea eax, [ebp+var_2C8]
push offset dword_435C9C
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 24h
inc esi
add edi, 80h
cmp esi, 2
jl short loc_40E4CC
push offset dword_435C68
loc_40E519: ; CODE XREF: sub_40CE55+5688�j
call sub_40B16D
pop ecx
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_40E524: ; CODE XREF: sub_40CE55+1651�j
push edi
push offset dword_435C5C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411FB7
push edi
push offset dword_435C54
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411FB7
push edi
push offset dword_435C44
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411F8C
push edi
push offset dword_435C38
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411F8C
push edi
push offset dword_435C28
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411F68
push edi
push offset dword_435C1C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411F68
push edi
push offset dword_435C0C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411F2B
push edi
push offset dword_435C00
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411F2B
push edi
push offset dword_435BF0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411D91
push edi
push offset dword_435BE0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411D91
push edi
push offset dword_435BD0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411C53
push edi
push offset dword_435BC0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411C53
push edi
push offset dword_435BAC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411958
push edi
push offset dword_435BA4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411958
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz loc_40D219
push [ebp+arg_8]
push offset dword_435B98
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41193F
push [ebp+arg_8]
push offset dword_435B90
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41193F
push [ebp+arg_8]
push offset dword_435B84
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41191F
push [ebp+arg_8]
push offset dword_435B7C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41191F
push [ebp+arg_8]
push offset dword_435B70
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411906
push [ebp+arg_8]
push offset dword_435B68
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411906
push [ebp+arg_8]
push offset dword_435B60
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4118CF
push [ebp+arg_8]
push offset dword_435B58
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4118CF
push [ebp+arg_8]
push offset dword_435B48
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41180C
push [ebp+arg_8]
push offset dword_435B3C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41180C
push [ebp+arg_8]
push offset dword_435B30
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411761
push [ebp+arg_8]
push offset dword_435B28
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411761
push [ebp+arg_8]
push offset dword_435B18
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411716
push [ebp+arg_8]
push offset dword_435B0C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411716
push [ebp+arg_8]
push offset dword_435B00
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411701
push [ebp+arg_8]
push offset dword_435AF8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411701
push [ebp+arg_8]
push offset dword_435AEC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4116D7
push [ebp+arg_8]
push offset dword_435AE4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4116D7
push [ebp+arg_8]
push offset dword_435AD4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4116B2
push [ebp+arg_8]
push offset dword_435ACC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4116B2
push [ebp+arg_8]
push offset dword_435AC4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411650
push [ebp+arg_8]
push offset dword_435ABC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411650
push [ebp+arg_8]
push offset dword_435AA8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411624
push [ebp+arg_8]
push offset dword_435AA0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411624
push [ebp+arg_8]
push offset dword_435A90
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4115C9
push [ebp+arg_8]
push offset dword_435A84
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4115C9
push [ebp+arg_8]
push offset dword_435A78
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411592
push [ebp+arg_8]
push offset dword_435A70
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411592
push [ebp+arg_8]
push offset dword_435A68
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4114B1
push [ebp+arg_8]
push offset dword_435A60
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4114B1
push [ebp+arg_8]
push offset dword_435A50
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411496
push [ebp+arg_8]
push offset dword_435A48
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411496
push [ebp+arg_8]
push offset dword_435A3C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4113B8
push [ebp+arg_8]
push offset dword_435A34
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4113B8
push [ebp+arg_8]
push offset dword_435A28
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41137D
push [ebp+arg_8]
push offset dword_435A28
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41137D
push [ebp+arg_8]
push offset dword_435A20
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411332
push [ebp+arg_8]
push offset dword_435A18
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411332
push [ebp+arg_8]
push offset dword_435A08
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4112AD
push [ebp+arg_8]
push offset dword_435A00
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4112AD
push [ebp+arg_8]
push offset dword_4359F8
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40EB3B
push edi
push offset dword_4359F4
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40EB06
push 18h
call sub_4151DB
test eax, eax
pop ecx
jle short loc_40EA33
push offset dword_4359C0
jmp loc_40EBA7
; ---------------------------------------------------------------------------
loc_40EA33: ; CODE XREF: sub_40CE55+1BD2�j
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_8C]
mov [ebp+var_4DC], eax
mov eax, [ebp+var_4]
mov [ebp+var_454], eax
mov eax, [ebp+var_8]
cmp esi, ebx
mov [ebp+var_450], eax
jnz short loc_40EA75
mov esi, offset dword_42C24C
push offset byte_438FBC
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EA75
mov esi, [ebp+var_8C]
loc_40EA75: ; CODE XREF: sub_40CE55+1C02�j
; sub_40CE55+1C18�j
push esi
lea eax, [ebp+var_4D8]
push 80h
push eax
call sub_415A6A
lea eax, [ebp+var_2C8]
push offset dword_43597C
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 18h
push eax
call sub_414F93
add esp, 20h
mov [ebp+var_458], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4DC]
push ebx
push eax
push offset sub_4024DC
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_458]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_40EAF5
loc_40EADF: ; CODE XREF: sub_40CE55+1C9E�j
cmp [ebp+var_44C], ebx
jnz loc_40ECC3
push 32h
call dword_421060
jmp short loc_40EADF
; ---------------------------------------------------------------------------
loc_40EAF5: ; CODE XREF: sub_40CE55+1C88�j
call dword_421088
push eax
push offset dword_43592C
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_40EB06: ; CODE XREF: sub_40CE55+1BC2�j
push edi
push offset dword_435928
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40ECC3
push ebx
push 18h
call sub_41518E
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40EB34
push eax
push offset dword_4358DC
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_40EB34: ; CODE XREF: sub_40CE55+1CD2�j
push offset dword_4358A0
jmp short loc_40EBA7
; ---------------------------------------------------------------------------
loc_40EB3B: ; CODE XREF: sub_40CE55+1BAD�j
push [ebp+arg_8]
push offset dword_435894
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40ECED
push edi
push offset dword_4359F4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40EBBA
push edi
push offset dword_431C18
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40EBBA
push edi
push offset dword_435928
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40ECC3
push ebx
push 1Ah
call sub_41518E
pop ecx
cmp eax, ebx
pop ecx
jle short loc_40EBA2
push eax
push offset dword_435844
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_40EBA2: ; CODE XREF: sub_40CE55+1D40�j
push offset dword_435804
loc_40EBA7: ; CODE XREF: sub_40CE55+1BD9�j
; sub_40CE55+1CE4�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
pop ecx
pop ecx
jmp loc_40ECC3
; ---------------------------------------------------------------------------
loc_40EBBA: ; CODE XREF: sub_40CE55+1D0C�j
; sub_40CE55+1D1D�j
push 1Ah
call sub_4151DB
test eax, eax
pop ecx
jle short loc_40EBCD
push offset dword_4357D0
jmp short loc_40EBA7
; ---------------------------------------------------------------------------
loc_40EBCD: ; CODE XREF: sub_40CE55+1D6F�j
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_4DC], eax
mov eax, [ebp+var_4]
push offset dword_431C18
mov [ebp+var_454], eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EBFC
mov [ebp+var_450], 1
jmp short loc_40EC05
; ---------------------------------------------------------------------------
loc_40EBFC: ; CODE XREF: sub_40CE55+1D99�j
mov eax, [ebp+var_8]
mov [ebp+var_450], eax
loc_40EC05: ; CODE XREF: sub_40CE55+1DA5�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_40EC2C
mov esi, offset dword_42C248
push offset byte_438FBC
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EC2C
mov esi, [ebp+var_8C]
loc_40EC2C: ; CODE XREF: sub_40CE55+1DB9�j
; sub_40CE55+1DCF�j
push esi
lea eax, [ebp+var_4D4]
push 80h
push eax
call sub_415A6A
lea eax, [ebp+var_2C8]
push offset dword_43579C
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 1Ah
push eax
call sub_414F93
add esp, 20h
mov [ebp+var_4D8], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4DC]
push ebx
push eax
push offset sub_4021FB
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_4D8]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_40ECA8
loc_40EC96: ; CODE XREF: sub_40CE55+1E51�j
cmp [ebp+var_44C], ebx
jnz short loc_40ECC3
push 32h
call dword_421060
jmp short loc_40EC96
; ---------------------------------------------------------------------------
loc_40ECA8: ; CODE XREF: sub_40CE55+1E3F�j
call dword_421088
push eax
push offset dword_43574C
loc_40ECB4: ; CODE XREF: sub_40CE55+1CAC�j
; sub_40CE55+1CDA�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
loc_40ECC3: ; CODE XREF: sub_40CE55+1C90�j
; sub_40CE55+1CC0�j ...
cmp [ebp+var_8], ebx
jnz loc_40D7F9
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
jmp loc_40D7F9
; ---------------------------------------------------------------------------
loc_40ECED: ; CODE XREF: sub_40CE55+1CF7�j
push [ebp+arg_8]
push offset dword_435744
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40EFBE
cmp dword_43A468, ebx
jz short loc_40ED1E
cmp dword_43A490, ebx
jz short loc_40ED1E
push offset dword_4356F8
jmp loc_40EF78
; ---------------------------------------------------------------------------
loc_40ED1E: ; CODE XREF: sub_40CE55+1EB5�j
; sub_40CE55+1EBD�j
cmp [ebp+var_C], ebx
jz loc_40EF86
mov eax, [ebp+esi+var_8C]
mov [ebp+arg_0], ebx
cmp eax, ebx
mov [ebp+arg_18], eax
jz short loc_40ED46
push eax
push [ebp+var_C]
call sub_415AC0
pop ecx
mov [ebp+arg_0], eax
pop ecx
loc_40ED46: ; CODE XREF: sub_40CE55+1EE1�j
push edi
push offset dword_430100
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EDAC
cmp [ebp+arg_18], ebx
jz short loc_40ED80
push [ebp+arg_0]
push 3
loc_40ED61: ; CODE XREF: sub_40CE55+1F6D�j
; sub_40CE55+1F85�j ...
call sub_412DE7
push eax
lea eax, [ebp+var_2C8]
push offset dword_426CC0
push eax
call sub_4154E7
add esp, 14h
jmp loc_40EF86
; ---------------------------------------------------------------------------
loc_40ED80: ; CODE XREF: sub_40CE55+1F05�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_41308E
add esp, 0Ch
test eax, eax
jz short loc_40EDA2
push offset dword_4356C0
jmp loc_40EF78
; ---------------------------------------------------------------------------
loc_40EDA2: ; CODE XREF: sub_40CE55+1F41�j
push offset dword_43568C
jmp loc_40EF78
; ---------------------------------------------------------------------------
loc_40EDAC: ; CODE XREF: sub_40CE55+1F00�j
push edi
push offset dword_435684
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EDC4
push [ebp+arg_0]
push 4
jmp short loc_40ED61
; ---------------------------------------------------------------------------
loc_40EDC4: ; CODE XREF: sub_40CE55+1F66�j
push edi
push offset dword_43567C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EDDC
push [ebp+arg_0]
push 5
jmp short loc_40ED61
; ---------------------------------------------------------------------------
loc_40EDDC: ; CODE XREF: sub_40CE55+1F7E�j
push edi
push offset dword_4322C0
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EDF7
push [ebp+arg_0]
push 6
jmp loc_40ED61
; ---------------------------------------------------------------------------
loc_40EDF7: ; CODE XREF: sub_40CE55+1F96�j
push edi
push offset dword_435674
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EE12
push [ebp+arg_0]
push 1
jmp loc_40ED61
; ---------------------------------------------------------------------------
loc_40EE12: ; CODE XREF: sub_40CE55+1FB1�j
push edi
push offset dword_43566C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EE8F
cmp [ebp+arg_18], ebx
jz short loc_40EE62
cmp [ebp+var_9B0], bl
jz short loc_40EE38
push ebx
push [ebp+arg_18]
push 1
jmp short loc_40EE43
; ---------------------------------------------------------------------------
loc_40EE38: ; CODE XREF: sub_40CE55+1FD9�j
push [ebp+esi+var_88]
push [ebp+arg_18]
push ebx
loc_40EE43: ; CODE XREF: sub_40CE55+1FE1�j
call sub_4131CB
push eax
lea eax, [ebp+var_2C8]
push offset dword_426CC0
push eax
call sub_4154E7
add esp, 18h
jmp loc_40EF86
; ---------------------------------------------------------------------------
loc_40EE62: ; CODE XREF: sub_40CE55+1FD1�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4133C0
add esp, 10h
test eax, eax
jz short loc_40EE85
push offset dword_435638
jmp loc_40EF78
; ---------------------------------------------------------------------------
loc_40EE85: ; CODE XREF: sub_40CE55+2024�j
push offset dword_435604
jmp loc_40EF78
; ---------------------------------------------------------------------------
loc_40EE8F: ; CODE XREF: sub_40CE55+1FCC�j
push edi
push offset dword_4355FC
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40EF2B
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_40EF04
cmp [ebp+var_9B0], bl
jz short loc_40EEC5
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push ebx
push eax
push 1
jmp short loc_40EEE5
; ---------------------------------------------------------------------------
loc_40EEC5: ; CODE XREF: sub_40CE55+205C�j
push [ebp+var_4]
mov esi, [ebp+esi+var_88]
cmp esi, ebx
push [ebp+var_8C]
push [ebp+arg_4]
jz short loc_40EEE1
push esi
push eax
push ebx
jmp short loc_40EEE5
; ---------------------------------------------------------------------------
loc_40EEE1: ; CODE XREF: sub_40CE55+2085�j
push ebx
push eax
push 2
loc_40EEE5: ; CODE XREF: sub_40CE55+206E�j
; sub_40CE55+208A�j
call sub_4134E1
push eax
lea eax, [ebp+var_2C8]
push offset dword_426CC0
push eax
call sub_4154E7
add esp, 24h
jmp loc_40EF86
; ---------------------------------------------------------------------------
loc_40EF04: ; CODE XREF: sub_40CE55+2054�j
push ebx
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4139F5
add esp, 10h
test eax, eax
jz short loc_40EF24
push offset dword_4355C8
jmp short loc_40EF78
; ---------------------------------------------------------------------------
loc_40EF24: ; CODE XREF: sub_40CE55+20C6�j
push offset dword_435598
jmp short loc_40EF78
; ---------------------------------------------------------------------------
loc_40EF2B: ; CODE XREF: sub_40CE55+2049�j
push edi
push offset dword_429588
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40EF73
cmp [ebp+arg_18], ebx
jz short loc_40EF6C
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_413CA9
push eax
lea eax, [ebp+var_2C8]
push offset dword_426CC0
push eax
call sub_4154E7
add esp, 1Ch
jmp short loc_40EF86
; ---------------------------------------------------------------------------
loc_40EF6C: ; CODE XREF: sub_40CE55+20EA�j
push offset dword_435564
jmp short loc_40EF78
; ---------------------------------------------------------------------------
loc_40EF73: ; CODE XREF: sub_40CE55+20E5�j
push offset dword_435534
loc_40EF78: ; CODE XREF: sub_40CE55+1EC4�j
; sub_40CE55+1F48�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
pop ecx
pop ecx
loc_40EF86: ; CODE XREF: sub_40CE55+1ECC�j
; sub_40CE55+1F26�j ...
cmp [ebp+var_8], ebx
jnz short loc_40EFA7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_40EFA7: ; CODE XREF: sub_40CE55+2134�j
; sub_40CE55+44CD�j ...
mov esi, [ebp+arg_24]
loc_40EFAA: ; CODE XREF: sub_40CE55+9A7�j
; sub_40CE55+47A8�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
pop ecx
mov eax, esi
jmp loc_40D21C
; ---------------------------------------------------------------------------
loc_40EFBE: ; CODE XREF: sub_40CE55+1EA9�j
push [ebp+arg_8]
push offset dword_435528
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4111C9
push [ebp+arg_8]
push offset dword_435520
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4111C9
mov eax, [ebp+esi+var_8C]
cmp eax, ebx
mov [ebp+arg_18], eax
jz loc_40D219
push [ebp+arg_8]
push offset dword_435510
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41118A
push [ebp+arg_8]
push offset dword_435508
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41118A
push [ebp+arg_8]
push offset dword_4354FC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411137
push [ebp+arg_8]
push offset dword_4354F4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411137
push [ebp+arg_8]
push offset dword_4354E8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4110C9
push [ebp+arg_8]
push offset dword_4354E0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4110C9
push [ebp+arg_8]
push offset dword_4354D4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411066
push [ebp+arg_8]
push offset dword_4354CC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411066
push [ebp+arg_8]
push offset dword_4354C0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411027
push [ebp+arg_8]
push offset dword_4354B8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_411027
push [ebp+arg_8]
push offset dword_4354AC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410FBC
push [ebp+arg_8]
push offset dword_4354A0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410FBC
push [ebp+arg_8]
push offset dword_435494
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410F3A
push [ebp+arg_8]
push offset dword_43548C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410F3A
push [ebp+arg_8]
push offset dword_435480
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410EC9
push [ebp+arg_8]
push offset dword_435474
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410EC9
push [ebp+arg_8]
push offset dword_435468
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410EA3
push [ebp+arg_8]
push offset dword_435460
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410EA3
push [ebp+arg_8]
push offset dword_435454
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410E40
push [ebp+arg_8]
push offset dword_43544C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410E40
push [ebp+arg_8]
push offset dword_435440
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410D7A
push [ebp+arg_8]
push offset dword_435438
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410D7A
push [ebp+arg_8]
push offset dword_43542C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410CDF
push [ebp+arg_8]
push offset dword_435424
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410CDF
push [ebp+arg_8]
push offset dword_435414
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410B61
push [ebp+arg_8]
push offset dword_435404
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410B61
push [ebp+arg_8]
push offset dword_4353F8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410AC0
push [ebp+arg_8]
push offset dword_4353F0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410AC0
push [ebp+arg_8]
push offset dword_4353E0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4109C2
push [ebp+arg_8]
push offset dword_4353D8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_4109C2
push [ebp+arg_8]
push offset dword_4353CC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410971
push [ebp+arg_8]
push offset dword_4353C4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410971
push [ebp+arg_8]
push offset dword_4353B8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410876
push [ebp+arg_8]
push offset dword_4353B0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410876
mov eax, [ebp+esi+var_88]
cmp eax, ebx
mov [ebp+arg_0], eax
jz loc_40D219
push [ebp+arg_8]
push offset dword_4353A4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41078B
push [ebp+arg_8]
push offset dword_435398
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41078B
push [ebp+arg_8]
push offset dword_435390
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410686
push [ebp+arg_8]
push offset dword_435388
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410686
push [ebp+arg_8]
push offset dword_435380
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410686
push [ebp+arg_8]
push offset dword_435370
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410588
push [ebp+arg_8]
push offset dword_43536C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410588
push [ebp+arg_8]
push offset dword_435358
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41044A
push [ebp+arg_8]
push offset dword_435354
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41044A
push [ebp+arg_8]
push offset dword_435340
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410350
push [ebp+arg_8]
push offset dword_435330
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410350
push [ebp+arg_8]
push offset dword_435320
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41025D
push [ebp+arg_8]
push offset dword_435318
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_41025D
push [ebp+arg_8]
push offset dword_435308
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410188
push [ebp+arg_8]
push offset dword_4352FC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410188
push [ebp+arg_8]
push offset dword_4352EC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410073
push [ebp+arg_8]
push offset dword_4352E0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410073
mov eax, [ebp+esi+var_84]
cmp eax, ebx
mov [ebp+arg_10], eax
jz loc_40D219
push [ebp+arg_8]
push offset dword_4352D4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FD1A
push [ebp+arg_8]
push offset dword_42E900
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FD1A
push [ebp+arg_8]
push offset dword_4352C4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FBFA
push [ebp+arg_8]
push offset dword_4352B8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FBFA
push [ebp+arg_8]
push offset dword_4352B4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FBFA
push [ebp+arg_8]
push offset dword_4352A4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FAC7
push [ebp+arg_8]
push offset dword_435298
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FAC7
push [ebp+arg_8]
push offset dword_435294
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40FAC7
push [ebp+arg_8]
push offset dword_435284
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40F934
push [ebp+arg_8]
push offset dword_435280
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40F934
push [ebp+arg_8]
push offset dword_435274
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_40F73D
lea eax, [ebp+var_3E4]
push edi
push eax
call sub_415C00
push [ebp+arg_18]
call sub_415A5F
push [ebp+arg_0]
mov [ebp+arg_18], eax
lea eax, [ebp+var_D9C]
push eax
call sub_415C00
push [ebp+arg_10]
lea eax, [ebp+var_B94]
push eax
call sub_415C00
push offset dword_426A00
push offset dword_435270
push [ebp+esi+var_80]
call sub_4099AA
push eax
lea eax, [ebp+var_548]
push eax
call sub_415C00
add esp, 30h
lea eax, [ebp+var_6F4]
push eax
push 101h
call dword_43A310
lea eax, [ebp+var_3E4]
push eax
call dword_43A41C
push 6
push 1
push 2
mov edi, eax
call dword_43A418
push [ebp+arg_18]
mov esi, eax
mov [ebp+var_2D8], 2
mov eax, [edi+0Ch]
mov eax, [eax]
mov eax, [eax]
mov [ebp+var_2D4], eax
call dword_43A398
mov [ebp+var_2D6], ax
lea eax, [ebp+var_548]
push eax
lea eax, [ebp+var_D9C]
push eax
lea eax, [ebp+var_548]
push eax
lea eax, [ebp+var_B94]
push eax
lea eax, [ebp+var_D9C]
push eax
lea eax, [ebp+var_159C]
push offset dword_435224
push eax
call sub_4154E7
add esp, 1Ch
lea eax, [ebp+var_2D8]
push 10h
push eax
push esi
call dword_43A340
mov edi, 100h
push ebx
lea eax, [ebp+var_C98]
push edi
push eax
push esi
call dword_43A3B0
lea eax, [ebp+var_C98]
push ebx
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_159C]
push eax
push esi
call dword_43A3E8
push ebx
lea eax, [ebp+var_C98]
push edi
push eax
push esi
call dword_43A3B0
push esi
call dword_43A430
call dword_43A2F8
lea eax, [ebp+var_B94]
push eax
push offset dword_4351E0
loc_40F704: ; CODE XREF: sub_40CE55+3A1C�j
; sub_40CE55+3D07�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
loc_40F713: ; CODE XREF: sub_40CE55+3A00�j
; sub_40CE55+3CAB�j ...
cmp [ebp+var_8], ebx
jnz loc_4124D6
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
jmp loc_4124D6
; ---------------------------------------------------------------------------
loc_40F73D: ; CODE XREF: sub_40CE55+2759�j
push [ebp+arg_8]
push offset dword_4351D0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40F906
push [ebp+arg_8]
push offset dword_4351C4
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40F906
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz loc_40D219
push [ebp+arg_8]
push offset dword_4351B8
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_41298E
push 4
push esi
call sub_40C1FE
pop ecx
test eax, eax
pop ecx
jnz short loc_40F7DB
push esi
push offset dword_435184
loc_40F7A2: ; CODE XREF: sub_40CE55+2C63�j
; sub_40CE55+3219�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
loc_40F7B1: ; CODE XREF: sub_40CE55+2C47�j
; sub_40CE55+31FD�j ...
cmp [ebp+var_8], ebx
jnz loc_41284E
push ebx
push [ebp+var_4]
loc_40F7BE: ; CODE XREF: sub_40CE55+382C�j
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
loc_40F7CE: ; CODE XREF: sub_40CE55+50D1�j
call sub_412D4C
add esp, 14h
jmp loc_41284E
; ---------------------------------------------------------------------------
loc_40F7DB: ; CODE XREF: sub_40CE55+2945�j
call dword_42104C
push eax
call sub_415539
pop ecx
call sub_415543
push 9
cdq
pop ecx
idiv ecx
push edx
call sub_415543
push 63h
cdq
pop ecx
idiv ecx
push edx
call sub_415543
cdq
mov ecx, 3E7h
idiv ecx
lea eax, [ebp+var_C9C]
push edx
push eax
lea eax, [ebp+var_B98]
push offset dword_435174
push eax
call sub_4154E7
lea eax, [ebp+var_B98]
push offset dword_423C2C
push eax
call sub_415BE8
add esp, 20h
cmp eax, ebx
mov [ebp+arg_24], eax
jz loc_40D219
push esi
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push offset dword_435150
push eax
call sub_415B96
push [ebp+arg_24]
call sub_415B40
lea eax, [ebp+var_B98]
push eax
lea eax, [ebp+var_3E4]
push offset dword_435148
push eax
call sub_4154E7
add esp, 2Ch
lea eax, [ebp+var_3E4]
push ebx
push ebx
push eax
push offset dword_435140
push offset dword_42BEF8
push ebx
call dword_43A30C
test eax, eax
push edi
push esi
jz short loc_40F8A5
push offset dword_435108
jmp short loc_40F8AA
; ---------------------------------------------------------------------------
loc_40F8A5: ; CODE XREF: sub_40CE55+2A47�j
push offset dword_4350C8
loc_40F8AA: ; CODE XREF: sub_40CE55+2A4E�j
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_40F8D3
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_40F8D3: ; CODE XREF: sub_40CE55+2A60�j
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
loc_40F8DF: ; CODE XREF: sub_40CE55+2AAF�j
lea eax, [ebp+var_B98]
push 4
push eax
call sub_40C1FE
add esp, 0Ch
test eax, eax
jz loc_40D219
lea eax, [ebp+var_B98]
push eax
call sub_4178FC
jmp short loc_40F8DF
; ---------------------------------------------------------------------------
loc_40F906: ; CODE XREF: sub_40CE55+28F9�j
; sub_40CE55+2910�j
push [ebp+esi+var_80]
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
call sub_415A5F
pop ecx
push eax
push edi
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_406B1D
jmp loc_41298B
; ---------------------------------------------------------------------------
loc_40F934: ; CODE XREF: sub_40CE55+272B�j
; sub_40CE55+2742�j
mov esi, 80h
push edi
lea eax, [ebp+var_680]
push esi
push eax
call sub_415A6A
lea eax, [ebp+var_680]
push eax
push offset dword_4233B4
call sub_415910
add esp, 14h
test eax, eax
jz short loc_40F997
lea eax, [ebp+var_680]
push eax
push offset dword_4233B0
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40F997
lea eax, [ebp+var_680]
push eax
push offset dword_4233A8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40F997
push offset dword_43508C
jmp loc_41202C
; ---------------------------------------------------------------------------
loc_40F997: ; CODE XREF: sub_40CE55+2B08�j
; sub_40CE55+2B1F�j ...
push [ebp+arg_10]
call sub_415A5F
cmp eax, ebx
pop ecx
mov [ebp+var_578], eax
jle loc_40FABD
push edi
lea eax, [ebp+var_680]
push esi
push eax
call sub_415A6A
push [ebp+arg_18]
lea eax, [ebp+var_700]
push esi
push eax
call sub_415A6A
push [ebp+arg_0]
call sub_415A5F
mov [ebp+var_57C], eax
xor eax, eax
cmp [ebp+var_9A2], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_574], eax
mov eax, [ebp+arg_4]
mov [ebp+var_704], eax
lea eax, [ebp+var_600]
push esi
push eax
call sub_415A6A
mov eax, [ebp+var_4]
add esp, 28h
cmp [ebp+var_574], ebx
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
mov [ebp+var_56C], eax
mov eax, offset dword_435084
jnz short loc_40FA2E
mov eax, offset dword_43507C
loc_40FA2E: ; CODE XREF: sub_40CE55+2BD2�j
push [ebp+arg_10]
push [ebp+arg_0]
push [ebp+arg_18]
push edi
push eax
push offset dword_435034
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
push ebx
lea eax, [ebp+var_2C8]
push 0Ch
push eax
call sub_414F93
add esp, 2Ch
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_704]
push ebx
push eax
push offset sub_401BD6
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_40FAAC
loc_40FA96: ; CODE XREF: sub_40CE55+2C55�j
cmp [ebp+var_568], ebx
jnz loc_40F7B1
push 32h
call dword_421060
jmp short loc_40FA96
; ---------------------------------------------------------------------------
loc_40FAAC: ; CODE XREF: sub_40CE55+2C3F�j
call dword_421088
push eax
push offset dword_434FE8
jmp loc_40F7A2
; ---------------------------------------------------------------------------
loc_40FABD: ; CODE XREF: sub_40CE55+2B53�j
push offset dword_434F9C
jmp loc_41202C
; ---------------------------------------------------------------------------
loc_40FAC7: ; CODE XREF: sub_40CE55+26E6�j
; sub_40CE55+26FD�j ...
cmp dword_43A488, ebx
mov esi, [ebp+arg_4]
jnz loc_40FBCF
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_2EC], eax
mov eax, [ebp+var_4]
mov [ebp+var_2F0], eax
lea eax, [ebp+var_384]
push edi
push eax
call sub_416D40
push [ebp+arg_18]
call sub_415A5F
push [ebp+arg_0]
mov [ebp+var_304], eax
call sub_415A5F
push [ebp+arg_10]
mov [ebp+var_300], eax
call sub_415A5F
push 7Fh
mov [ebp+var_2FC], eax
push [ebp+var_8C]
lea eax, [ebp+var_404]
push eax
call sub_416D40
push [ebp+var_2FC]
lea eax, [ebp+var_384]
mov [ebp+var_408], esi
push [ebp+var_300]
push eax
lea eax, [ebp+var_2C8]
push [ebp+var_304]
push offset dword_434F40
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 0Eh
push eax
call sub_414F93
add esp, 48h
mov [ebp+var_2F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_408]
push ebx
push eax
push offset sub_40A217
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_2F4]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_40FBBE
loc_40FBAC: ; CODE XREF: sub_40CE55+2D67�j
cmp [ebp+var_2E8], ebx
jnz short loc_40FBE8
push 32h
call dword_421060
jmp short loc_40FBAC
; ---------------------------------------------------------------------------
loc_40FBBE: ; CODE XREF: sub_40CE55+2D55�j
call dword_421088
push eax
push offset dword_434EF4
jmp loc_41077A
; ---------------------------------------------------------------------------
loc_40FBCF: ; CODE XREF: sub_40CE55+2C7B�j
push 1FFh
lea eax, [ebp+var_2C8]
push offset dword_434EDC
push eax
call sub_416D40
loc_40FBE5: ; CODE XREF: sub_40CE55+3931�j
add esp, 0Ch
loc_40FBE8: ; CODE XREF: sub_40CE55+2D5D�j
; sub_40CE55+2EA4�j ...
cmp [ebp+var_8], ebx
jnz loc_41284E
push ebx
push [ebp+var_4]
jmp loc_411F18
; ---------------------------------------------------------------------------
loc_40FBFA: ; CODE XREF: sub_40CE55+26A1�j
; sub_40CE55+26B8�j ...
mov eax, [ebp+var_8]
push 7Fh
mov [ebp+var_2EC], eax
mov eax, [ebp+var_4]
mov [ebp+var_2F0], eax
lea eax, [ebp+var_384]
push edi
push eax
call sub_416D40
push [ebp+arg_18]
call sub_415A5F
push [ebp+arg_0]
mov [ebp+var_304], eax
call sub_415A5F
push [ebp+arg_10]
mov [ebp+var_300], eax
call sub_415A5F
mov esi, [ebp+esi+var_80]
add esp, 18h
cmp esi, ebx
mov [ebp+var_2FC], eax
jz short loc_40FC5F
push esi
call sub_415A5F
pop ecx
mov [ebp+var_2F8], eax
jmp short loc_40FC65
; ---------------------------------------------------------------------------
loc_40FC5F: ; CODE XREF: sub_40CE55+2DF9�j
mov [ebp+var_2F8], ebx
loc_40FC65: ; CODE XREF: sub_40CE55+2E08�j
push 7Fh
lea eax, [ebp+var_404]
push [ebp+var_8C]
push eax
call sub_416D40
push [ebp+var_2FC]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_384]
mov [ebp+var_408], esi
push [ebp+var_300]
push eax
lea eax, [ebp+var_2C8]
push [ebp+var_304]
push offset dword_434E80
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 0Fh
push eax
call sub_414F93
add esp, 30h
mov [ebp+var_2F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_408]
push ebx
push eax
push offset sub_40A3A3
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_2F4]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_40FD09
loc_40FCF3: ; CODE XREF: sub_40CE55+2EB2�j
cmp [ebp+var_2E8], ebx
jnz loc_40FBE8
push 32h
call dword_421060
jmp short loc_40FCF3
; ---------------------------------------------------------------------------
loc_40FD09: ; CODE XREF: sub_40CE55+2E9C�j
call dword_421088
push eax
push offset dword_434E34
jmp loc_41077A
; ---------------------------------------------------------------------------
loc_40FD1A: ; CODE XREF: sub_40CE55+2673�j
; sub_40CE55+268A�j
push 8
call sub_4151DB
push [ebp+arg_18]
mov [ebp+arg_8], eax
call sub_415A5F
add eax, [ebp+arg_8]
pop ecx
pop ecx
cmp eax, 12Ch
jle short loc_40FD6D
push [ebp+arg_8]
lea eax, [ebp+var_2C8]
push offset dword_434DE0
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
loc_40FD65: ; CODE XREF: sub_40CE55+4330�j
add esp, 20h
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_40FD6D: ; CODE XREF: sub_40CE55+2EE1�j
push edi
call sub_415A5F
push [ebp+arg_18]
mov [ebp+var_31C], eax
call sub_415A5F
push [ebp+arg_0]
mov [ebp+var_304], eax
call sub_415A5F
add esp, 0Ch
cmp eax, 1
mov [ebp+var_318], eax
jnb short loc_40FDA6
push 1
pop eax
mov [ebp+var_318], eax
loc_40FDA6: ; CODE XREF: sub_40CE55+2F46�j
push 3Ch
pop ecx
cmp eax, ecx
jbe short loc_40FDB3
mov [ebp+var_318], ecx
loc_40FDB3: ; CODE XREF: sub_40CE55+2F56�j
push [ebp+arg_10]
call sub_415A5F
mov [ebp+var_314], eax
mov eax, 1F4h
cmp [ebp+var_314], eax
pop ecx
jbe short loc_40FDD5
mov [ebp+var_314], eax
loc_40FDD5: ; CODE XREF: sub_40CE55+2F78�j
or [ebp+var_300], 0FFFFFFFFh
cmp dword_427338, ebx
mov [ebp+arg_0], ebx
jz short loc_40FE2B
mov [ebp+arg_24], offset dword_427338
loc_40FDEE: ; CODE XREF: sub_40CE55+2FB8�j
mov eax, [ebp+arg_24]
push edi
add eax, 0FFFFFFD8h
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_40FE11
add [ebp+arg_24], 3Ch
inc [ebp+arg_0]
mov eax, [ebp+arg_24]
cmp [eax], ebx
jnz short loc_40FDEE
jmp short loc_40FE2B
; ---------------------------------------------------------------------------
loc_40FE11: ; CODE XREF: sub_40CE55+2FAA�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_300], eax
imul ecx, 3Ch
mov ecx, dword_427338[ecx]
mov [ebp+var_31C], ecx
loc_40FE2B: ; CODE XREF: sub_40CE55+2F90�j
; sub_40CE55+2FBA�j
cmp [ebp+var_31C], ebx
jz loc_411C49
mov edi, [ebp+esi+var_80]
cmp edi, ebx
mov [ebp+arg_18], edi
jz short loc_40FE72
cmp byte ptr [edi], 23h
jz short loc_40FE72
push edi
lea eax, [ebp+var_430]
push 10h
push eax
call sub_415A6A
push 78h
push edi
call sub_417080
add esp, 14h
neg eax
sbb eax, eax
neg eax
mov [ebp+var_2F0], eax
jmp loc_40FF46
; ---------------------------------------------------------------------------
loc_40FE72: ; CODE XREF: sub_40CE55+2FEB�j
; sub_40CE55+2FF0�j
cmp [ebp+var_9B3], bl
jnz short loc_40FE94
cmp [ebp+var_9B2], bl
jnz short loc_40FE94
cmp [ebp+var_9A2], bl
jnz short loc_40FE94
push offset dword_434D94
jmp loc_41202C
; ---------------------------------------------------------------------------
loc_40FE94: ; CODE XREF: sub_40CE55+3023�j
; sub_40CE55+302B�j ...
push 10h
lea eax, [ebp+arg_0]
pop edi
push eax
lea eax, [ebp+var_2D8]
push eax
mov [ebp+arg_0], edi
push [ebp+arg_4]
call dword_43A33C
mov al, [ebp+var_9B3]
push edi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2D4], eax
push [ebp+var_2D4]
call dword_43A424
push eax
lea eax, [ebp+var_430]
push eax
call sub_416D40
add esp, 0Ch
cmp [ebp+var_9A2], bl
jz short loc_40FF40
xor eax, eax
cmp [ebp+var_9B3], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_430]
push eax
call sub_417040
pop ecx
cmp edi, ebx
pop ecx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_40FF34
loc_40FF12: ; CODE XREF: sub_40CE55+30DD�j
cmp eax, ebx
jz short loc_40FF34
mov byte ptr [eax], 78h
lea eax, [ebp+var_430]
push 30h
push eax
call sub_417040
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_40FF12
loc_40FF34: ; CODE XREF: sub_40CE55+30BB�j
; sub_40CE55+30BF�j
mov [ebp+var_2F0], 1
jmp short loc_40FF46
; ---------------------------------------------------------------------------
loc_40FF40: ; CODE XREF: sub_40CE55+3095�j
mov [ebp+var_2F0], ebx
loc_40FF46: ; CODE XREF: sub_40CE55+3018�j
; sub_40CE55+30E9�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov [ebp+var_320], eax
mov eax, [ebp+var_4]
mov [ebp+var_2F8], eax
mov eax, [ebp+var_8]
mov [ebp+var_2F4], eax
mov edi, 80h
lea eax, [ebp+var_420]
push edi
push eax
call sub_415A6A
mov esi, [ebp+esi+var_7C]
add esp, 0Ch
cmp esi, ebx
jz short loc_40FF97
loc_40FF84: ; CODE XREF: sub_40CE55+3165�j
push esi
loc_40FF85: ; CODE XREF: sub_40CE55+314F�j
lea eax, [ebp+var_3A0]
push edi
push eax
call sub_415A6A
add esp, 0Ch
jmp short loc_40FFC2
; ---------------------------------------------------------------------------
loc_40FF97: ; CODE XREF: sub_40CE55+312D�j
mov eax, [ebp+arg_18]
cmp eax, ebx
jz short loc_40FFA6
cmp byte ptr [eax], 23h
jnz short loc_40FFA6
push eax
jmp short loc_40FF85
; ---------------------------------------------------------------------------
loc_40FFA6: ; CODE XREF: sub_40CE55+3147�j
; sub_40CE55+314C�j
mov esi, offset dword_42C244
push offset byte_438FBC
push esi
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_40FF84
mov [ebp+var_3A0], bl
loc_40FFC2: ; CODE XREF: sub_40CE55+3140�j
cmp [ebp+var_2F0], ebx
mov eax, offset dword_434D8C
jnz short loc_40FFD4
mov eax, offset dword_434D80
loc_40FFD4: ; CODE XREF: sub_40CE55+3178�j
push [ebp+var_304]
lea ecx, [ebp+var_430]
push [ebp+var_314]
push [ebp+var_318]
push [ebp+var_31C]
push ecx
push eax
lea eax, [ebp+var_2C8]
push offset dword_434D08
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 8
push eax
call sub_414F93
add esp, 2Ch
mov [ebp+var_310], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_430]
push ebx
push eax
push offset sub_40799F
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_310]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_410062
loc_41004C: ; CODE XREF: sub_40CE55+320B�j
cmp [ebp+var_2EC], ebx
jnz loc_40F7B1
push 32h
call dword_421060
jmp short loc_41004C
; ---------------------------------------------------------------------------
loc_410062: ; CODE XREF: sub_40CE55+31F5�j
call dword_421088
push eax
push offset dword_434CBC
jmp loc_40F7A2
; ---------------------------------------------------------------------------
loc_410073: ; CODE XREF: sub_40CE55+2633�j
; sub_40CE55+264A�j
push edi
call sub_415A5F
imul eax, 234h
pop ecx
cmp byte_43F540[eax], bl
jz loc_41298E
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
call sub_415CF0
push [ebp+arg_8]
mov esi, eax
call sub_415CF0
push [ebp+arg_18]
add esi, eax
call sub_415CF0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_415AC0
mov esi, eax
lea eax, [ebp+var_2C8]
push esi
push offset dword_434CB0
push eax
call sub_4154E7
add esp, 20h
cmp esi, ebx
jz loc_41298E
push edi
call sub_415A5F
test eax, eax
pop ecx
jle loc_41298E
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_41298E
push ebx
lea eax, [ebp+var_2C8]
push ebx
push eax
push [ebp+arg_18]
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call sub_412D4C
push edi
call sub_415A5F
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43F328[eax], 73h
jnz loc_41298E
push esi
push edi
call sub_415A5F
imul eax, 234h
pop ecx
add eax, offset byte_43F540
push eax
push [ebp+arg_18]
push offset dword_434CA0
loc_41015B: ; CODE XREF: sub_40CE55+3403�j
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
loc_410180: ; CODE XREF: sub_40CE55+529F�j
add esp, 28h
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_410188: ; CODE XREF: sub_40CE55+2605�j
; sub_40CE55+261C�j
push edi
call sub_415A5F
imul eax, 234h
pop ecx
cmp byte_43F540[eax], bl
jz loc_41298E
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
call sub_415CF0
push [ebp+arg_8]
mov esi, eax
call sub_415CF0
push [ebp+arg_18]
add esi, eax
call sub_415CF0
add eax, [ebp+var_C]
push [ebp+arg_0]
lea eax, [eax+esi+2]
push eax
call sub_415AC0
mov esi, eax
add esp, 14h
cmp esi, ebx
jz loc_41298E
push edi
call sub_415A5F
test eax, eax
pop ecx
jle loc_41298E
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_41298E
push ebx
push ebx
push esi
push [ebp+arg_18]
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call sub_412D4C
push edi
call sub_415A5F
imul eax, 234h
add esp, 18h
cmp byte ptr dword_43F328[eax], 73h
jnz loc_41298E
push esi
push edi
call sub_415A5F
imul eax, 234h
pop ecx
add eax, offset byte_43F540
push eax
push [ebp+arg_18]
push offset dword_434C90
jmp loc_41015B
; ---------------------------------------------------------------------------
loc_41025D: ; CODE XREF: sub_40CE55+25D7�j
; sub_40CE55+25EE�j
push edi
call dword_43A3D8
push [ebp+arg_18]
mov [ebp+var_460], eax
call sub_415A5F
push [ebp+arg_0]
mov [ebp+var_46C], eax
call sub_415A5F
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_468], eax
lea eax, [ebp+var_4EC]
mov [ebp+var_4F0], esi
push eax
call sub_416D40
add esp, 14h
mov edi, [ebp+var_4]
mov eax, [ebp+var_8]
mov [ebp+var_458], edi
push [ebp+var_468]
mov [ebp+var_454], eax
push [ebp+var_46C]
push [ebp+var_460]
call dword_43A424
push eax
lea eax, [ebp+var_2C8]
push offset dword_434C40
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 8
push eax
call sub_414F93
add esp, 20h
mov [ebp+var_464], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F0]
push ebx
push eax
push offset sub_414569
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_464]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_41033F
loc_410329: ; CODE XREF: sub_40CE55+34E8�j
cmp [ebp+var_450], ebx
jnz loc_411F0D
push 32h
call dword_421060
jmp short loc_410329
; ---------------------------------------------------------------------------
loc_41033F: ; CODE XREF: sub_40CE55+34D2�j
call dword_421088
push eax
push offset dword_434BF0
jmp loc_411EFE
; ---------------------------------------------------------------------------
loc_410350: ; CODE XREF: sub_40CE55+25A9�j
; sub_40CE55+25C0�j
push edi
call sub_415A5F
push 7Fh
mov [ebp+var_300], eax
push [ebp+arg_18]
lea eax, [ebp+var_404]
push eax
call sub_416D40
push [ebp+arg_0]
call sub_415A5F
push [ebp+var_8C]
mov esi, [ebp+arg_4]
mov [ebp+var_304], eax
lea eax, [ebp+var_384]
push 80h
push eax
mov [ebp+var_40C], esi
call sub_415A6A
mov eax, [ebp+var_8]
add esp, 20h
mov edi, [ebp+var_4]
mov [ebp+var_2F0], eax
push [ebp+var_304]
lea eax, [ebp+var_404]
mov [ebp+var_2F4], edi
push eax
push [ebp+var_300]
push esi
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_2C8]
push offset dword_434BA0
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 10h
push eax
call sub_414F93
add esp, 24h
mov [ebp+var_2FC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_40C]
push ebx
push eax
push offset sub_407BFE
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_2FC]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_410439
loc_410423: ; CODE XREF: sub_40CE55+35E2�j
cmp [ebp+var_2EC], ebx
jnz loc_411F0D
push 32h
call dword_421060
jmp short loc_410423
; ---------------------------------------------------------------------------
loc_410439: ; CODE XREF: sub_40CE55+35CC�j
call dword_421088
push eax
push offset dword_434B4C
jmp loc_411EFE
; ---------------------------------------------------------------------------
loc_41044A: ; CODE XREF: sub_40CE55+257B�j
; sub_40CE55+2592�j
push 0FFh
lea eax, [ebp+var_788]
push edi
push eax
call sub_416D40
push 0FFh
lea eax, [ebp+var_688]
push [ebp+arg_18]
push eax
call sub_416D40
push [ebp+arg_0]
mov [ebp+var_584], ebx
call sub_415A5F
mov [ebp+var_580], eax
mov eax, [ebp+esi+var_84]
add esp, 1Ch
cmp eax, ebx
jz short loc_4104A6
push 10h
push ebx
push eax
call sub_416A89
add esp, 0Ch
mov [ebp+var_578], eax
jmp short loc_4104AC
; ---------------------------------------------------------------------------
loc_4104A6: ; CODE XREF: sub_40CE55+363B�j
mov [ebp+var_578], ebx
loc_4104AC: ; CODE XREF: sub_40CE55+364F�j
mov esi, [ebp+esi+var_80]
cmp esi, ebx
jz short loc_4104C3
push esi
call sub_415A5F
pop ecx
mov [ebp+var_57C], eax
jmp short loc_4104C9
; ---------------------------------------------------------------------------
loc_4104C3: ; CODE XREF: sub_40CE55+365D�j
mov [ebp+var_57C], ebx
loc_4104C9: ; CODE XREF: sub_40CE55+366C�j
movzx eax, [ebp+var_9AF]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_574], eax
lea eax, [ebp+var_808]
mov [ebp+var_80C], esi
push eax
call sub_416D40
mov eax, [ebp+var_4]
push [ebp+arg_18]
mov [ebp+var_56C], eax
mov eax, [ebp+var_8]
mov [ebp+var_570], eax
push edi
lea eax, [ebp+var_2C8]
push offset dword_434B0C
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_2C8]
push 15h
push eax
call sub_414F93
add esp, 28h
mov [ebp+var_588], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_80C]
push ebx
push eax
push offset sub_40BCEF
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_588]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_410577
loc_410561: ; CODE XREF: sub_40CE55+3720�j
cmp [ebp+var_568], ebx
jnz loc_40FBE8
push 32h
call dword_421060
jmp short loc_410561
; ---------------------------------------------------------------------------
loc_410577: ; CODE XREF: sub_40CE55+370A�j
call dword_421088
push eax
push offset dword_434AB8
jmp loc_41077A
; ---------------------------------------------------------------------------
loc_410588: ; CODE XREF: sub_40CE55+254D�j
; sub_40CE55+2564�j
push 7Fh
lea eax, [ebp+var_774]
pop esi
push esi
push edi
push eax
call sub_416D40
push esi
lea eax, [ebp+var_6F4]
push [ebp+arg_18]
push eax
call sub_416D40
push esi
lea eax, [ebp+var_674]
push [ebp+arg_0]
push eax
call sub_416D40
push esi
lea eax, [ebp+var_5F4]
push [ebp+var_8C]
push eax
call sub_416D40
mov eax, [ebp+var_8]
push [ebp+arg_0]
mov esi, [ebp+var_4]
mov [ebp+var_56C], eax
mov eax, [ebp+arg_4]
push [ebp+arg_18]
mov [ebp+var_778], eax
lea eax, [ebp+var_2C8]
push edi
push offset dword_434A78
push eax
mov [ebp+var_570], esi
call sub_4154E7
add esp, 44h
lea eax, [ebp+var_2C8]
push ebx
push 0Bh
push eax
call sub_414F93
add esp, 0Ch
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_778]
push ebx
push eax
push offset sub_40182E
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_41065B
loc_410649: ; CODE XREF: sub_40CE55+3804�j
cmp [ebp+var_568], ebx
jnz short loc_410676
push 32h
call dword_421060
jmp short loc_410649
; ---------------------------------------------------------------------------
loc_41065B: ; CODE XREF: sub_40CE55+37F2�j
call dword_421088
push eax
lea eax, [ebp+var_2C8]
push offset dword_434A2C
push eax
call sub_4154E7
add esp, 0Ch
loc_410676: ; CODE XREF: sub_40CE55+37FA�j
cmp [ebp+var_8], ebx
jnz loc_41284E
push ebx
push esi
jmp loc_40F7BE
; ---------------------------------------------------------------------------
loc_410686: ; CODE XREF: sub_40CE55+2508�j
; sub_40CE55+251F�j ...
push 7Fh
lea eax, [ebp+var_7F0]
pop esi
push esi
push edi
push eax
call sub_416D40
push esi
lea eax, [ebp+var_770]
push [ebp+arg_18]
push eax
call sub_416D40
push esi
lea eax, [ebp+var_6F0]
push [ebp+arg_0]
push eax
call sub_416D40
push esi
lea eax, [ebp+var_670]
push [ebp+var_8C]
push eax
call sub_416D40
push 20h
lea eax, [ebp+var_5F0]
push [ebp+arg_8]
push eax
call sub_416D40
mov eax, [ebp+var_4]
push [ebp+arg_0]
mov esi, [ebp+arg_4]
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
push [ebp+arg_18]
mov [ebp+var_56C], eax
lea eax, [ebp+var_2C8]
push edi
push offset dword_4349E8
push eax
mov [ebp+var_7F8], esi
call sub_4154E7
add esp, 50h
lea eax, [ebp+var_2C8]
push ebx
push 0Ah
push eax
call sub_414F93
add esp, 0Ch
mov [ebp+var_7F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_7F8]
push ebx
push eax
push offset sub_401000
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_7F4]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_41076E
loc_410758: ; CODE XREF: sub_40CE55+3917�j
cmp [ebp+var_568], ebx
jnz loc_40FBE8
push 32h
call dword_421060
jmp short loc_410758
; ---------------------------------------------------------------------------
loc_41076E: ; CODE XREF: sub_40CE55+3901�j
call dword_421088
push eax
push offset dword_43499C
loc_41077A: ; CODE XREF: sub_40CE55+2D75�j
; sub_40CE55+2EC0�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
jmp loc_40FBE5
; ---------------------------------------------------------------------------
loc_41078B: ; CODE XREF: sub_40CE55+24DA�j
; sub_40CE55+24F1�j
push 7Fh
lea eax, [ebp+var_444]
push edi
push eax
call sub_416D40
push [ebp+arg_18]
call sub_415A5F
push 3Fh
mov [ebp+var_2F4], eax
push [ebp+arg_0]
lea eax, [ebp+var_3C4]
push eax
call sub_416D40
mov esi, [ebp+esi+var_84]
add esp, 1Ch
cmp esi, ebx
jz short loc_4107D9
push 3Fh
lea eax, [ebp+var_384]
push esi
push eax
call sub_416D40
add esp, 0Ch
loc_4107D9: ; CODE XREF: sub_40CE55+3970�j
lea eax, [ebp+var_3C4]
mov [ebp+var_2F0], 1
push eax
lea eax, [ebp+var_444]
push [ebp+var_2F4]
push eax
lea eax, [ebp+var_2C8]
push offset dword_434958
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 17h
push eax
call sub_414F93
add esp, 20h
mov [ebp+var_2EC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_448]
push ebx
push eax
push offset sub_40CB75
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_2EC]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_410865
loc_41084F: ; CODE XREF: sub_40CE55+3A0E�j
cmp [ebp+var_2E8], ebx
jnz loc_40F713
push 32h
call dword_421060
jmp short loc_41084F
; ---------------------------------------------------------------------------
loc_410865: ; CODE XREF: sub_40CE55+39F8�j
call dword_421088
push eax
push offset dword_43490C
jmp loc_40F704
; ---------------------------------------------------------------------------
loc_410876: ; CODE XREF: sub_40CE55+249A�j
; sub_40CE55+24B1�j
push [ebp+arg_18]
call sub_415A5F
cmp eax, ebx
pop ecx
mov [ebp+var_578], eax
jle loc_410967
mov esi, 80h
push edi
lea eax, [ebp+var_700]
push esi
push eax
call sub_415A6A
xor eax, eax
cmp [ebp+var_9A2], bl
push [ebp+var_8C]
setnz al
mov [ebp+var_574], eax
mov eax, [ebp+arg_4]
mov [ebp+var_704], eax
lea eax, [ebp+var_600]
push esi
push eax
call sub_415A6A
mov eax, [ebp+var_4]
push [ebp+arg_18]
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
mov [ebp+var_56C], eax
push edi
push offset dword_4348CC
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
push ebx
lea eax, [ebp+var_2C8]
push 0Dh
push eax
call sub_414F93
add esp, 38h
mov [ebp+var_580], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_704]
push ebx
push eax
push offset sub_401447
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_580]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_410956
loc_410940: ; CODE XREF: sub_40CE55+3AFF�j
cmp [ebp+var_568], ebx
jnz loc_40F7B1
push 32h
call dword_421060
jmp short loc_410940
; ---------------------------------------------------------------------------
loc_410956: ; CODE XREF: sub_40CE55+3AE9�j
call dword_421088
push eax
push offset dword_434880
jmp loc_40F7A2
; ---------------------------------------------------------------------------
loc_410967: ; CODE XREF: sub_40CE55+3A32�j
push offset dword_434834
jmp loc_41202C
; ---------------------------------------------------------------------------
loc_410971: ; CODE XREF: sub_40CE55+246C�j
; sub_40CE55+2483�j
push [ebp+arg_18]
push edi
call dword_421134
test eax, eax
jz short loc_41099E
push [ebp+arg_18]
lea eax, [ebp+var_2C8]
push edi
push offset dword_4347FC
push 200h
push eax
call sub_415A6A
jmp loc_4111C1
; ---------------------------------------------------------------------------
loc_41099E: ; CODE XREF: sub_40CE55+3B28�j
push offset dword_4347DC
call sub_409C08
push eax
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
add esp, 10h
jmp loc_40F7B1
; ---------------------------------------------------------------------------
loc_4109C2: ; CODE XREF: sub_40CE55+243E�j
; sub_40CE55+2455�j
push edi
lea eax, [ebp+var_77C]
push 104h
push eax
call sub_415A6A
add esp, 0Ch
cmp [ebp+var_C], ebx
jz short loc_4109FC
push [ebp+arg_18]
push [ebp+var_C]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_4109FC
push eax
lea eax, [ebp+var_678]
push eax
call sub_4154E7
pop ecx
pop ecx
loc_4109FC: ; CODE XREF: sub_40CE55+3B85�j
; sub_40CE55+3B96�j
push [ebp+var_8C]
lea eax, [ebp+var_7FC]
push 80h
push eax
call sub_415A6A
mov eax, [ebp+arg_4]
mov [ebp+var_800], eax
mov eax, [ebp+var_4]
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
mov [ebp+var_56C], eax
lea eax, [ebp+var_678]
push eax
lea eax, [ebp+var_77C]
push eax
push offset dword_434798
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
push ebx
lea eax, [ebp+var_2C8]
push 1Bh
push eax
call sub_414F93
add esp, 2Ch
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_800]
push ebx
push eax
push offset sub_408788
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_410AAF
loc_410A99: ; CODE XREF: sub_40CE55+3C58�j
cmp [ebp+var_568], ebx
jnz loc_41284E
push 32h
call dword_421060
jmp short loc_410A99
; ---------------------------------------------------------------------------
loc_410AAF: ; CODE XREF: sub_40CE55+3C42�j
call dword_421088
push eax
push offset dword_434748
jmp loc_41283F
; ---------------------------------------------------------------------------
loc_410AC0: ; CODE XREF: sub_40CE55+2410�j
; sub_40CE55+2427�j
push 44h
lea eax, [ebp+var_48C]
pop esi
push esi
push ebx
push eax
call sub_415570
push 1
mov [ebp+var_48C], esi
pop esi
mov word ptr [ebp+var_45C], bx
push edi
mov [ebp+var_460], esi
call sub_415A5F
add esp, 10h
cmp eax, esi
jnz short loc_410AFD
mov word ptr [ebp+var_45C], 5
loc_410AFD: ; CODE XREF: sub_40CE55+3C9D�j
cmp [ebp+var_C], ebx
jz loc_40F713
push [ebp+arg_18]
push [ebp+var_C]
call sub_415AC0
mov edi, eax
pop ecx
cmp edi, ebx
pop ecx
jz loc_40F713
lea eax, [ebp+var_2D8]
push eax
lea eax, [ebp+var_48C]
push eax
push ebx
push ebx
push 28h
push esi
push ebx
push ebx
push edi
push ebx
call dword_4210EC
test eax, eax
jnz short loc_410B56
push offset dword_434710
loc_410B43: ; CODE XREF: sub_40CE55+3E85�j
; sub_40CE55+4518�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
pop ecx
pop ecx
jmp loc_40F713
; ---------------------------------------------------------------------------
loc_410B56: ; CODE XREF: sub_40CE55+3CE7�j
push edi
push offset dword_4346E4
jmp loc_40F704
; ---------------------------------------------------------------------------
loc_410B61: ; CODE XREF: sub_40CE55+23E2�j
; sub_40CE55+23F9�j
push [ebp+arg_18]
push offset dword_42C1A8
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_410CD5
lea eax, [ebp+var_3E8]
push eax
push 104h
call dword_4210F8
push 0FFh
lea eax, [ebp+var_788]
push edi
push eax
call sub_416D40
lea eax, [ebp+var_2E4]
push eax
call sub_414126
push eax
lea eax, [ebp+var_3E8]
push eax
lea eax, [ebp+var_688]
push offset dword_4346D8
push eax
call sub_4154E7
mov eax, [ebp+esi+var_88]
add esp, 20h
cmp eax, ebx
mov [ebp+var_584], 1
mov [ebp+var_580], ebx
jz short loc_410BF3
push 10h
push ebx
push eax
call sub_416A89
add esp, 0Ch
mov [ebp+var_578], eax
jmp short loc_410BF9
; ---------------------------------------------------------------------------
loc_410BF3: ; CODE XREF: sub_40CE55+3D88�j
mov [ebp+var_578], ebx
loc_410BF9: ; CODE XREF: sub_40CE55+3D9C�j
mov esi, [ebp+esi+var_84]
cmp esi, ebx
jz short loc_410C13
push esi
call sub_415A5F
pop ecx
mov [ebp+var_57C], eax
jmp short loc_410C19
; ---------------------------------------------------------------------------
loc_410C13: ; CODE XREF: sub_40CE55+3DAD�j
mov [ebp+var_57C], ebx
loc_410C19: ; CODE XREF: sub_40CE55+3DBC�j
movzx eax, [ebp+var_9AF]
mov esi, [ebp+arg_4]
push 7Fh
push [ebp+var_8C]
mov [ebp+var_574], eax
lea eax, [ebp+var_808]
mov [ebp+var_80C], esi
push eax
call sub_416D40
mov eax, [ebp+var_4]
push edi
mov [ebp+var_56C], eax
mov eax, [ebp+var_8]
mov [ebp+var_570], eax
lea eax, [ebp+var_2C8]
push offset dword_434698
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_2C8]
push 16h
push eax
call sub_414F93
add esp, 24h
mov [ebp+var_588], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_80C]
push ebx
push eax
push offset sub_40BCEF
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_588]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_410CC4
loc_410CAE: ; CODE XREF: sub_40CE55+3E6D�j
cmp [ebp+var_568], ebx
jnz loc_40F713
push 32h
call dword_421060
jmp short loc_410CAE
; ---------------------------------------------------------------------------
loc_410CC4: ; CODE XREF: sub_40CE55+3E57�j
call dword_421088
push eax
push offset dword_434648
jmp loc_40F704
; ---------------------------------------------------------------------------
loc_410CD5: ; CODE XREF: sub_40CE55+3D1D�j
push offset dword_4345F0
jmp loc_410B43
; ---------------------------------------------------------------------------
loc_410CDF: ; CODE XREF: sub_40CE55+23B4�j
; sub_40CE55+23CB�j
push [ebp+var_90]
push offset dword_43646C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40D219
cmp [ebp+var_C], ebx
jz loc_40D219
push [ebp+arg_18]
push [ebp+var_C]
call sub_415AC0
push eax
lea eax, [ebp+var_2C8]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_4345E0
push eax
call sub_4154E7
lea eax, [ebp+var_2C8]
push 1FFh
push eax
push [ebp+arg_0]
call sub_416D40
push edi
call sub_415A5F
add esp, 30h
test eax, eax
jle short loc_410D66
push edi
call sub_415A5F
imul eax, 3E8h
pop ecx
push eax
call dword_421060
loc_410D66: ; CODE XREF: sub_40CE55+3EFB�j
push offset dword_4345B8
call sub_40B16D
mov eax, [ebp+arg_24]
pop ecx
inc eax
jmp loc_40D21C
; ---------------------------------------------------------------------------
loc_410D7A: ; CODE XREF: sub_40CE55+2386�j
; sub_40CE55+239D�j
push [ebp+var_90]
push offset dword_43646C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40D219
cmp [ebp+var_C], ebx
jz loc_41298E
push [ebp+arg_18]
push [ebp+var_C]
call sub_415AC0
mov esi, eax
mov eax, [ebp+arg_18]
inc eax
push offset dword_4345B0
push eax
call sub_415910
add esp, 10h
test eax, eax
push esi
jz short loc_410E36
push [ebp+var_8C]
lea eax, [ebp+var_2C8]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_4345E0
push eax
call sub_4154E7
lea eax, [ebp+var_2C8]
push 1FFh
push eax
push [ebp+arg_0]
call sub_416D40
push esi
lea eax, [ebp+var_2C8]
push offset dword_434584
push eax
call sub_4154E7
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
push edi
call sub_415A5F
add esp, 38h
test eax, eax
jle loc_41298E
push edi
call sub_415A5F
add eax, [ebp+arg_24]
pop ecx
jmp loc_40D21C
; ---------------------------------------------------------------------------
loc_410E36: ; CODE XREF: sub_40CE55+3F6A�j
push offset dword_43453C
jmp loc_40F704
; ---------------------------------------------------------------------------
loc_410E40: ; CODE XREF: sub_40CE55+2358�j
; sub_40CE55+236F�j
push [ebp+arg_18]
lea eax, [ebp+var_2C8]
push offset dword_434534
push eax
call sub_4154E7
push edi
call sub_415A5F
add esp, 10h
loc_410E5D: ; CODE XREF: sub_40CE55+4072�j
test eax, eax
jle loc_41298E
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_41298E
loc_410E77: ; CODE XREF: sub_40CE55+4907�j
lea eax, [ebp+var_2C8]
push eax
push offset dword_425050
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call sub_412D06
loc_410E9B: ; CODE XREF: sub_40CE55+579E�j
add esp, 0Ch
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_410EA3: ; CODE XREF: sub_40CE55+232A�j
; sub_40CE55+2341�j
push [ebp+esi+var_88]
lea eax, [ebp+var_2C8]
push [ebp+arg_18]
push offset dword_434528
push eax
call sub_4154E7
push edi
call sub_415A5F
add esp, 14h
jmp short loc_410E5D
; ---------------------------------------------------------------------------
loc_410EC9: ; CODE XREF: sub_40CE55+22FC�j
; sub_40CE55+2313�j
push [ebp+arg_18]
lea eax, [ebp+var_2C8]
push offset dword_434520
push eax
call sub_4154E7
push edi
call sub_415A5F
add esp, 10h
test eax, eax
jle loc_41298E
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_41298E
lea eax, [ebp+var_2C8]
push eax
push offset dword_425050
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call sub_412D06
push [ebp+arg_18]
push edi
push offset dword_4344F0
loc_410F2D: ; CODE XREF: sub_40CE55+4162�j
; sub_40CE55+41CD�j ...
call sub_40B1E1
loc_410F32: ; CODE XREF: sub_40CE55+546E�j
add esp, 18h
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_410F3A: ; CODE XREF: sub_40CE55+22CE�j
; sub_40CE55+22E5�j
cmp [ebp+var_C], ebx
jz loc_41298E
push [ebp+arg_18]
push [ebp+var_C]
call sub_415AC0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_410F6B
push esi
lea eax, [ebp+var_2C8]
push offset dword_4344E8
push eax
call sub_4154E7
add esp, 0Ch
loc_410F6B: ; CODE XREF: sub_40CE55+40FF�j
push edi
call sub_415A5F
test eax, eax
pop ecx
jle loc_41298E
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_41298E
lea eax, [ebp+var_2C8]
push eax
push offset dword_425050
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call sub_412D06
push esi
push edi
push offset dword_4344B8
jmp loc_410F2D
; ---------------------------------------------------------------------------
loc_410FBC: ; CODE XREF: sub_40CE55+22A0�j
; sub_40CE55+22B7�j
cmp [ebp+var_C], ebx
jz loc_41298E
push [ebp+arg_18]
push [ebp+var_C]
call sub_415AC0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41298E
push edi
call sub_415A5F
test eax, eax
pop ecx
jle loc_41298E
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_41298E
push esi
push offset dword_425050
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call sub_412D06
push esi
push edi
push offset dword_434488
jmp loc_410F2D
; ---------------------------------------------------------------------------
loc_411027: ; CODE XREF: sub_40CE55+2272�j
; sub_40CE55+2289�j
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
push [ebp+var_C]
call sub_415AC0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41298E
push esi
push offset dword_43447C
push [ebp+arg_4]
call sub_412D06
push esi
push offset dword_43444C
loc_411059: ; CODE XREF: sub_40CE55+4AAC�j
; sub_40CE55+4AC5�j ...
call sub_40B1E1
loc_41105E: ; CODE XREF: sub_40CE55+4272�j
add esp, 14h
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_411066: ; CODE XREF: sub_40CE55+2244�j
; sub_40CE55+225B�j
push [ebp+var_90]
push offset dword_43646C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz loc_40D219
push [ebp+arg_18]
push offset dword_434440
push [ebp+arg_4]
call sub_412D06
push edi
call sub_415A5F
imul eax, 3E8h
add esp, 10h
push eax
call dword_421060
push [ebp+esi+var_88]
push [ebp+arg_18]
push offset dword_436564
push [ebp+arg_4]
call sub_412D06
push offset dword_434418
call sub_40B16D
jmp short loc_41105E
; ---------------------------------------------------------------------------
loc_4110C9: ; CODE XREF: sub_40CE55+2216�j
; sub_40CE55+222D�j
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
call sub_415CF0
push [ebp+arg_8]
mov esi, eax
call sub_415CF0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_415AC0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_41298E
push esi
lea eax, [ebp+var_2C8]
push offset dword_434CB0
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push ebx
push eax
push edi
push [ebp+arg_4]
call sub_412D4C
push esi
push edi
push offset dword_4343E8
call sub_40B1E1
add esp, 2Ch
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_411137: ; CODE XREF: sub_40CE55+21E8�j
; sub_40CE55+21FF�j
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
call sub_415CF0
push [ebp+arg_8]
mov esi, eax
call sub_415CF0
add eax, [ebp+var_C]
push [ebp+arg_18]
lea eax, [eax+esi+2]
push eax
call sub_415AC0
mov esi, eax
add esp, 10h
cmp esi, ebx
jz loc_41298E
push ebx
push ebx
push esi
push edi
push [ebp+arg_4]
call sub_412D4C
push esi
push edi
push offset dword_4343B8
call sub_40B1E1
jmp loc_40FD65
; ---------------------------------------------------------------------------
loc_41118A: ; CODE XREF: sub_40CE55+21BA�j
; sub_40CE55+21D1�j
cmp [ebp+var_C], ebx
jz loc_40D219
push [ebp+arg_18]
push [ebp+var_C]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz loc_40D219
push eax
push edi
call sub_40B075
push edi
lea eax, [ebp+var_2C8]
push offset dword_434388
push eax
call sub_4154E7
loc_4111C1: ; CODE XREF: sub_40CE55+3B44�j
add esp, 14h
jmp loc_40F7B1
; ---------------------------------------------------------------------------
loc_4111C9: ; CODE XREF: sub_40CE55+217A�j
; sub_40CE55+2191�j
push edi
push [ebp+arg_1C]
call sub_415AC0
pop ecx
test eax, eax
pop ecx
jz loc_41298E
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jz short loc_411266
push esi
push [ebp+var_C]
call sub_415AC0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_41124E
push esi
lea eax, [ebp+var_2C8]
push [ebp+var_8C]
push [ebp+var_90]
push [ebp+var_94]
push offset dword_4345E0
push eax
call sub_4154E7
lea eax, [ebp+var_2C8]
push 1FFh
push eax
push [ebp+arg_0]
call sub_416D40
push esi
push edi
lea eax, [ebp+var_2C8]
push offset dword_434350
push eax
call sub_4154E7
add esp, 34h
inc [ebp+arg_24]
jmp loc_4124D6
; ---------------------------------------------------------------------------
loc_41124E: ; CODE XREF: sub_40CE55+43A1�j
lea eax, [ebp+var_2C8]
push offset dword_43430C
push eax
call sub_4154E7
pop ecx
pop ecx
jmp loc_4124D6
; ---------------------------------------------------------------------------
loc_411266: ; CODE XREF: sub_40CE55+4390�j
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40AD85
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
push edi
push offset dword_4342E0
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
add esp, 24h
jmp loc_4124D6
; ---------------------------------------------------------------------------
loc_4112AD: ; CODE XREF: sub_40CE55+1B7F�j
; sub_40CE55+1B96�j
push offset dword_42909C
push edi
call sub_415BE8
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz short loc_411327
mov ebx, 200h
push esi
lea eax, [ebp+var_2C8]
push ebx
push eax
call sub_41713C
add esp, 0Ch
loc_4112D6: ; CODE XREF: sub_40CE55+44B0�j
test eax, eax
jz short loc_411307
push 1
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
push esi
lea eax, [ebp+var_2C8]
push ebx
push eax
call sub_41713C
add esp, 20h
jmp short loc_4112D6
; ---------------------------------------------------------------------------
loc_411307: ; CODE XREF: sub_40CE55+4483�j
push esi
call sub_415B40
push edi
lea eax, [ebp+var_2C8]
push offset dword_4342A8
push eax
call sub_4154E7
add esp, 10h
jmp loc_40EFA7
; ---------------------------------------------------------------------------
loc_411327: ; CODE XREF: sub_40CE55+4469�j
push edi
push offset dword_434274
jmp loc_412869
; ---------------------------------------------------------------------------
loc_411332: ; CODE XREF: sub_40CE55+1B51�j
; sub_40CE55+1B68�j
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
push [ebp+var_C]
call sub_415AC0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41298E
push offset dword_426CB4
push esi
call sub_415C10
push esi
call sub_40A5E9
add esp, 0Ch
test eax, eax
jnz short loc_411372
push offset dword_434234
jmp loc_410B43
; ---------------------------------------------------------------------------
loc_411372: ; CODE XREF: sub_40CE55+4511�j
push esi
push offset dword_434208
jmp loc_4124C7
; ---------------------------------------------------------------------------
loc_41137D: ; CODE XREF: sub_40CE55+1B23�j
; sub_40CE55+1B3A�j
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
push [ebp+var_C]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz loc_41298E
push eax
call sub_409CCD
test eax, eax
pop ecx
jnz short loc_4113AE
push offset dword_4341D8
jmp loc_410B43
; ---------------------------------------------------------------------------
loc_4113AE: ; CODE XREF: sub_40CE55+454D�j
push offset dword_4341A8
jmp loc_410B43
; ---------------------------------------------------------------------------
loc_4113B8: ; CODE XREF: sub_40CE55+1AF5�j
; sub_40CE55+1B0C�j
push 7Fh
lea eax, [ebp+var_6F4]
push edi
push eax
call sub_416D40
mov esi, [ebp+esi+var_8C]
add esp, 0Ch
cmp esi, ebx
jz short loc_4113E7
push 7Fh
lea eax, [ebp+var_674]
push esi
push eax
call sub_416D40
add esp, 0Ch
loc_4113E7: ; CODE XREF: sub_40CE55+457E�j
push 7Fh
lea eax, [ebp+var_5F4]
push [ebp+var_8C]
push eax
call sub_416D40
mov eax, [ebp+arg_4]
push edi
mov [ebp+var_6F8], eax
mov eax, [ebp+var_8]
mov [ebp+var_570], eax
mov eax, [ebp+var_4]
mov [ebp+var_56C], eax
lea eax, [ebp+var_2C8]
push offset dword_43417C
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 14h
push eax
call sub_414F93
add esp, 24h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_6F8]
push ebx
push eax
push offset sub_40AE4B
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_411485
loc_41146F: ; CODE XREF: sub_40CE55+462E�j
cmp [ebp+var_568], ebx
jnz loc_4124D6
push 32h
call dword_421060
jmp short loc_41146F
; ---------------------------------------------------------------------------
loc_411485: ; CODE XREF: sub_40CE55+4618�j
call dword_421088
push eax
push offset dword_43412C
jmp loc_4124C7
; ---------------------------------------------------------------------------
loc_411496: ; CODE XREF: sub_40CE55+1AC7�j
; sub_40CE55+1ADE�j
push ebx
push [ebp+var_8C]
push [ebp+arg_4]
push edi
call sub_4063B0
push edi
push offset dword_434104
jmp loc_410F2D
; ---------------------------------------------------------------------------
loc_4114B1: ; CODE XREF: sub_40CE55+1A99�j
; sub_40CE55+1AB0�j
push 14h
lea eax, [ebp+var_710]
push ebx
push eax
call sub_415570
push edi
lea eax, [ebp+var_6FC]
push offset dword_426CC0
push eax
call sub_4154E7
mov eax, [ebp+arg_4]
mov [ebp+var_718], eax
lea eax, [ebp+var_C4]
push eax
lea eax, [ebp+var_5F8]
push 80h
push eax
call sub_415A6A
mov eax, [ebp+var_4]
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
mov [ebp+var_56C], eax
lea eax, [ebp+var_5F8]
push eax
lea eax, [ebp+var_6FC]
push eax
lea eax, [ebp+var_2C8]
push offset dword_4340CC
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 12h
push eax
call sub_414F93
add esp, 40h
mov [ebp+var_574], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_718]
push ebx
push eax
push offset sub_40B712
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_574]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_411581
loc_41156B: ; CODE XREF: sub_40CE55+472A�j
cmp [ebp+var_568], ebx
jnz loc_41284E
push 32h
call dword_421060
jmp short loc_41156B
; ---------------------------------------------------------------------------
loc_411581: ; CODE XREF: sub_40CE55+4714�j
call dword_421088
push eax
push offset dword_43636C
jmp loc_41283F
; ---------------------------------------------------------------------------
loc_411592: ; CODE XREF: sub_40CE55+1A6B�j
; sub_40CE55+1A82�j
push edi
call dword_421118
test eax, eax
jz short loc_4115A5
push edi
push offset dword_43409C
jmp short loc_4115B0
; ---------------------------------------------------------------------------
loc_4115A5: ; CODE XREF: sub_40CE55+4746�j
push offset dword_4347DC
call sub_409C08
push eax
loc_4115B0: ; CODE XREF: sub_40CE55+474E�j
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
add esp, 10h
jmp loc_40EF86
; ---------------------------------------------------------------------------
loc_4115C9: ; CODE XREF: sub_40CE55+1A3D�j
; sub_40CE55+1A54�j
push edi
call sub_415A5F
push eax
call sub_414061
pop ecx
pop ecx
push 1
pop esi
cmp eax, esi
push edi
jnz short loc_4115E6
push offset dword_434064
jmp short loc_4115EB
; ---------------------------------------------------------------------------
loc_4115E6: ; CODE XREF: sub_40CE55+4788�j
push offset dword_43401C
loc_4115EB: ; CODE XREF: sub_40CE55+478F�j
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz loc_40EFAA
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
jmp loc_40EFAA
; ---------------------------------------------------------------------------
loc_411624: ; CODE XREF: sub_40CE55+1A0F�j
; sub_40CE55+1A26�j
push ebx
push ebx
push edi
push [ebp+var_4]
push ebx
push [ebp+arg_4]
call sub_413DD2
add esp, 18h
cmp eax, 1
push edi
jnz short loc_411646
push offset dword_433FE4
jmp loc_412869
; ---------------------------------------------------------------------------
loc_411646: ; CODE XREF: sub_40CE55+47E5�j
push offset dword_433FA0
jmp loc_412869
; ---------------------------------------------------------------------------
loc_411650: ; CODE XREF: sub_40CE55+19E1�j
; sub_40CE55+19F8�j
push edi
call dword_43A3D8
cmp eax, 0FFFFFFFFh
mov [ebp+arg_0], eax
jz short loc_41168D
push 2
lea eax, [ebp+arg_0]
push 4
push eax
call dword_43A350
cmp eax, ebx
jz short loc_4116A8
push dword ptr [eax]
loc_411673: ; CODE XREF: sub_40CE55+4851�j
push edi
lea eax, [ebp+var_2C8]
push offset dword_433F70
push eax
call sub_4154E7
add esp, 10h
jmp loc_40F713
; ---------------------------------------------------------------------------
loc_41168D: ; CODE XREF: sub_40CE55+4808�j
push edi
call dword_43A41C
cmp eax, ebx
jz short loc_4116A8
mov eax, [eax+0Ch]
mov eax, [eax]
push dword ptr [eax]
call dword_43A424
push eax
jmp short loc_411673
; ---------------------------------------------------------------------------
loc_4116A8: ; CODE XREF: sub_40CE55+481A�j
; sub_40CE55+4841�j
push offset dword_433F34
jmp loc_410B43
; ---------------------------------------------------------------------------
loc_4116B2: ; CODE XREF: sub_40CE55+19B3�j
; sub_40CE55+19CA�j
push 7Fh
push edi
push [ebp+arg_14]
call sub_416D40
push edi
lea eax, [ebp+var_2C8]
push offset dword_433EFC
push eax
call sub_4154E7
add esp, 18h
jmp loc_40ECC3
; ---------------------------------------------------------------------------
loc_4116D7: ; CODE XREF: sub_40CE55+1985�j
; sub_40CE55+199C�j
push 5
push ebx
push ebx
push edi
push offset dword_42BEF8
push ebx
call dword_43A30C
test eax, eax
push edi
jz short loc_4116F7
push offset dword_433ECC
jmp loc_412869
; ---------------------------------------------------------------------------
loc_4116F7: ; CODE XREF: sub_40CE55+4896�j
push offset dword_433E94
jmp loc_412869
; ---------------------------------------------------------------------------
loc_411701: ; CODE XREF: sub_40CE55+1957�j
; sub_40CE55+196E�j
mov al, [edi]
mov byte_42C19C, al
movsx eax, byte ptr [edi]
push eax
push offset dword_433E5C
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_411716: ; CODE XREF: sub_40CE55+1929�j
; sub_40CE55+1940�j
push edi
call sub_415A5F
test eax, eax
pop ecx
jle loc_41298E
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_41298E
push ebx
push ebx
lea eax, [ebp+var_A4]
push 2
push eax
call sub_414433
push eax
lea eax, [ebp+var_2C8]
push offset dword_434520
push eax
call sub_4154E7
add esp, 1Ch
jmp loc_410E77
; ---------------------------------------------------------------------------
loc_411761: ; CODE XREF: sub_40CE55+18FB�j
; sub_40CE55+1912�j
push edi
call sub_415A5F
test eax, eax
pop ecx
jle loc_40D219
push edi
call sub_415A5F
cmp eax, 12Ch
pop ecx
jge loc_40D219
push offset dword_433E4C
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call sub_412D06
pop ecx
pop ecx
push 1F4h
call dword_421060
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F534[eax]
call dword_43A430
push [ebp+var_10]
push edi
call sub_415A5F
imul eax, 234h
pop ecx
push dword_43F53C[eax]
call dword_421130
push edi
call sub_415A5F
imul eax, 234h
push edi
mov dword_43F53C[eax], ebx
call sub_415A5F
imul eax, 234h
pop ecx
pop ecx
mov byte ptr dword_43F328[eax], bl
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_41180C: ; CODE XREF: sub_40CE55+18CD�j
; sub_40CE55+18E4�j
push edi
push offset dword_433E48
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_41183B
call sub_41515C
cmp eax, ebx
jle short loc_411831
push eax
push offset dword_433E0C
jmp loc_40F7A2
; ---------------------------------------------------------------------------
loc_411831: ; CODE XREF: sub_40CE55+49CF�j
push offset dword_433DD0
jmp loc_41202C
; ---------------------------------------------------------------------------
loc_41183B: ; CODE XREF: sub_40CE55+49C6�j
mov eax, [ebp+var_AC]
lea edi, [eax+1]
cmp edi, 20h
jnb loc_40D219
lea eax, [ebp+edi*4+var_94]
mov [ebp+arg_24], eax
loc_411857: ; CODE XREF: sub_40CE55+4A73�j
mov eax, [ebp+arg_24]
mov esi, [eax]
cmp esi, ebx
jz loc_40D219
push esi
call sub_415A5F
push eax
call sub_4150CE
pop ecx
pop ecx
test eax, eax
push esi
jz short loc_41187E
push offset dword_433D98
jmp short loc_411883
; ---------------------------------------------------------------------------
loc_41187E: ; CODE XREF: sub_40CE55+4A20�j
push offset dword_433D58
loc_411883: ; CODE XREF: sub_40CE55+4A27�j
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_4118B3
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_4118B3: ; CODE XREF: sub_40CE55+4A40�j
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
add [ebp+arg_24], 4
inc edi
cmp edi, 20h
pop ecx
jb short loc_411857
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_4118CF: ; CODE XREF: sub_40CE55+189F�j
; sub_40CE55+18B6�j
cmp [ebp+var_C], ebx
jz loc_41298E
push edi
push [ebp+var_C]
call sub_415AC0
mov esi, eax
pop ecx
cmp esi, ebx
pop ecx
jz loc_41298E
push esi
push offset dword_425050
push [ebp+arg_4]
call sub_412D06
push esi
push offset dword_433D2C
jmp loc_411059
; ---------------------------------------------------------------------------
loc_411906: ; CODE XREF: sub_40CE55+1871�j
; sub_40CE55+1888�j
push edi
push offset dword_434440
push [ebp+arg_4]
call sub_412D06
push edi
push offset dword_433CF8
jmp loc_411059
; ---------------------------------------------------------------------------
loc_41191F: ; CODE XREF: sub_40CE55+1843�j
; sub_40CE55+185A�j
push [ebp+esi+var_8C]
push edi
push offset dword_436564
push [ebp+arg_4]
call sub_412D06
push edi
push offset dword_433CC4
jmp loc_410F2D
; ---------------------------------------------------------------------------
loc_41193F: ; CODE XREF: sub_40CE55+1815�j
; sub_40CE55+182C�j
push edi
push offset dword_436550
push [ebp+arg_4]
call sub_412D06
push edi
push offset dword_433C8C
jmp loc_411059
; ---------------------------------------------------------------------------
loc_411958: ; CODE XREF: sub_40CE55+17DA�j
; sub_40CE55+17EF�j
mov al, byte_4276A2
mov [ebp+arg_0], ebx
cmp al, bl
mov edx, offset byte_4276A2
jz loc_40D219
mov ecx, edx
loc_41196F: ; CODE XREF: sub_40CE55+4B22�j
inc [ebp+arg_0]
add ecx, 0Bh
cmp [ecx], bl
jnz short loc_41196F
cmp al, bl
jz loc_40D219
mov [ebp+arg_18], edx
loc_411984: ; CODE XREF: sub_40CE55+4DE9�j
push 8
call sub_4151DB
pop ecx
mov ecx, eax
mov eax, 190h
cdq
idiv [ebp+arg_0]
add eax, ecx
cmp eax, 12Ch
jle short loc_4119D3
push ecx
lea eax, [ebp+var_2C8]
push offset dword_434DE0
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 20h
jmp loc_411C35
; ---------------------------------------------------------------------------
loc_4119D3: ; CODE XREF: sub_40CE55+4B49�j
or [ebp+var_300], 0FFFFFFFFh
cmp dword_427338, ebx
mov [ebp+var_304], 64h
mov [ebp+var_318], 5
mov [ebp+var_314], ebx
mov [ebp+arg_0], ebx
jz short loc_411A40
mov eax, [ebp+arg_18]
mov edi, offset dword_427338
lea esi, [eax-0Ah]
loc_411A0A: ; CODE XREF: sub_40CE55+4BCD�j
lea eax, [edi-28h]
push esi
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_411A26
inc [ebp+arg_0]
add edi, 3Ch
cmp [edi], ebx
jnz short loc_411A0A
jmp short loc_411A40
; ---------------------------------------------------------------------------
loc_411A26: ; CODE XREF: sub_40CE55+4BC3�j
mov eax, [ebp+arg_0]
mov ecx, eax
mov [ebp+var_300], eax
imul ecx, 3Ch
mov ecx, dword_427338[ecx]
mov [ebp+var_31C], ecx
loc_411A40: ; CODE XREF: sub_40CE55+4BA8�j
; sub_40CE55+4BCF�j
cmp [ebp+var_31C], ebx
jz loc_411C49
push 10h
lea eax, [ebp+arg_10]
pop esi
push eax
lea eax, [ebp+var_2D8]
push eax
mov [ebp+arg_10], esi
push [ebp+arg_4]
call dword_43A33C
mov al, [ebp+var_9B3]
push esi
neg al
sbb eax, eax
and ax, 100h
add eax, 0FFFFh
and [ebp+var_2D4], eax
push [ebp+var_2D4]
call dword_43A424
push eax
lea eax, [ebp+var_430]
push eax
call sub_416D40
xor eax, eax
cmp [ebp+var_9B3], bl
push 30h
setnz al
inc eax
inc eax
mov edi, eax
lea eax, [ebp+var_430]
push eax
call sub_417040
add esp, 14h
cmp edi, ebx
mov byte ptr [ebp+arg_24+3], bl
jle short loc_411AE2
loc_411AC0: ; CODE XREF: sub_40CE55+4C8B�j
cmp eax, ebx
jz short loc_411AE2
mov byte ptr [eax], 78h
lea eax, [ebp+var_430]
push 30h
push eax
call sub_417040
inc byte ptr [ebp+arg_24+3]
pop ecx
pop ecx
movsx ecx, byte ptr [ebp+arg_24+3]
cmp ecx, edi
jl short loc_411AC0
loc_411AE2: ; CODE XREF: sub_40CE55+4C69�j
; sub_40CE55+4C6D�j
mov eax, [ebp+arg_4]
push [ebp+var_8C]
mov esi, [ebp+var_4]
mov [ebp+var_320], eax
mov eax, [ebp+var_8]
mov edi, 80h
mov [ebp+var_2F4], eax
lea eax, [ebp+var_420]
push edi
push eax
mov [ebp+var_2F0], 1
mov [ebp+var_2F8], esi
call sub_415A6A
push offset byte_438FBC
push offset dword_42C244
call sub_415910
add esp, 14h
test eax, eax
jz short loc_411B4C
push offset dword_42C244
lea eax, [ebp+var_3A0]
push edi
push eax
call sub_415A6A
add esp, 0Ch
jmp short loc_411B52
; ---------------------------------------------------------------------------
loc_411B4C: ; CODE XREF: sub_40CE55+4CDE�j
mov [ebp+var_3A0], bl
loc_411B52: ; CODE XREF: sub_40CE55+4CF5�j
cmp [ebp+var_2F0], ebx
mov eax, offset dword_434D8C
jnz short loc_411B64
mov eax, offset dword_434D80
loc_411B64: ; CODE XREF: sub_40CE55+4D08�j
push [ebp+var_304]
lea ecx, [ebp+var_430]
push [ebp+var_314]
push [ebp+var_318]
push [ebp+var_31C]
push ecx
push eax
lea eax, [ebp+var_2C8]
push offset dword_433C10
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 8
push eax
call sub_414F93
add esp, 2Ch
mov [ebp+var_310], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_430]
push ebx
push eax
push offset sub_40799F
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_310]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_411BEE
loc_411BDC: ; CODE XREF: sub_40CE55+4D97�j
cmp [ebp+var_2EC], ebx
jnz short loc_411C09
push 32h
call dword_421060
jmp short loc_411BDC
; ---------------------------------------------------------------------------
loc_411BEE: ; CODE XREF: sub_40CE55+4D85�j
call dword_421088
push eax
lea eax, [ebp+var_2C8]
push offset dword_434CBC
push eax
call sub_4154E7
add esp, 0Ch
loc_411C09: ; CODE XREF: sub_40CE55+4D8D�j
cmp [ebp+var_8], ebx
jnz short loc_411C28
push ebx
lea eax, [ebp+var_2C8]
push esi
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_411C28: ; CODE XREF: sub_40CE55+4DB7�j
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
pop ecx
loc_411C35: ; CODE XREF: sub_40CE55+4B79�j
add [ebp+arg_18], 0Bh
mov eax, [ebp+arg_18]
cmp [eax], bl
jnz loc_411984
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_411C49: ; CODE XREF: sub_40CE55+2FDC�j
; sub_40CE55+4BF1�j
push offset dword_433BC4
jmp loc_41202C
; ---------------------------------------------------------------------------
loc_411C53: ; CODE XREF: sub_40CE55+17B0�j
; sub_40CE55+17C5�j
push 4
call sub_4151DB
test eax, eax
pop ecx
jle short loc_411C69
push offset dword_433B90
jmp loc_40EBA7
; ---------------------------------------------------------------------------
loc_411C69: ; CODE XREF: sub_40CE55+4E08�j
mov eax, [ebp+esi+var_90]
cmp eax, ebx
jz short loc_411C8C
push eax
mov edi, 104h
lea eax, [ebp+var_804]
push edi
push eax
call sub_415A6A
add esp, 0Ch
jmp short loc_411CA0
; ---------------------------------------------------------------------------
loc_411C8C: ; CODE XREF: sub_40CE55+4E1D�j
mov edi, 104h
lea eax, [ebp+var_804]
push edi
push eax
push ebx
call dword_42107C
loc_411CA0: ; CODE XREF: sub_40CE55+4E35�j
mov esi, [ebp+esi+var_8C]
cmp esi, ebx
jnz short loc_411CB0
mov esi, offset byte_42C1FC
loc_411CB0: ; CODE XREF: sub_40CE55+4E54�j
push esi
lea eax, [ebp+var_700]
push edi
push eax
call sub_415A6A
mov eax, dword_42C188
push 7Fh
push [ebp+var_8C]
mov [ebp+var_5F4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_5F8], ebx
mov [ebp+var_808], eax
lea eax, [ebp+var_5F0]
push eax
call sub_416D40
mov eax, [ebp+var_4]
mov [ebp+var_570], eax
mov eax, [ebp+var_8]
mov [ebp+var_56C], eax
lea eax, [ebp+var_700]
push eax
lea eax, [ebp+var_804]
push eax
lea eax, [ebp+var_2C8]
push [ebp+var_5F4]
push offset dword_4278F4
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 4
push eax
call sub_414F93
add esp, 38h
mov [ebp+var_5FC], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_808]
push ebx
push eax
push offset sub_406C3E
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_5FC]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_411D80
loc_411D6A: ; CODE XREF: sub_40CE55+4F29�j
cmp [ebp+var_568], ebx
jnz loc_40ECC3
push 32h
call dword_421060
jmp short loc_411D6A
; ---------------------------------------------------------------------------
loc_411D80: ; CODE XREF: sub_40CE55+4F13�j
call dword_421088
push eax
push offset dword_433B44
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_411D91: ; CODE XREF: sub_40CE55+1786�j
; sub_40CE55+179B�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_411DB0
push edi
call sub_415A5F
test eax, eax
pop ecx
jz short loc_411DB0
push edi
call sub_415A5F
pop ecx
jmp short loc_411DB5
; ---------------------------------------------------------------------------
loc_411DB0: ; CODE XREF: sub_40CE55+4F45�j
; sub_40CE55+4F50�j
mov eax, dword_42C18C
loc_411DB5: ; CODE XREF: sub_40CE55+4F59�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_584], eax
xor eax, eax
cmp [ebp+var_9B0], bl
setz al
cmp esi, ebx
mov [ebp+var_570], eax
jz short loc_411DE8
lea eax, [ebp+var_688]
push esi
push eax
call sub_4154E7
pop ecx
pop ecx
jmp short loc_411E13
; ---------------------------------------------------------------------------
loc_411DE8: ; CODE XREF: sub_40CE55+4F80�j
lea eax, [ebp+var_3E8]
push 104h
push eax
call dword_421058
push ebx
push ebx
lea eax, [ebp+var_2D4]
push ebx
push eax
lea eax, [ebp+var_3E8]
push eax
call sub_417348
add esp, 14h
loc_411E13: ; CODE XREF: sub_40CE55+4F91�j
lea eax, [ebp+var_688]
push eax
call sub_415CF0
cmp [ebp+eax+var_689], 5Ch
pop ecx
jnz short loc_411E3E
lea eax, [ebp+var_688]
push eax
call sub_415CF0
pop ecx
mov [ebp+eax+var_689], bl
loc_411E3E: ; CODE XREF: sub_40CE55+4FD3�j
push [ebp+var_8C]
mov esi, [ebp+arg_4]
lea eax, [ebp+var_910]
mov [ebp+var_914], esi
push 80h
push eax
call sub_415A6A
mov eax, [ebp+var_8]
mov edi, [ebp+var_4]
add esp, 0Ch
mov [ebp+var_574], eax
lea eax, [ebp+var_688]
mov [ebp+var_578], edi
push eax
push [ebp+var_584]
push esi
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_2C8]
push offset dword_4277C4
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 3
push eax
call sub_414F93
add esp, 20h
mov [ebp+var_57C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_914]
push ebx
push eax
push offset sub_405B23
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_57C]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_411EF2
loc_411EE0: ; CODE XREF: sub_40CE55+509B�j
cmp [ebp+var_568], ebx
jnz short loc_411F0D
push 32h
call dword_421060
jmp short loc_411EE0
; ---------------------------------------------------------------------------
loc_411EF2: ; CODE XREF: sub_40CE55+5089�j
call dword_421088
push eax
push offset dword_433AF8
loc_411EFE: ; CODE XREF: sub_40CE55+34F6�j
; sub_40CE55+35F0�j
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
loc_411F0D: ; CODE XREF: sub_40CE55+34DA�j
; sub_40CE55+35D4�j ...
cmp [ebp+var_8], ebx
jnz loc_41284E
push ebx
push edi
loc_411F18: ; CODE XREF: sub_40CE55+2DA0�j
lea eax, [ebp+var_2C8]
push eax
push [ebp+var_8C]
push esi
jmp loc_40F7CE
; ---------------------------------------------------------------------------
loc_411F2B: ; CODE XREF: sub_40CE55+175C�j
; sub_40CE55+1771�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_411F3E
push esi
call sub_415A5F
jmp short loc_411F45
; ---------------------------------------------------------------------------
loc_411F3E: ; CODE XREF: sub_40CE55+50DF�j
push 8
call sub_4151FA
loc_411F45: ; CODE XREF: sub_40CE55+50E7�j
cmp eax, ebx
pop ecx
jz loc_41298E
push eax
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4071FF
loc_411F60: ; CODE XREF: sub_40CE55+5597�j
add esp, 10h
jmp loc_41298E
; ---------------------------------------------------------------------------
loc_411F68: ; CODE XREF: sub_40CE55+1732�j
; sub_40CE55+1747�j
mov eax, dword_43A2C0
cmp eax, ebx
jz short loc_411F85
call eax
test eax, eax
jz short loc_411F7E
push offset dword_433AC0
jmp short loc_411F9A
; ---------------------------------------------------------------------------
loc_411F7E: ; CODE XREF: sub_40CE55+5120�j
push offset dword_433A80
jmp short loc_411F9A
; ---------------------------------------------------------------------------
loc_411F85: ; CODE XREF: sub_40CE55+511A�j
push offset dword_433A40
jmp short loc_411F9A
; ---------------------------------------------------------------------------
loc_411F8C: ; CODE XREF: sub_40CE55+1708�j
; sub_40CE55+171D�j
call sub_40A093
test eax, eax
jz short loc_411FB0
push offset dword_433A08
loc_411F9A: ; CODE XREF: sub_40CE55+5127�j
; sub_40CE55+512E�j ...
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
jmp loc_412875
; ---------------------------------------------------------------------------
loc_411FB0: ; CODE XREF: sub_40CE55+513E�j
push offset dword_4339C8
jmp short loc_411F9A
; ---------------------------------------------------------------------------
loc_411FB7: ; CODE XREF: sub_40CE55+16DE�j
; sub_40CE55+16F3�j
cmp [ebp+var_8], ebx
jnz short loc_411FD6
push ebx
push [ebp+var_4]
push offset dword_4339B4
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_411FD6: ; CODE XREF: sub_40CE55+5165�j
push ebx
push [ebp+var_4]
call sub_409C92
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
push offset dword_433984
jmp loc_4122BE
; ---------------------------------------------------------------------------
loc_411FF8: ; CODE XREF: sub_40CE55+15FE�j
; sub_40CE55+1613�j
push 7
call sub_4151DB
test eax, eax
pop ecx
jle short loc_41200B
push offset dword_433948
jmp short loc_41202C
; ---------------------------------------------------------------------------
loc_41200B: ; CODE XREF: sub_40CE55+51AD�j
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40A7FD
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_412027
push offset dword_43390C
jmp short loc_41202C
; ---------------------------------------------------------------------------
loc_412027: ; CODE XREF: sub_40CE55+51C9�j
push offset dword_4338D8
loc_41202C: ; CODE XREF: sub_40CE55+2B3D�j
; sub_40CE55+2C6D�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
pop ecx
pop ecx
jmp loc_40F7B1
; ---------------------------------------------------------------------------
loc_41203F: ; CODE XREF: sub_40CE55+15D4�j
; sub_40CE55+15E9�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40967F
jmp loc_40D216
; ---------------------------------------------------------------------------
loc_412058: ; CODE XREF: sub_40CE55+15AA�j
; sub_40CE55+15BF�j
push [ebp+esi+var_90]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40C515
jmp loc_40D216
; ---------------------------------------------------------------------------
loc_412075: ; CODE XREF: sub_40CE55+1580�j
; sub_40CE55+1595�j
or edi, 0FFFFFFFFh
call dword_42104C
xor edx, edx
mov ecx, 3E8h
div ecx
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], eax
jz short loc_41209E
push esi
call sub_415A5F
pop ecx
mov edi, eax
loc_41209E: ; CODE XREF: sub_40CE55+523E�j
mov eax, [ebp+arg_0]
xor edx, edx
mov ecx, 15180h
div ecx
cmp eax, edi
jnb short loc_4120B7
cmp edi, 0FFFFFFFFh
jnz loc_41298E
loc_4120B7: ; CODE XREF: sub_40CE55+5257�j
push ebx
call sub_40A9B2
push eax
lea eax, [ebp+var_2C8]
push offset dword_4338AC
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
jmp loc_410180
; ---------------------------------------------------------------------------
loc_4120F9: ; CODE XREF: sub_40CE55+1556�j
; sub_40CE55+156B�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_4085D3
lea eax, [ebp+var_2C8]
push offset dword_433878
push eax
call sub_4154E7
add esp, 14h
jmp loc_40ECC3
; ---------------------------------------------------------------------------
loc_412123: ; CODE XREF: sub_40CE55+152C�j
; sub_40CE55+1541�j
push 1Eh
call sub_4151DB
test eax, eax
pop ecx
jle short loc_41214C
cmp [ebp+var_8], ebx
jnz loc_40D219
push ebx
push [ebp+var_4]
push offset dword_433844
push [ebp+var_8C]
jmp loc_40D777
; ---------------------------------------------------------------------------
loc_41214C: ; CODE XREF: sub_40CE55+52D8�j
push [ebp+var_8C]
lea eax, [ebp+var_4DC]
push 80h
push eax
call sub_415A6A
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4E0], eax
mov eax, [ebp+var_4]
mov [ebp+var_454], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_450], eax
mov [ebp+var_458], ebx
jz short loc_4121AD
push esi
push offset dword_43383C
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_4121AD
mov [ebp+var_458], 1
loc_4121AD: ; CODE XREF: sub_40CE55+533B�j
; sub_40CE55+534C�j
lea eax, [ebp+var_2C8]
push offset dword_433808
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 1Eh
push eax
call sub_414F93
add esp, 14h
mov [ebp+var_45C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4E0]
push ebx
push eax
push offset sub_413F83
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_45C]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_41221B
loc_412205: ; CODE XREF: sub_40CE55+53C4�j
cmp [ebp+var_44C], ebx
jnz loc_41284E
push 32h
call dword_421060
jmp short loc_412205
; ---------------------------------------------------------------------------
loc_41221B: ; CODE XREF: sub_40CE55+53AE�j
call dword_421088
push eax
push offset dword_4337B8
jmp loc_41283F
; ---------------------------------------------------------------------------
loc_41222C: ; CODE XREF: sub_40CE55+1502�j
; sub_40CE55+1517�j
cmp [ebp+var_8], ebx
jnz short loc_41224B
push ebx
push [ebp+var_4]
push offset dword_43378C
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_41224B: ; CODE XREF: sub_40CE55+53DA�j
push [ebp+arg_4]
call dword_43A430
call dword_43A2F8
call sub_409E15
push ebx
call dword_421114
loc_412266: ; CODE XREF: sub_40CE55+14D8�j
; sub_40CE55+14ED�j
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push [ebp+arg_4]
push eax
call sub_40AAD1
pop ecx
pop ecx
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
push offset dword_433760
jmp short loc_4122BE
; ---------------------------------------------------------------------------
loc_412291: ; CODE XREF: sub_40CE55+14AE�j
; sub_40CE55+14C3�j
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push [ebp+arg_4]
push [ebp+arg_1C]
push eax
call sub_40AD85
add esp, 0Ch
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
push offset dword_433734
loc_4122BE: ; CODE XREF: sub_40CE55+519E�j
; sub_40CE55+543A�j
call sub_40B16D
jmp loc_410F32
; ---------------------------------------------------------------------------
loc_4122C8: ; CODE XREF: sub_40CE55+1484�j
; sub_40CE55+1499�j
push [ebp+var_8]
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40B20D
jmp loc_40D216
; ---------------------------------------------------------------------------
loc_4122E1: ; CODE XREF: sub_40CE55+145A�j
; sub_40CE55+146F�j
cmp [ebp+var_C], ebx
mov [ebp+var_374], bl
jz short loc_412320
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_412320
push esi
push [ebp+var_C]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_412320
push eax
push offset dword_426CC0
lea eax, [ebp+var_374]
push 80h
push eax
call sub_415A6A
add esp, 10h
loc_412320: ; CODE XREF: sub_40CE55+5495�j
; sub_40CE55+54A0�j ...
push [ebp+var_8C]
lea eax, [ebp+var_3F4]
push 80h
push eax
call sub_415A6A
mov eax, [ebp+arg_4]
push offset dword_433708
mov [ebp+var_3F8], eax
mov eax, [ebp+var_4]
mov [ebp+var_2F0], eax
mov eax, [ebp+var_8]
mov [ebp+var_2EC], eax
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 1Ch
push eax
call sub_414F93
add esp, 20h
mov [ebp+var_2F4], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_3F8]
push ebx
push eax
push offset sub_40B27F
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_2F4]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_4123C0
loc_4123AA: ; CODE XREF: sub_40CE55+5569�j
cmp [ebp+var_2E8], ebx
jnz loc_40D219
push 32h
call dword_421060
jmp short loc_4123AA
; ---------------------------------------------------------------------------
loc_4123C0: ; CODE XREF: sub_40CE55+5553�j
call dword_421088
push eax
push offset dword_4336BC
jmp loc_40D402
; ---------------------------------------------------------------------------
loc_4123D1: ; CODE XREF: sub_40CE55+1430�j
; sub_40CE55+1445�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_40B0F5
push offset dword_433690
call sub_40B16D
jmp loc_411F60
; ---------------------------------------------------------------------------
loc_4123F1: ; CODE XREF: sub_40CE55+1406�j
; sub_40CE55+141B�j
push [ebp+var_8C]
lea eax, [ebp+var_4DC]
push 80h
push eax
call sub_415A6A
mov eax, [ebp+arg_4]
mov esi, [ebp+esi+var_90]
mov [ebp+var_4E0], eax
mov eax, [ebp+var_4]
mov [ebp+var_454], eax
mov eax, [ebp+var_8]
add esp, 0Ch
cmp esi, ebx
mov [ebp+var_450], eax
jz short loc_41244B
push offset dword_43368C
push esi
call sub_415910
neg eax
sbb eax, eax
pop ecx
inc eax
pop ecx
mov [ebp+var_458], eax
jmp short loc_412451
; ---------------------------------------------------------------------------
loc_41244B: ; CODE XREF: sub_40CE55+55DA�j
mov [ebp+var_458], ebx
loc_412451: ; CODE XREF: sub_40CE55+55F4�j
lea eax, [ebp+var_2C8]
push offset dword_43365C
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 1Fh
push eax
call sub_414F93
add esp, 14h
mov [ebp+var_45C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4E0]
push ebx
push eax
push offset sub_414FFE
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_45C]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_4124BB
loc_4124A9: ; CODE XREF: sub_40CE55+5664�j
cmp [ebp+var_44C], ebx
jnz short loc_4124D6
push 32h
call dword_421060
jmp short loc_4124A9
; ---------------------------------------------------------------------------
loc_4124BB: ; CODE XREF: sub_40CE55+5652�j
call dword_421088
push eax
push offset dword_433610
loc_4124C7: ; CODE XREF: sub_40CE55+4523�j
; sub_40CE55+463C�j
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
loc_4124D6: ; CODE XREF: sub_40CE55+28C1�j
; sub_40CE55+28E3�j ...
lea eax, [ebp+var_2C8]
push eax
jmp loc_40E519
; ---------------------------------------------------------------------------
loc_4124E2: ; CODE XREF: sub_40CE55+138A�j
; sub_40CE55+139F�j
push offset dword_42C1A8
lea eax, [ebp+var_2C8]
push offset dword_4335E4
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 20h
jmp loc_40EFA7
; ---------------------------------------------------------------------------
loc_412519: ; CODE XREF: sub_40CE55+1360�j
; sub_40CE55+1375�j
push dword_468818
call sub_40A9B2
push eax
lea eax, [ebp+var_2C8]
push offset dword_4335A4
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push [ebp+var_4]
push eax
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 24h
jmp loc_40EFA7
; ---------------------------------------------------------------------------
loc_412557: ; CODE XREF: sub_40CE55+1336�j
; sub_40CE55+134B�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_412589
cmp [ebp+var_C], ebx
jz short loc_412598
push esi
push [ebp+var_C]
call sub_415AC0
pop ecx
cmp eax, ebx
pop ecx
jz short loc_412598
push eax
push offset dword_433598
push [ebp+arg_4]
call sub_412D06
add esp, 0Ch
jmp short loc_412598
; ---------------------------------------------------------------------------
loc_412589: ; CODE XREF: sub_40CE55+570B�j
push offset dword_433E4C
push [ebp+arg_4]
call sub_412D06
pop ecx
pop ecx
loc_412598: ; CODE XREF: sub_40CE55+5710�j
; sub_40CE55+571F�j ...
push 0FFFFFFFEh
jmp loc_40D21B
; ---------------------------------------------------------------------------
loc_41259F: ; CODE XREF: sub_40CE55+130C�j
; sub_40CE55+1321�j
push offset dword_433580
push [ebp+arg_4]
call sub_412D06
push offset dword_433550
call sub_40B16D
add esp, 0Ch
or eax, 0FFFFFFFFh
jmp loc_40D21C
; ---------------------------------------------------------------------------
loc_4125C1: ; CODE XREF: sub_40CE55+12E2�j
; sub_40CE55+12F7�j
push offset dword_433538
push [ebp+arg_4]
call sub_412D06
push offset dword_43350C
call sub_40B16D
add esp, 0Ch
xor eax, eax
jmp loc_40D21C
; ---------------------------------------------------------------------------
loc_4125E2: ; CODE XREF: sub_40CE55+12B8�j
; sub_40CE55+12CD�j
push [ebp+var_4]
push [ebp+var_8C]
push [ebp+arg_4]
call sub_407135
jmp loc_410E9B
; ---------------------------------------------------------------------------
loc_4125F8: ; CODE XREF: sub_40CE55+1213�j
; sub_40CE55+1228�j
push [ebp+esi+var_90]
push 1Eh
push offset dword_4334FC
push offset dword_4334F0
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_412610: ; CODE XREF: sub_40CE55+11E9�j
; sub_40CE55+11FE�j
push [ebp+esi+var_90]
push 1Bh
push offset dword_4334E4
push offset dword_4334D4
jmp loc_40DEA8
; ---------------------------------------------------------------------------
loc_412628: ; CODE XREF: sub_40CE55+1014�j
; sub_40CE55+1029�j
mov edi, [ebp+esi+var_90]
cmp edi, ebx
jz short loc_412647
push edi
call sub_415A5F
test eax, eax
pop ecx
jz short loc_412647
push edi
call sub_415A5F
pop ecx
jmp short loc_41264C
; ---------------------------------------------------------------------------
loc_412647: ; CODE XREF: sub_40CE55+57DC�j
; sub_40CE55+57E7�j
mov eax, dword_42C184
loc_41264C: ; CODE XREF: sub_40CE55+57F0�j
mov esi, [ebp+esi+var_8C]
mov [ebp+var_464], eax
cmp esi, ebx
jz short loc_412671
push esi
loc_41265E: ; CODE XREF: sub_40CE55+582B�j
lea eax, [ebp+var_474]
push 10h
push eax
call sub_415A6A
add esp, 0Ch
jmp short loc_412688
; ---------------------------------------------------------------------------
loc_412671: ; CODE XREF: sub_40CE55+5806�j
cmp [ebp+var_9B3], bl
jz short loc_412682
lea eax, [ebp+var_C4]
push eax
jmp short loc_41265E
; ---------------------------------------------------------------------------
loc_412682: ; CODE XREF: sub_40CE55+5822�j
mov [ebp+var_474], bl
loc_412688: ; CODE XREF: sub_40CE55+581A�j
mov eax, [ebp+var_4]
push [ebp+var_8C]
mov esi, [ebp+arg_4]
mov [ebp+var_458], eax
mov eax, [ebp+var_8]
push 80h
mov [ebp+var_454], eax
lea eax, [ebp+var_4F4]
push eax
mov [ebp+var_4F8], esi
call sub_415A6A
add esp, 0Ch
push [ebp+var_464]
push esi
call sub_40A171
pop ecx
push eax
lea eax, [ebp+var_2C8]
push offset dword_427D5C
push eax
call sub_4154E7
push ebx
lea eax, [ebp+var_2C8]
push 11h
push eax
call sub_414F93
add esp, 1Ch
mov [ebp+var_460], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4F8]
push ebx
push eax
push offset sub_40800A
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_460]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_412739
loc_412723: ; CODE XREF: sub_40CE55+58E2�j
cmp [ebp+var_450], ebx
jnz loc_40D219
push 32h
call dword_421060
jmp short loc_412723
; ---------------------------------------------------------------------------
loc_412739: ; CODE XREF: sub_40CE55+58CC�j
call dword_421088
push eax
push offset dword_433488
jmp loc_40D402
; ---------------------------------------------------------------------------
loc_41274A: ; CODE XREF: sub_40CE55+FC0�j
; sub_40CE55+FD5�j ...
push edi
push offset dword_433480
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_412772
push edi
push offset dword_43347C
call sub_415910
pop ecx
mov [ebp+var_458], ebx
test eax, eax
pop ecx
jnz short loc_41277C
loc_412772: ; CODE XREF: sub_40CE55+5904�j
mov [ebp+var_458], 1
loc_41277C: ; CODE XREF: sub_40CE55+591B�j
push [ebp+var_8C]
lea eax, [ebp+var_4DC]
push 80h
push eax
call sub_415A6A
mov eax, [ebp+arg_4]
add esp, 0Ch
cmp [ebp+var_458], ebx
mov [ebp+var_4E0], eax
mov eax, [ebp+var_4]
mov [ebp+var_454], eax
mov eax, [ebp+var_8]
mov [ebp+var_450], eax
mov eax, offset dword_433470
jnz short loc_4127C3
mov eax, offset dword_433464
loc_4127C3: ; CODE XREF: sub_40CE55+5967�j
push eax
push offset dword_433438
lea eax, [ebp+var_2C8]
push 200h
push eax
call sub_415A6A
push ebx
lea eax, [ebp+var_2C8]
push 19h
push eax
call sub_414F93
add esp, 1Ch
mov [ebp+var_45C], eax
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_4E0]
push ebx
push eax
push offset sub_41465A
push ebx
push ebx
call dword_42108C
mov ecx, [ebp+var_45C]
imul ecx, 234h
cmp eax, ebx
mov dword_43F53C[ecx], eax
jz short loc_412833
loc_412821: ; CODE XREF: sub_40CE55+59DC�j
cmp [ebp+var_44C], ebx
jnz short loc_41284E
push 32h
call dword_421060
jmp short loc_412821
; ---------------------------------------------------------------------------
loc_412833: ; CODE XREF: sub_40CE55+59CA�j
call dword_421088
push eax
push offset dword_4333E8
loc_41283F: ; CODE XREF: sub_40CE55+3C66�j
; sub_40CE55+4738�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 0Ch
loc_41284E: ; CODE XREF: sub_40CE55+295F�j
; sub_40CE55+2981�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_40B16D
jmp loc_40D408
; ---------------------------------------------------------------------------
loc_41285F: ; CODE XREF: sub_40CE55+F96�j
; sub_40CE55+FAB�j
push offset dword_42C1B0
push offset dword_4333C4
loc_412869: ; CODE XREF: sub_40CE55+44D8�j
; sub_40CE55+47EC�j ...
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
loc_412875: ; CODE XREF: sub_40CE55+5156�j
add esp, 0Ch
jmp loc_40EF86
; ---------------------------------------------------------------------------
loc_41287D: ; CODE XREF: sub_40CE55+F6C�j
; sub_40CE55+F81�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
jz short loc_4128DD
push esi
call sub_415A5F
cmp eax, ebx
pop ecx
jl short loc_4128D2
cmp eax, 2
jge short loc_4128D2
mov edx, [ebp+arg_18]
mov ecx, eax
shl ecx, 7
cmp [ecx+edx], bl
lea esi, [ecx+edx]
jz short loc_4128C7
lea eax, [esi+1]
push eax
lea eax, [ebp+var_2C8]
push offset dword_436514
push eax
call sub_4154E7
add esp, 0Ch
mov [esi], bl
jmp loc_40ECC3
; ---------------------------------------------------------------------------
loc_4128C7: ; CODE XREF: sub_40CE55+5A51�j
push eax
push offset dword_433384
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_4128D2: ; CODE XREF: sub_40CE55+5A3C�j
; sub_40CE55+5A41�j
push eax
push offset dword_433344
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_4128DD: ; CODE XREF: sub_40CE55+5A31�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_4128E2: ; CODE XREF: sub_40CE55+5AA9�j
push [ebp+var_94]
push edi
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_412905
inc esi
add edi, 80h
cmp esi, 2
jl short loc_4128E2
jmp loc_40ECC3
; ---------------------------------------------------------------------------
loc_412905: ; CODE XREF: sub_40CE55+5A9D�j
mov eax, [ebp+arg_18]
shl esi, 7
mov [esi+eax], bl
lea eax, [ebp+var_C4]
push eax
push offset dword_436514
jmp loc_40ECB4
; ---------------------------------------------------------------------------
loc_41291F: ; CODE XREF: sub_40CE55+F42�j
; sub_40CE55+F57�j
push [ebp+var_90]
push offset dword_43646C
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_41298E
call sub_41515C
push ebx
call dword_421114
loc_412941: ; CODE XREF: sub_40CE55+F18�j
; sub_40CE55+F2D�j
push [ebp+esi+var_90]
xor eax, eax
cmp [ebp+var_9A4], bl
setnz al
push eax
lea eax, [ebp+var_564]
push dword_42C1A4
push eax
call sub_414433
lea eax, [ebp+var_564]
push eax
push offset dword_436550
push [ebp+arg_4]
call sub_412D06
lea eax, [ebp+var_564]
push eax
push offset dword_43330C
call sub_40B1E1
loc_41298B: ; CODE XREF: sub_40CE55+2ADA�j
add esp, 24h
loc_41298E: ; CODE XREF: sub_40CE55+65C�j
; sub_40CE55+668�j ...
mov eax, [ebp+arg_24]
jmp loc_40D21C
; ---------------------------------------------------------------------------
loc_412996: ; CODE XREF: sub_40CE55+B18�j
; sub_40CE55+B2D�j
mov esi, [ebp+esi+var_90]
cmp esi, ebx
mov [ebp+arg_0], esi
jz loc_40D219
cmp [ebp+var_98], ebx
jnz loc_40D219
push offset dword_42F3E4
push [ebp+var_94]
call sub_416C98
mov esi, eax
push offset dword_438FD4
push ebx
inc esi
call sub_416C98
push offset dword_433308
push eax
call sub_416C98
push [ebp+arg_0]
mov edi, eax
push offset dword_42C1BC
call sub_415910
add esp, 20h
test eax, eax
jz short loc_412A3E
lea eax, [ebp+var_C4]
push edi
push eax
lea eax, [ebp+var_C4]
push eax
push offset dword_4332E0
push [ebp+arg_4]
call sub_412D06
lea eax, [ebp+var_C4]
push eax
push offset dword_4332BC
push [ebp+arg_4]
call sub_412D06
push edi
push esi
push offset dword_43327C
loc_412A2A: ; CODE XREF: sub_40CE55+5C45�j
lea eax, [ebp+var_2C8]
push eax
call sub_4154E7
add esp, 30h
jmp loc_40D7F9
; ---------------------------------------------------------------------------
loc_412A3E: ; CODE XREF: sub_40CE55+5B9C�j
mov [ebp+arg_24], offset dword_42C260
loc_412A45: ; CODE XREF: sub_40CE55+5C0C�j
mov eax, [ebp+arg_24]
push edi
push dword ptr [eax]
call sub_4152EC
pop ecx
test eax, eax
pop ecx
jnz short loc_412A9C
add [ebp+arg_24], 4
cmp [ebp+arg_24], offset dword_42C264
jl short loc_412A45
lea eax, [ebp+var_C4]
push edi
push eax
lea eax, [ebp+var_C4]
push eax
push offset dword_4332E0
push [ebp+arg_4]
call sub_412D06
lea eax, [ebp+var_C4]
push eax
push offset dword_4332BC
push [ebp+arg_4]
call sub_412D06
push edi
push esi
push offset dword_43323C
jmp short loc_412A2A
; ---------------------------------------------------------------------------
loc_412A9C: ; CODE XREF: sub_40CE55+5BFF�j
mov edi, [ebp+arg_18]
xor esi, esi
loc_412AA1: ; CODE XREF: sub_40CE55+5C76�j
cmp [ebp+arg_0], ebx
jz loc_40D219
cmp [edi], bl
jnz short loc_412AC1
push [ebp+arg_0]
push offset dword_42C1BC
call sub_415910
pop ecx
test eax, eax
pop ecx
jz short loc_412AD2
loc_412AC1: ; CODE XREF: sub_40CE55+5C57�j
inc esi
add edi, 80h
cmp esi, 2
jl short loc_412AA1
jmp loc_40D219
; ---------------------------------------------------------------------------
loc_412AD2: ; CODE XREF: sub_40CE55+5C6A�j
shl esi, 7
add esi, [ebp+arg_18]
lea eax, [ebp+var_A94]
push 7Fh
push eax
push esi
call sub_416D40
add esp, 0Ch
cmp [ebp+var_8], ebx
jnz short loc_412B09
push ebx
push [ebp+var_4]
push offset dword_433208
push [ebp+var_8C]
push [ebp+arg_4]
call sub_412D4C
add esp, 14h
loc_412B09: ; CODE XREF: sub_40CE55+5C98�j
lea eax, [ebp+var_C4]
push eax
push offset dword_4331D4
jmp loc_40D402
; ---------------------------------------------------------------------------
loc_412B1A: ; CODE XREF: sub_40CE55+20E�j
; sub_40CE55+223�j
push [ebp+arg_10]
push offset dword_4331C4
push [ebp+arg_4]
call sub_412D06
push offset dword_42C23C
push [ebp+arg_10]
push offset dword_4331B4
push [ebp+arg_4]
call sub_412D06
push [ebp+arg_C]
push [ebp+arg_8]
push offset dword_436564
push [ebp+arg_4]
call sub_412D06
add esp, 2Ch
mov dword_468998, edi
jmp loc_40D0F2
sub_40CE55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412B60 proc near ; CODE XREF: sub_412B98+125�p
; sub_412B98+14C�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
sub edi, [ebp+arg_C]
test edi, edi
jle short loc_412B8E
loc_412B71: ; CODE XREF: sub_412B60+2C�j
push [ebp+arg_C]
mov eax, [ebp+arg_0]
add eax, esi
push [ebp+arg_8]
push eax
call sub_417930
add esp, 0Ch
test eax, eax
jz short loc_412B94
inc esi
cmp esi, edi
jl short loc_412B71
loc_412B8E: ; CODE XREF: sub_412B60+F�j
xor al, al
loc_412B90: ; CODE XREF: sub_412B60+36�j
pop edi
pop esi
pop ebp
retn
; ---------------------------------------------------------------------------
loc_412B94: ; CODE XREF: sub_412B60+27�j
mov al, 1
jmp short loc_412B90
sub_412B60 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412B98 proc near ; CODE XREF: sub_4033CB+8B�p
; sub_4033CB+174�p
var_2010 = byte ptr -2010h
var_200E = byte ptr -200Eh
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2010h
call sub_415D70
mov eax, [ebp+arg_4]
push esi
dec eax
push edi
jz short loc_412BD9
dec eax
jz short loc_412BB7
dec eax
loc_412BB1: ; CODE XREF: sub_412B98+57�j
xor eax, eax
loc_412BB3: ; CODE XREF: sub_412B98+3F�j
; sub_412B98+169�j
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_412BB7: ; CODE XREF: sub_412B98+16�j
push 3
push 1388h
push [ebp+arg_0]
call dword_43A3D8
push eax
call sub_4076EE
add esp, 0Ch
neg eax
sbb eax, eax
and eax, 3
jmp short loc_412BB3
; ---------------------------------------------------------------------------
loc_412BD9: ; CODE XREF: sub_412B98+13�j
push 6
push 1
push 2
call dword_43A418
mov esi, eax
or edi, 0FFFFFFFFh
cmp esi, edi
mov [ebp+arg_4], esi
jz short loc_412BB1
push ebx
xor ebx, ebx
push 10h
lea eax, [ebp+var_10]
push ebx
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_10], 2
push 87h
call dword_43A398
push [ebp+arg_0]
mov [ebp+var_E], ax
call sub_40A05B
pop ecx
mov [ebp+var_C], eax
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_43A340
cmp eax, edi
jz loc_412CF5
push ebx
push 48h
push offset dword_43658C
push esi
call dword_43A3E8
cmp eax, edi
jz loc_412CF5
mov esi, 2000h
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_43A3B0
cmp eax, edi
jz loc_412CF5
cmp [ebp+var_200E], 0Ch
jnz short loc_412CF5
push ebx
push 18h
push offset dword_4365D8
push [ebp+arg_4]
call dword_43A3E8
cmp eax, edi
jz short loc_412CF5
push ebx
lea eax, [ebp+var_2010]
push esi
push eax
push [ebp+arg_4]
call dword_43A3B0
mov esi, eax
cmp esi, edi
jz short loc_412CF5
cmp [ebp+var_200E], 2
jnz short loc_412CF5
push 10h
push offset dword_4365F4
lea eax, [ebp+var_2010]
push esi
push eax
call sub_412B60
add esp, 10h
test al, al
jz short loc_412CD5
cmp esi, 12Ch
setnl bl
inc ebx
jmp short loc_412CF5
; ---------------------------------------------------------------------------
loc_412CD5: ; CODE XREF: sub_412B98+12F�j
push 10h
push offset dword_436608
lea eax, [ebp+var_2010]
push esi
push eax
call sub_412B60
add esp, 10h
neg al
sbb eax, eax
and eax, 3
mov ebx, eax
loc_412CF5: ; CODE XREF: sub_412B98+9B�j
; sub_412B98+B2�j ...
push [ebp+arg_4]
call dword_43A430
mov eax, ebx
pop ebx
jmp loc_412BB3
sub_412B98 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412D06 proc near ; CODE XREF: sub_40CCDD+3D�p
; sub_40CE55+1CB�p ...
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 200h
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push 200h
push eax
call sub_41748F
add esp, 10h
lea eax, [ebp+var_200]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A3E8
leave
retn
sub_412D06 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412D4C proc near ; CODE XREF: sub_401000+88�p
; sub_401447+76�p ...
var_400 = byte ptr -400h
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 400h
cmp [ebp+arg_C], 0
push esi
push edi
mov edi, offset dword_436470
jnz short loc_412D67
mov edi, offset dword_436478
loc_412D67: ; CODE XREF: sub_412D4C+14�j
push edi
call sub_415CF0
push [ebp+arg_4]
mov esi, 1FAh
sub esi, eax
call sub_415CF0
push [ebp+arg_8]
sub esi, eax
lea eax, [ebp+var_400]
push offset dword_426CC0
push esi
push eax
call sub_415A6A
lea eax, [ebp+var_400]
push eax
lea eax, [ebp+var_200]
push [ebp+arg_4]
push edi
push offset dword_43661C
push eax
call sub_4154E7
add esp, 2Ch
lea eax, [ebp+var_200]
push 0
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_200]
push eax
push [ebp+arg_0]
call dword_43A3E8
cmp [ebp+arg_10], 0
pop edi
pop esi
jz short locret_412DE5
push 7D0h
call dword_421060
locret_412DE5: ; CODE XREF: sub_412D4C+8C�j
leave
retn
sub_412D4C endp
; =============== S U B R O U T I N E =======================================
sub_412DE7 proc near ; CODE XREF: sub_40CE55:loc_40ED61�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
push edi
mov edi, [esp+8+arg_4]
test edi, edi
jz short loc_412E4C
lea esi, [eax+eax*2]
push 0
shl esi, 2
push 0
push dword_436630[esi]
push edi
push eax
call sub_412E6E
add esp, 14h
test eax, eax
jnz short loc_412E2F
push edi
push dword_43662C[esi]
mov esi, offset dword_469060
push offset dword_436764
push esi
call sub_4154E7
add esp, 10h
jmp short loc_412E69
; ---------------------------------------------------------------------------
loc_412E2F: ; CODE XREF: sub_412DE7+2A�j
push eax
call sub_412F10
push eax
push edi
mov esi, offset dword_469060
push offset dword_436728
push esi
call sub_4154E7
add esp, 14h
jmp short loc_412E69
; ---------------------------------------------------------------------------
loc_412E4C: ; CODE XREF: sub_412DE7+C�j
lea eax, [eax+eax*2]
mov esi, offset dword_469060
push dword_436628[eax*4]
push offset dword_4366F0
push esi
call sub_4154E7
add esp, 0Ch
loc_412E69: ; CODE XREF: sub_412DE7+46�j
; sub_412DE7+63�j
mov eax, esi
pop edi
pop esi
retn
sub_412DE7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_412E6E proc near ; CODE XREF: sub_412DE7+20�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
call dword_43A38C
mov edi, eax
cmp edi, ebx
jnz short loc_412E95
call dword_421088
mov ebx, eax
jmp short loc_412F0A
; ---------------------------------------------------------------------------
loc_412E95: ; CODE XREF: sub_412E6E+1B�j
push esi
push 0F01FFh
push [ebp+arg_4]
push edi
call dword_43A280
mov esi, eax
cmp esi, ebx
jnz short loc_412EB5
call dword_421088
mov ebx, eax
jmp short loc_412F02
; ---------------------------------------------------------------------------
loc_412EB5: ; CODE XREF: sub_412E6E+3B�j
mov eax, [ebp+arg_0]
cmp eax, 1
jz short loc_412EE8
cmp eax, 3
jz short loc_412ED9
jle short loc_412EFB
cmp eax, 6
jg short loc_412EFB
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_8]
push esi
call dword_43A2E8
jmp short loc_412EEF
; ---------------------------------------------------------------------------
loc_412ED9: ; CODE XREF: sub_412E6E+52�j
push [ebp+arg_10]
push [ebp+arg_C]
push esi
call dword_43A288
jmp short loc_412EEF
; ---------------------------------------------------------------------------
loc_412EE8: ; CODE XREF: sub_412E6E+4D�j
push esi
call dword_43A2EC
loc_412EEF: ; CODE XREF: sub_412E6E+69�j
; sub_412E6E+78�j
test eax, eax
jnz short loc_412EFB
call dword_421088
mov ebx, eax
loc_412EFB: ; CODE XREF: sub_412E6E+54�j
; sub_412E6E+59�j ...
push esi
call dword_43A29C
loc_412F02: ; CODE XREF: sub_412E6E+45�j
push edi
call dword_43A29C
pop esi
loc_412F0A: ; CODE XREF: sub_412E6E+25�j
mov eax, ebx
pop edi
pop ebx
leave
retn
sub_412E6E endp
; =============== S U B R O U T I N E =======================================
sub_412F10 proc near ; CODE XREF: sub_412DE7+49�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 420h
cmp eax, ecx
ja loc_412FC5
jz loc_412FBE
add ecx, 0FFFFFFFBh
cmp eax, ecx
ja short loc_412F88
jz short loc_412F7E
mov ecx, eax
sub ecx, 3
jz short loc_412F74
dec ecx
dec ecx
jz short loc_412F6A
dec ecx
jz short loc_412F60
sub ecx, 51h
jz short loc_412F56
sub ecx, 24h
jnz loc_41303B ; default
; jumptable 00412FE2 cases 1,5,6,8,9,12,13,15,16
push offset dword_436C08
jmp loc_41302D
; ---------------------------------------------------------------------------
loc_412F56: ; CODE XREF: sub_412F10+31�j
push offset dword_436BDC
jmp loc_41302D
; ---------------------------------------------------------------------------
loc_412F60: ; CODE XREF: sub_412F10+2C�j
push offset dword_436BC4
jmp loc_41302D
; ---------------------------------------------------------------------------
loc_412F6A: ; CODE XREF: sub_412F10+29�j
push offset dword_436B90
jmp loc_41302D
; ---------------------------------------------------------------------------
loc_412F74: ; CODE XREF: sub_412F10+25�j
push offset dword_436B64
jmp loc_41302D
; ---------------------------------------------------------------------------
loc_412F7E: ; CODE XREF: sub_412F10+1E�j
push offset dword_436B10
jmp loc_41302D
; ---------------------------------------------------------------------------
loc_412F88: ; CODE XREF: sub_412F10+1C�j
mov ecx, eax
sub ecx, 41Ch
jz short loc_412FB7
dec ecx
jz short loc_412FB0
dec ecx
jz short loc_412FA9
dec ecx
jnz loc_41303B ; default
; jumptable 00412FE2 cases 1,5,6,8,9,12,13,15,16
push offset dword_436AF8
jmp loc_41302D
; ---------------------------------------------------------------------------
loc_412FA9: ; CODE XREF: sub_412F10+86�j
push offset dword_436AC8
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FB0: ; CODE XREF: sub_412F10+83�j
push offset dword_436A6C
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FB7: ; CODE XREF: sub_412F10+80�j
push offset dword_436A1C
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FBE: ; CODE XREF: sub_412F10+11�j
push offset dword_4369EC
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FC5: ; CODE XREF: sub_412F10+B�j
mov ecx, 45Bh
cmp eax, ecx
ja short loc_41303B ; default
; jumptable 00412FE2 cases 1,5,6,8,9,12,13,15,16
jz short loc_413028
lea ecx, [eax-422h]
cmp ecx, 11h ; switch 18 cases
ja short loc_41303B ; default
; jumptable 00412FE2 cases 1,5,6,8,9,12,13,15,16
movzx ecx, byte_41307C[ecx]
jmp off_413054[ecx*4] ; switch jump
loc_412FE9: ; DATA XREF: .nsp0:off_413054�o
push offset dword_4369C4 ; jumptable 00412FE2 case 7
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FF0: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_43696C ; jumptable 00412FE2 case 17
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FF7: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_436928 ; jumptable 00412FE2 case 10
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_412FFE: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_436908 ; jumptable 00412FE2 case 0
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_413005: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_4368E0 ; jumptable 00412FE2 case 2
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_41300C: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_436884 ; jumptable 00412FE2 case 11
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_413013: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_436858 ; jumptable 00412FE2 case 14
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_41301A: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_4367FC ; jumptable 00412FE2 case 3
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_413021: ; CODE XREF: sub_412F10+D2�j
; DATA XREF: .nsp0:off_413054�o
push offset dword_4367D8 ; jumptable 00412FE2 case 4
jmp short loc_41302D
; ---------------------------------------------------------------------------
loc_413028: ; CODE XREF: sub_412F10+BE�j
push offset dword_4367B8
loc_41302D: ; CODE XREF: sub_412F10+41�j
; sub_412F10+4B�j ...
push offset dword_4689A0
call sub_4154E7
pop ecx
pop ecx
jmp short loc_41304E
; ---------------------------------------------------------------------------
loc_41303B: ; CODE XREF: sub_412F10+36�j
; sub_412F10+89�j ...
push eax ; default
; jumptable 00412FE2 cases 1,5,6,8,9,12,13,15,16
push offset dword_436794
push offset dword_4689A0
call sub_4154E7
add esp, 0Ch
loc_41304E: ; CODE XREF: sub_412F10+129�j
mov eax, offset dword_4689A0
retn
sub_412F10 endp
; ---------------------------------------------------------------------------
off_413054 dd offset loc_412FFE ; DATA XREF: sub_412F10+D2�r
dd offset loc_413005 ; jump table for switch statement
dd offset loc_41301A
dd offset loc_413021
dd offset loc_412FE9
dd offset loc_412FF7
dd offset loc_41300C
dd offset loc_413013
dd offset loc_412FF0
dd offset loc_41303B
byte_41307C db 0, 9, 1, 2 ; DATA XREF: sub_412F10+CB�r
db 3, 9, 9, 4 ; indirect table for switch statement
db 9, 9, 5, 6
db 9, 9, 7, 9
db 9, 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41308E proc near ; CODE XREF: sub_40CE55+1F37�p
var_38C = byte ptr -38Ch
var_18C = byte ptr -18Ch
var_188 = byte ptr -188h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 38Ch
push ebx
push esi
push edi
xor ebx, ebx
push 0F003Fh
push ebx
push ebx
mov [ebp+var_8], ebx
call dword_43A38C
push ebx
mov [ebp+var_C], eax
push [ebp+arg_8]
push offset dword_436C9C
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_4130C6: ; CODE XREF: sub_41308E+120�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_24]
push eax
lea eax, [ebp+var_18C]
push 168h
push eax
push 3
push 30h
push [ebp+var_C]
call dword_43A358
test eax, eax
jnz short loc_413100
call dword_421088
cmp eax, 0EAh
jnz loc_4131B4
loc_413100: ; CODE XREF: sub_41308E+5F�j
xor edi, edi
cmp [ebp+var_4], ebx
jle loc_4131AB
lea esi, [ebp+var_188]
loc_413111: ; CODE XREF: sub_41308E+117�j
mov eax, [esi+8]
dec eax
jz short loc_41315A
dec eax
jz short loc_413153
dec eax
jz short loc_41314C
dec eax
jz short loc_413145
dec eax
jz short loc_41313E
dec eax
jz short loc_413137
dec eax
jz short loc_413130
push offset dword_436C90
jmp short loc_41315F
; ---------------------------------------------------------------------------
loc_413130: ; CODE XREF: sub_41308E+99�j
push offset dword_436C84
jmp short loc_41315F
; ---------------------------------------------------------------------------
loc_413137: ; CODE XREF: sub_41308E+96�j
push offset dword_436C78
jmp short loc_41315F
; ---------------------------------------------------------------------------
loc_41313E: ; CODE XREF: sub_41308E+93�j
push offset dword_436C6C
jmp short loc_41315F
; ---------------------------------------------------------------------------
loc_413145: ; CODE XREF: sub_41308E+90�j
push offset dword_436C60
jmp short loc_41315F
; ---------------------------------------------------------------------------
loc_41314C: ; CODE XREF: sub_41308E+8D�j
push offset dword_436C54
jmp short loc_41315F
; ---------------------------------------------------------------------------
loc_413153: ; CODE XREF: sub_41308E+8A�j
push offset dword_436C48
jmp short loc_41315F
; ---------------------------------------------------------------------------
loc_41315A: ; CODE XREF: sub_41308E+87�j
push offset dword_436C3C
loc_41315F: ; CODE XREF: sub_41308E+A0�j
; sub_41308E+A7�j ...
lea eax, [ebp+var_20]
push eax
call sub_4154E7
pop ecx
lea eax, [ebp+var_20]
pop ecx
push dword ptr [esi]
push dword ptr [esi-4]
push eax
lea eax, [ebp+var_38C]
push offset dword_436C30
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_38C]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 28h
inc edi
add esi, 24h
cmp edi, [ebp+var_4]
jl loc_413111
loc_4131AB: ; CODE XREF: sub_41308E+77�j
cmp [ebp+var_8], ebx
jnz loc_4130C6
loc_4131B4: ; CODE XREF: sub_41308E+6C�j
push [ebp+var_C]
call dword_43A29C
xor eax, eax
pop edi
cmp eax, [ebp+var_4]
pop esi
pop ebx
sbb eax, eax
neg eax
leave
retn
sub_41308E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4131CB proc near ; CODE XREF: sub_40CE55:loc_40EE43�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push esi
push edi
mov edi, [ebp+arg_4]
test edi, edi
jz loc_413264
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, 0
jz short loc_4131F4
dec eax
jnz short loc_413244
push edi
push 0
call sub_41339D
pop ecx
pop ecx
jmp short loc_413240
; ---------------------------------------------------------------------------
loc_4131F4: ; CODE XREF: sub_4131CB+18�j
cmp [ebp+arg_8], 0
jnz short loc_413232
push 24h
push edi
call sub_417080
pop ecx
test eax, eax
pop ecx
jnz short loc_413232
push 57h
pop eax
loc_41320B: ; CODE XREF: sub_4131CB+77�j
push eax
call sub_413B75
push eax
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_468C5C
push dword_436628[eax*4]
push offset dword_436D34
push esi
call sub_4154E7
add esp, 18h
jmp short loc_413284
; ---------------------------------------------------------------------------
loc_413232: ; CODE XREF: sub_4131CB+2D�j
; sub_4131CB+3B�j
push [ebp+arg_8]
push edi
push 0
call sub_4132F1
add esp, 0Ch
loc_413240: ; CODE XREF: sub_4131CB+27�j
test eax, eax
jnz short loc_41320B
loc_413244: ; CODE XREF: sub_4131CB+1B�j
lea eax, [esi+esi*2]
push edi
mov esi, offset dword_468C5C
push dword_43662C[eax*4]
push offset dword_436D04
push esi
call sub_4154E7
add esp, 10h
jmp short loc_413284
; ---------------------------------------------------------------------------
loc_413264: ; CODE XREF: sub_4131CB+A�j
mov eax, [ebp+arg_0]
mov esi, offset dword_468C5C
lea eax, [eax+eax*2]
push dword_436628[eax*4]
push offset dword_436CCC
push esi
call sub_4154E7
add esp, 0Ch
loc_413284: ; CODE XREF: sub_4131CB+65�j
; sub_4131CB+97�j
mov eax, esi
pop edi
pop esi
pop ebp
retn
sub_4131CB endp
; =============== S U B R O U T I N E =======================================
sub_41328A proc near ; CODE XREF: sub_4146BA+245�p
arg_0 = dword ptr 4
arg_C = dword ptr 10h
push esi
xor esi, esi
cmp [esp+4+arg_0], esi
jnz short loc_413297
xor eax, eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_413297: ; CODE XREF: sub_41328A+7�j
push ebx
push ebp
push edi
push esi
push esi
push esi
mov edi, dword_421138
push esi
push 0FFFFFFFFh
mov ebx, 400h
push [esp+24h+arg_0]
push ebx
push esi
call edi
test byte_468E5C, 1
mov ebp, eax
jnz short loc_4132D4
or byte_468E5C, 1
lea eax, [ebp+1]
push eax
call sub_4167C5
pop ecx
mov dword_468BFC, eax
loc_4132D4: ; CODE XREF: sub_41328A+32�j
push esi
push esi
push ebp
push dword_468BFC
push 0FFFFFFFFh
push [esp+18h+arg_C]
push ebx
push esi
call edi
mov eax, dword_468BFC
pop edi
pop ebp
pop ebx
pop esi
retn
sub_41328A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4132F1 proc near ; CODE XREF: sub_4131CB+6D�p
; sub_4149DE+18A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push edi
push [ebp+arg_0]
call sub_41335C
push [ebp+arg_4]
mov edi, eax
call sub_41335C
push 24h
mov [ebp+var_20], eax
push [ebp+arg_4]
call sub_417080
push [ebp+arg_8]
mov [ebp+var_14], 7Fh
neg eax
sbb eax, eax
and [ebp+var_18], 0
or [ebp+var_10], 0FFFFFFFFh
and [ebp+var_C], 0
and eax, 80000000h
mov [ebp+var_1C], eax
call sub_41335C
add esp, 14h
mov [ebp+var_8], eax
and [ebp+var_4], 0
lea eax, [ebp+arg_0]
push eax
lea eax, [ebp+var_20]
push eax
push 2
push edi
call dword_43A298
pop edi
leave
retn
sub_4132F1 endp
; =============== S U B R O U T I N E =======================================
sub_41335C proc near ; CODE XREF: sub_4132F1+A�p
; sub_4132F1+14�p ...
arg_0 = dword ptr 4
push ebp
mov ebp, [esp+4+arg_0]
xor eax, eax
cmp ebp, eax
jnz short loc_413369
pop ebp
retn
; ---------------------------------------------------------------------------
loc_413369: ; CODE XREF: sub_41335C+9�j
push ebx
push esi
mov esi, dword_421064
push edi
push eax
push eax
push 0FFFFFFFFh
push ebp
push 1
push eax
call esi
mov edi, eax
lea eax, [edi+edi+2]
push eax
call sub_4167C5
pop ecx
mov ebx, eax
push edi
push ebx
push 0FFFFFFFFh
push ebp
push 1
push 0
call esi
pop edi
mov eax, ebx
pop esi
pop ebx
pop ebp
retn
sub_41335C endp
; =============== S U B R O U T I N E =======================================
sub_41339D proc near ; CODE XREF: sub_4131CB+20�p
; sub_4146BA+1BB�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_41335C
push [esp+8+arg_4]
mov esi, eax
call sub_41335C
pop ecx
pop ecx
push 0
push eax
push esi
call dword_43A270
pop esi
retn
sub_41339D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4133C0 proc near ; CODE XREF: sub_40CE55+201A�p
var_210 = byte ptr -210h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 210h
push ebx
push esi
push edi
push [ebp+arg_C]
call sub_41335C
xor esi, esi
mov [ebp+var_C], eax
push esi
mov [ebp+arg_C], esi
push [ebp+arg_8]
mov [ebp+var_8], esi
mov [ebp+var_10], esi
push offset dword_436DD0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 18h
loc_4133F9: ; CODE XREF: sub_4133C0+10F�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 1F6h
push [ebp+var_C]
call dword_43A2E4
mov ebx, eax
cmp ebx, esi
jz short loc_41345C
cmp ebx, 0EAh
jz short loc_41345C
push ebx
push ebx
call sub_413B75
pop ecx
push eax
lea eax, [ebp+var_210]
push offset dword_436D94
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 24h
jmp short loc_4134C9
; ---------------------------------------------------------------------------
loc_41345C: ; CODE XREF: sub_4133C0+5D�j
; sub_4133C0+65�j
push 1
pop edi
cmp [ebp+arg_C], edi
jb short loc_4134C0
mov eax, [ebp+var_4]
lea esi, [eax+14h]
loc_41346A: ; CODE XREF: sub_4133C0+FC�j
push dword ptr [esi+10h]
call dword_43A28C
test eax, eax
mov eax, offset dword_436D90
jnz short loc_413481
mov eax, offset dword_436D8C
loc_413481: ; CODE XREF: sub_4133C0+BA�j
push eax
lea eax, [ebp+var_210]
push dword ptr [esi]
push dword ptr [esi+4]
push dword ptr [esi-14h]
push offset dword_436D74
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_210]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 2Ch
add esi, 28h
inc edi
cmp edi, [ebp+arg_C]
jbe short loc_41346A
xor esi, esi
loc_4134C0: ; CODE XREF: sub_4133C0+A2�j
push [ebp+var_4]
call dword_43A428
loc_4134C9: ; CODE XREF: sub_4133C0+9A�j
cmp ebx, 0EAh
jz loc_4133F9
xor eax, eax
cmp ebx, esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4133C0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4134E1 proc near ; CODE XREF: sub_40CE55:loc_40EEE5�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_4]
push esi
push edi
xor edi, edi
cmp ebx, edi
jz loc_413585
mov esi, [ebp+arg_0]
mov eax, esi
sub eax, edi
jz short loc_413523
dec eax
jz short loc_413518
dec eax
jnz short loc_41353E
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push ebx
push edi
call sub_413627
add esp, 14h
jmp short loc_41353A
; ---------------------------------------------------------------------------
loc_413518: ; CODE XREF: sub_4134E1+1D�j
push ebx
push edi
call sub_413606
pop ecx
pop ecx
jmp short loc_41353A
; ---------------------------------------------------------------------------
loc_413523: ; CODE XREF: sub_4134E1+1A�j
cmp [ebp+arg_8], edi
jz short loc_413537
push [ebp+arg_8]
push ebx
push edi
call sub_4135AC
add esp, 0Ch
jmp short loc_41353A
; ---------------------------------------------------------------------------
loc_413537: ; CODE XREF: sub_4134E1+45�j
push 57h
pop eax
loc_41353A: ; CODE XREF: sub_4134E1+35�j
; sub_4134E1+40�j ...
cmp eax, edi
jnz short loc_41355E
loc_41353E: ; CODE XREF: sub_4134E1+20�j
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_468E60
push dword_43662C[eax*4]
push offset dword_436E84
push esi
call sub_4154E7
add esp, 10h
jmp short loc_4135A5
; ---------------------------------------------------------------------------
loc_41355E: ; CODE XREF: sub_4134E1+5B�j
push eax
call sub_413B75
push eax
lea eax, [esi+esi*2]
push ebx
mov esi, offset dword_468E60
push dword_436628[eax*4]
push offset dword_436E44
push esi
call sub_4154E7
add esp, 18h
jmp short loc_4135A5
; ---------------------------------------------------------------------------
loc_413585: ; CODE XREF: sub_4134E1+D�j
mov eax, [ebp+arg_0]
mov esi, offset dword_468E60
lea eax, [eax+eax*2]
push dword_436628[eax*4]
push offset dword_436E08
push esi
call sub_4154E7
add esp, 0Ch
loc_4135A5: ; CODE XREF: sub_4134E1+7B�j
; sub_4134E1+A2�j
mov eax, esi
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4134E1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4135AC proc near ; CODE XREF: sub_4134E1+4C�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
and [ebp+var_4], 0
push edi
push [ebp+arg_0]
call sub_41335C
push [ebp+arg_4]
mov edi, eax
call sub_41335C
push [ebp+arg_8]
mov [ebp+var_24], eax
call sub_41335C
add esp, 0Ch
mov [ebp+var_20], eax
and [ebp+var_14], 0
and [ebp+var_10], 0
push 1
and [ebp+var_8], 0
pop eax
lea ecx, [ebp+var_4]
push ecx
lea ecx, [ebp+var_24]
push ecx
push eax
push edi
mov [ebp+var_18], eax
mov [ebp+var_C], 10001h
call dword_43A27C
pop edi
leave
retn
sub_4135AC endp
; =============== S U B R O U T I N E =======================================
sub_413606 proc near ; CODE XREF: sub_4134E1+39�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_41335C
push [esp+8+arg_4]
mov esi, eax
call sub_41335C
pop ecx
pop ecx
push eax
push esi
call dword_43A26C
pop esi
retn
sub_413606 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413627 proc near ; CODE XREF: sub_4134E1+2D�p
var_204 = byte ptr -204h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 204h
and [ebp+var_4], 0
push esi
push [ebp+arg_0]
call sub_41335C
push [ebp+arg_4]
mov esi, eax
call sub_41335C
pop ecx
pop ecx
lea ecx, [ebp+var_4]
push ecx
push 0Bh
push eax
push esi
call dword_43A3F0
test eax, eax
mov [ebp+arg_0], eax
jnz loc_4139B4
mov eax, [ebp+var_4]
test eax, eax
jz loc_4139EF
push ebx
push edi
push dword ptr [eax]
lea eax, [ebp+var_204]
push offset dword_437054
push eax
call sub_4154E7
mov esi, [ebp+arg_10]
mov edi, [ebp+arg_C]
mov ebx, [ebp+arg_8]
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+0Ch]
lea eax, [ebp+var_204]
push offset dword_437044
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+8]
lea eax, [ebp+var_204]
push offset dword_437030
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+4]
lea eax, [ebp+var_204]
push offset dword_437024
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
mov eax, [eax+10h]
sub eax, 0
jz short loc_413740
dec eax
jz short loc_413739
dec eax
jz short loc_413732
mov eax, offset dword_42C09C
jmp short loc_413745
; ---------------------------------------------------------------------------
loc_413732: ; CODE XREF: sub_413627+102�j
mov eax, offset dword_433100
jmp short loc_413745
; ---------------------------------------------------------------------------
loc_413739: ; CODE XREF: sub_413627+FF�j
mov eax, offset dword_43701C
jmp short loc_413745
; ---------------------------------------------------------------------------
loc_413740: ; CODE XREF: sub_413627+FC�j
mov eax, offset dword_437014
loc_413745: ; CODE XREF: sub_413627+109�j
; sub_413627+110�j ...
push eax
lea eax, [ebp+var_204]
push offset dword_437000
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+14h]
lea eax, [ebp+var_204]
push offset dword_436FF0
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+1Ch]
lea eax, [ebp+var_204]
push offset dword_436FDC
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+20h]
lea eax, [ebp+var_204]
push offset dword_436FCC
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+18h]
lea eax, [ebp+var_204]
push offset dword_436FB8
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+2Ch]
lea eax, [ebp+var_204]
push offset dword_436FA0
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+30h]
lea eax, [ebp+var_204]
push offset dword_436F88
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+24h]
lea eax, [ebp+var_204]
push offset dword_436F78
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+28h]
lea eax, [ebp+var_204]
push offset dword_436F68
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+34h]
lea eax, [ebp+var_204]
push offset dword_436F54
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+3Ch]
lea eax, [ebp+var_204]
push offset dword_436F40
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+38h]
lea eax, [ebp+var_204]
push offset dword_436F2C
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+4Ch]
lea eax, [ebp+var_204]
push offset dword_436F18
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
push dword ptr [eax+40h]
lea eax, [ebp+var_204]
push offset dword_436F04
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
mov eax, [ebp+var_4]
add esp, 40h
push dword ptr [eax+44h]
lea eax, [ebp+var_204]
push offset dword_436EF0
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_204]
push esi
push eax
push edi
push ebx
call sub_412D4C
add esp, 20h
pop edi
pop ebx
jmp short loc_4139E0
; ---------------------------------------------------------------------------
loc_4139B4: ; CODE XREF: sub_413627+35�j
push eax
lea eax, [ebp+var_204]
push offset dword_436EB8
push eax
call sub_4154E7
push 0
lea eax, [ebp+var_204]
push [ebp+arg_10]
push eax
push [ebp+arg_C]
push [ebp+arg_8]
call sub_412D4C
add esp, 20h
loc_4139E0: ; CODE XREF: sub_413627+38B�j
cmp [ebp+var_4], 0
jz short loc_4139EF
push [ebp+var_4]
call dword_43A428
loc_4139EF: ; CODE XREF: sub_413627+40�j
; sub_413627+3BD�j
mov eax, [ebp+arg_0]
pop esi
leave
retn
sub_413627 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4139F5 proc near ; CODE XREF: sub_40CE55+20BC�p
var_218 = byte ptr -218h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 218h
push ebx
push esi
push edi
xor esi, esi
push [ebp+arg_C]
mov [ebp+var_4], esi
call sub_41335C
push esi
mov [ebp+var_14], eax
push [ebp+arg_8]
mov [ebp+arg_C], esi
mov [ebp+var_18], esi
mov [ebp+var_10], esi
push offset dword_4370F8
mov [ebp+var_8], esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 18h
loc_413A34: ; CODE XREF: sub_4139F5+135�j
lea eax, [ebp+var_10]
push eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_4]
push 0FFFFFFFFh
push eax
push 2
push esi
push [ebp+var_14]
call dword_43A300
cmp eax, esi
mov [ebp+var_C], eax
jz short loc_413A95
cmp eax, 0EAh
jz short loc_413A95
push eax
push eax
call sub_413B75
pop ecx
push eax
lea eax, [ebp+var_218]
push offset dword_4370C0
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 24h
jmp short loc_413B10
; ---------------------------------------------------------------------------
loc_413A95: ; CODE XREF: sub_4139F5+62�j
; sub_4139F5+69�j
mov edi, [ebp+var_4]
cmp edi, esi
jz loc_413B23
xor ebx, ebx
cmp [ebp+arg_C], esi
jbe short loc_413B10
loc_413AA7: ; CODE XREF: sub_4139F5+ED�j
cmp edi, esi
jz short loc_413AE6
push dword ptr [edi]
lea eax, [ebp+var_218]
push offset dword_4370B8
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
add edi, 4
inc [ebp+var_8]
inc ebx
cmp ebx, [ebp+arg_C]
jb short loc_413AA7
jmp short loc_413B10
; ---------------------------------------------------------------------------
loc_413AE6: ; CODE XREF: sub_4139F5+B4�j
lea eax, [ebp+var_218]
push offset dword_437078
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 1Ch
loc_413B10: ; CODE XREF: sub_4139F5+9E�j
; sub_4139F5+B0�j ...
mov edi, [ebp+var_4]
cmp edi, esi
jz short loc_413B23
push edi
call dword_43A428
xor edi, edi
mov [ebp+var_4], edi
loc_413B23: ; CODE XREF: sub_4139F5+A5�j
; sub_4139F5+120�j
cmp [ebp+var_C], 0EAh
jz loc_413A34
cmp edi, esi
jz short loc_413B3B
push edi
call dword_43A428
loc_413B3B: ; CODE XREF: sub_4139F5+13D�j
push [ebp+var_8]
lea eax, [ebp+var_218]
push offset dword_437060
push eax
call sub_4154E7
push esi
lea eax, [ebp+var_218]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 20h
xor eax, eax
cmp [ebp+var_C], esi
pop edi
pop esi
setz al
pop ebx
leave
retn
sub_4139F5 endp
; =============== S U B R O U T I N E =======================================
sub_413B75 proc near ; CODE XREF: sub_4131CB+41�p
; sub_4133C0+69�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov ecx, 858h
cmp eax, ecx
ja loc_413C27
jz loc_413C20
cmp eax, 7Bh
ja short loc_413BEC
jz short loc_413BE2
cmp eax, 5
jz short loc_413BD8
cmp eax, 8
jz short loc_413BCE
cmp eax, 32h
jz short loc_413BC4
cmp eax, 35h
jz short loc_413BBA
cmp eax, 57h
jnz loc_413C76
push offset dword_4373C8
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413BBA: ; CODE XREF: sub_413B75+30�j
push offset dword_4373B0
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413BC4: ; CODE XREF: sub_413B75+2B�j
push offset dword_437388
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413BCE: ; CODE XREF: sub_413B75+26�j
push offset dword_437374
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413BD8: ; CODE XREF: sub_413B75+21�j
push offset dword_437364
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413BE2: ; CODE XREF: sub_413B75+1C�j
push offset dword_43734C
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413BEC: ; CODE XREF: sub_413B75+1A�j
sub eax, 7Ch
jz short loc_413C19
sub eax, 7C8h
jz short loc_413C12
dec eax
jz short loc_413C08
dec eax
jnz short loc_413C76
push offset dword_437334
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413C08: ; CODE XREF: sub_413B75+84�j
push offset dword_437310
jmp loc_413C97
; ---------------------------------------------------------------------------
loc_413C12: ; CODE XREF: sub_413B75+81�j
push offset dword_4372EC
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C19: ; CODE XREF: sub_413B75+7A�j
push offset dword_4372D0
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C20: ; CODE XREF: sub_413B75+11�j
push offset dword_43729C
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C27: ; CODE XREF: sub_413B75+B�j
mov ecx, 8C5h
cmp eax, ecx
ja short loc_413C60
jz short loc_413C59
sub eax, 8ADh
jz short loc_413C8B
dec eax
dec eax
jz short loc_413C52
dec eax
jz short loc_413C4B
dec eax
dec eax
jnz short loc_413C76
push offset dword_43724C
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C4B: ; CODE XREF: sub_413B75+C9�j
push offset dword_437228
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C52: ; CODE XREF: sub_413B75+C6�j
push offset dword_43720C
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C59: ; CODE XREF: sub_413B75+BB�j
push offset dword_4371B0
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C60: ; CODE XREF: sub_413B75+B9�j
sub eax, 8CAh
jz short loc_413C92
sub eax, 17h
jz short loc_413C8B
sub eax, 25h
jz short loc_413C84
sub eax, 29h
jz short loc_413C7D
loc_413C76: ; CODE XREF: sub_413B75+35�j
; sub_413B75+87�j ...
push offset dword_437194
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C7D: ; CODE XREF: sub_413B75+FF�j
push offset dword_437174
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C84: ; CODE XREF: sub_413B75+FA�j
push offset dword_437160
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C8B: ; CODE XREF: sub_413B75+C2�j
; sub_413B75+F5�j
push offset dword_43713C
jmp short loc_413C97
; ---------------------------------------------------------------------------
loc_413C92: ; CODE XREF: sub_413B75+F0�j
push offset dword_43711C
loc_413C97: ; CODE XREF: sub_413B75+40�j
; sub_413B75+4A�j ...
push offset dword_468C00
call sub_4154E7
pop ecx
mov eax, offset dword_468C00
pop ecx
retn
sub_413B75 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413CA9 proc near ; CODE XREF: sub_40CE55+20FB�p
var_718 = byte ptr -718h
var_318 = byte ptr -318h
var_108 = byte ptr -108h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 718h
push esi
push 200h
push [ebp+arg_0]
lea eax, [ebp+var_718]
push eax
call sub_4179F9
add esp, 0Ch
lea eax, [ebp+arg_0]
mov esi, 108h
push eax
lea eax, [ebp+var_108]
push eax
mov [ebp+arg_0], esi
call dword_42113C
lea eax, [ebp+var_108]
push esi
push eax
lea eax, [ebp+var_318]
push eax
call sub_4179F9
lea eax, [ebp+var_718]
push eax
call sub_4179DC
add esp, 10h
shl eax, 1
push eax
lea eax, [ebp+var_718]
push eax
lea eax, [ebp+var_318]
push 0
push eax
push 0
call dword_43A3A8
test eax, eax
jnz short loc_413D39
mov esi, offset dword_4689FC
push offset dword_437418
push esi
call sub_4154E7
pop ecx
pop ecx
jmp short loc_413D62
; ---------------------------------------------------------------------------
loc_413D39: ; CODE XREF: sub_413CA9+7A�j
lea ecx, [ebp+var_718]
push ecx
lea ecx, [ebp+var_318]
push ecx
push eax
call sub_413B75
pop ecx
mov esi, offset dword_4689FC
push eax
push offset dword_4373DC
push esi
call sub_4154E7
add esp, 14h
loc_413D62: ; CODE XREF: sub_413CA9+8E�j
mov eax, esi
pop esi
leave
retn
sub_413CA9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413D67 proc near ; CODE XREF: sub_409DF3+7�p
; sub_413DD2+5F�p ...
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
lea eax, [ebp+var_4]
push eax
push 28h
call dword_421104
push eax
call dword_43A37C
test eax, eax
jnz short loc_413D86
leave
retn
; ---------------------------------------------------------------------------
loc_413D86: ; CODE XREF: sub_413D67+1B�j
lea eax, [ebp+var_10]
push esi
push eax
xor esi, esi
push [ebp+arg_0]
push esi
call dword_43A354
test eax, eax
jz short loc_413DC4
cmp [ebp+arg_4], esi
mov [ebp+var_14], 1
jz short loc_413DAD
or [ebp+var_8], 2
jmp short loc_413DB1
; ---------------------------------------------------------------------------
loc_413DAD: ; CODE XREF: sub_413D67+3E�j
and [ebp+var_8], 0FFFFFFFDh
loc_413DB1: ; CODE XREF: sub_413D67+44�j
push esi
push esi
lea eax, [ebp+var_14]
push esi
push eax
push esi
push [ebp+var_4]
call dword_43A404
mov esi, eax
loc_413DC4: ; CODE XREF: sub_413D67+32�j
push [ebp+var_4]
call dword_42106C
mov eax, esi
pop esi
leave
retn
sub_413D67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413DD2 proc near ; CODE XREF: sub_40CE55+47D9�p
; sub_413F83+74�p
var_550 = byte ptr -550h
var_350 = dword ptr -350h
var_34C = byte ptr -34Ch
var_230 = byte ptr -230h
var_12C = dword ptr -12Ch
var_128 = byte ptr -128h
var_124 = dword ptr -124h
var_108 = byte ptr -108h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 550h
push ebx
push esi
push edi
push 49h
xor ebx, ebx
pop ecx
xor eax, eax
cmp dword_43A3B8, ebx
lea edi, [ebp+var_128]
mov [ebp+var_12C], ebx
rep stosd
mov ecx, 88h
lea edi, [ebp+var_34C]
mov [ebp+var_350], ebx
rep stosd
jz loc_413F7C
cmp dword_43A39C, ebx
jz loc_413F7C
cmp dword_43A2B8, ebx
jz loc_413F7C
push 1
push offset dword_437460
call sub_413D67
pop ecx
pop ecx
push ebx
push 0Fh
call dword_43A3B8
cmp eax, 0FFFFFFFFh
mov [ebp+var_4], eax
jz loc_413F6F
lea eax, [ebp+var_12C]
mov [ebp+var_12C], 128h
push eax
push [ebp+var_4]
call dword_43A39C
mov esi, dword_42106C
test eax, eax
jz loc_413F6A
loc_413E75: ; CODE XREF: sub_413DD2+BE�j
; sub_413DD2+CC�j ...
lea eax, [ebp+var_12C]
push eax
push [ebp+var_4]
call dword_43A2B8
test eax, eax
jz loc_413F6A
cmp [ebp+arg_10], ebx
jnz short loc_413E75
cmp [ebp+arg_C], ebx
jnz loc_413F22
cmp [ebp+arg_4], ebx
jz short loc_413E75
push [ebp+var_124]
push 8
call dword_43A3B8
cmp [ebp+arg_14], ebx
mov edi, eax
mov [ebp+var_350], 224h
jz short loc_413EDF
lea eax, [ebp+var_350]
push eax
push edi
call dword_43A264
push [ebp+var_124]
test eax, eax
jz short loc_413EE5
lea eax, [ebp+var_230]
jmp short loc_413EEB
; ---------------------------------------------------------------------------
loc_413EDF: ; CODE XREF: sub_413DD2+EB�j
push [ebp+var_124]
loc_413EE5: ; CODE XREF: sub_413DD2+103�j
lea eax, [ebp+var_108]
loc_413EEB: ; CODE XREF: sub_413DD2+10B�j
push eax
lea eax, [ebp+var_550]
push offset dword_437454
push eax
call sub_4154E7
add esp, 10h
lea eax, [ebp+var_550]
push 1
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
push edi
call esi
jmp loc_413E75
; ---------------------------------------------------------------------------
loc_413F22: ; CODE XREF: sub_413DD2+C3�j
push [ebp+arg_C]
lea eax, [ebp+var_108]
push eax
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz loc_413E75
push [ebp+var_124]
push ebx
push 1F0FFFh
call dword_42111C
push [ebp+var_4]
mov edi, eax
call esi
push ebx
push edi
call dword_421140
test eax, eax
jnz short loc_413F65
push edi
call esi
jmp short loc_413F7C
; ---------------------------------------------------------------------------
loc_413F65: ; CODE XREF: sub_413DD2+18C�j
push 1
pop eax
jmp short loc_413F7E
; ---------------------------------------------------------------------------
loc_413F6A: ; CODE XREF: sub_413DD2+9D�j
; sub_413DD2+B5�j
push [ebp+var_4]
call esi
loc_413F6F: ; CODE XREF: sub_413DD2+75�j
push ebx
push offset dword_437460
call sub_413D67
pop ecx
pop ecx
loc_413F7C: ; CODE XREF: sub_413DD2+3A�j
; sub_413DD2+46�j ...
xor eax, eax
loc_413F7E: ; CODE XREF: sub_413DD2+196�j
pop edi
pop esi
pop ebx
leave
retn
sub_413DD2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F83 proc near ; DATA XREF: sub_40CE55+538D�o
var_298 = byte ptr -298h
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 298h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
push offset dword_4374E8
rep movsd
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_298]
push eax
call sub_4154E7
xor esi, esi
pop ecx
cmp [ebp+var_8], esi
pop ecx
jnz short loc_413FE2
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_412D4C
add esp, 14h
loc_413FE2: ; CODE XREF: sub_413F83+3D�j
push [ebp+var_10]
lea eax, [ebp+var_94]
push esi
push esi
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_413DD2
add esp, 18h
test eax, eax
jnz short loc_41400A
push offset dword_4374AC
jmp short loc_41400F
; ---------------------------------------------------------------------------
loc_41400A: ; CODE XREF: sub_413F83+7E�j
push offset dword_437474
loc_41400F: ; CODE XREF: sub_413F83+85�j
lea eax, [ebp+var_298]
push eax
call sub_4154E7
cmp [ebp+var_8], esi
pop ecx
pop ecx
jnz short loc_414042
push esi
lea eax, [ebp+var_298]
push [ebp+var_C]
push eax
lea eax, [ebp+var_94]
push eax
push [ebp+var_98]
call sub_412D4C
add esp, 14h
loc_414042: ; CODE XREF: sub_413F83+9D�j
lea eax, [ebp+var_298]
push eax
call sub_40B16D
push [ebp+var_14]
call sub_4152AF
pop ecx
pop ecx
push esi
call dword_421048
pop edi
pop esi
sub_413F83 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_414061 proc near ; CODE XREF: sub_40CE55+477B�p
; sub_4150CE+53�p
arg_0 = dword ptr 4
push esi
push edi
push 1
pop edi
push [esp+8+arg_0]
push 0
push 1F0FFFh
call dword_42111C
mov esi, eax
test esi, esi
jz short loc_414093
push 0
push esi
call dword_421140
test eax, eax
jnz short loc_414093
push esi
xor edi, edi
call dword_42106C
loc_414093: ; CODE XREF: sub_414061+1A�j
; sub_414061+27�j
mov eax, edi
pop edi
pop esi
retn
sub_414061 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414098 proc near ; CODE XREF: .nsp0:004036DE�p
; sub_403C8B+16�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
call sub_415543
mov esi, [ebp+arg_0]
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
fild [ebp+var_4]
sub eax, esi
mov [ebp+arg_4], eax
fimul [ebp+arg_4]
fmul dbl_421668
call sub_415F8C
sub esi, eax
mov eax, esi
pop esi
leave
retn
sub_414098 endp
; ---------------------------------------------------------------------------
push esi
push edi
call dword_42104C
push eax
call sub_415539
mov edi, [esp+10h]
mov dword ptr [esp], offset dword_42C228
push offset dword_426CC0
push 1Ch
push edi
call sub_415A6A
xor esi, esi
add esp, 10h
cmp dword_42C1A0, esi
jle short loc_414121
loc_4140FB: ; CODE XREF: .nsp0:0041411F�j
call sub_415543
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_437584
push 1Ch
push edi
call sub_415A6A
add esp, 14h
inc esi
cmp esi, dword_42C1A0
jl short loc_4140FB
loc_414121: ; CODE XREF: .nsp0:004140F9�j
mov eax, edi
pop edi
pop esi
retn
; =============== S U B R O U T I N E =======================================
sub_414126 proc near ; CODE XREF: sub_40CE55+3D4E�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
call dword_42104C
push eax
call sub_415539
pop ecx
call sub_415543
push 3
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
xor edi, edi
idiv ecx
mov esi, edx
add esi, dword_42C1A0
test esi, esi
jle short loc_414169
loc_414153: ; CODE XREF: sub_414126+41�j
call sub_415543
push 1Ah
cdq
pop ecx
idiv ecx
add dl, 61h
mov [edi+ebx], dl
inc edi
cmp edi, esi
jl short loc_414153
loc_414169: ; CODE XREF: sub_414126+2B�j
and byte ptr [edi+ebx], 0
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_414126 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push ecx
and dword ptr [ebp-4], 0
push esi
push edi
mov dword ptr [ebp-8], 100h
call dword_42104C
push eax
call sub_415539
pop ecx
lea eax, [ebp-8]
mov esi, offset byte_43758C
push eax
push esi
call dword_42113C
movsx eax, byte_43758C
push 41h
pop ecx
push 1
pop edx
loc_4141AF: ; CODE XREF: .nsp0:004141BA�j
cmp eax, ecx
jnz short loc_4141B6
mov [ebp-4], edx
loc_4141B6: ; CODE XREF: .nsp0:004141B1�j
inc ecx
cmp ecx, 5Bh
jl short loc_4141AF
push 61h
pop ecx
loc_4141BF: ; CODE XREF: .nsp0:004141CA�j
cmp eax, ecx
jnz short loc_4141C6
mov [ebp-4], edx
loc_4141C6: ; CODE XREF: .nsp0:004141C1�j
inc ecx
cmp ecx, 7Bh
jl short loc_4141BF
mov edi, [ebp+8]
push esi
push 1Ch
push edi
call sub_415A6A
xor esi, esi
add esp, 0Ch
cmp dword_42C1A0, esi
jle short loc_41420B
loc_4141E5: ; CODE XREF: .nsp0:00414209�j
call sub_415543
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_437584
push 1Ch
push edi
call sub_415A6A
add esp, 14h
inc esi
cmp esi, dword_42C1A0
jl short loc_4141E5
loc_41420B: ; CODE XREF: .nsp0:004141E3�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
call dword_42104C
push eax
call sub_415539
pop ecx
lea eax, [ebp-0Ch]
push 0Ah
push eax
push 7
push 800h
call dword_421144
mov edi, [ebp+8]
lea eax, [ebp-0Ch]
push eax
push offset dword_437590
push 1Ch
push edi
call sub_415A6A
xor esi, esi
add esp, 10h
cmp dword_42C1A0, esi
jle short loc_414280
loc_41425A: ; CODE XREF: .nsp0:0041427E�j
call sub_415543
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_437584
push 1Ch
push edi
call sub_415A6A
add esp, 14h
inc esi
cmp esi, dword_42C1A0
jl short loc_41425A
loc_414280: ; CODE XREF: .nsp0:00414258�j
mov eax, edi
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 94h
push esi
lea eax, [ebp-94h]
push edi
push eax
mov esi, offset byte_438FBC
mov dword ptr [ebp-94h], 94h
call dword_42110C
call dword_42104C
push eax
call sub_415539
cmp dword ptr [ebp-90h], 4
pop ecx
jnz short loc_41430A
cmp dword ptr [ebp-8Ch], 0
jnz short loc_4142EA
cmp dword ptr [ebp-84h], 1
jnz short loc_4142DA
mov esi, offset dword_42B7F0
loc_4142DA: ; CODE XREF: .nsp0:004142D3�j
cmp dword ptr [ebp-84h], 2
jnz short loc_414346
mov esi, offset dword_42B7EC
jmp short loc_414346
; ---------------------------------------------------------------------------
loc_4142EA: ; CODE XREF: .nsp0:004142CA�j
cmp dword ptr [ebp-8Ch], 0Ah
jnz short loc_4142FA
mov esi, offset dword_42B7E8
jmp short loc_414346
; ---------------------------------------------------------------------------
loc_4142FA: ; CODE XREF: .nsp0:004142F1�j
cmp dword ptr [ebp-8Ch], 5Ah
jnz short loc_414341
mov esi, offset dword_42B7E4
jmp short loc_414346
; ---------------------------------------------------------------------------
loc_41430A: ; CODE XREF: .nsp0:004142C1�j
cmp dword ptr [ebp-90h], 5
jnz short loc_414341
cmp dword ptr [ebp-8Ch], 0
jnz short loc_414323
mov esi, offset dword_42B7E0
jmp short loc_414346
; ---------------------------------------------------------------------------
loc_414323: ; CODE XREF: .nsp0:0041431A�j
cmp dword ptr [ebp-8Ch], 1
jnz short loc_414333
mov esi, offset dword_42B7DC
jmp short loc_414346
; ---------------------------------------------------------------------------
loc_414333: ; CODE XREF: .nsp0:0041432A�j
cmp dword ptr [ebp-8Ch], 2
mov esi, offset dword_43759C
jz short loc_414346
loc_414341: ; CODE XREF: .nsp0:00414301�j
; .nsp0:00414311�j
mov esi, offset dword_42B7D0
loc_414346: ; CODE XREF: .nsp0:004142E1�j
; .nsp0:004142E8�j ...
mov edi, [ebp+8]
push esi
push offset dword_437594
push 1Ch
push edi
call sub_415A6A
xor esi, esi
add esp, 10h
cmp dword_42C1A0, esi
jle short loc_41438A
loc_414364: ; CODE XREF: .nsp0:00414388�j
call sub_415543
push 0Ah
cdq
pop ecx
idiv ecx
push edx
push edi
push offset dword_437584
push 1Ch
push edi
call sub_415A6A
add esp, 14h
inc esi
cmp esi, dword_42C1A0
jl short loc_414364
loc_41438A: ; CODE XREF: .nsp0:00414362�j
mov eax, edi
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414390 proc near ; CODE XREF: sub_414433+5C�p
var_1C = byte ptr -1Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push esi
call dword_42104C
xor edx, edx
mov ecx, 5265C00h
div ecx
push 0
push offset dword_429BC0
mov esi, eax
cmp esi, 64h
jbe short loc_4143DF
call dword_43A3A4
test eax, eax
mov eax, offset dword_4375A8
jnz short loc_4143C8
mov eax, offset byte_438FBC
loc_4143C8: ; CODE XREF: sub_414390+31�j
push eax
push esi
push offset dword_4375A0
lea eax, [ebp+var_1C]
push 1Ch
push eax
call sub_415A6A
add esp, 14h
jmp short loc_4143FF
; ---------------------------------------------------------------------------
loc_4143DF: ; CODE XREF: sub_414390+22�j
call dword_43A3A4
test eax, eax
mov eax, offset dword_4375A8
jnz short loc_4143F3
mov eax, offset byte_438FBC
loc_4143F3: ; CODE XREF: sub_414390+5C�j
push eax
lea eax, [ebp+var_1C]
push eax
call sub_4154E7
pop ecx
pop ecx
loc_4143FF: ; CODE XREF: sub_414390+4D�j
lea eax, [ebp+var_1C]
push eax
call sub_415CF0
pop ecx
cmp eax, 2
pop esi
jbe short loc_41442E
push 1Ch
lea eax, [ebp+var_1C]
push [ebp+arg_0]
push eax
call sub_416F10
lea eax, [ebp+var_1C]
push 1Ch
push eax
push [ebp+arg_0]
call sub_416D40
add esp, 18h
loc_41442E: ; CODE XREF: sub_414390+7D�j
mov eax, [ebp+arg_0]
leave
retn
sub_414390 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414433 proc near ; CODE XREF: sub_40CB75+7F�p
; sub_40CCDD+50�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push esi
push edi
xor edi, edi
mov esi, offset dword_43752C
loc_41443F: ; CODE XREF: sub_414433+3F�j
cmp [ebp+arg_C], 0
jz short loc_41445A
lea eax, [esi-0Ch]
push eax
push [ebp+arg_C]
call sub_415910
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_414464
; ---------------------------------------------------------------------------
loc_41445A: ; CODE XREF: sub_414433+10�j
mov ecx, [esi]
xor eax, eax
cmp ecx, [ebp+arg_4]
setz al
loc_414464: ; CODE XREF: sub_414433+25�j
test eax, eax
jnz short loc_414476
add esi, 14h
inc edi
cmp esi, offset dword_437590
jl short loc_41443F
jmp short loc_414484
; ---------------------------------------------------------------------------
loc_414476: ; CODE XREF: sub_414433+33�j
push [ebp+arg_0]
lea eax, [edi+edi*4]
call dword_437530[eax*4]
pop ecx
loc_414484: ; CODE XREF: sub_414433+41�j
cmp [ebp+arg_8], 0
pop edi
pop esi
jz short loc_414497
push [ebp+arg_0]
call sub_414390
pop ecx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_414497: ; CODE XREF: sub_414433+57�j
mov eax, [ebp+arg_0]
pop ebp
retn
sub_414433 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41449C proc near ; DATA XREF: sub_414569+7B�o
var_B8 = dword ptr -0B8h
var_B4 = byte ptr -0B4h
var_34 = dword ptr -34h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_20 = dword ptr -20h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0B8h
mov eax, [ebp+arg_0]
push esi
push edi
push 2Ah
pop ecx
mov esi, eax
lea edi, [ebp+var_B8]
push 1
rep movsd
pop esi
mov [eax+0A4h], esi
push 10h
lea eax, [ebp+var_10]
push 0
push eax
call sub_415570
add esp, 0Ch
mov [ebp+var_10], 2
push [ebp+var_34]
call dword_43A398
mov [ebp+var_E], ax
mov eax, [ebp+var_28]
push 6
push esi
push 2
mov [ebp+var_C], eax
call dword_43A418
mov esi, eax
cmp esi, 0FFFFFFFFh
jz short loc_41455A
lea eax, [ebp+var_10]
push 10h
push eax
push esi
call dword_43A340
mov ecx, [ebp+var_2C]
imul ecx, 234h
cmp eax, 0FFFFFFFFh
mov dword_43F534[ecx], esi
jz short loc_41455A
push [ebp+var_34]
push [ebp+var_28]
call dword_43A424
push eax
mov edi, offset dword_469264
push offset dword_4375AC
push edi
call sub_4154E7
push 0
lea eax, [ebp+var_B4]
push [ebp+var_20]
push edi
push eax
push [ebp+var_B8]
call sub_412D4C
push edi
call sub_40B16D
add esp, 28h
loc_41455A: ; CODE XREF: sub_41449C+5D�j
; sub_41449C+7E�j
push esi
call dword_43A430
pop edi
xor eax, eax
pop esi
leave
retn 4
sub_41449C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_414569 proc near ; DATA XREF: sub_40CE55+34B1�o
var_130 = byte ptr -130h
var_B0 = byte ptr -0B0h
var_2C = dword ptr -2Ch
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 130h
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push 2Ah
mov esi, ebx
pop ecx
lea edi, [ebp+var_B0]
rep movsd
mov esi, dword_421060
mov dword ptr [ebx+0A0h], 1
xor edi, edi
loc_414597: ; CODE XREF: sub_414569+EC�j
push [ebp+var_2C]
push [ebp+var_20]
call dword_43A424
push eax
lea eax, [ebp+var_130]
push offset dword_4375E8
push eax
call sub_4154E7
lea eax, [ebp+var_130]
push 1FFh
push eax
mov eax, [ebp+var_24]
imul eax, 234h
add eax, offset dword_43F328
push eax
call sub_416D40
add esp, 1Ch
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_B0]
push edi
push eax
push offset sub_41449C
push edi
push edi
call dword_42108C
cmp eax, edi
mov [ebp+var_4], eax
jz short loc_414603
loc_4145F8: ; CODE XREF: sub_414569+98�j
cmp [ebp+var_C], edi
jnz short loc_414603
push 32h
call esi
jmp short loc_4145F8
; ---------------------------------------------------------------------------
loc_414603: ; CODE XREF: sub_414569+8D�j
; sub_414569+92�j
push [ebp+var_4]
call dword_42106C
push dword ptr [ebx+88h]
mov [ebx+0A4h], edi
call esi
lea eax, [ebp+var_20]
push 4
push eax
lea eax, [ebp+arg_0]
push eax
call sub_4155D0
add esp, 0Ch
push [ebp+arg_0]
call dword_43A2CC
inc eax
push eax
mov [ebp+arg_0], eax
call dword_43A394
mov [ebp+arg_0], eax
lea eax, [ebp+arg_0]
push 4
push eax
lea eax, [ebp+var_20]
push eax
call sub_4155D0
add esp, 0Ch
jmp loc_414597
sub_414569 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41465A proc near ; DATA XREF: sub_40CE55+59A9�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
pop edi
pop esi
push [ebp+var_8]
cmp [ebp+var_10], 0
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
jz short loc_4146A1
call sub_4146BA
jmp short loc_4146A6
; ---------------------------------------------------------------------------
loc_4146A1: ; CODE XREF: sub_41465A+3E�j
call sub_4149DE
loc_4146A6: ; CODE XREF: sub_41465A+45�j
add esp, 10h
push [ebp+var_14]
call sub_4152AF
pop ecx
push 0
call dword_421048
sub_41465A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4146BA proc near ; CODE XREF: sub_41465A+40�p
var_214 = byte ptr -214h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 214h
push esi
push edi
xor edi, edi
cmp dword_43A468, edi
jnz loc_4147EC
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push edi
push offset dword_42C2D0
push esi
call dword_43A408
test eax, eax
jnz short loc_414745
mov ax, word_4379D0
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push edi
push offset dword_4379C4
push [ebp+var_4]
call dword_43A3BC
test eax, eax
jz short loc_414727
push offset dword_43798C
jmp short loc_41472C
; ---------------------------------------------------------------------------
loc_414727: ; CODE XREF: sub_4146BA+64�j
push offset dword_43795C
loc_41472C: ; CODE XREF: sub_4146BA+6B�j
lea eax, [ebp+var_214]
push eax
call sub_4154E7
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A374
jmp short loc_414758
; ---------------------------------------------------------------------------
loc_414745: ; CODE XREF: sub_4146BA+36�j
lea eax, [ebp+var_214]
push offset dword_437918
push eax
call sub_4154E7
pop ecx
pop ecx
loc_414758: ; CODE XREF: sub_4146BA+89�j
cmp [ebp+arg_C], edi
jnz short loc_414777
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_414777: ; CODE XREF: sub_4146BA+A1�j
lea eax, [ebp+var_214]
push eax
call sub_40B16D
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push edi
push offset dword_42C2E8
push esi
call dword_43A408
test eax, eax
jnz short loc_4147E5
lea eax, [ebp+var_8]
push 4
push eax
push 4
push edi
push offset dword_437904
push [ebp+var_4]
mov [ebp+var_8], 1
call dword_43A3BC
test eax, eax
jz short loc_4147C7
push offset dword_4378B4
jmp short loc_4147CC
; ---------------------------------------------------------------------------
loc_4147C7: ; CODE XREF: sub_4146BA+104�j
push offset dword_43786C
loc_4147CC: ; CODE XREF: sub_4146BA+10B�j
lea eax, [ebp+var_214]
push eax
call sub_4154E7
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A374
jmp short loc_4147FF
; ---------------------------------------------------------------------------
loc_4147E5: ; CODE XREF: sub_4146BA+E2�j
push offset dword_43781C
jmp short loc_4147F1
; ---------------------------------------------------------------------------
loc_4147EC: ; CODE XREF: sub_4146BA+13�j
push offset dword_4377D8
loc_4147F1: ; CODE XREF: sub_4146BA+130�j
lea eax, [ebp+var_214]
push eax
call sub_4154E7
pop ecx
pop ecx
loc_4147FF: ; CODE XREF: sub_4146BA+129�j
cmp [ebp+arg_C], edi
jnz short loc_41481E
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_41481E: ; CODE XREF: sub_4146BA+148�j
lea eax, [ebp+var_214]
push eax
call sub_40B16D
cmp dword_43A490, edi
pop ecx
jnz loc_414999
push ebx
mov [ebp+var_4], edi
mov [ebp+var_14], edi
mov [ebp+var_C], edi
loc_414841: ; CODE XREF: sub_4146BA+2C3�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_8]
push 0FFFFFFFFh
push eax
push 1F6h
push edi
call dword_43A2E4
cmp eax, edi
mov [ebp+var_10], eax
jz short loc_4148DE
cmp eax, 0EAh
jz short loc_4148DE
mov esi, offset dword_437628
loc_414872: ; CODE XREF: sub_4146BA+21D�j
push dword ptr [esi]
push edi
call sub_41339D
pop ecx
pop ecx
push dword ptr [esi]
test eax, eax
jnz short loc_414889
push offset dword_4377A0
jmp short loc_41488E
; ---------------------------------------------------------------------------
loc_414889: ; CODE XREF: sub_4146BA+1C6�j
push offset dword_437760
loc_41488E: ; CODE XREF: sub_4146BA+1CD�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_415A6A
add esp, 10h
cmp [ebp+arg_C], edi
jnz short loc_4148C1
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_4148C1: ; CODE XREF: sub_4146BA+1EB�j
lea eax, [ebp+var_214]
push eax
call sub_40B16D
add esi, 8
pop ecx
cmp esi, offset dword_437648
jl short loc_414872
jmp loc_414976
; ---------------------------------------------------------------------------
loc_4148DE: ; CODE XREF: sub_4146BA+1AA�j
; sub_4146BA+1B1�j
mov esi, [ebp+var_8]
push 1
pop ebx
cmp [ebp+var_4], ebx
jb loc_41496D
loc_4148ED: ; CODE XREF: sub_4146BA+2AF�j
mov edi, [esi]
push edi
call sub_4179DC
cmp word ptr [edi+eax*2-2], 24h
pop ecx
jnz short loc_414962
push edi
call sub_41328A
push eax
push 0
call sub_41339D
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_41491C
push offset dword_437728
jmp short loc_414921
; ---------------------------------------------------------------------------
loc_41491C: ; CODE XREF: sub_4146BA+259�j
push offset dword_4376E8
loc_414921: ; CODE XREF: sub_4146BA+260�j
lea eax, [ebp+var_214]
push 200h
push eax
call sub_415A6A
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_414955
push 1
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_414955: ; CODE XREF: sub_4146BA+27F�j
lea eax, [ebp+var_214]
push eax
call sub_40B16D
pop ecx
loc_414962: ; CODE XREF: sub_4146BA+242�j
add esi, 28h
inc ebx
cmp ebx, [ebp+var_4]
jbe short loc_4148ED
xor edi, edi
loc_41496D: ; CODE XREF: sub_4146BA+22D�j
push [ebp+var_8]
call dword_43A428
loc_414976: ; CODE XREF: sub_4146BA+21F�j
cmp [ebp+var_10], 0EAh
jz loc_414841
lea eax, [ebp+var_214]
push offset dword_4376AC
push eax
call sub_4154E7
pop ecx
pop ecx
pop ebx
jmp short loc_4149AC
; ---------------------------------------------------------------------------
loc_414999: ; CODE XREF: sub_4146BA+177�j
lea eax, [ebp+var_214]
push offset dword_437668
push eax
call sub_4154E7
pop ecx
pop ecx
loc_4149AC: ; CODE XREF: sub_4146BA+2DD�j
cmp [ebp+arg_C], edi
jnz short loc_4149CA
push edi
lea eax, [ebp+var_214]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_4149CA: ; CODE XREF: sub_4146BA+2F5�j
lea eax, [ebp+var_214]
push eax
call sub_40B16D
pop ecx
push 1
pop eax
pop edi
pop esi
leave
retn
sub_4146BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4149DE proc near ; CODE XREF: sub_41465A:loc_4146A1�p
var_220 = byte ptr -220h
var_20 = byte ptr -20h
var_14 = byte ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 220h
push ebx
xor ebx, ebx
cmp dword_43A468, ebx
push esi
jnz loc_414B0C
lea eax, [ebp+var_4]
mov esi, 80000002h
push eax
push 2001Fh
push ebx
push offset dword_42C2D0
push esi
call dword_43A408
test eax, eax
jnz short loc_414A69
mov ax, word_437BD8
mov word ptr [ebp+var_8+2], ax
lea eax, [ebp+var_8+2]
push eax
call sub_415CF0
pop ecx
push eax
lea eax, [ebp+var_8+2]
push eax
push 1
push ebx
push offset dword_4379C4
push [ebp+var_4]
call dword_43A3BC
test eax, eax
jz short loc_414A4B
push offset dword_437BA0
jmp short loc_414A50
; ---------------------------------------------------------------------------
loc_414A4B: ; CODE XREF: sub_4149DE+64�j
push offset dword_437B70
loc_414A50: ; CODE XREF: sub_4149DE+6B�j
lea eax, [ebp+var_220]
push eax
call sub_4154E7
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A374
jmp short loc_414A7C
; ---------------------------------------------------------------------------
loc_414A69: ; CODE XREF: sub_4149DE+36�j
lea eax, [ebp+var_220]
push offset dword_437918
push eax
call sub_4154E7
pop ecx
pop ecx
loc_414A7C: ; CODE XREF: sub_4149DE+89�j
cmp [ebp+arg_C], ebx
jnz short loc_414A9B
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_414A9B: ; CODE XREF: sub_4149DE+A1�j
lea eax, [ebp+var_220]
push eax
call sub_40B16D
pop ecx
lea eax, [ebp+var_4]
push eax
push 0F003Fh
push ebx
push offset dword_42C2E8
push esi
call dword_43A408
test eax, eax
jnz short loc_414B05
lea eax, [ebp+var_8]
push 4
push eax
push 4
push ebx
push offset dword_437904
push [ebp+var_4]
mov [ebp+var_8], ebx
call dword_43A3BC
test eax, eax
jz short loc_414AE7
push offset dword_437B20
jmp short loc_414AEC
; ---------------------------------------------------------------------------
loc_414AE7: ; CODE XREF: sub_4149DE+100�j
push offset dword_437AD8
loc_414AEC: ; CODE XREF: sub_4149DE+107�j
lea eax, [ebp+var_220]
push eax
call sub_4154E7
pop ecx
pop ecx
push [ebp+var_4]
call dword_43A374
jmp short loc_414B1F
; ---------------------------------------------------------------------------
loc_414B05: ; CODE XREF: sub_4149DE+E2�j
push offset dword_437A88
jmp short loc_414B11
; ---------------------------------------------------------------------------
loc_414B0C: ; CODE XREF: sub_4149DE+13�j
push offset dword_4377D8
loc_414B11: ; CODE XREF: sub_4149DE+12C�j
lea eax, [ebp+var_220]
push eax
call sub_4154E7
pop ecx
pop ecx
loc_414B1F: ; CODE XREF: sub_4149DE+125�j
cmp [ebp+arg_C], ebx
jnz short loc_414B3E
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_414B3E: ; CODE XREF: sub_4149DE+144�j
lea eax, [ebp+var_220]
push eax
call sub_40B16D
cmp dword_43A490, ebx
pop ecx
jnz loc_414CB0
push edi
mov esi, offset dword_437628
mov edi, 200h
loc_414B62: ; CODE XREF: sub_4149DE+1E9�j
push dword ptr [esi+4]
push dword ptr [esi]
push ebx
call sub_4132F1
add esp, 0Ch
push dword ptr [esi]
test eax, eax
jnz short loc_414B7D
push offset dword_437A54
jmp short loc_414B82
; ---------------------------------------------------------------------------
loc_414B7D: ; CODE XREF: sub_4149DE+196�j
push offset dword_437A18
loc_414B82: ; CODE XREF: sub_4149DE+19D�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_415A6A
add esp, 10h
cmp [ebp+arg_C], ebx
jnz short loc_414BB1
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_414BB1: ; CODE XREF: sub_4149DE+1B7�j
lea eax, [ebp+var_220]
push eax
call sub_40B16D
add esi, 8
pop ecx
cmp esi, offset dword_437638
jl short loc_414B62
call dword_421148
test eax, eax
mov [ebp+var_4], eax
mov bl, 41h
jz loc_414C98
loc_414BDC: ; CODE XREF: sub_4149DE+2B4�j
mov eax, [ebp+var_4]
and eax, 1
cmp al, 1
jnz loc_414C8D
cmp bl, 41h
jz loc_414C8D
movsx esi, bl
push esi
push offset dword_437A14
lea eax, [ebp+var_14]
push 0Ah
push eax
call sub_415A6A
push esi
push offset dword_437A0C
lea eax, [ebp+var_20]
push 0Ah
push eax
call sub_415A6A
add esp, 20h
lea eax, [ebp+var_20]
push eax
call dword_43A3F8
cmp eax, 3
jnz short loc_414C8D
lea eax, [ebp+var_20]
push eax
lea eax, [ebp+var_14]
push eax
push 0
call sub_4132F1
add esp, 0Ch
test eax, eax
lea eax, [ebp+var_14]
push eax
jnz short loc_414C4B
push offset dword_437A54
jmp short loc_414C50
; ---------------------------------------------------------------------------
loc_414C4B: ; CODE XREF: sub_4149DE+264�j
push offset dword_437A18
loc_414C50: ; CODE XREF: sub_4149DE+26B�j
lea eax, [ebp+var_220]
push edi
push eax
call sub_415A6A
add esp, 10h
cmp [ebp+arg_C], 0
jnz short loc_414C80
push 1
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_414C80: ; CODE XREF: sub_4149DE+286�j
lea eax, [ebp+var_220]
push eax
call sub_40B16D
pop ecx
loc_414C8D: ; CODE XREF: sub_4149DE+206�j
; sub_4149DE+20F�j ...
inc bl
shr [ebp+var_4], 1
jnz loc_414BDC
loc_414C98: ; CODE XREF: sub_4149DE+1F8�j
lea eax, [ebp+var_220]
push offset dword_4379D4
push eax
call sub_4154E7
pop ecx
xor ebx, ebx
pop ecx
pop edi
jmp short loc_414CC3
; ---------------------------------------------------------------------------
loc_414CB0: ; CODE XREF: sub_4149DE+173�j
lea eax, [ebp+var_220]
push offset dword_437668
push eax
call sub_4154E7
pop ecx
pop ecx
loc_414CC3: ; CODE XREF: sub_4149DE+2D0�j
cmp [ebp+arg_C], ebx
jnz short loc_414CE1
push ebx
lea eax, [ebp+var_220]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_414CE1: ; CODE XREF: sub_4149DE+2E8�j
lea eax, [ebp+var_220]
push eax
call sub_40B16D
pop ecx
push 1
pop eax
pop esi
pop ebx
leave
retn
sub_4149DE endp
; =============== S U B R O U T I N E =======================================
sub_414CF5 proc near ; CODE XREF: sub_414D15+A�p
; sub_414DED+8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push [esp+4+arg_0]
call sub_415CF0
push [esp+8+arg_4]
mov esi, eax
call sub_415CF0
pop ecx
lea eax, [esi+eax*2+0C1h]
pop ecx
pop esi
retn
sub_414CF5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414D15 proc near ; CODE XREF: sub_414E04+49�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push [ebp+arg_C]
push [ebp+arg_8]
call sub_414CF5
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
mov [ebp+var_4], eax
jbe short loc_414D32
xor eax, eax
leave
retn
; ---------------------------------------------------------------------------
loc_414D32: ; CODE XREF: sub_414D15+17�j
push ebx
push esi
push edi
push [ebp+arg_8]
call sub_415CF0
push [ebp+arg_C]
mov esi, eax
call sub_415CF0
mov edi, eax
mov ebx, [ebp+arg_0]
push 0FFFFFFEDh
lea eax, [edi+esi+12h]
mov dword_437C70, eax
lea eax, [edi+1]
mov dword_437C91, eax
lea eax, [edi+17h]
mov dword_437C89, eax
pop eax
push 74h
sub eax, edi
push offset dword_437C0C
push ebx
mov dword_437C9F, eax
call sub_4155D0
push esi
lea eax, [ebx+74h]
push [ebp+arg_8]
push eax
call sub_4155D0
add esi, 74h
push 5
push offset dword_437C80
lea eax, [esi+ebx]
push eax
call sub_4155D0
add esi, 5
push edi
push [ebp+arg_C]
lea eax, [esi+ebx]
push eax
call sub_4155D0
add esi, edi
push 10h
push offset byte_437C85
lea eax, [esi+ebx]
push eax
call sub_4155D0
add esp, 44h
add esi, 10h
push edi
lea eax, [esi+ebx]
push [ebp+arg_C]
push eax
call sub_4155D0
add esi, edi
push 38h
add esi, ebx
push offset byte_437C95
push esi
call sub_4155D0
mov eax, [ebp+var_4]
add esp, 18h
pop edi
pop esi
pop ebx
leave
retn
sub_414D15 endp
; =============== S U B R O U T I N E =======================================
sub_414DED proc near ; CODE XREF: sub_414E04+D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_4]
push [esp+4+arg_0]
call sub_414CF5
push eax
call sub_414E71
add esp, 0Ch
retn
sub_414DED endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414E04 proc near ; CODE XREF: sub_403178+32�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+arg_8]
push edi
mov edi, [ebp+arg_C]
push edi
push ebx
call sub_414DED
cmp eax, [ebp+arg_4]
pop ecx
pop ecx
ja short loc_414E24
cmp eax, 0FFFFh
jbe short loc_414E28
loc_414E24: ; CODE XREF: sub_414E04+17�j
xor eax, eax
jmp short loc_414E6D
; ---------------------------------------------------------------------------
loc_414E28: ; CODE XREF: sub_414E04+1E�j
push esi
push edi
push ebx
call sub_414CF5
add eax, 101h
push eax
call sub_415DC9
add esp, 0Ch
mov esi, eax
push edi
push ebx
push edi
push ebx
call sub_414CF5
pop ecx
pop ecx
push eax
push esi
call sub_414D15
push eax
push esi
push [ebp+arg_4]
push [ebp+arg_0]
call sub_414E8C
push esi
mov edi, eax
call sub_415E3D
add esp, 24h
mov eax, edi
pop esi
loc_414E6D: ; CODE XREF: sub_414E04+22�j
pop edi
pop ebx
pop ebp
retn
sub_414E04 endp
; =============== S U B R O U T I N E =======================================
sub_414E71 proc near ; CODE XREF: sub_414DED+E�p
; sub_414E8C+4A�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test cl, cl
jnz short loc_414E7A
inc ecx
loc_414E7A: ; CODE XREF: sub_414E71+6�j
mov eax, 0FFh
cmp eax, ecx
sbb eax, eax
and eax, 2
add eax, 15h
add eax, ecx
retn
sub_414E71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414E8C proc near ; CODE XREF: sub_414E04+56�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
cmp byte ptr [ebp+arg_C], 0Ah
jz short loc_414EA8
cmp byte ptr [ebp+arg_C], 0Dh
jz short loc_414EA8
cmp byte ptr [ebp+arg_C], 5Ch
jz short loc_414EA8
cmp byte ptr [ebp+arg_C], 0
jnz short loc_414EAB
loc_414EA8: ; CODE XREF: sub_414E8C+8�j
; sub_414E8C+E�j ...
inc [ebp+arg_C]
loc_414EAB: ; CODE XREF: sub_414E8C+1A�j
push esi
mov esi, 0FFh
cmp [ebp+arg_C], esi
jbe short loc_414ED3
mov eax, [ebp+arg_C]
shr eax, 8
cmp al, 0Ah
jz short loc_414ECC
cmp al, 0Dh
jz short loc_414ECC
cmp al, 5Ch
jz short loc_414ECC
test al, al
jnz short loc_414ED3
loc_414ECC: ; CODE XREF: sub_414E8C+32�j
; sub_414E8C+36�j ...
add [ebp+arg_C], 100h
loc_414ED3: ; CODE XREF: sub_414E8C+28�j
; sub_414E8C+3E�j
push [ebp+arg_C]
call sub_414E71
cmp eax, [ebp+arg_4]
pop ecx
mov [ebp+var_4], eax
ja short loc_414EEB
cmp eax, 0FFFFh
jbe short loc_414EF2
loc_414EEB: ; CODE XREF: sub_414E8C+56�j
xor eax, eax
jmp loc_414F90
; ---------------------------------------------------------------------------
loc_414EF2: ; CODE XREF: sub_414E8C+5D�j
mov ecx, [ebp+arg_C]
push ebx
mov bl, byte_469468
xor edx, edx
push edi
mov edi, [ebp+arg_8]
test ecx, ecx
jbe short loc_414F22
loc_414F06: ; CODE XREF: sub_414E8C+94�j
mov al, [edx+edi]
xor al, bl
jz short loc_414F19
cmp al, 0Ah
jz short loc_414F19
cmp al, 0Dh
jz short loc_414F19
cmp al, 5Ch
jnz short loc_414F1D
loc_414F19: ; CODE XREF: sub_414E8C+7F�j
; sub_414E8C+83�j ...
inc bl
xor edx, edx
loc_414F1D: ; CODE XREF: sub_414E8C+8B�j
inc edx
cmp edx, ecx
jb short loc_414F06
loc_414F22: ; CODE XREF: sub_414E8C+78�j
cmp ecx, esi
mov byte_469468, bl
ja short loc_414F4E
push 15h
push offset dword_437BF4
push [ebp+arg_0]
mov byte_437C01, cl
mov byte_437C05, bl
call sub_4155D0
add esp, 0Ch
push 15h
jmp short loc_414F6F
; ---------------------------------------------------------------------------
loc_414F4E: ; CODE XREF: sub_414E8C+9E�j
push 17h
push offset dword_437BDC
push [ebp+arg_0]
mov word_437BEA, cx
mov byte_437BEF, bl
call sub_4155D0
add esp, 0Ch
push 17h
loc_414F6F: ; CODE XREF: sub_414E8C+C0�j
xor eax, eax
pop ecx
cmp [ebp+arg_C], eax
jbe short loc_414F8B
mov edx, [ebp+arg_0]
lea esi, [ecx+edx]
loc_414F7D: ; CODE XREF: sub_414E8C+FD�j
mov cl, [eax+edi]
xor cl, bl
mov [esi+eax], cl
inc eax
cmp eax, [ebp+arg_C]
jb short loc_414F7D
loc_414F8B: ; CODE XREF: sub_414E8C+E9�j
mov eax, [ebp+var_4]
pop edi
pop ebx
loc_414F90: ; CODE XREF: sub_414E8C+61�j
pop esi
leave
retn
sub_414E8C endp
; =============== S U B R O U T I N E =======================================
sub_414F93 proc near ; CODE XREF: sub_406100+220�p
; sub_407276+F0�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
xor edi, edi
mov eax, offset dword_43F328
loc_414F9B: ; CODE XREF: sub_414F93+18�j
cmp byte ptr [eax], 0
jz short loc_414FAF
add eax, 234h
inc edi
cmp eax, offset dword_468818
jl short loc_414F9B
jmp short loc_414FFA
; ---------------------------------------------------------------------------
loc_414FAF: ; CODE XREF: sub_414F93+B�j
push esi
mov esi, edi
imul esi, 234h
push 1FFh
push [esp+0Ch+arg_0]
lea eax, dword_43F328[esi]
push eax
call sub_416D40
mov eax, [esp+14h+arg_4]
add esp, 0Ch
mov dword_43F528[esi], eax
and dword_43F52C[esi], 0
mov eax, [esp+8+arg_8]
and dword_43F530[esi], 0
mov dword_43F534[esi], eax
and byte_43F540[esi], 0
pop esi
loc_414FFA: ; CODE XREF: sub_414F93+1A�j
mov eax, edi
pop edi
retn
sub_414F93 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414FFE proc near ; DATA XREF: sub_40CE55+5631�o
var_98 = dword ptr -98h
var_94 = byte ptr -94h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 98h
mov eax, [ebp+arg_0]
push esi
push edi
push 26h
pop ecx
mov esi, eax
lea edi, [ebp+var_98]
rep movsd
push [ebp+var_10]
mov dword ptr [eax+94h], 1
lea eax, [ebp+var_94]
push [ebp+var_C]
push eax
push [ebp+var_98]
call sub_415050
push [ebp+var_14]
call sub_4152AF
add esp, 14h
push 0
call dword_421048
pop edi
pop esi
sub_414FFE endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415050 proc near ; CODE XREF: sub_414FFE+38�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 200h
push esi
push edi
push 0
push [ebp+arg_8]
push offset dword_437CD0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
xor edi, edi
mov esi, offset dword_43F328
loc_41507A: ; CODE XREF: sub_415050+78�j
cmp byte ptr [esi], 0
jz short loc_4150BB
cmp [ebp+arg_C], 0
jnz short loc_41508E
cmp dword ptr [esi+204h], 0
jnz short loc_4150BB
loc_41508E: ; CODE XREF: sub_415050+33�j
push esi
push edi
lea eax, [ebp+var_200]
push offset dword_435C9C
push eax
call sub_4154E7
push 1
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 24h
loc_4150BB: ; CODE XREF: sub_415050+2D�j
; sub_415050+3C�j
add esi, 234h
inc edi
cmp esi, offset dword_468818
jl short loc_41507A
pop edi
pop esi
leave
retn
sub_415050 endp
; =============== S U B R O U T I N E =======================================
sub_4150CE proc near ; CODE XREF: sub_40CE55+4A16�p
; sub_41515C+12�p ...
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, [esp+0Ch+arg_0]
xor ebx, ebx
xor ebp, ebp
cmp esi, ebx
jle short loc_415156
cmp esi, 12Ch
jge short loc_415156
imul esi, 234h
push edi
push ebx
push dword_43F53C[esi]
lea edi, dword_43F53C[esi]
call dword_421130
cmp [edi], ebx
jz short loc_415106
push 1
pop ebp
loc_415106: ; CODE XREF: sub_4150CE+33�j
mov [edi], ebx
lea edi, dword_43F530[esi]
mov dword_43F528[esi], ebx
mov dword_43F52C[esi], ebx
mov eax, [edi]
cmp eax, ebx
jbe short loc_415127
push eax
call sub_414061
pop ecx
loc_415127: ; CODE XREF: sub_4150CE+50�j
mov [edi], ebx
lea edi, dword_43F534[esi]
mov byte ptr dword_43F328[esi], bl
mov byte_43F540[esi], bl
push dword ptr [edi]
call dword_43A430
lea esi, dword_43F538[esi]
mov [edi], ebx
push dword ptr [esi]
call dword_43A430
mov [esi], ebx
pop edi
loc_415156: ; CODE XREF: sub_4150CE+D�j
; sub_4150CE+15�j
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_4150CE endp
; =============== S U B R O U T I N E =======================================
sub_41515C proc near ; CODE XREF: sub_409E15:loc_409E39�p
; sub_40C59A+18�p ...
push ebx
push esi
push edi
xor ebx, ebx
xor edi, edi
mov esi, offset dword_43F328
loc_415168: ; CODE XREF: sub_41515C+2A�j
cmp byte ptr [esi], 0
jz short loc_415179
push edi
call sub_4150CE
test eax, eax
pop ecx
jz short loc_415179
inc ebx
loc_415179: ; CODE XREF: sub_41515C+F�j
; sub_41515C+1A�j
add esi, 234h
inc edi
cmp esi, offset dword_468818
jl short loc_415168
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41515C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41518E proc near ; CODE XREF: sub_40CE55+1CC9�p
; sub_40CE55+1D37�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
xor ebx, ebx
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], ebx
mov esi, offset dword_43F52C
loc_4151A2: ; CODE XREF: sub_41518E+43�j
mov eax, [esi-4]
cmp eax, [ebp+arg_0]
jnz short loc_4151C4
test edi, edi
jle short loc_4151B6
cmp [esi], edi
jz short loc_4151B6
cmp ebx, edi
jnz short loc_4151C4
loc_4151B6: ; CODE XREF: sub_41518E+1E�j
; sub_41518E+22�j
push ebx
call sub_4150CE
test eax, eax
pop ecx
jz short loc_4151C4
inc [ebp+var_4]
loc_4151C4: ; CODE XREF: sub_41518E+1A�j
; sub_41518E+26�j ...
add esi, 234h
inc ebx
cmp esi, offset dword_468A1C
jl short loc_4151A2
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41518E endp
; =============== S U B R O U T I N E =======================================
sub_4151DB proc near ; CODE XREF: sub_4071FF+B�p
; sub_407276+2D�p ...
arg_0 = dword ptr 4
xor eax, eax
mov ecx, offset dword_43F528
loc_4151E2: ; CODE XREF: sub_4151DB+1C�j
mov edx, [ecx]
cmp edx, [esp+arg_0]
jnz short loc_4151EB
inc eax
loc_4151EB: ; CODE XREF: sub_4151DB+D�j
add ecx, 234h
cmp ecx, offset dword_468A18
jl short loc_4151E2
retn
sub_4151DB endp
; =============== S U B R O U T I N E =======================================
sub_4151FA proc near ; CODE XREF: sub_40CE55+50EB�p
arg_0 = dword ptr 4
xor eax, eax
push esi
xor edx, edx
mov ecx, offset dword_43F528
loc_415204: ; CODE XREF: sub_4151FA+1F�j
mov esi, [ecx]
cmp esi, [esp+4+arg_0]
jz short loc_41521D
add ecx, 234h
inc edx
cmp ecx, offset dword_468A18
jl short loc_415204
pop esi
retn
; ---------------------------------------------------------------------------
loc_41521D: ; CODE XREF: sub_4151FA+10�j
mov eax, edx
pop esi
retn
sub_4151FA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415221 proc near ; CODE XREF: sub_40CE55+1062�p
var_200 = byte ptr -200h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 200h
xor eax, eax
cmp [ebp+arg_1C], eax
jz short loc_41523A
push [ebp+arg_1C]
call sub_415A5F
pop ecx
loc_41523A: ; CODE XREF: sub_415221+E�j
push eax
push [ebp+arg_18]
call sub_41518E
pop ecx
test eax, eax
pop ecx
jle short loc_415266
push eax
lea eax, [ebp+var_200]
push [ebp+arg_14]
push [ebp+arg_10]
push offset dword_437CF8
push eax
call sub_4154E7
add esp, 14h
jmp short loc_415280
; ---------------------------------------------------------------------------
loc_415266: ; CODE XREF: sub_415221+26�j
push [ebp+arg_14]
lea eax, [ebp+var_200]
push [ebp+arg_10]
push offset dword_437CE0
push eax
call sub_4154E7
add esp, 10h
loc_415280: ; CODE XREF: sub_415221+43�j
cmp [ebp+arg_C], 0
jnz short loc_4152A0
push 0
lea eax, [ebp+var_200]
push [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_412D4C
add esp, 14h
loc_4152A0: ; CODE XREF: sub_415221+63�j
lea eax, [ebp+var_200]
push eax
call sub_40B16D
pop ecx
leave
retn
sub_415221 endp
; =============== S U B R O U T I N E =======================================
sub_4152AF proc near ; CODE XREF: sub_401000+A2�p
; sub_401447+8D�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
imul eax, 234h
mov dword_43F53C[eax], ecx
mov dword_43F528[eax], ecx
mov dword_43F52C[eax], ecx
mov dword_43F530[eax], ecx
mov dword_43F534[eax], ecx
mov dword_43F538[eax], ecx
mov byte ptr dword_43F328[eax], cl
mov byte_43F540[eax], cl
retn
sub_4152AF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4152EC proc near ; CODE XREF: sub_40CE55+5BF6�p
; sub_41541A+6B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_0]
push 1
pop eax
loc_4152F6: ; CODE XREF: sub_4152EC+68�j
mov cl, [esi]
test cl, cl
jz short loc_415356
cmp eax, 1
jnz short loc_415356
mov edx, [ebp+arg_4]
mov dl, [edx]
test dl, dl
jz short loc_415356
cmp cl, 2Ah
jz short loc_41533D
cmp cl, 3Fh
jz short loc_415320
cmp cl, 5Bh
jz short loc_415325
xor eax, eax
cmp cl, dl
setz al
loc_415320: ; CODE XREF: sub_4152EC+26�j
inc [ebp+arg_4]
jmp short loc_415350
; ---------------------------------------------------------------------------
loc_415325: ; CODE XREF: sub_4152EC+2B�j
lea eax, [ebp+arg_4]
inc esi
push eax
lea eax, [ebp+arg_0]
push eax
mov [ebp+arg_0], esi
call sub_415382
mov esi, [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_415350
; ---------------------------------------------------------------------------
loc_41533D: ; CODE XREF: sub_4152EC+21�j
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+arg_0]
push eax
call sub_41541A
mov esi, [ebp+arg_0]
pop ecx
pop ecx
dec esi
loc_415350: ; CODE XREF: sub_4152EC+37�j
; sub_4152EC+4F�j
inc esi
mov [ebp+arg_0], esi
jmp short loc_4152F6
; ---------------------------------------------------------------------------
loc_415356: ; CODE XREF: sub_4152EC+E�j
; sub_4152EC+13�j ...
cmp byte ptr [esi], 2Ah
jnz short loc_415366
cmp eax, 1
jnz short loc_41537D
inc esi
mov [ebp+arg_0], esi
jmp short loc_415356
; ---------------------------------------------------------------------------
loc_415366: ; CODE XREF: sub_4152EC+6D�j
cmp eax, 1
jnz short loc_41537D
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 0
jnz short loc_41537D
cmp byte ptr [esi], 0
jnz short loc_41537D
push 1
pop eax
jmp short loc_41537F
; ---------------------------------------------------------------------------
loc_41537D: ; CODE XREF: sub_4152EC+72�j
; sub_4152EC+7D�j ...
xor eax, eax
loc_41537F: ; CODE XREF: sub_4152EC+8F�j
pop esi
pop ebp
retn
sub_4152EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415382 proc near ; CODE XREF: sub_4152EC+45�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov edx, [ebp+arg_0]
push edi
xor edi, edi
push 1
mov ecx, [edx]
and [ebp+var_8], edi
pop eax
cmp byte ptr [ecx], 21h
mov [ebp+var_4], eax
jnz short loc_4153A3
inc ecx
mov [ebp+var_8], eax
mov [edx], ecx
loc_4153A3: ; CODE XREF: sub_415382+19�j
push ebx
push esi
loc_4153A5: ; CODE XREF: sub_415382+7B�j
mov ecx, [edx]
mov bl, [ecx]
cmp bl, 5Dh
jnz short loc_4153B3
cmp [ebp+var_4], eax
jnz short loc_4153FF
loc_4153B3: ; CODE XREF: sub_415382+2A�j
test edi, edi
jnz short loc_4153F4
cmp bl, 2Dh
jnz short loc_4153E8
mov al, [ecx+1]
lea esi, [ecx+1]
mov cl, [ecx-1]
cmp cl, al
jge short loc_4153E8
cmp al, 5Dh
jz short loc_4153E8
cmp [ebp+var_4], edi
jnz short loc_4153E8
mov ebx, [ebp+arg_4]
mov ebx, [ebx]
mov bl, [ebx]
cmp bl, cl
jl short loc_4153F4
cmp bl, al
jg short loc_4153F4
push 1
mov [edx], esi
pop edi
jmp short loc_4153F4
; ---------------------------------------------------------------------------
loc_4153E8: ; CODE XREF: sub_415382+38�j
; sub_415382+45�j ...
mov eax, [ebp+arg_4]
mov eax, [eax]
cmp bl, [eax]
jnz short loc_4153F4
push 1
pop edi
loc_4153F4: ; CODE XREF: sub_415382+33�j
; sub_415382+59�j ...
inc dword ptr [edx]
and [ebp+var_4], 0
push 1
pop eax
jmp short loc_4153A5
; ---------------------------------------------------------------------------
loc_4153FF: ; CODE XREF: sub_415382+2F�j
cmp [ebp+var_8], eax
pop esi
pop ebx
jnz short loc_41540C
mov ecx, eax
sub ecx, edi
mov edi, ecx
loc_41540C: ; CODE XREF: sub_415382+82�j
cmp edi, eax
jnz short loc_415415
mov eax, [ebp+arg_4]
inc dword ptr [eax]
loc_415415: ; CODE XREF: sub_415382+8C�j
mov eax, edi
pop edi
leave
retn
sub_415382 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41541A proc near ; CODE XREF: sub_4152EC+59�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_4], 1
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
xor ebx, ebx
loc_415436: ; CODE XREF: sub_41541A+3A�j
cmp [eax], bl
jz short loc_415456
mov cl, [ecx]
cmp cl, 3Fh
jz short loc_41544B
cmp cl, 2Ah
jnz short loc_415456
cmp cl, 3Fh
jnz short loc_41544E
loc_41544B: ; CODE XREF: sub_41541A+25�j
inc eax
mov [edi], eax
loc_41544E: ; CODE XREF: sub_41541A+2F�j
inc dword ptr [esi]
mov ecx, [esi]
mov eax, [edi]
jmp short loc_415436
; ---------------------------------------------------------------------------
loc_415456: ; CODE XREF: sub_41541A+1E�j
; sub_41541A+2A�j ...
mov eax, [esi]
cmp byte ptr [eax], 2Ah
jnz short loc_415461
inc dword ptr [esi]
jmp short loc_415456
; ---------------------------------------------------------------------------
loc_415461: ; CODE XREF: sub_41541A+41�j
mov eax, [edi]
mov cl, [eax]
cmp cl, bl
jnz short loc_415482
mov edx, [esi]
cmp [edx], bl
jz short loc_415473
xor eax, eax
jmp short loc_4154E2
; ---------------------------------------------------------------------------
loc_415473: ; CODE XREF: sub_41541A+53�j
cmp cl, bl
jnz short loc_415482
mov ecx, [esi]
cmp [ecx], bl
jnz short loc_415482
push 1
pop eax
jmp short loc_4154E2
; ---------------------------------------------------------------------------
loc_415482: ; CODE XREF: sub_41541A+4D�j
; sub_41541A+5B�j ...
push eax
push dword ptr [esi]
call sub_4152EC
pop ecx
test eax, eax
pop ecx
jnz short loc_4154CC
loc_415490: ; CODE XREF: sub_41541A+B0�j
inc dword ptr [edi]
mov eax, [edi]
loc_415494: ; CODE XREF: sub_41541A+90�j
mov ecx, [esi]
mov dl, [eax]
mov cl, [ecx]
cmp cl, dl
jz short loc_4154AC
cmp cl, 5Bh
jz short loc_4154AC
cmp dl, bl
jz short loc_4154AC
inc eax
mov [edi], eax
jmp short loc_415494
; ---------------------------------------------------------------------------
loc_4154AC: ; CODE XREF: sub_41541A+82�j
; sub_41541A+87�j ...
mov eax, [edi]
cmp [eax], bl
jz short loc_4154C3
push eax
push dword ptr [esi]
call sub_4152EC
neg eax
pop ecx
sbb eax, eax
pop ecx
inc eax
jmp short loc_4154C8
; ---------------------------------------------------------------------------
loc_4154C3: ; CODE XREF: sub_41541A+96�j
mov [ebp+var_4], ebx
xor eax, eax
loc_4154C8: ; CODE XREF: sub_41541A+A7�j
cmp eax, ebx
jnz short loc_415490
loc_4154CC: ; CODE XREF: sub_41541A+74�j
mov eax, [edi]
cmp [eax], bl
jnz short loc_4154DF
mov eax, [esi]
cmp [eax], bl
jnz short loc_4154DF
mov [ebp+var_4], 1
loc_4154DF: ; CODE XREF: sub_41541A+B6�j
; sub_41541A+BC�j
mov eax, [ebp+var_4]
loc_4154E2: ; CODE XREF: sub_41541A+57�j
; sub_41541A+66�j
pop edi
pop esi
pop ebx
leave
retn
sub_41541A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4154E7 proc near ; CODE XREF: sub_401000+61�p
; sub_4010B2+308�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
lea eax, [ebp+arg_8]
mov [ebp+var_14], 42h
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
mov [ebp+var_1C], 7FFFFFFFh
push eax
call sub_417D4C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_415527
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_415534
; ---------------------------------------------------------------------------
loc_415527: ; CODE XREF: sub_4154E7+36�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_417C37
pop ecx
pop ecx
loc_415534: ; CODE XREF: sub_4154E7+3E�j
mov eax, esi
pop esi
leave
retn
sub_4154E7 endp
; =============== S U B R O U T I N E =======================================
sub_415539 proc near ; CODE XREF: sub_401000+2E�p
; sub_401BD6+46�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_437D20, eax
retn
sub_415539 endp
; =============== S U B R O U T I N E =======================================
sub_415543 proc near ; CODE XREF: sub_4010B2+CB�p
; sub_4010B2+13F�p ...
mov eax, dword_437D20
imul eax, 343FDh
add eax, 269EC3h
mov dword_437D20, eax
sar eax, 10h
and eax, 7FFFh
retn
sub_415543 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415570 proc near ; CODE XREF: sub_4010B2+281�p
; sub_401447+180�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
arg_8 = dword ptr 0Ch
mov edx, [esp+arg_8]
mov ecx, [esp+arg_0]
test edx, edx
jz short loc_4155C3
xor eax, eax
mov al, [esp+arg_4]
push edi
mov edi, ecx
cmp edx, 4
jb short loc_4155B7
neg ecx
and ecx, 3
jz short loc_415599
sub edx, ecx
loc_415593: ; CODE XREF: sub_415570+27�j
mov [edi], al
inc edi
dec ecx
jnz short loc_415593
loc_415599: ; CODE XREF: sub_415570+1F�j
mov ecx, eax
shl eax, 8
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 3
shr ecx, 2
jz short loc_4155B7
rep stosd
test edx, edx
jz short loc_4155BD
loc_4155B7: ; CODE XREF: sub_415570+18�j
; sub_415570+3F�j ...
mov [edi], al
inc edi
dec edx
jnz short loc_4155B7
loc_4155BD: ; CODE XREF: sub_415570+45�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_4155C3: ; CODE XREF: sub_415570+A�j
mov eax, [esp+arg_0]
retn
sub_415570 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4155D0 proc near ; CODE XREF: sub_4010B2+22D�p
; sub_4010B2+23E�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4155F0
cmp edi, eax
jb loc_415768
loc_4155F0: ; CODE XREF: sub_4155D0+16�j
test edi, 3
jnz short loc_41560C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_41562C
rep movsd
jmp off_415718[edx*4]
; ---------------------------------------------------------------------------
loc_41560C: ; CODE XREF: sub_4155D0+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_415624
and eax, 3
add ecx, eax
jmp dword ptr loc_41562C+4[eax*4]
; ---------------------------------------------------------------------------
loc_415624: ; CODE XREF: sub_4155D0+46�j
jmp dword ptr loc_415728[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41562C: ; CODE XREF: sub_4155D0+31�j
; sub_4155D0+8E�j ...
jmp off_4156AC[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_415640
dd offset loc_41566C
dd offset loc_415690
; ---------------------------------------------------------------------------
loc_415640: ; DATA XREF: sub_4155D0+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_41562C
rep movsd
jmp off_415718[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41566C: ; DATA XREF: sub_4155D0+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_41562C
rep movsd
jmp off_415718[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_415690: ; DATA XREF: sub_4155D0+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_41562C
rep movsd
jmp off_415718[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4156AC dd offset loc_41570F ; DATA XREF: sub_4155D0:loc_41562C�r
dd offset loc_4156FC
dd offset loc_4156F4
dd offset loc_4156EC
dd offset loc_4156E4
dd offset loc_4156DC
dd offset loc_4156D4
dd offset loc_4156CC
; ---------------------------------------------------------------------------
loc_4156CC: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_4156D4: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_4156DC: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4156E4: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4156EC: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4156F4: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4156FC: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_41570F: ; CODE XREF: sub_4155D0:loc_41562C�j
; DATA XREF: sub_4155D0:off_4156AC�o
jmp off_415718[edx*4]
; ---------------------------------------------------------------------------
align 4
off_415718 dd offset loc_415728 ; DATA XREF: sub_4155D0+35�r
; sub_4155D0+92�r ...
dd offset loc_415730
dd offset loc_41573C
dd offset loc_415750
; ---------------------------------------------------------------------------
loc_415728: ; CODE XREF: sub_4155D0+35�j
; sub_4155D0+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_415730: ; CODE XREF: sub_4155D0+35�j
; sub_4155D0+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_41573C: ; CODE XREF: sub_4155D0+35�j
; sub_4155D0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_415750: ; CODE XREF: sub_4155D0+35�j
; sub_4155D0+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_415768: ; CODE XREF: sub_4155D0+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41579C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_415790
std
rep movsd
cld
jmp off_4158B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_415790: ; CODE XREF: sub_4155D0+1B1�j
; sub_4155D0+208�j ...
neg ecx
jmp off_415860[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41579C: ; CODE XREF: sub_4155D0+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_4157B4
and eax, 3
sub ecx, eax
jmp dword ptr loc_4157B4+4[eax*4]
; ---------------------------------------------------------------------------
loc_4157B4: ; CODE XREF: sub_4155D0+1D6�j
; DATA XREF: sub_4155D0+1DD�r
jmp off_4158B0[ecx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_4157C7+1
dd offset loc_4157E8
; ---------------------------------------------------------------------------
adc [eax+41h], bl
loc_4157C7: ; DATA XREF: sub_4155D0+1EC�o
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_415790
std
rep movsd
cld
jmp off_4158B0[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_4157E8: ; DATA XREF: sub_4155D0+1F0�o
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_415790
std
rep movsd
cld
jmp off_4158B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_415790
std
rep movsd
cld
jmp off_4158B0[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_415864
dd offset loc_41586C
dd offset loc_415874
dd offset loc_41587C
dd offset loc_415884
dd offset loc_41588C
dd offset loc_415894
off_415860 dd offset loc_4158A7 ; DATA XREF: sub_4155D0+1C2�r
; ---------------------------------------------------------------------------
loc_415864: ; DATA XREF: sub_4155D0+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41586C: ; DATA XREF: sub_4155D0+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_415874: ; DATA XREF: sub_4155D0+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41587C: ; DATA XREF: sub_4155D0+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_415884: ; DATA XREF: sub_4155D0+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41588C: ; DATA XREF: sub_4155D0+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_415894: ; DATA XREF: sub_4155D0+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4158A7: ; CODE XREF: sub_4155D0+1C2�j
; DATA XREF: sub_4155D0:off_415860�o
jmp off_4158B0[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_4158B0 dd offset loc_4158C0 ; DATA XREF: sub_4155D0+1B7�r
; sub_4155D0:loc_4157B4�r ...
dd offset loc_4158C8
dd offset loc_4158D8
dd offset loc_4158EC
; ---------------------------------------------------------------------------
loc_4158C0: ; CODE XREF: sub_4155D0+1B7�j
; sub_4155D0:loc_4157B4�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4158C8: ; CODE XREF: sub_4155D0+1B7�j
; sub_4155D0:loc_4157B4�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4158D8: ; CODE XREF: sub_4155D0+1B7�j
; sub_4155D0:loc_4157B4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4158EC: ; CODE XREF: sub_4155D0+1B7�j
; sub_4155D0:loc_4157B4�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_4155D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415910 proc near ; CODE XREF: sub_4010B2+FC�p
; sub_4010B2+118�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_0]
mov ecx, [esp+arg_4]
test edx, 3
jnz short loc_41595C
loc_415920: ; CODE XREF: sub_415910+3C�j
; sub_415910+66�j ...
mov eax, [edx]
cmp al, [ecx]
jnz short loc_415954
or al, al
jz short loc_415950
cmp ah, [ecx+1]
jnz short loc_415954
or ah, ah
jz short loc_415950
shr eax, 10h
cmp al, [ecx+2]
jnz short loc_415954
or al, al
jz short loc_415950
cmp ah, [ecx+3]
jnz short loc_415954
add ecx, 4
add edx, 4
or ah, ah
jnz short loc_415920
mov edi, edi
loc_415950: ; CODE XREF: sub_415910+18�j
; sub_415910+21�j ...
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
loc_415954: ; CODE XREF: sub_415910+14�j
; sub_415910+1D�j ...
sbb eax, eax
shl eax, 1
inc eax
retn
; ---------------------------------------------------------------------------
align 4
loc_41595C: ; CODE XREF: sub_415910+E�j
test edx, 1
jz short loc_415978
mov al, [edx]
inc edx
cmp al, [ecx]
jnz short loc_415954
inc ecx
or al, al
jz short loc_415950
test edx, 2
jz short loc_415920
loc_415978: ; CODE XREF: sub_415910+52�j
mov ax, [edx]
add edx, 2
cmp al, [ecx]
jnz short loc_415954
or al, al
jz short loc_415950
cmp ah, [ecx+1]
jnz short loc_415954
or ah, ah
jz short loc_415950
add ecx, 2
jmp short loc_415920
sub_415910 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4159A0 proc near ; CODE XREF: sub_4010B2+19E�p
; sub_4018CA+11B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
mov eax, [esp+arg_4]
mov ecx, [esp+arg_C]
or ecx, eax
mov ecx, [esp+arg_8]
jnz short loc_4159B9
mov eax, [esp+arg_0]
mul ecx
retn 10h
; ---------------------------------------------------------------------------
loc_4159B9: ; CODE XREF: sub_4159A0+E�j
push ebx
mul ecx
mov ebx, eax
mov eax, [esp+4+arg_0]
mul [esp+4+arg_C]
add ebx, eax
mov eax, [esp+4+arg_0]
mul ecx
add edx, ebx
pop ebx
retn 10h
sub_4159A0 endp
; =============== S U B R O U T I N E =======================================
sub_4159D4 proc near ; CODE XREF: sub_415A5F+4�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
loc_4159DC: ; CODE XREF: sub_4159D4+34�j
cmp dword_437F7C, 1
jle short loc_4159F4
movzx eax, byte ptr [edi]
push 8
push eax
call sub_418556
pop ecx
pop ecx
jmp short loc_415A03
; ---------------------------------------------------------------------------
loc_4159F4: ; CODE XREF: sub_4159D4+F�j
movzx eax, byte ptr [edi]
mov ecx, dword_437D70
mov al, [ecx+eax*2]
and eax, 8
loc_415A03: ; CODE XREF: sub_4159D4+1E�j
test eax, eax
jz short loc_415A0A
inc edi
jmp short loc_4159DC
; ---------------------------------------------------------------------------
loc_415A0A: ; CODE XREF: sub_4159D4+31�j
movzx esi, byte ptr [edi]
inc edi
cmp esi, 2Dh
mov ebp, esi
jz short loc_415A1A
cmp esi, 2Bh
jnz short loc_415A1E
loc_415A1A: ; CODE XREF: sub_4159D4+3F�j
movzx esi, byte ptr [edi]
inc edi
loc_415A1E: ; CODE XREF: sub_4159D4+44�j
xor ebx, ebx
loc_415A20: ; CODE XREF: sub_4159D4+7B�j
cmp dword_437F7C, 1
jle short loc_415A35
push 4
push esi
call sub_418556
pop ecx
pop ecx
jmp short loc_415A40
; ---------------------------------------------------------------------------
loc_415A35: ; CODE XREF: sub_4159D4+53�j
mov eax, dword_437D70
mov al, [eax+esi*2]
and eax, 4
loc_415A40: ; CODE XREF: sub_4159D4+5F�j
test eax, eax
jz short loc_415A51
lea eax, [ebx+ebx*4]
lea ebx, [esi+eax*2-30h]
movzx esi, byte ptr [edi]
inc edi
jmp short loc_415A20
; ---------------------------------------------------------------------------
loc_415A51: ; CODE XREF: sub_4159D4+6E�j
cmp ebp, 2Dh
mov eax, ebx
jnz short loc_415A5A
neg eax
loc_415A5A: ; CODE XREF: sub_4159D4+82�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4159D4 endp
; =============== S U B R O U T I N E =======================================
sub_415A5F proc near ; CODE XREF: sub_4013E9+12�p
; sub_4013E9+1D�p ...
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4159D4
pop ecx
retn
sub_415A5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415A6A proc near ; CODE XREF: sub_401447+318�p
; sub_401BD6+460�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = byte ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_14], 42h
mov [ebp+var_1C], eax
lea eax, [ebp+arg_C]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_8]
push eax
call sub_417D4C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_415AA9
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_415AB6
; ---------------------------------------------------------------------------
loc_415AA9: ; CODE XREF: sub_415A6A+35�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_417C37
pop ecx
pop ecx
loc_415AB6: ; CODE XREF: sub_415A6A+3D�j
mov eax, esi
pop esi
leave
retn
sub_415A6A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415AC0 proc near ; CODE XREF: sub_401BD6+2D8�p
; sub_401BD6+2F8�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push edi
push ebx
push esi
mov dl, [ecx]
mov edi, [esp+0Ch+arg_0]
test dl, dl
jz short loc_415B3A
mov dh, [ecx+1]
test dh, dh
jz short loc_415B27
loc_415AD8: ; CODE XREF: sub_415AC0+52�j
; sub_415AC0+65�j
mov esi, edi
mov ecx, [esp+0Ch+arg_4]
mov al, [edi]
inc esi
cmp al, dl
jz short loc_415AFA
test al, al
jz short loc_415AF4
loc_415AE9: ; CODE XREF: sub_415AC0+32�j
mov al, [esi]
inc esi
loc_415AEC: ; CODE XREF: sub_415AC0+3F�j
cmp al, dl
jz short loc_415AFA
test al, al
jnz short loc_415AE9
loc_415AF4: ; CODE XREF: sub_415AC0+27�j
pop esi
pop ebx
pop edi
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_415AFA: ; CODE XREF: sub_415AC0+23�j
; sub_415AC0+2E�j
mov al, [esi]
inc esi
cmp al, dh
jnz short loc_415AEC
lea edi, [esi-1]
loc_415B04: ; CODE XREF: sub_415AC0+63�j
mov ah, [ecx+2]
test ah, ah
jz short loc_415B33
mov al, [esi]
add esi, 2
cmp al, ah
jnz short loc_415AD8
mov al, [ecx+3]
test al, al
jz short loc_415B33
mov ah, [esi-1]
add ecx, 2
cmp al, ah
jz short loc_415B04
jmp short loc_415AD8
; ---------------------------------------------------------------------------
loc_415B27: ; CODE XREF: sub_415AC0+16�j
xor eax, eax
pop esi
pop ebx
pop edi
mov al, dl
jmp loc_417086
; ---------------------------------------------------------------------------
loc_415B33: ; CODE XREF: sub_415AC0+49�j
; sub_415AC0+59�j
lea eax, [edi-1]
pop esi
pop ebx
pop edi
retn
; ---------------------------------------------------------------------------
loc_415B3A: ; CODE XREF: sub_415AC0+F�j
mov eax, edi
pop esi
pop ebx
pop edi
retn
sub_415AC0 endp
; =============== S U B R O U T I N E =======================================
sub_415B40 proc near ; CODE XREF: sub_40211A+94�p
; sub_405A89+7C�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push edi
or edi, 0FFFFFFFFh
mov eax, [esi+0Ch]
test al, 40h
jz short loc_415B55
or eax, 0FFFFFFFFh
jmp short loc_415B8F
; ---------------------------------------------------------------------------
loc_415B55: ; CODE XREF: sub_415B40+E�j
test al, 83h
jz short loc_415B8D
push esi
call sub_4186E4
push esi
mov edi, eax
call sub_41867E
push dword ptr [esi+10h]
call sub_4185CB
add esp, 0Ch
test eax, eax
jge short loc_415B7B
or edi, 0FFFFFFFFh
jmp short loc_415B8D
; ---------------------------------------------------------------------------
loc_415B7B: ; CODE XREF: sub_415B40+34�j
mov eax, [esi+1Ch]
test eax, eax
jz short loc_415B8D
push eax
call sub_415E3D
and dword ptr [esi+1Ch], 0
pop ecx
loc_415B8D: ; CODE XREF: sub_415B40+17�j
; sub_415B40+39�j ...
mov eax, edi
loc_415B8F: ; CODE XREF: sub_415B40+13�j
and dword ptr [esi+0Ch], 0
pop edi
pop esi
retn
sub_415B40 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415B96 proc near ; CODE XREF: sub_40211A+8E�p
; sub_40CE55+2A01�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push esi
push edi
push [ebp+arg_0]
call sub_4187B6
mov esi, eax
lea eax, [ebp+arg_8]
push eax
push [ebp+arg_4]
push [ebp+arg_0]
call sub_417D4C
push [ebp+arg_0]
mov edi, eax
push esi
call sub_418843
add esp, 18h
mov eax, edi
pop edi
pop esi
pop ebp
retn
sub_415B96 endp
; =============== S U B R O U T I N E =======================================
sub_415BC8 proc near ; CODE XREF: sub_415BE8+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
call sub_4189F0
test eax, eax
jnz short loc_415BD2
retn
; ---------------------------------------------------------------------------
loc_415BD2: ; CODE XREF: sub_415BC8+7�j
push eax
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_418880
add esp, 10h
retn
sub_415BC8 endp
; =============== S U B R O U T I N E =======================================
sub_415BE8 proc near ; CODE XREF: sub_40211A+54�p
; sub_405A89+2A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push 40h
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_415BC8
add esp, 0Ch
retn
sub_415BE8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415C00 proc near ; CODE XREF: sub_405B23+2BF�p
; sub_4099AA+75�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
jmp short loc_415C71
sub_415C00 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415C10 proc near ; CODE XREF: sub_40211A+32�p
; sub_40211A+43�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_0]
push edi
test ecx, 3
jz short loc_415C2C
loc_415C1D: ; CODE XREF: sub_415C10+1A�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_415C5F
test ecx, 3
jnz short loc_415C1D
loc_415C2C: ; CODE XREF: sub_415C10+B�j
; sub_415C10+32�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_415C2C
mov eax, [ecx-4]
test al, al
jz short loc_415C6E
test ah, ah
jz short loc_415C69
test eax, 0FF0000h
jz short loc_415C64
test eax, 0FF000000h
jz short loc_415C5F
jmp short loc_415C2C
; ---------------------------------------------------------------------------
loc_415C5F: ; CODE XREF: sub_415C10+12�j
; sub_415C10+4B�j
lea edi, [ecx-1]
jmp short loc_415C71
; ---------------------------------------------------------------------------
loc_415C64: ; CODE XREF: sub_415C10+44�j
lea edi, [ecx-2]
jmp short loc_415C71
; ---------------------------------------------------------------------------
loc_415C69: ; CODE XREF: sub_415C10+3D�j
lea edi, [ecx-3]
jmp short loc_415C71
; ---------------------------------------------------------------------------
loc_415C6E: ; CODE XREF: sub_415C10+39�j
lea edi, [ecx-4]
loc_415C71: ; CODE XREF: sub_415C00+5�j
; sub_415C10+52�j ...
mov ecx, [esp+4+arg_4]
test ecx, 3
jz short loc_415C96
loc_415C7D: ; CODE XREF: sub_415C10+7D�j
mov dl, [ecx]
inc ecx
test dl, dl
jz short loc_415CE8
mov [edi], dl
inc edi
test ecx, 3
jnz short loc_415C7D
jmp short loc_415C96
; ---------------------------------------------------------------------------
loc_415C91: ; CODE XREF: sub_415C10+9E�j
; sub_415C10+B8�j
mov [edi], edx
add edi, 4
loc_415C96: ; CODE XREF: sub_415C10+6B�j
; sub_415C10+7F�j
mov edx, 7EFEFEFFh
mov eax, [ecx]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [ecx]
add ecx, 4
test eax, 81010100h
jz short loc_415C91
test dl, dl
jz short loc_415CE8
test dh, dh
jz short loc_415CDF
test edx, 0FF0000h
jz short loc_415CD2
test edx, 0FF000000h
jz short loc_415CCA
jmp short loc_415C91
; ---------------------------------------------------------------------------
loc_415CCA: ; CODE XREF: sub_415C10+B6�j
mov [edi], edx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_415CD2: ; CODE XREF: sub_415C10+AE�j
mov [edi], dx
mov eax, [esp+4+arg_0]
mov byte ptr [edi+2], 0
pop edi
retn
; ---------------------------------------------------------------------------
loc_415CDF: ; CODE XREF: sub_415C10+A6�j
mov [edi], dx
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_415CE8: ; CODE XREF: sub_415C10+72�j
; sub_415C10+A2�j
mov [edi], dl
mov eax, [esp+4+arg_0]
pop edi
retn
sub_415C10 endp
; =============== S U B R O U T I N E =======================================
sub_415CF0 proc near ; CODE XREF: sub_4021FB+1A7�p
; sub_4021FB:loc_4023B5�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
test ecx, 3
jz short loc_415D10
loc_415CFC: ; CODE XREF: sub_415CF0+19�j
mov al, [ecx]
inc ecx
test al, al
jz short loc_415D43
test ecx, 3
jnz short loc_415CFC
add eax, 0
loc_415D10: ; CODE XREF: sub_415CF0+A�j
; sub_415CF0+36�j ...
mov eax, [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add ecx, 4
test eax, 81010100h
jz short loc_415D10
mov eax, [ecx-4]
test al, al
jz short loc_415D61
test ah, ah
jz short loc_415D57
test eax, 0FF0000h
jz short loc_415D4D
test eax, 0FF000000h
jz short loc_415D43
jmp short loc_415D10
; ---------------------------------------------------------------------------
loc_415D43: ; CODE XREF: sub_415CF0+11�j
; sub_415CF0+4F�j
lea eax, [ecx-1]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_415D4D: ; CODE XREF: sub_415CF0+48�j
lea eax, [ecx-2]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_415D57: ; CODE XREF: sub_415CF0+41�j
lea eax, [ecx-3]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
; ---------------------------------------------------------------------------
loc_415D61: ; CODE XREF: sub_415CF0+3D�j
lea eax, [ecx-4]
mov ecx, [esp+arg_0]
sub eax, ecx
retn
sub_415CF0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_415D70 proc near ; CODE XREF: sub_4024DC+8�p
; sub_402988+8�p ...
arg_0 = byte ptr 4
push ecx
cmp eax, 1000h
lea ecx, [esp+4+arg_0]
jb short loc_415D90
loc_415D7C: ; CODE XREF: sub_415D70+1E�j
sub ecx, 1000h
sub eax, 1000h
test [ecx], eax
cmp eax, 1000h
jnb short loc_415D7C
loc_415D90: ; CODE XREF: sub_415D70+A�j
sub ecx, eax
mov eax, esp
test [ecx], eax
mov esp, ecx
mov ecx, [eax]
mov eax, [eax+4]
push eax
retn
sub_415D70 endp
; =============== S U B R O U T I N E =======================================
sub_415D9F proc near ; CODE XREF: sub_402FDD+7A�p
; sub_402FDD+8A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
mov ecx, eax
cmp word ptr [eax], 0
jz short loc_415DB3
loc_415DAB: ; CODE XREF: sub_415D9F+12�j
inc ecx
inc ecx
cmp word ptr [ecx], 0
jnz short loc_415DAB
loc_415DB3: ; CODE XREF: sub_415D9F+A�j
mov edx, [esp+arg_4]
push esi
loc_415DB8: ; CODE XREF: sub_415D9F+26�j
mov si, [edx]
mov [ecx], si
inc ecx
inc ecx
inc edx
inc edx
test si, si
jnz short loc_415DB8
pop esi
retn
sub_415D9F endp
; =============== S U B R O U T I N E =======================================
sub_415DC9 proc near ; CODE XREF: sub_403178+220�p
; sub_4033CB+C1�p ...
arg_0 = dword ptr 4
push dword_4694F4
push [esp+4+arg_0]
call sub_415DDB
pop ecx
pop ecx
retn
sub_415DC9 endp
; =============== S U B R O U T I N E =======================================
sub_415DDB proc near ; CODE XREF: sub_415DC9+A�p
; sub_4167C5+6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFE0h
ja short loc_415E04
loc_415DE2: ; CODE XREF: sub_415DDB+27�j
push [esp+arg_0]
call sub_415E07
test eax, eax
pop ecx
jnz short locret_415E06
cmp [esp+arg_4], eax
jz short locret_415E06
push [esp+arg_0]
call sub_418A68
test eax, eax
pop ecx
jnz short loc_415DE2
loc_415E04: ; CODE XREF: sub_415DDB+5�j
xor eax, eax
locret_415E06: ; CODE XREF: sub_415DDB+13�j
; sub_415DDB+19�j
retn
sub_415DDB endp
; =============== S U B R O U T I N E =======================================
sub_415E07 proc near ; CODE XREF: sub_415DDB+B�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
cmp esi, dword_437F8C
ja short loc_415E1F
push esi
call sub_418E53
test eax, eax
pop ecx
jnz short loc_415E3B
loc_415E1F: ; CODE XREF: sub_415E07+B�j
test esi, esi
jnz short loc_415E26
push 1
pop esi
loc_415E26: ; CODE XREF: sub_415E07+1A�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_46AB00
call dword_42114C
loc_415E3B: ; CODE XREF: sub_415E07+16�j
pop esi
retn
sub_415E07 endp
; =============== S U B R O U T I N E =======================================
sub_415E3D proc near ; CODE XREF: sub_4033CB+10E�p
; sub_4033CB+116�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_415E6A
push esi
call sub_418AFD
pop ecx
test eax, eax
push esi
jz short loc_415E5C
push eax
call sub_418B28
pop ecx
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_415E5C: ; CODE XREF: sub_415E3D+13�j
push 0
push dword_46AB00
call dword_421150
loc_415E6A: ; CODE XREF: sub_415E3D+7�j
pop esi
retn
sub_415E3D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_415E6C(double)
sub_415E6C proc near ; CODE XREF: sub_40465E+38�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_437D30
call sub_419E26
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_415EF2
call sub_419CEE
pop ecx
test eax, eax
pop ecx
jle short loc_415ED5
cmp eax, 2
jle short loc_415EC7
cmp eax, 3
jnz short loc_415ED5
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Bh ; double
call sub_4195FE
add esp, 10h
jmp short loc_415F37
; ---------------------------------------------------------------------------
loc_415EC7: ; CODE XREF: sub_415E6C+3F�j
push esi
push ebx
call sub_419E26
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_415F37
; ---------------------------------------------------------------------------
loc_415ED5: ; CODE XREF: sub_415E6C+3A�j
; sub_415E6C+44�j
fld [ebp+arg_0]
fadd dbl_421670
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Bh
push 8
jmp short loc_415F2F
; ---------------------------------------------------------------------------
loc_415EF2: ; CODE XREF: sub_415E6C+2F�j
call sub_419CB3
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_415F15
loc_415F07: ; CODE XREF: sub_415E6C+AC�j
push esi
push ebx
call sub_419E26
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_415F37
; ---------------------------------------------------------------------------
loc_415F15: ; CODE XREF: sub_415E6C+99�j
test bl, 20h
jnz short loc_415F07
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Bh ; int
push 10h ; int
loc_415F2F: ; CODE XREF: sub_415E6C+84�j
call sub_419651
add esp, 1Ch
loc_415F37: ; CODE XREF: sub_415E6C+59�j
; sub_415E6C+67�j ...
pop esi
pop ebx
leave
retn
sub_415E6C endp
; ---------------------------------------------------------------------------
call sub_415F53
call sub_419EEF
mov dword_469474, eax
call sub_419E9F
fnclex
retn
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_415F53 proc near ; CODE XREF: .nsp0:00415F3B�p
mov eax, offset sub_41A2DD
mov dword_4380AC, offset loc_419F72
mov dword_4380A8, eax
mov dword_4380B0, offset sub_419FD8
mov dword_4380B4, offset sub_419F18
mov dword_4380B8, offset loc_419FC0
mov dword_4380BC, eax
retn
sub_415F53 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_415F8C proc near ; CODE XREF: sub_40465E+1B�p
; sub_40465E+44�p ...
var_C = qword ptr -0Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
fstcw [ebp+var_2]
wait
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [ebp+var_C]
fldcw [ebp+var_2]
mov eax, dword ptr [ebp+var_C]
mov edx, dword ptr [ebp+var_C+4]
leave
retn
sub_415F8C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_415FB3(double)
sub_415FB3 proc near ; CODE XREF: sub_4046AA+82�p
var_24 = qword ptr -24h
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, 0FFFFh
push esi
push dword_437D48
call sub_419E26
fld [ebp+arg_0]
pop ecx
mov ebx, eax
mov eax, dword ptr [ebp+arg_0+6]
pop ecx
push ecx
and ax, 7FF0h
push ecx
cmp ax, 7FF0h
fstp [esp+18h+var_18]
jnz short loc_416039
call sub_419CEE
pop ecx
test eax, eax
pop ecx
jle short loc_41601C
cmp eax, 2
jle short loc_41600E
cmp eax, 3
jnz short loc_41601C
fld [ebp+arg_0]
push ebx
push ecx ; int
push ecx
fstp qword ptr [esp]
push 0Ch ; double
call sub_4195FE
add esp, 10h
jmp short loc_41607E
; ---------------------------------------------------------------------------
loc_41600E: ; CODE XREF: sub_415FB3+3F�j
push esi
push ebx
call sub_419E26
fld [ebp+arg_0]
pop ecx
pop ecx
jmp short loc_41607E
; ---------------------------------------------------------------------------
loc_41601C: ; CODE XREF: sub_415FB3+3A�j
; sub_415FB3+44�j
fld [ebp+arg_0]
fadd dbl_421670
push ebx
push ecx ; double
push ecx
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx
fstp [esp+24h+var_24]
push 0Ch
push 8
jmp short loc_416076
; ---------------------------------------------------------------------------
loc_416039: ; CODE XREF: sub_415FB3+2F�j
call sub_419CB3
fstp [ebp+var_8]
fld [ebp+var_8]
fcomp [ebp+arg_0]
pop ecx
pop ecx
fnstsw ax
sahf
jnz short loc_41605C
loc_41604E: ; CODE XREF: sub_415FB3+AC�j
push esi
push ebx
call sub_419E26
fld [ebp+var_8]
pop ecx
pop ecx
jmp short loc_41607E
; ---------------------------------------------------------------------------
loc_41605C: ; CODE XREF: sub_415FB3+99�j
test bl, 20h
jnz short loc_41604E
fld [ebp+var_8]
push ebx ; int
push ecx
push ecx ; double
fstp qword ptr [esp]
fld [ebp+arg_0]
push ecx
push ecx ; double
fstp [esp+24h+var_24]
push 0Ch ; int
push 10h ; int
loc_416076: ; CODE XREF: sub_415FB3+84�j
call sub_419651
add esp, 1Ch
loc_41607E: ; CODE XREF: sub_415FB3+59�j
; sub_415FB3+67�j ...
pop esi
pop ebx
leave
retn
sub_415FB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416082 proc near ; CODE XREF: sub_41A74E+71�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov ebx, large fs:0
mov eax, [ebx]
mov large fs:0, eax
mov eax, [ebp+arg_0]
mov ebx, [ebp+arg_4]
mov esp, [ebx-4]
mov ebp, [ebp+var_4]
jmp eax
sub_416082 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_4160B6 proc near ; CODE XREF: sub_41A8FF+199�p
; sub_41AAC3+3E�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4160B6 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4160BD proc near ; CODE XREF: sub_41A8FF+17F�p
arg_4 = dword ptr 8
pop eax
pop ecx
xchg eax, [esp-8+arg_4]
jmp eax
sub_4160BD endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4160C4 proc near ; CODE XREF: sub_416276+5C�p
; sub_41A74E:loc_41A77F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov eax, large fs:0
mov [ebp+var_8], eax
mov [ebp+var_4], offset loc_4160EC
push 0
push [ebp+arg_4]
push [ebp+var_4]
push [ebp+arg_0]
call near ptr dword_42010C
loc_4160EC: ; DATA XREF: sub_4160C4+11�o
mov eax, [ebp+arg_4]
mov eax, [eax+4]
and al, 0FDh
mov ecx, [ebp+arg_4]
mov [ecx+4], eax
mov eax, large fs:0
mov ebx, [ebp+var_8]
mov [ebx], eax
mov large fs:0, ebx
pop edi
pop esi
pop ebx
leave
retn 8
sub_4160C4 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 4
push ebx
push esi
push edi
cld
mov [ebp-4], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-4]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+8]
call sub_41A353
add esp, 20h
mov [ebp+14h], eax
pop edi
pop esi
pop ebx
mov eax, [ebp+14h]
mov esp, ebp
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416149 proc near ; CODE XREF: sub_41A7C9+73�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 14h
mov eax, [ebp+arg_4]
and [ebp+var_14], 0
mov ecx, [ebp+arg_0]
mov [ebp+var_C], eax
mov eax, [ebp+arg_C]
mov [ebp+var_10], offset sub_41619D
inc eax
mov [ebp+var_8], ecx
mov [ebp+var_4], eax
mov eax, large fs:0
mov [ebp+var_14], eax
lea eax, [ebp+var_14]
mov large fs:0, eax
push [ebp+arg_10]
push ecx
push [ebp+arg_8]
call sub_41AB50
mov ecx, eax
mov eax, [ebp+var_14]
mov large fs:0, eax
mov eax, ecx
leave
retn
sub_416149 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41619D proc near ; DATA XREF: sub_416149+16�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cld
mov eax, [ebp+arg_4]
push 0
push eax
push dword ptr [eax+10h]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41A353
add esp, 20h
pop ebp
retn
sub_41619D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4161C2 proc near ; CODE XREF: sub_41A595+25�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 34h
push ebx
push esi
push edi
and [ebp+var_28], 0
mov [ebp+var_24], offset sub_416276
mov eax, [ebp+arg_10]
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
mov eax, [ebp+arg_14]
mov [ebp+var_18], eax
mov eax, [ebp+arg_18]
mov [ebp+var_14], eax
and [ebp+var_10], 0
and [ebp+var_C], 0
and [ebp+var_8], 0
and [ebp+var_4], 0
mov [ebp+var_10], offset loc_416248
mov [ebp+var_C], esp
mov [ebp+var_8], ebp
mov eax, large fs:0
mov [ebp+var_28], eax
lea eax, [ebp+var_28]
mov large fs:0, eax
mov [ebp+var_34], 1
mov eax, [ebp+arg_0]
mov [ebp+var_30], eax
mov eax, [ebp+arg_8]
mov [ebp+var_2C], eax
lea eax, [ebp+var_30]
push eax
mov eax, [ebp+arg_0]
push dword ptr [eax]
call dword_469514
pop ecx
pop ecx
and [ebp+var_34], 0
loc_416248: ; DATA XREF: sub_4161C2+3C�o
cmp [ebp+var_4], 0
jz short loc_416265
mov ebx, large fs:0
mov eax, [ebx]
mov ebx, [ebp+var_28]
mov [ebx], eax
mov large fs:0, ebx
jmp short loc_41626E
; ---------------------------------------------------------------------------
loc_416265: ; CODE XREF: sub_4161C2+8A�j
mov eax, [ebp+var_28]
mov large fs:0, eax
loc_41626E: ; CODE XREF: sub_4161C2+A1�j
mov eax, [ebp+var_34]
pop edi
pop esi
pop ebx
leave
retn
sub_4161C2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416276 proc near ; DATA XREF: sub_4161C2+D�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ebx
push esi
push edi
cld
mov eax, [ebp+arg_0]
mov eax, [eax+4]
and eax, 66h
test eax, eax
jz short loc_416299
mov eax, [ebp+arg_4]
mov dword ptr [eax+24h], 1
push 1
pop eax
jmp short loc_4162E6
; ---------------------------------------------------------------------------
loc_416299: ; CODE XREF: sub_416276+12�j
push 1
mov eax, [ebp+arg_4]
push dword ptr [eax+14h]
mov eax, [ebp+arg_4]
push dword ptr [eax+10h]
mov eax, [ebp+arg_4]
push dword ptr [eax+8]
push 0
push [ebp+arg_8]
mov eax, [ebp+arg_4]
push dword ptr [eax+0Ch]
push [ebp+arg_0]
call sub_41A353
add esp, 20h
mov eax, [ebp+arg_4]
cmp dword ptr [eax+24h], 0
jnz short loc_4162D7
push [ebp+arg_0]
push [ebp+arg_4]
call sub_4160C4
loc_4162D7: ; CODE XREF: sub_416276+54�j
mov ebx, [ebp+arg_4]
mov esp, [ebx+1Ch]
mov ebp, [ebx+20h]
jmp dword ptr [ebx+18h]
; ---------------------------------------------------------------------------
push 1
pop eax
loc_4162E6: ; CODE XREF: sub_416276+21�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_416276 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4162EB proc near ; CODE XREF: sub_41A3EE+C6�p
; sub_41A595+43�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
cmp [ebp+arg_4], 0
push edi
mov edi, [ebp+arg_0]
mov esi, [edi+0Ch]
mov ebx, [edi+10h]
mov eax, esi
mov [ebp+arg_0], esi
mov [ebp+var_4], eax
jl short loc_416342
loc_416309: ; CODE XREF: sub_4162EB+52�j
cmp esi, 0FFFFFFFFh
jnz short loc_416313
call sub_41ABF2
loc_416313: ; CODE XREF: sub_4162EB+21�j
mov ecx, [ebp+arg_8]
dec esi
lea eax, [esi+esi*4]
cmp [ebx+eax*4+4], ecx
lea eax, [ebx+eax*4]
jge short loc_416328
cmp ecx, [eax+8]
jle short loc_41632D
loc_416328: ; CODE XREF: sub_4162EB+36�j
cmp esi, 0FFFFFFFFh
jnz short loc_416339
loc_41632D: ; CODE XREF: sub_4162EB+3B�j
mov eax, [ebp+arg_0]
dec [ebp+arg_4]
mov [ebp+var_4], eax
mov [ebp+arg_0], esi
loc_416339: ; CODE XREF: sub_4162EB+40�j
cmp [ebp+arg_4], 0
jge short loc_416309
mov eax, [ebp+var_4]
loc_416342: ; CODE XREF: sub_4162EB+1C�j
mov ecx, [ebp+arg_C]
inc esi
mov [ecx], esi
mov ecx, [ebp+arg_10]
mov [ecx], eax
cmp eax, [edi+0Ch]
ja short loc_416356
cmp esi, eax
jbe short loc_41635B
loc_416356: ; CODE XREF: sub_4162EB+65�j
call sub_41ABF2
loc_41635B: ; CODE XREF: sub_4162EB+69�j
lea eax, [esi+esi*4]
pop edi
pop esi
lea eax, [ebx+eax*4]
pop ebx
leave
retn
sub_4162EB endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416368 proc near ; CODE XREF: sub_41CE08+5A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_416380
push [ebp+arg_0]
call near ptr dword_42010C
loc_416380: ; DATA XREF: sub_416368+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_416368 endp
; =============== S U B R O U T I N E =======================================
sub_416388 proc near ; DATA XREF: sub_4163AA+A�o
; sub_416412+9�o
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_C = dword ptr 10h
mov ecx, [esp+arg_0]
test dword ptr [ecx+4], 6
mov eax, 1
jz short locret_4163A9
mov eax, [esp+arg_4]
mov edx, [esp+arg_C]
mov [edx], eax
mov eax, 3
locret_4163A9: ; CODE XREF: sub_416388+10�j
retn
sub_416388 endp
; =============== S U B R O U T I N E =======================================
sub_4163AA proc near ; CODE XREF: .nsp0:0041A87C�p
; sub_41CE08+67�p ...
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset sub_416388
push large dword ptr fs:0
mov large fs:0, esp
loc_4163C7: ; CODE XREF: sub_4163AA:loc_416402�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_416404
cmp esi, [esp+1Ch+arg_4]
jz short loc_416404
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov [esp+1Ch+var_14], ecx
mov [eax+0Ch], ecx
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_416402
push 101h
mov eax, [ebx+esi*4+8]
call sub_41643E
call dword ptr [ebx+esi*4+8]
loc_416402: ; CODE XREF: sub_4163AA+44�j
jmp short loc_4163C7
; ---------------------------------------------------------------------------
loc_416404: ; CODE XREF: sub_4163AA+2A�j
; sub_4163AA+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_4163AA endp
; =============== S U B R O U T I N E =======================================
sub_416412 proc near ; CODE XREF: sub_41A88F+37�p
xor eax, eax
mov ecx, large fs:0
cmp dword ptr [ecx+4], offset sub_416388
jnz short locret_416434
mov edx, [ecx+0Ch]
mov edx, [edx+0Ch]
cmp [ecx+8], edx
jnz short locret_416434
mov eax, 1
locret_416434: ; CODE XREF: sub_416412+10�j
; sub_416412+1B�j
retn
sub_416412 endp
; =============== S U B R O U T I N E =======================================
sub_416435 proc near ; CODE XREF: sub_41AB50+1E�p
; sub_41AB50+40�p
push ebx
push ecx
mov ebx, offset dword_437D4C
jmp short loc_416448
sub_416435 endp
; =============== S U B R O U T I N E =======================================
sub_41643E proc near ; CODE XREF: sub_4163AA+4F�p
; sub_41CE08+78�p
push ebx
push ecx
mov ebx, offset dword_437D4C
mov ecx, [ebp+8]
loc_416448: ; CODE XREF: sub_416435+7�j
mov [ebx+8], ecx
mov [ebx+4], eax
mov [ebx+0Ch], ebp
pop ecx
pop ebx
retn 4
sub_41643E endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_416458 proc near ; CODE XREF: sub_4046AA+5�p
; sub_40484C+5�p ...
push 0FFFFFFFFh
push eax
mov eax, large fs:0
push eax
mov eax, [esp+0Ch]
mov large fs:0, esp
mov [esp+0Ch], ebp
lea ebp, [esp+0Ch]
push eax
retn
sub_416458 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_416477 proc near ; CODE XREF: sub_404D21+26�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_415E3D
pop ecx
retn
sub_416477 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416490 proc near ; CODE XREF: sub_404D92+3A�p
; sub_418B28+2EE�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
mov esi, [ebp+arg_4]
mov ecx, [ebp+arg_8]
mov edi, [ebp+arg_0]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe short loc_4164B0
cmp edi, eax
jb loc_416628
loc_4164B0: ; CODE XREF: sub_416490+16�j
test edi, 3
jnz short loc_4164CC
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_4164EC
rep movsd
jmp off_4165D8[edx*4]
; ---------------------------------------------------------------------------
loc_4164CC: ; CODE XREF: sub_416490+26�j
mov eax, edi
mov edx, 3
sub ecx, 4
jb short loc_4164E4
and eax, 3
add ecx, eax
jmp dword ptr loc_4164EC+4[eax*4]
; ---------------------------------------------------------------------------
loc_4164E4: ; CODE XREF: sub_416490+46�j
jmp dword ptr loc_4165E8[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_4164EC: ; CODE XREF: sub_416490+31�j
; sub_416490+8E�j ...
jmp off_41656C[ecx*4]
; ---------------------------------------------------------------------------
db 90h
dd offset loc_416500
dd offset loc_41652C
dd offset loc_416550
; ---------------------------------------------------------------------------
loc_416500: ; DATA XREF: sub_416490+64�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
add esi, 3
add edi, 3
cmp ecx, 8
jb short loc_4164EC
rep movsd
jmp off_4165D8[edx*4]
; ---------------------------------------------------------------------------
align 4
loc_41652C: ; DATA XREF: sub_416490+68�o
and edx, ecx
mov al, [esi]
mov [edi], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
add esi, 2
add edi, 2
cmp ecx, 8
jb short loc_4164EC
rep movsd
jmp off_4165D8[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_416550: ; DATA XREF: sub_416490+6C�o
and edx, ecx
mov al, [esi]
mov [edi], al
inc esi
shr ecx, 2
inc edi
cmp ecx, 8
jb short loc_4164EC
rep movsd
jmp off_4165D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_41656C dd offset loc_4165CF ; DATA XREF: sub_416490:loc_4164EC�r
dd offset loc_4165BC
dd offset loc_4165B4
dd offset loc_4165AC
dd offset loc_4165A4
dd offset loc_41659C
dd offset loc_416594
dd offset loc_41658C
; ---------------------------------------------------------------------------
loc_41658C: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490+F8�o
mov eax, [esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch], eax
loc_416594: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490+F4�o
mov eax, [esi+ecx*4-18h]
mov [edi+ecx*4-18h], eax
loc_41659C: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490+F0�o
mov eax, [esi+ecx*4-14h]
mov [edi+ecx*4-14h], eax
loc_4165A4: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490+EC�o
mov eax, [esi+ecx*4-10h]
mov [edi+ecx*4-10h], eax
loc_4165AC: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490+E8�o
mov eax, [esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch], eax
loc_4165B4: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490+E4�o
mov eax, [esi+ecx*4-8]
mov [edi+ecx*4-8], eax
loc_4165BC: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490+E0�o
mov eax, [esi+ecx*4-4]
mov [edi+ecx*4-4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_4165CF: ; CODE XREF: sub_416490:loc_4164EC�j
; DATA XREF: sub_416490:off_41656C�o
jmp off_4165D8[edx*4]
; ---------------------------------------------------------------------------
align 4
off_4165D8 dd offset loc_4165E8 ; DATA XREF: sub_416490+35�r
; sub_416490+92�r ...
dd offset loc_4165F0
dd offset loc_4165FC
dd offset loc_416610
; ---------------------------------------------------------------------------
loc_4165E8: ; CODE XREF: sub_416490+35�j
; sub_416490+92�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_4165F0: ; CODE XREF: sub_416490+35�j
; sub_416490+92�j ...
mov al, [esi]
mov [edi], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4165FC: ; CODE XREF: sub_416490+35�j
; sub_416490+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 10h
loc_416610: ; CODE XREF: sub_416490+35�j
; sub_416490+92�j ...
mov al, [esi]
mov [edi], al
mov al, [esi+1]
mov [edi+1], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_416628: ; CODE XREF: sub_416490+1A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
test edi, 3
jnz short loc_41665C
shr ecx, 2
and edx, 3
cmp ecx, 8
jb short loc_416650
std
rep movsd
cld
jmp off_416770[edx*4]
; ---------------------------------------------------------------------------
align 10h
loc_416650: ; CODE XREF: sub_416490+1B1�j
; sub_416490+208�j ...
neg ecx
jmp off_416720[ecx*4]
; ---------------------------------------------------------------------------
align 4
loc_41665C: ; CODE XREF: sub_416490+1A6�j
mov eax, edi
mov edx, 3
cmp ecx, 4
jb short loc_416674
and eax, 3
sub ecx, eax
jmp dword ptr loc_416674+4[eax*4]
; ---------------------------------------------------------------------------
loc_416674: ; CODE XREF: sub_416490+1D6�j
; DATA XREF: sub_416490+1DD�r
jmp off_416770[ecx*4]
; ---------------------------------------------------------------------------
align 4
mov [esi+41h], ah
add [eax-2FFFBE9Ah], ch
inc cx
add [edx-2EDCFCBAh], cl
mov [edi+3], al
dec esi
shr ecx, 2
dec edi
cmp ecx, 8
jb short loc_416650
std
rep movsd
cld
jmp off_416770[edx*4]
; ---------------------------------------------------------------------------
align 4
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
shr ecx, 2
mov [edi+2], al
sub esi, 2
sub edi, 2
cmp ecx, 8
jb short loc_416650
std
rep movsd
cld
jmp off_416770[edx*4]
; ---------------------------------------------------------------------------
align 10h
mov al, [esi+3]
and edx, ecx
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
shr ecx, 2
mov [edi+1], al
sub esi, 3
sub edi, 3
cmp ecx, 8
jb loc_416650
std
rep movsd
cld
jmp off_416770[edx*4]
; ---------------------------------------------------------------------------
align 4
dd offset loc_416724
dd offset loc_41672C
dd offset loc_416734
dd offset loc_41673C
dd offset loc_416744
dd offset loc_41674C
dd offset loc_416754
off_416720 dd offset loc_416767 ; DATA XREF: sub_416490+1C2�r
; ---------------------------------------------------------------------------
loc_416724: ; DATA XREF: sub_416490+274�o
mov eax, [esi+ecx*4+1Ch]
mov [edi+ecx*4+1Ch], eax
loc_41672C: ; DATA XREF: sub_416490+278�o
mov eax, [esi+ecx*4+18h]
mov [edi+ecx*4+18h], eax
loc_416734: ; DATA XREF: sub_416490+27C�o
mov eax, [esi+ecx*4+14h]
mov [edi+ecx*4+14h], eax
loc_41673C: ; DATA XREF: sub_416490+280�o
mov eax, [esi+ecx*4+10h]
mov [edi+ecx*4+10h], eax
loc_416744: ; DATA XREF: sub_416490+284�o
mov eax, [esi+ecx*4+0Ch]
mov [edi+ecx*4+0Ch], eax
loc_41674C: ; DATA XREF: sub_416490+288�o
mov eax, [esi+ecx*4+8]
mov [edi+ecx*4+8], eax
loc_416754: ; DATA XREF: sub_416490+28C�o
mov eax, [esi+ecx*4+4]
mov [edi+ecx*4+4], eax
lea eax, ds:0[ecx*4]
add esi, eax
add edi, eax
loc_416767: ; CODE XREF: sub_416490+1C2�j
; DATA XREF: sub_416490:off_416720�o
jmp off_416770[edx*4]
; ---------------------------------------------------------------------------
align 10h
off_416770 dd offset loc_416780 ; DATA XREF: sub_416490+1B7�r
; sub_416490:loc_416674�r ...
dd offset loc_416788
dd offset loc_416798
dd offset loc_4167AC
; ---------------------------------------------------------------------------
loc_416780: ; CODE XREF: sub_416490+1B7�j
; sub_416490:loc_416674�j ...
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_416788: ; CODE XREF: sub_416490+1B7�j
; sub_416490:loc_416674�j ...
mov al, [esi+3]
mov [edi+3], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_416798: ; CODE XREF: sub_416490+1B7�j
; sub_416490:loc_416674�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
; ---------------------------------------------------------------------------
align 4
loc_4167AC: ; CODE XREF: sub_416490+1B7�j
; sub_416490:loc_416674�j ...
mov al, [esi+3]
mov [edi+3], al
mov al, [esi+2]
mov [edi+2], al
mov al, [esi+1]
mov [edi+1], al
mov eax, [ebp+arg_0]
pop esi
pop edi
leave
retn
sub_416490 endp
; =============== S U B R O U T I N E =======================================
sub_4167C5 proc near ; CODE XREF: sub_404DF9+34�p
; sub_404DF9+4F�p ...
arg_0 = dword ptr 4
push 1
push [esp+4+arg_0]
call sub_415DDB
pop ecx
pop ecx
retn
sub_4167C5 endp
; =============== S U B R O U T I N E =======================================
sub_4167D3 proc near ; CODE XREF: sub_416840+4�p
arg_0 = dword ptr 4
push esi
push dword_46AB14
call sub_41AC48
mov edx, dword_46AB14
pop ecx
mov ecx, dword_46AB10
mov esi, ecx
sub esi, edx
add esi, 4
cmp eax, esi
pop esi
jnb short loc_416832
push edx
call sub_41AC48
add eax, 10h
push eax
push dword_46AB14
call sub_4174DF
add esp, 0Ch
test eax, eax
jnz short loc_416815
retn
; ---------------------------------------------------------------------------
loc_416815: ; CODE XREF: sub_4167D3+3F�j
mov ecx, dword_46AB10
sub ecx, dword_46AB14
mov dword_46AB14, eax
sar ecx, 2
lea ecx, [eax+ecx*4]
mov dword_46AB10, ecx
loc_416832: ; CODE XREF: sub_4167D3+23�j
mov eax, [esp+arg_0]
mov [ecx], eax
add dword_46AB10, 4
retn
sub_4167D3 endp
; =============== S U B R O U T I N E =======================================
sub_416840 proc near ; CODE XREF: .nsp0:00404F00�p
arg_0 = dword ptr 4
push [esp+arg_0]
call sub_4167D3
neg eax
sbb eax, eax
pop ecx
neg eax
dec eax
retn
sub_416840 endp
; ---------------------------------------------------------------------------
push 80h
call sub_415DC9
test eax, eax
pop ecx
mov dword_46AB14, eax
jnz short loc_416873
push 18h
call sub_417BEE
mov eax, dword_46AB14
pop ecx
loc_416873: ; CODE XREF: .nsp0:00416864�j
and dword ptr [eax], 0
mov eax, dword_46AB14
mov dword_46AB10, eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416881 proc near ; CODE XREF: sub_416A89+E�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
and [ebp+var_8], 0
push esi
push edi
mov edi, [ebp+arg_0]
mov bl, [edi]
lea esi, [edi+1]
mov [ebp+var_4], esi
loc_416899: ; CODE XREF: sub_416881+46�j
cmp dword_437F7C, 1
jle short loc_4168B1
movzx eax, bl
push 8
push eax
call sub_418556
pop ecx
pop ecx
jmp short loc_4168C0
; ---------------------------------------------------------------------------
loc_4168B1: ; CODE XREF: sub_416881+1F�j
mov ecx, dword_437D70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 8
loc_4168C0: ; CODE XREF: sub_416881+2E�j
test eax, eax
jz short loc_4168C9
mov bl, [esi]
inc esi
jmp short loc_416899
; ---------------------------------------------------------------------------
loc_4168C9: ; CODE XREF: sub_416881+41�j
cmp bl, 2Dh
mov [ebp+var_4], esi
jnz short loc_4168D7
or [ebp+arg_C], 2
jmp short loc_4168DC
; ---------------------------------------------------------------------------
loc_4168D7: ; CODE XREF: sub_416881+4E�j
cmp bl, 2Bh
jnz short loc_4168E2
loc_4168DC: ; CODE XREF: sub_416881+54�j
mov bl, [esi]
inc esi
mov [ebp+var_4], esi
loc_4168E2: ; CODE XREF: sub_416881+59�j
mov eax, [ebp+arg_8]
test eax, eax
jl loc_416A79
cmp eax, 1
jz loc_416A79
cmp eax, 24h
jg loc_416A79
push 10h
test eax, eax
pop ecx
jnz short loc_41692A
cmp bl, 30h
jz short loc_416914
mov [ebp+arg_8], 0Ah
jmp short loc_416946
; ---------------------------------------------------------------------------
loc_416914: ; CODE XREF: sub_416881+88�j
mov al, [esi]
cmp al, 78h
jz short loc_416927
cmp al, 58h
jz short loc_416927
mov [ebp+arg_8], 8
jmp short loc_416946
; ---------------------------------------------------------------------------
loc_416927: ; CODE XREF: sub_416881+97�j
; sub_416881+9B�j
mov [ebp+arg_8], ecx
loc_41692A: ; CODE XREF: sub_416881+83�j
cmp [ebp+arg_8], ecx
jnz short loc_416946
cmp bl, 30h
jnz short loc_416946
mov al, [esi]
cmp al, 78h
jz short loc_41693E
cmp al, 58h
jnz short loc_416946
loc_41693E: ; CODE XREF: sub_416881+B7�j
mov bl, [esi+1]
inc esi
inc esi
mov [ebp+var_4], esi
loc_416946: ; CODE XREF: sub_416881+91�j
; sub_416881+A4�j ...
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
mov edi, 103h
mov [ebp+var_C], eax
loc_416956: ; CODE XREF: sub_416881+16C�j
cmp dword_437F7C, 1
movzx esi, bl
jle short loc_41696E
push 4
push esi
call sub_418556
pop ecx
pop ecx
jmp short loc_416979
; ---------------------------------------------------------------------------
loc_41696E: ; CODE XREF: sub_416881+DF�j
mov eax, dword_437D70
mov al, [eax+esi*2]
and eax, 4
loc_416979: ; CODE XREF: sub_416881+EB�j
test eax, eax
jz short loc_416985
movsx ecx, bl
sub ecx, 30h
jmp short loc_4169B7
; ---------------------------------------------------------------------------
loc_416985: ; CODE XREF: sub_416881+FA�j
cmp dword_437F7C, 1
jle short loc_416999
push edi
push esi
call sub_418556
pop ecx
pop ecx
jmp short loc_4169A4
; ---------------------------------------------------------------------------
loc_416999: ; CODE XREF: sub_416881+10B�j
mov eax, dword_437D70
mov ax, [eax+esi*2]
and eax, edi
loc_4169A4: ; CODE XREF: sub_416881+116�j
test eax, eax
jz short loc_4169F2
movsx eax, bl
push eax
call sub_41AC71
pop ecx
mov ecx, eax
sub ecx, 37h
loc_4169B7: ; CODE XREF: sub_416881+102�j
cmp ecx, [ebp+arg_8]
jnb short loc_4169F2
mov esi, [ebp+var_8]
or [ebp+arg_C], 8
cmp esi, [ebp+var_C]
jb short loc_4169DC
jnz short loc_4169D6
or eax, 0FFFFFFFFh
xor edx, edx
div [ebp+arg_8]
cmp ecx, edx
jbe short loc_4169DC
loc_4169D6: ; CODE XREF: sub_416881+147�j
or [ebp+arg_C], 4
jmp short loc_4169E5
; ---------------------------------------------------------------------------
loc_4169DC: ; CODE XREF: sub_416881+145�j
; sub_416881+153�j
imul esi, [ebp+arg_8]
add esi, ecx
mov [ebp+var_8], esi
loc_4169E5: ; CODE XREF: sub_416881+159�j
mov eax, [ebp+var_4]
inc [ebp+var_4]
mov bl, [eax]
jmp loc_416956
; ---------------------------------------------------------------------------
loc_4169F2: ; CODE XREF: sub_416881+125�j
; sub_416881+139�j
mov ecx, [ebp+arg_C]
dec [ebp+var_4]
mov edx, [ebp+arg_4]
test cl, 8
jnz short loc_416A10
test edx, edx
jz short loc_416A0A
mov eax, [ebp+arg_0]
mov [ebp+var_4], eax
loc_416A0A: ; CODE XREF: sub_416881+181�j
and [ebp+var_8], 0
jmp short loc_416A5D
; ---------------------------------------------------------------------------
loc_416A10: ; CODE XREF: sub_416881+17D�j
test cl, 4
mov eax, 7FFFFFFFh
jnz short loc_416A36
test cl, 1
jnz short loc_416A5D
and ecx, 2
jz short loc_416A2D
cmp [ebp+var_8], 80000000h
ja short loc_416A36
loc_416A2D: ; CODE XREF: sub_416881+1A1�j
test ecx, ecx
jnz short loc_416A5D
cmp [ebp+var_8], eax
jbe short loc_416A5D
loc_416A36: ; CODE XREF: sub_416881+197�j
; sub_416881+1AA�j
test byte ptr [ebp+arg_C], 1
mov dword_469494, 22h
jz short loc_416A4C
or [ebp+var_8], 0FFFFFFFFh
jmp short loc_416A5D
; ---------------------------------------------------------------------------
loc_416A4C: ; CODE XREF: sub_416881+1C3�j
mov ecx, [ebp+arg_C]
and cl, 2
neg cl
sbb ecx, ecx
neg ecx
add ecx, eax
mov [ebp+var_8], ecx
loc_416A5D: ; CODE XREF: sub_416881+18D�j
; sub_416881+19C�j ...
test edx, edx
jz short loc_416A66
mov eax, [ebp+var_4]
mov [edx], eax
loc_416A66: ; CODE XREF: sub_416881+1DE�j
test byte ptr [ebp+arg_C], 2
jz short loc_416A74
mov eax, [ebp+var_8]
neg eax
mov [ebp+var_8], eax
loc_416A74: ; CODE XREF: sub_416881+1E9�j
mov eax, [ebp+var_8]
jmp short loc_416A84
; ---------------------------------------------------------------------------
loc_416A79: ; CODE XREF: sub_416881+66�j
; sub_416881+6F�j ...
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_416A82
mov [eax], edi
loc_416A82: ; CODE XREF: sub_416881+1FD�j
xor eax, eax
loc_416A84: ; CODE XREF: sub_416881+1F6�j
pop edi
pop esi
pop ebx
leave
retn
sub_416881 endp
; =============== S U B R O U T I N E =======================================
sub_416A89 proc near ; CODE XREF: sub_405409+4BD�p
; sub_40CE55+3641�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_416881
add esp, 10h
retn
sub_416A89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416AA0 proc near ; CODE XREF: sub_405409+266�p
; sub_405409+46A�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
mov [ebp+var_14], 49h
push eax
mov [ebp+var_18], eax
mov [ebp+var_20], eax
call sub_415CF0
mov [ebp+var_1C], eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+var_20]
push [ebp+arg_4]
push eax
call sub_41AD3D
add esp, 10h
leave
retn
sub_416AA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416AD4 proc near ; CODE XREF: sub_405409+4E�p
var_CC = byte ptr -0CCh
var_32 = word ptr -32h
var_24 = dword ptr -24h
var_20 = word ptr -20h
var_1E = word ptr -1Eh
var_1A = word ptr -1Ah
var_18 = word ptr -18h
var_16 = word ptr -16h
var_10 = word ptr -10h
var_E = word ptr -0Eh
var_A = word ptr -0Ah
var_8 = word ptr -8
var_6 = word ptr -6
var_4 = word ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0CCh
lea eax, [ebp+var_10]
push eax
call dword_42105C
lea eax, [ebp+var_20]
push eax
call dword_42115C
mov ax, [ebp+var_16]
cmp ax, word_46948A
jnz short loc_416B39
mov ax, [ebp+var_18]
cmp ax, word_469488
jnz short loc_416B39
mov ax, [ebp+var_1A]
cmp ax, word_469486
jnz short loc_416B39
mov ax, [ebp+var_1E]
cmp ax, word_469482
jnz short loc_416B39
mov ax, [ebp+var_20]
cmp ax, word_469480
jnz short loc_416B39
mov eax, dword_469478
jmp short loc_416B7E
; ---------------------------------------------------------------------------
loc_416B39: ; CODE XREF: sub_416AD4+28�j
; sub_416AD4+35�j ...
lea eax, [ebp+var_CC]
push eax
call dword_421158
cmp eax, 0FFFFFFFFh
jz short loc_416B66
cmp eax, 2
jnz short loc_416B62
cmp [ebp+var_32], 0
jz short loc_416B62
cmp [ebp+var_24], 0
jz short loc_416B62
push 1
pop eax
jmp short loc_416B69
; ---------------------------------------------------------------------------
loc_416B62: ; CODE XREF: sub_416AD4+7A�j
; sub_416AD4+81�j ...
xor eax, eax
jmp short loc_416B69
; ---------------------------------------------------------------------------
loc_416B66: ; CODE XREF: sub_416AD4+75�j
or eax, 0FFFFFFFFh
loc_416B69: ; CODE XREF: sub_416AD4+8C�j
; sub_416AD4+90�j
push esi
push edi
lea esi, [ebp+var_20]
mov edi, offset word_469480
movsd
movsd
movsd
movsd
pop edi
mov dword_469478, eax
pop esi
loc_416B7E: ; CODE XREF: sub_416AD4+63�j
push eax
movzx eax, [ebp+var_4]
push eax
movzx eax, [ebp+var_6]
push eax
movzx eax, [ebp+var_8]
push eax
movzx eax, [ebp+var_A]
push eax
movzx eax, [ebp+var_E]
push eax
movzx eax, [ebp+var_10]
push eax
call sub_41B7EE
mov ecx, [ebp+arg_0]
add esp, 1Ch
test ecx, ecx
jz short locret_416BAE
mov [ecx], eax
locret_416BAE: ; CODE XREF: sub_416AD4+D6�j
leave
retn
sub_416AD4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416BB0 proc near ; CODE XREF: sub_405A89+4E�p
; sub_406C3E+30E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov ecx, edi
test edi, edi
mov [ebp+var_4], edi
mov [ebp+arg_0], ecx
jnz short loc_416BD4
xor eax, eax
jmp loc_416C7D
; ---------------------------------------------------------------------------
loc_416BD4: ; CODE XREF: sub_416BB0+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_416BE7
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_416BF3
; ---------------------------------------------------------------------------
loc_416BE7: ; CODE XREF: sub_416BB0+2D�j
mov [ebp+arg_C], 1000h
jmp short loc_416BF3
; ---------------------------------------------------------------------------
loc_416BF0: ; CODE XREF: sub_416BB0+C4�j
mov ecx, [ebp+arg_0]
loc_416BF3: ; CODE XREF: sub_416BB0+35�j
; sub_416BB0+3E�j
test word ptr [esi+0Ch], 10Ch
jz short loc_416C25
mov eax, [esi+4]
test eax, eax
jz short loc_416C25
cmp ecx, eax
mov edi, ecx
jb short loc_416C0A
mov edi, eax
loc_416C0A: ; CODE XREF: sub_416BB0+56�j
push edi
push dword ptr [esi]
push ebx
call sub_4155D0
sub [ebp+arg_0], edi
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
add ebx, edi
mov edi, [ebp+var_4]
jmp short loc_416C70
; ---------------------------------------------------------------------------
loc_416C25: ; CODE XREF: sub_416BB0+49�j
; sub_416BB0+50�j
cmp ecx, [ebp+arg_C]
jb short loc_416C58
cmp [ebp+arg_C], 0
mov eax, ecx
jz short loc_416C3B
xor edx, edx
div [ebp+arg_C]
mov eax, ecx
sub eax, edx
loc_416C3B: ; CODE XREF: sub_416BB0+80�j
push eax
push ebx
push dword ptr [esi+10h]
call sub_41B989
add esp, 0Ch
test eax, eax
jz short loc_416C82
cmp eax, 0FFFFFFFFh
jz short loc_416C88
sub [ebp+arg_0], eax
add ebx, eax
jmp short loc_416C70
; ---------------------------------------------------------------------------
loc_416C58: ; CODE XREF: sub_416BB0+78�j
push esi
call sub_41B8B0
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_416C8C
mov [ebx], al
mov eax, [esi+18h]
inc ebx
dec [ebp+arg_0]
mov [ebp+arg_C], eax
loc_416C70: ; CODE XREF: sub_416BB0+73�j
; sub_416BB0+A6�j
cmp [ebp+arg_0], 0
jnz loc_416BF0
mov eax, [ebp+arg_8]
loc_416C7D: ; CODE XREF: sub_416BB0+1F�j
; sub_416BB0+E6�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416C82: ; CODE XREF: sub_416BB0+9A�j
or dword ptr [esi+0Ch], 10h
jmp short loc_416C8C
; ---------------------------------------------------------------------------
loc_416C88: ; CODE XREF: sub_416BB0+9F�j
or dword ptr [esi+0Ch], 20h
loc_416C8C: ; CODE XREF: sub_416BB0+B2�j
; sub_416BB0+D6�j
mov eax, edi
xor edx, edx
sub eax, [ebp+arg_0]
div [ebp+arg_4]
jmp short loc_416C7D
sub_416BB0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416C98 proc near ; CODE XREF: sub_405B23+2B2�p
; sub_406100+101�p ...
var_20 = byte ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
mov esi, [ebp+arg_4]
push edi
push 8
xor eax, eax
pop ecx
lea edi, [ebp+var_20]
rep stosd
push 7
pop edi
loc_416CB1: ; CODE XREF: sub_416C98+32�j
mov dl, [esi]
mov bl, 1
movzx ecx, dl
mov eax, ecx
and ecx, edi
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_20]
or [eax], bl
inc esi
test dl, dl
jnz short loc_416CB1
mov edx, [ebp+arg_0]
test edx, edx
jnz short loc_416CD9
mov edx, dword_469490
loc_416CD9: ; CODE XREF: sub_416C98+39�j
; sub_416C98+5F�j
mov al, [edx]
push 1
movzx esi, al
mov ecx, esi
pop ebx
and ecx, edi
shl ebx, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test bl, cl
jz short loc_416CF9
test al, al
jz short loc_416CF9
inc edx
jmp short loc_416CD9
; ---------------------------------------------------------------------------
loc_416CF9: ; CODE XREF: sub_416C98+58�j
; sub_416C98+5C�j
mov ebx, edx
loc_416CFB: ; CODE XREF: sub_416C98+81�j
mov al, [edx]
test al, al
jz short loc_416D1F
movzx esi, al
mov ecx, esi
push 1
and ecx, edi
pop eax
shl eax, cl
shr esi, 3
mov cl, [ebp+esi+var_20]
test al, cl
jnz short loc_416D1B
inc edx
jmp short loc_416CFB
; ---------------------------------------------------------------------------
loc_416D1B: ; CODE XREF: sub_416C98+7E�j
and byte ptr [edx], 0
inc edx
loc_416D1F: ; CODE XREF: sub_416C98+67�j
mov eax, ebx
pop edi
sub eax, edx
pop esi
neg eax
sbb eax, eax
mov dword_469490, edx
and eax, ebx
pop ebx
leave
retn
sub_416C98 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416D40 proc near ; CODE XREF: sub_4063B0+1B4�p
; sub_407276+6E�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz short loc_416DC3
push esi
push ebx
mov ebx, ecx
mov esi, [esp+0Ch+arg_4]
test esi, 3
mov edi, [esp+0Ch+arg_0]
jnz short loc_416D64
shr ecx, 2
jnz short loc_416DD1
jmp short loc_416D85
; ---------------------------------------------------------------------------
loc_416D64: ; CODE XREF: sub_416D40+1B�j
; sub_416D40+37�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
dec ecx
jz short loc_416D92
test al, al
jz short loc_416D9A
test esi, 3
jnz short loc_416D64
mov ebx, ecx
shr ecx, 2
jnz short loc_416DD1
loc_416D80: ; CODE XREF: sub_416D40+8F�j
and ebx, 3
jz short loc_416D92
loc_416D85: ; CODE XREF: sub_416D40+22�j
; sub_416D40+50�j
mov al, [esi]
inc esi
mov [edi], al
inc edi
test al, al
jz short loc_416DBE
dec ebx
jnz short loc_416D85
loc_416D92: ; CODE XREF: sub_416D40+2B�j
; sub_416D40+43�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_416D9A: ; CODE XREF: sub_416D40+2F�j
test edi, 3
jz short loc_416DB4
loc_416DA2: ; CODE XREF: sub_416D40+72�j
mov [edi], al
inc edi
dec ecx
jz loc_416E36
test edi, 3
jnz short loc_416DA2
loc_416DB4: ; CODE XREF: sub_416D40+60�j
mov ebx, ecx
shr ecx, 2
jnz short loc_416E27
loc_416DBB: ; CODE XREF: sub_416D40+7F�j
; sub_416D40+F4�j
mov [edi], al
inc edi
loc_416DBE: ; CODE XREF: sub_416D40+4D�j
dec ebx
jnz short loc_416DBB
pop ebx
pop esi
loc_416DC3: ; CODE XREF: sub_416D40+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_416DC9: ; CODE XREF: sub_416D40+A9�j
; sub_416D40+C1�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_416D80
loc_416DD1: ; CODE XREF: sub_416D40+20�j
; sub_416D40+3E�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_416DC9
test dl, dl
jz short loc_416E1B
test dh, dh
jz short loc_416E11
test edx, 0FF0000h
jz short loc_416E07
test edx, 0FF000000h
jnz short loc_416DC9
mov [edi], edx
jmp short loc_416E1F
; ---------------------------------------------------------------------------
loc_416E07: ; CODE XREF: sub_416D40+B9�j
and edx, 0FFFFh
mov [edi], edx
jmp short loc_416E1F
; ---------------------------------------------------------------------------
loc_416E11: ; CODE XREF: sub_416D40+B1�j
and edx, 0FFh
mov [edi], edx
jmp short loc_416E1F
; ---------------------------------------------------------------------------
loc_416E1B: ; CODE XREF: sub_416D40+AD�j
xor edx, edx
mov [edi], edx
loc_416E1F: ; CODE XREF: sub_416D40+C5�j
; sub_416D40+CF�j ...
add edi, 4
xor eax, eax
dec ecx
jz short loc_416E31
loc_416E27: ; CODE XREF: sub_416D40+79�j
xor eax, eax
loc_416E29: ; CODE XREF: sub_416D40+EF�j
mov [edi], eax
add edi, 4
dec ecx
jnz short loc_416E29
loc_416E31: ; CODE XREF: sub_416D40+E5�j
and ebx, 3
jnz short loc_416DBB
loc_416E36: ; CODE XREF: sub_416D40+66�j
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_416D40 endp
; =============== S U B R O U T I N E =======================================
sub_416E3E proc near ; CODE XREF: sub_406C3E+2E2�p
; sub_406C3E+435�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
mov esi, [esp+4+arg_0]
push edi
mov eax, [esi+0Ch]
test al, 83h
jz short loc_416EBA
mov edi, [esp+8+arg_8]
test edi, edi
jz short loc_416E5D
cmp edi, 1
jz short loc_416E5D
cmp edi, 2
jnz short loc_416EBA
loc_416E5D: ; CODE XREF: sub_416E3E+13�j
; sub_416E3E+18�j
and al, 0EFh
cmp edi, 1
mov [esi+0Ch], eax
jnz short loc_416E74
push esi
call sub_41BC19
add [esp+0Ch+arg_4], eax
pop ecx
xor edi, edi
loc_416E74: ; CODE XREF: sub_416E3E+27�j
push esi
call sub_4186E4
mov eax, [esi+0Ch]
pop ecx
test al, 80h
jz short loc_416E89
and al, 0FCh
mov [esi+0Ch], eax
jmp short loc_416E9D
; ---------------------------------------------------------------------------
loc_416E89: ; CODE XREF: sub_416E3E+42�j
test al, 1
jz short loc_416E9D
test al, 8
jz short loc_416E9D
test ah, 4
jnz short loc_416E9D
mov dword ptr [esi+18h], 200h
loc_416E9D: ; CODE XREF: sub_416E3E+49�j
; sub_416E3E+4D�j ...
push edi
push [esp+0Ch+arg_4]
push dword ptr [esi+10h]
call sub_41BB7F
add esp, 0Ch
xor ecx, ecx
cmp eax, 0FFFFFFFFh
setnz cl
dec ecx
mov eax, ecx
jmp short loc_416EC7
; ---------------------------------------------------------------------------
loc_416EBA: ; CODE XREF: sub_416E3E+B�j
; sub_416E3E+1D�j
mov dword_469494, 16h
or eax, 0FFFFFFFFh
loc_416EC7: ; CODE XREF: sub_416E3E+7A�j
pop edi
pop esi
retn
sub_416E3E endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416ED0 proc near ; CODE XREF: sub_406C3E+2AC�p
; sub_406C3E+2CD�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ecx, [ebp+arg_8]
jecxz short loc_416F01
mov ebx, ecx
mov edi, [ebp+arg_0]
mov esi, edi
xor eax, eax
repne scasb
neg ecx
add ecx, ebx
mov edi, esi
mov esi, [ebp+arg_4]
repe cmpsb
mov al, [esi-1]
xor ecx, ecx
cmp al, [edi-1]
ja short loc_416EFF
jz short loc_416F01
dec ecx
dec ecx
loc_416EFF: ; CODE XREF: sub_416ED0+29�j
not ecx
loc_416F01: ; CODE XREF: sub_416ED0+9�j
; sub_416ED0+2B�j
mov eax, ecx
pop ebx
pop esi
pop edi
leave
retn
sub_416ED0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416F10 proc near ; CODE XREF: sub_407135+5C�p
; sub_407135+9B�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov ecx, [esp+arg_8]
push edi
test ecx, ecx
jz loc_416FC4
mov edi, [esp+4+arg_0]
push esi
test edi, 3
push ebx
jz short loc_416F3A
loc_416F2B: ; CODE XREF: sub_416F10+28�j
mov al, [edi]
inc edi
test al, al
jz short loc_416F6B
test edi, 3
jnz short loc_416F2B
loc_416F3A: ; CODE XREF: sub_416F10+19�j
; sub_416F10+40�j ...
mov eax, [edi]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
add edi, 4
test eax, 81010100h
jz short loc_416F3A
mov eax, [edi-4]
test al, al
jz short loc_416F78
test ah, ah
jz short loc_416F73
test eax, 0FF0000h
jz short loc_416F6E
test eax, 0FF000000h
jnz short loc_416F3A
loc_416F6B: ; CODE XREF: sub_416F10+20�j
dec edi
jmp short loc_416F7B
; ---------------------------------------------------------------------------
loc_416F6E: ; CODE XREF: sub_416F10+52�j
sub edi, 2
jmp short loc_416F7B
; ---------------------------------------------------------------------------
loc_416F73: ; CODE XREF: sub_416F10+4B�j
sub edi, 3
jmp short loc_416F7B
; ---------------------------------------------------------------------------
loc_416F78: ; CODE XREF: sub_416F10+47�j
sub edi, 4
loc_416F7B: ; CODE XREF: sub_416F10+5C�j
; sub_416F10+61�j ...
mov esi, [esp+0Ch+arg_4]
test esi, 3
jnz short loc_416F90
mov ebx, ecx
shr ecx, 2
jnz short loc_416FDC
jmp short loc_416FAC
; ---------------------------------------------------------------------------
loc_416F90: ; CODE XREF: sub_416F10+75�j
; sub_416F10+93�j
mov dl, [esi]
inc esi
test dl, dl
jz short loc_416FCA
mov [edi], dl
inc edi
dec ecx
jz short loc_416FC0
test esi, 3
jnz short loc_416F90
mov ebx, ecx
shr ecx, 2
jnz short loc_416FDC
loc_416FAC: ; CODE XREF: sub_416F10+7E�j
; sub_416F10+CA�j
mov ecx, ebx
and ecx, 3
jz short loc_416FC0
loc_416FB3: ; CODE XREF: sub_416F10+AE�j
mov dl, [esi]
inc esi
mov [edi], dl
inc edi
test dl, dl
jz short loc_416FC2
dec ecx
jnz short loc_416FB3
loc_416FC0: ; CODE XREF: sub_416F10+8B�j
; sub_416F10+A1�j
mov [edi], cl
loc_416FC2: ; CODE XREF: sub_416F10+AB�j
pop ebx
pop esi
loc_416FC4: ; CODE XREF: sub_416F10+7�j
mov eax, [esp+4+arg_0]
pop edi
retn
; ---------------------------------------------------------------------------
loc_416FCA: ; CODE XREF: sub_416F10+85�j
; sub_416F10+E8�j
mov [edi], dl
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_416FD4: ; CODE XREF: sub_416F10+E4�j
; sub_416F10+FC�j
mov [edi], edx
add edi, 4
dec ecx
jz short loc_416FAC
loc_416FDC: ; CODE XREF: sub_416F10+7C�j
; sub_416F10+9A�j
mov edx, 7EFEFEFFh
mov eax, [esi]
add edx, eax
xor eax, 0FFFFFFFFh
xor eax, edx
mov edx, [esi]
add esi, 4
test eax, 81010100h
jz short loc_416FD4
test dl, dl
jz short loc_416FCA
test dh, dh
jz short loc_417028
test edx, 0FF0000h
jz short loc_417018
test edx, 0FF000000h
jnz short loc_416FD4
mov [edi], edx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_417018: ; CODE XREF: sub_416F10+F4�j
mov [edi], dx
xor edx, edx
mov eax, [esp+0Ch+arg_0]
mov [edi+2], dl
pop ebx
pop esi
pop edi
retn
; ---------------------------------------------------------------------------
loc_417028: ; CODE XREF: sub_416F10+EC�j
mov [edi], dx
mov eax, [esp+0Ch+arg_0]
pop ebx
pop esi
pop edi
retn
sub_416F10 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417040 proc near ; CODE XREF: sub_407276+2A2�p
; sub_40CE55+30AF�p ...
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
push edi
mov edi, [ebp+arg_0]
xor eax, eax
or ecx, 0FFFFFFFFh
repne scasb
inc ecx
neg ecx
dec edi
mov al, [ebp+arg_4]
std
repne scasb
inc edi
cmp [edi], al
jz short loc_417061
xor eax, eax
jmp short loc_417063
; ---------------------------------------------------------------------------
loc_417061: ; CODE XREF: sub_417040+1B�j
mov eax, edi
loc_417063: ; CODE XREF: sub_417040+1F�j
cld
pop edi
leave
retn
sub_417040 endp
; ---------------------------------------------------------------------------
align 10h
; START OF FUNCTION CHUNK FOR sub_417080
loc_417070: ; CODE XREF: sub_417080+1D�j
lea eax, [edx-1]
pop ebx
retn
; END OF FUNCTION CHUNK FOR sub_417080
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417080 proc near ; CODE XREF: sub_4085D3+DB�p
; sub_40CE55+411�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
; FUNCTION CHUNK AT 00417070 SIZE 00000005 BYTES
xor eax, eax
mov al, [esp+arg_4]
loc_417086: ; CODE XREF: sub_415AC0+6E�j
push ebx
mov ebx, eax
shl eax, 8
mov edx, [esp+4+arg_0]
test edx, 3
jz short loc_4170AB
loc_417098: ; CODE XREF: sub_417080+29�j
mov cl, [edx]
inc edx
cmp cl, bl
jz short loc_417070
test cl, cl
jz short loc_4170F4
test edx, 3
jnz short loc_417098
loc_4170AB: ; CODE XREF: sub_417080+16�j
or ebx, eax
push edi
mov eax, ebx
shl ebx, 10h
push esi
or ebx, eax
loc_4170B6: ; CODE XREF: sub_417080+61�j
; sub_417080+70�j ...
mov ecx, [edx]
mov edi, 7EFEFEFFh
mov eax, ecx
mov esi, edi
xor ecx, ebx
add esi, eax
add edi, ecx
xor ecx, 0FFFFFFFFh
xor eax, 0FFFFFFFFh
xor ecx, edi
xor eax, esi
add edx, 4
and ecx, 81010100h
jnz short loc_4170F8
and eax, 81010100h
jz short loc_4170B6
and eax, 1010100h
jnz short loc_4170F2
and esi, 80000000h
jnz short loc_4170B6
loc_4170F2: ; CODE XREF: sub_417080+68�j
; sub_417080+81�j ...
pop esi
pop edi
loc_4170F4: ; CODE XREF: sub_417080+21�j
pop ebx
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_4170F8: ; CODE XREF: sub_417080+5A�j
mov eax, [edx-4]
cmp al, bl
jz short loc_417135
test al, al
jz short loc_4170F2
cmp ah, bl
jz short loc_41712E
test ah, ah
jz short loc_4170F2
shr eax, 10h
cmp al, bl
jz short loc_417127
test al, al
jz short loc_4170F2
cmp ah, bl
jz short loc_417120
test ah, ah
jz short loc_4170F2
jmp short loc_4170B6
; ---------------------------------------------------------------------------
loc_417120: ; CODE XREF: sub_417080+98�j
pop esi
pop edi
lea eax, [edx-1]
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417127: ; CODE XREF: sub_417080+90�j
lea eax, [edx-2]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41712E: ; CODE XREF: sub_417080+85�j
lea eax, [edx-3]
pop esi
pop edi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_417135: ; CODE XREF: sub_417080+7D�j
lea eax, [edx-4]
pop esi
pop edi
pop ebx
retn
sub_417080 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41713C proc near ; CODE XREF: sub_4085D3+AF�p
; sub_40CE55+4479�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 0
push ebx
mov ebx, [ebp+arg_0]
push edi
mov edi, ebx
jg short loc_417150
xor eax, eax
jmp short loc_417186
; ---------------------------------------------------------------------------
loc_417150: ; CODE XREF: sub_41713C+E�j
dec [ebp+arg_4]
push esi
jz short loc_417180
mov esi, [ebp+arg_8]
loc_417159: ; CODE XREF: sub_41713C+42�j
dec dword ptr [esi+4]
js short loc_417168
mov ecx, [esi]
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
jmp short loc_41716F
; ---------------------------------------------------------------------------
loc_417168: ; CODE XREF: sub_41713C+20�j
push esi
call sub_41B8B0
pop ecx
loc_41716F: ; CODE XREF: sub_41713C+2A�j
cmp eax, 0FFFFFFFFh
jz short loc_41718A
mov [edi], al
inc edi
cmp al, 0Ah
jz short loc_417180
dec [ebp+arg_4]
jnz short loc_417159
loc_417180: ; CODE XREF: sub_41713C+18�j
; sub_41713C+3D�j ...
and byte ptr [edi], 0
loc_417183: ; CODE XREF: sub_41713C+55�j
mov eax, ebx
pop esi
loc_417186: ; CODE XREF: sub_41713C+12�j
pop edi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41718A: ; CODE XREF: sub_41713C+36�j
cmp edi, [ebp+arg_0]
jnz short loc_417180
xor ebx, ebx
jmp short loc_417183
sub_41713C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417193 proc near ; CODE XREF: sub_409B24+6�p
; sub_409B42+4A�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_469528, 0
push ebx
push esi
push edi
jnz short loc_4171C0
mov eax, [ebp+arg_0]
cmp eax, 41h
jl loc_417259
cmp eax, 5Ah
jg loc_417259
add eax, 20h
jmp loc_417259
; ---------------------------------------------------------------------------
loc_4171C0: ; CODE XREF: sub_417193+E�j
mov ebx, [ebp+arg_0]
mov edi, 100h
push 1
cmp ebx, edi
pop esi
jge short loc_4171F4
cmp dword_437F7C, esi
jle short loc_4171E2
push esi
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_4171EC
; ---------------------------------------------------------------------------
loc_4171E2: ; CODE XREF: sub_417193+42�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, esi
loc_4171EC: ; CODE XREF: sub_417193+4D�j
test eax, eax
jnz short loc_4171F4
loc_4171F0: ; CODE XREF: sub_417193+AD�j
mov eax, ebx
jmp short loc_417259
; ---------------------------------------------------------------------------
loc_4171F4: ; CODE XREF: sub_417193+3A�j
; sub_417193+5B�j
mov edx, dword_437D70
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_417218
and byte ptr [ebp+arg_0+2], 0
push 2
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
pop eax
jmp short loc_417221
; ---------------------------------------------------------------------------
loc_417218: ; CODE XREF: sub_417193+74�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
mov eax, esi
loc_417221: ; CODE XREF: sub_417193+83�j
push esi
push 0
lea ecx, [ebp+var_4]
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push edi
push dword_469528
call sub_41BD71
add esp, 20h
test eax, eax
jz short loc_4171F0
cmp eax, esi
jnz short loc_41724C
movzx eax, [ebp+var_4]
jmp short loc_417259
; ---------------------------------------------------------------------------
loc_41724C: ; CODE XREF: sub_417193+B1�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_417259: ; CODE XREF: sub_417193+16�j
; sub_417193+1F�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417193 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417260 proc near ; CODE XREF: sub_40AA1B+3D�p
; sub_40C218+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov eax, [esp+4+arg_C]
or eax, eax
jnz short loc_417281
mov ecx, [esp+4+arg_8]
mov eax, [esp+4+arg_4]
xor edx, edx
div ecx
mov eax, [esp+4+arg_0]
div ecx
mov eax, edx
xor edx, edx
jmp short loc_4172D1
; ---------------------------------------------------------------------------
loc_417281: ; CODE XREF: sub_417260+7�j
mov ecx, eax
mov ebx, [esp+4+arg_8]
mov edx, [esp+4+arg_4]
mov eax, [esp+4+arg_0]
loc_41728F: ; CODE XREF: sub_417260+39�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_41728F
div ebx
mov ecx, eax
mul [esp+4+arg_C]
xchg eax, ecx
mul [esp+4+arg_8]
add edx, ecx
jb short loc_4172BA
cmp edx, [esp+4+arg_4]
ja short loc_4172BA
jb short loc_4172C2
cmp eax, [esp+4+arg_0]
jbe short loc_4172C2
loc_4172BA: ; CODE XREF: sub_417260+4A�j
; sub_417260+50�j
sub eax, [esp+4+arg_8]
sbb edx, [esp+4+arg_C]
loc_4172C2: ; CODE XREF: sub_417260+52�j
; sub_417260+58�j
sub eax, [esp+4+arg_0]
sbb edx, [esp+4+arg_4]
neg edx
neg eax
sbb edx, 0
loc_4172D1: ; CODE XREF: sub_417260+1F�j
pop ebx
retn 10h
sub_417260 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4172E0 proc near ; CODE XREF: sub_40AA1B+24�p
; sub_40C218+3F�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
push esi
mov eax, [esp+8+arg_C]
or eax, eax
jnz short loc_417302
mov ecx, [esp+8+arg_8]
mov eax, [esp+8+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+8+arg_0]
div ecx
mov edx, ebx
jmp short loc_417343
; ---------------------------------------------------------------------------
loc_417302: ; CODE XREF: sub_4172E0+8�j
mov ecx, eax
mov ebx, [esp+8+arg_8]
mov edx, [esp+8+arg_4]
mov eax, [esp+8+arg_0]
loc_417310: ; CODE XREF: sub_4172E0+3A�j
shr ecx, 1
rcr ebx, 1
shr edx, 1
rcr eax, 1
or ecx, ecx
jnz short loc_417310
div ebx
mov esi, eax
mul [esp+8+arg_C]
mov ecx, eax
mov eax, [esp+8+arg_8]
mul esi
add edx, ecx
jb short loc_41733E
cmp edx, [esp+8+arg_4]
ja short loc_41733E
jb short loc_41733F
cmp eax, [esp+8+arg_0]
jbe short loc_41733F
loc_41733E: ; CODE XREF: sub_4172E0+4E�j
; sub_4172E0+54�j
dec esi
loc_41733F: ; CODE XREF: sub_4172E0+56�j
; sub_4172E0+5C�j
xor edx, edx
mov eax, esi
loc_417343: ; CODE XREF: sub_4172E0+20�j
pop esi
pop ebx
retn 10h
sub_4172E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417348 proc near ; CODE XREF: sub_40AAD1+1E3�p
; sub_40C682+104�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
push ebx
call sub_415CF0
cmp eax, 1
pop ecx
jb short loc_417383
cmp byte ptr [ebx+1], 3Ah
jnz short loc_417383
mov esi, [ebp+arg_4]
test esi, esi
jz short loc_41737F
push 2
push ebx
push esi
call sub_41C3A0
add esp, 0Ch
and byte ptr [esi+2], 0
loc_41737F: ; CODE XREF: sub_417348+25�j
inc ebx
inc ebx
jmp short loc_41738D
; ---------------------------------------------------------------------------
loc_417383: ; CODE XREF: sub_417348+18�j
; sub_417348+1E�j
mov eax, [ebp+arg_4]
test eax, eax
jz short loc_41738D
and byte ptr [eax], 0
loc_41738D: ; CODE XREF: sub_417348+39�j
; sub_417348+40�j
and [ebp+arg_4], 0
cmp byte ptr [ebx], 0
mov eax, ebx
mov esi, 0FFh
mov [ebp+arg_0], eax
jz short loc_417405
loc_4173A0: ; CODE XREF: sub_417348+87�j
mov cl, [eax]
movzx edx, cl
test byte_46A9E1[edx], 4
jz short loc_4173B1
inc eax
jmp short loc_4173CB
; ---------------------------------------------------------------------------
loc_4173B1: ; CODE XREF: sub_417348+64�j
cmp cl, 2Fh
jz short loc_4173C5
cmp cl, 5Ch
jz short loc_4173C5
cmp cl, 2Eh
jnz short loc_4173CB
mov [ebp+var_4], eax
jmp short loc_4173CB
; ---------------------------------------------------------------------------
loc_4173C5: ; CODE XREF: sub_417348+6C�j
; sub_417348+71�j
lea ecx, [eax+1]
mov [ebp+arg_4], ecx
loc_4173CB: ; CODE XREF: sub_417348+67�j
; sub_417348+76�j ...
inc eax
cmp byte ptr [eax], 0
jnz short loc_4173A0
mov edi, [ebp+arg_4]
mov [ebp+arg_0], eax
test edi, edi
jz short loc_417405
cmp [ebp+arg_8], 0
jz short loc_417400
sub edi, ebx
cmp edi, esi
jb short loc_4173E9
mov edi, esi
loc_4173E9: ; CODE XREF: sub_417348+9D�j
push edi
push ebx
push [ebp+arg_8]
call sub_41C3A0
mov eax, [ebp+arg_8]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_417400: ; CODE XREF: sub_417348+97�j
mov ebx, [ebp+arg_4]
jmp short loc_41740F
; ---------------------------------------------------------------------------
loc_417405: ; CODE XREF: sub_417348+56�j
; sub_417348+91�j
mov ecx, [ebp+arg_8]
test ecx, ecx
jz short loc_41740F
and byte ptr [ecx], 0
loc_41740F: ; CODE XREF: sub_417348+BB�j
; sub_417348+C2�j
mov edi, [ebp+var_4]
test edi, edi
jz short loc_417462
cmp edi, ebx
jb short loc_417462
cmp [ebp+arg_C], 0
jz short loc_41743F
sub edi, ebx
cmp edi, esi
jb short loc_417428
mov edi, esi
loc_417428: ; CODE XREF: sub_417348+DC�j
push edi
push ebx
push [ebp+arg_C]
call sub_41C3A0
mov eax, [ebp+arg_C]
add esp, 0Ch
and byte ptr [edi+eax], 0
mov eax, [ebp+arg_0]
loc_41743F: ; CODE XREF: sub_417348+D6�j
mov edi, [ebp+arg_10]
test edi, edi
jz short loc_41748A
sub eax, [ebp+var_4]
cmp eax, esi
jnb short loc_41744F
mov esi, eax
loc_41744F: ; CODE XREF: sub_417348+103�j
push esi
push [ebp+var_4]
push edi
call sub_41C3A0
add esp, 0Ch
and byte ptr [esi+edi], 0
jmp short loc_41748A
; ---------------------------------------------------------------------------
loc_417462: ; CODE XREF: sub_417348+CC�j
; sub_417348+D0�j
mov edi, [ebp+arg_C]
test edi, edi
jz short loc_417480
sub eax, ebx
cmp eax, esi
jnb short loc_417471
mov esi, eax
loc_417471: ; CODE XREF: sub_417348+125�j
push esi
push ebx
push edi
call sub_41C3A0
add esp, 0Ch
and byte ptr [esi+edi], 0
loc_417480: ; CODE XREF: sub_417348+11F�j
mov eax, [ebp+arg_10]
test eax, eax
jz short loc_41748A
and byte ptr [eax], 0
loc_41748A: ; CODE XREF: sub_417348+FC�j
; sub_417348+118�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_417348 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41748F proc near ; CODE XREF: sub_40B1E1+19�p
; sub_412D06+1C�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push [ebp+arg_C]
mov [ebp+var_18], eax
mov [ebp+var_20], eax
mov eax, [ebp+arg_4]
push [ebp+arg_8]
mov [ebp+var_1C], eax
lea eax, [ebp+var_20]
mov [ebp+var_14], 42h
push eax
call sub_417D4C
add esp, 0Ch
dec [ebp+var_1C]
mov esi, eax
js short loc_4174CD
mov eax, [ebp+var_20]
and byte ptr [eax], 0
jmp short loc_4174DA
; ---------------------------------------------------------------------------
loc_4174CD: ; CODE XREF: sub_41748F+34�j
lea eax, [ebp+var_20]
push eax
push 0
call sub_417C37
pop ecx
pop ecx
loc_4174DA: ; CODE XREF: sub_41748F+3C�j
mov eax, esi
pop esi
leave
retn
sub_41748F endp
; =============== S U B R O U T I N E =======================================
sub_4174DF proc near ; CODE XREF: sub_40B459+2E�p
; sub_4167D3+35�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
mov ebx, [esp+4+arg_0]
push ebp
push esi
test ebx, ebx
push edi
jnz short loc_4174FA
push [esp+10h+arg_4]
call sub_415DC9
pop ecx
jmp loc_4175FA
; ---------------------------------------------------------------------------
loc_4174FA: ; CODE XREF: sub_4174DF+A�j
mov esi, [esp+10h+arg_4]
test esi, esi
jnz short loc_417510
push ebx
call sub_415E3D
pop ecx
loc_417509: ; CODE XREF: sub_4174DF+114�j
xor eax, eax
jmp loc_4175FA
; ---------------------------------------------------------------------------
loc_417510: ; CODE XREF: sub_4174DF+21�j
; sub_4174DF+10E�j
xor edi, edi
cmp esi, 0FFFFFFE0h
ja loc_4175DB
push ebx
call sub_418AFD
mov ebp, eax
pop ecx
test ebp, ebp
jz loc_4175B8
cmp esi, dword_437F8C
ja short loc_417578
push esi
push ebx
push ebp
call sub_419308
add esp, 0Ch
test eax, eax
jz short loc_417547
mov edi, ebx
jmp short loc_417570
; ---------------------------------------------------------------------------
loc_417547: ; CODE XREF: sub_4174DF+62�j
push esi
call sub_418E53
mov edi, eax
pop ecx
test edi, edi
jz short loc_417578
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_41755E
mov eax, esi
loc_41755E: ; CODE XREF: sub_4174DF+7B�j
push eax
push ebx
push edi
call sub_4155D0
push ebx
push ebp
call sub_418B28
add esp, 14h
loc_417570: ; CODE XREF: sub_4174DF+66�j
test edi, edi
jnz loc_4175F8
loc_417578: ; CODE XREF: sub_4174DF+53�j
; sub_4174DF+73�j
test esi, esi
jnz short loc_41757F
push 1
pop esi
loc_41757F: ; CODE XREF: sub_4174DF+9B�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push 0
push dword_46AB00
call dword_42114C
mov edi, eax
test edi, edi
jz short loc_4175DB
mov eax, [ebx-4]
dec eax
cmp eax, esi
jb short loc_4175A4
mov eax, esi
loc_4175A4: ; CODE XREF: sub_4174DF+C1�j
push eax
push ebx
push edi
call sub_4155D0
push ebx
push ebp
call sub_418B28
add esp, 14h
jmp short loc_4175D7
; ---------------------------------------------------------------------------
loc_4175B8: ; CODE XREF: sub_4174DF+47�j
test esi, esi
jnz short loc_4175BF
push 1
pop esi
loc_4175BF: ; CODE XREF: sub_4174DF+DB�j
add esi, 0Fh
and esi, 0FFFFFFF0h
push esi
push ebx
push 0
push dword_46AB00
call dword_421160
mov edi, eax
loc_4175D7: ; CODE XREF: sub_4174DF+D7�j
test edi, edi
jnz short loc_4175F8
loc_4175DB: ; CODE XREF: sub_4174DF+36�j
; sub_4174DF+B9�j
cmp dword_4694F4, 0
jz short loc_4175F8
push esi
call sub_418A68
test eax, eax
pop ecx
jnz loc_417510
jmp loc_417509
; ---------------------------------------------------------------------------
loc_4175F8: ; CODE XREF: sub_4174DF+93�j
; sub_4174DF+FA�j ...
mov eax, edi
loc_4175FA: ; CODE XREF: sub_4174DF+16�j
; sub_4174DF+2C�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4174DF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4175FF proc near ; CODE XREF: sub_40BAB4+127�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
imul edi, [ebp+arg_8]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
test edi, edi
mov [ebp+arg_0], eax
mov ebx, edi
jnz short loc_417623
xor eax, eax
jmp loc_4176F0
; ---------------------------------------------------------------------------
loc_417623: ; CODE XREF: sub_4175FF+1B�j
mov esi, [ebp+arg_C]
test word ptr [esi+0Ch], 10Ch
jz short loc_417636
mov eax, [esi+18h]
mov [ebp+arg_C], eax
jmp short loc_41763D
; ---------------------------------------------------------------------------
loc_417636: ; CODE XREF: sub_4175FF+2D�j
mov [ebp+arg_C], 1000h
loc_41763D: ; CODE XREF: sub_4175FF+35�j
; sub_4175FF+E8�j
mov ecx, [esi+0Ch]
and ecx, 108h
jz short loc_417671
mov eax, [esi+4]
test eax, eax
jz short loc_417671
cmp ebx, eax
mov edi, ebx
jb short loc_417657
mov edi, eax
loc_417657: ; CODE XREF: sub_4175FF+54�j
push edi
push [ebp+arg_0]
push dword ptr [esi]
call sub_4155D0
sub [esi+4], edi
add [esi], edi
add esp, 0Ch
sub ebx, edi
add [ebp+arg_0], edi
jmp short loc_4176B7
; ---------------------------------------------------------------------------
loc_417671: ; CODE XREF: sub_4175FF+47�j
; sub_4175FF+4E�j
cmp ebx, [ebp+arg_C]
jb short loc_4176BC
test ecx, ecx
jz short loc_417685
push esi
call sub_4186E4
test eax, eax
pop ecx
jnz short loc_4176FE
loc_417685: ; CODE XREF: sub_4175FF+79�j
cmp [ebp+arg_C], 0
jz short loc_417698
mov eax, ebx
xor edx, edx
div [ebp+arg_C]
mov edi, ebx
sub edi, edx
jmp short loc_41769A
; ---------------------------------------------------------------------------
loc_417698: ; CODE XREF: sub_4175FF+8A�j
mov edi, ebx
loc_41769A: ; CODE XREF: sub_4175FF+97�j
push edi
push [ebp+arg_0]
push dword ptr [esi+10h]
call sub_41C42A
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jz short loc_4176F5
add [ebp+arg_0], eax
sub ebx, eax
cmp eax, edi
jb short loc_4176F5
loc_4176B7: ; CODE XREF: sub_4175FF+70�j
mov edi, [ebp+var_4]
jmp short loc_4176E5
; ---------------------------------------------------------------------------
loc_4176BC: ; CODE XREF: sub_4175FF+75�j
mov eax, [ebp+arg_0]
push esi
movsx eax, byte ptr [eax]
push eax
call sub_417C37
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_4176FE
inc [ebp+arg_0]
mov eax, [esi+18h]
dec ebx
mov [ebp+arg_C], eax
test eax, eax
jg short loc_4176E5
mov [ebp+arg_C], 1
loc_4176E5: ; CODE XREF: sub_4175FF+BB�j
; sub_4175FF+DD�j
test ebx, ebx
jnz loc_41763D
mov eax, [ebp+arg_8]
loc_4176F0: ; CODE XREF: sub_4175FF+1F�j
; sub_4175FF+108�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_4176F5: ; CODE XREF: sub_4175FF+AD�j
; sub_4175FF+B6�j
or dword ptr [esi+0Ch], 20h
mov eax, [ebp+var_4]
jmp short loc_417700
; ---------------------------------------------------------------------------
loc_4176FE: ; CODE XREF: sub_4175FF+84�j
; sub_4175FF+CF�j
mov eax, edi
loc_417700: ; CODE XREF: sub_4175FF+FD�j
sub eax, ebx
xor edx, edx
div [ebp+arg_4]
jmp short loc_4176F0
sub_4175FF endp
; =============== S U B R O U T I N E =======================================
sub_417709 proc near ; CODE XREF: sub_40C1FE+8�p
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0]
call dword_421094
cmp eax, 0FFFFFFFFh
jnz short loc_417729
call dword_421088
push eax
call sub_41C5D7
pop ecx
loc_417725: ; CODE XREF: sub_417709+3F�j
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_417729: ; CODE XREF: sub_417709+D�j
test al, 1
jz short loc_41774A
test [esp+arg_4], 2
jz short loc_41774A
mov dword_469494, 0Dh
mov dword_469498, 5
jmp short loc_417725
; ---------------------------------------------------------------------------
loc_41774A: ; CODE XREF: sub_417709+22�j
; sub_417709+29�j
xor eax, eax
retn
sub_417709 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417750 proc near ; CODE XREF: sub_40C328+5F�p
; sub_40C328+90�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push edi
push esi
push ebx
xor edi, edi
mov eax, [esp+0Ch+arg_4]
or eax, eax
jge short loc_417771
inc edi
mov edx, [esp+0Ch+arg_0]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_4], eax
mov [esp+0Ch+arg_0], edx
loc_417771: ; CODE XREF: sub_417750+B�j
mov eax, [esp+0Ch+arg_C]
or eax, eax
jge short loc_41778D
inc edi
mov edx, [esp+0Ch+arg_8]
neg eax
neg edx
sbb eax, 0
mov [esp+0Ch+arg_C], eax
mov [esp+0Ch+arg_8], edx
loc_41778D: ; CODE XREF: sub_417750+27�j
or eax, eax
jnz short loc_4177A9
mov ecx, [esp+0Ch+arg_8]
mov eax, [esp+0Ch+arg_4]
xor edx, edx
div ecx
mov ebx, eax
mov eax, [esp+0Ch+arg_0]
div ecx
mov edx, ebx
jmp short loc_4177EA
; ---------------------------------------------------------------------------
loc_4177A9: ; CODE XREF: sub_417750+3F�j
mov ebx, eax
mov ecx, [esp+0Ch+arg_8]
mov edx, [esp+0Ch+arg_4]
mov eax, [esp+0Ch+arg_0]
loc_4177B7: ; CODE XREF: sub_417750+71�j
shr ebx, 1
rcr ecx, 1
shr edx, 1
rcr eax, 1
or ebx, ebx
jnz short loc_4177B7
div ecx
mov esi, eax
mul [esp+0Ch+arg_C]
mov ecx, eax
mov eax, [esp+0Ch+arg_8]
mul esi
add edx, ecx
jb short loc_4177E5
cmp edx, [esp+0Ch+arg_4]
ja short loc_4177E5
jb short loc_4177E6
cmp eax, [esp+0Ch+arg_0]
jbe short loc_4177E6
loc_4177E5: ; CODE XREF: sub_417750+85�j
; sub_417750+8B�j
dec esi
loc_4177E6: ; CODE XREF: sub_417750+8D�j
; sub_417750+93�j
xor edx, edx
mov eax, esi
loc_4177EA: ; CODE XREF: sub_417750+57�j
dec edi
jnz short loc_4177F4
neg edx
neg eax
sbb edx, 0
loc_4177F4: ; CODE XREF: sub_417750+9B�j
pop ebx
pop esi
pop edi
retn 10h
sub_417750 endp
; =============== S U B R O U T I N E =======================================
sub_4177FA proc near ; CODE XREF: .nsp0:00417B8B�p
mov eax, dword_437D3C
test eax, eax
jz short loc_417805
call eax
loc_417805: ; CODE XREF: sub_4177FA+7�j
push offset dword_423028
push offset dword_423014
call sub_4178E2
push offset dword_423010
push offset dword_423000
call sub_4178E2
add esp, 10h
retn
sub_4177FA endp
; =============== S U B R O U T I N E =======================================
sub_417827 proc near ; CODE XREF: .nsp0:00417BCA�p
arg_0 = dword ptr 4
push 0
push 0
push [esp+8+arg_0]
call sub_417849
add esp, 0Ch
retn
sub_417827 endp
; =============== S U B R O U T I N E =======================================
sub_417838 proc near ; CODE XREF: .nsp0:00417BE9�p
; sub_41AB9C+342C�p
arg_0 = dword ptr 4
push 0
push 1
push [esp+8+arg_0]
call sub_417849
add esp, 0Ch
retn
sub_417838 endp
; =============== S U B R O U T I N E =======================================
sub_417849 proc near ; CODE XREF: sub_417827+8�p
; sub_417838+8�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push edi
push 1
pop edi
cmp dword_4694DC, edi
jnz short loc_417866
push [esp+4+arg_0]
call dword_421104
push eax
call dword_421140
loc_417866: ; CODE XREF: sub_417849+A�j
cmp [esp+4+arg_4], 0
push ebx
mov ebx, [esp+8+arg_8]
mov dword_4694D8, edi
mov byte_4694D4, bl
jnz short loc_4178BA
mov eax, dword_46AB14
test eax, eax
jz short loc_4178A9
mov ecx, dword_46AB10
push esi
lea esi, [ecx-4]
cmp esi, eax
jb short loc_4178A8
loc_417895: ; CODE XREF: sub_417849+5D�j
mov eax, [esi]
test eax, eax
jz short loc_41789D
call eax
loc_41789D: ; CODE XREF: sub_417849+50�j
sub esi, 4
cmp esi, dword_46AB14
jnb short loc_417895
loc_4178A8: ; CODE XREF: sub_417849+4A�j
pop esi
loc_4178A9: ; CODE XREF: sub_417849+3C�j
push offset dword_423034
push offset dword_42302C
call sub_4178E2
pop ecx
pop ecx
loc_4178BA: ; CODE XREF: sub_417849+33�j
push offset dword_423040
push offset dword_423038
call sub_4178E2
pop ecx
pop ecx
test ebx, ebx
pop ebx
jnz short loc_4178E0
push [esp+4+arg_0]
mov dword_4694DC, edi
call dword_421114
loc_4178E0: ; CODE XREF: sub_417849+85�j
pop edi
retn
sub_417849 endp
; =============== S U B R O U T I N E =======================================
sub_4178E2 proc near ; CODE XREF: sub_4177FA+15�p
; sub_4177FA+24�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
loc_4178E7: ; CODE XREF: sub_4178E2+16�j
cmp esi, [esp+4+arg_4]
jnb short loc_4178FA
mov eax, [esi]
test eax, eax
jz short loc_4178F5
call eax
loc_4178F5: ; CODE XREF: sub_4178E2+F�j
add esi, 4
jmp short loc_4178E7
; ---------------------------------------------------------------------------
loc_4178FA: ; CODE XREF: sub_4178E2+9�j
pop esi
retn
sub_4178E2 endp
; =============== S U B R O U T I N E =======================================
sub_4178FC proc near ; CODE XREF: sub_40CE55+2AAA�p
arg_0 = dword ptr 4
push [esp+arg_0]
call dword_421118
test eax, eax
jnz short loc_417912
call dword_421088
jmp short loc_417914
; ---------------------------------------------------------------------------
loc_417912: ; CODE XREF: sub_4178FC+C�j
xor eax, eax
loc_417914: ; CODE XREF: sub_4178FC+14�j
test eax, eax
jz short loc_417923
push eax
call sub_41C5D7
pop ecx
or eax, 0FFFFFFFFh
retn
; ---------------------------------------------------------------------------
loc_417923: ; CODE XREF: sub_4178FC+1A�j
xor eax, eax
retn
sub_4178FC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_417930 proc near ; CODE XREF: sub_412B60+1D�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_8]
test eax, eax
jz short locret_41797C
mov edx, [esp+arg_0]
push esi
push edi
mov esi, edx
mov edi, [esp+8+arg_4]
or edx, edi
and edx, 3
jz short loc_41797D
test eax, 1
jz short loc_41795D
mov cl, [esi]
cmp cl, [edi]
jnz short loc_4179AA
inc esi
inc edi
dec eax
jz short loc_41797A
loc_41795D: ; CODE XREF: sub_417930+20�j
; sub_417930+48�j
mov cl, [esi]
mov dl, [edi]
cmp cl, dl
jnz short loc_4179AA
mov cl, [esi+1]
mov dl, [edi+1]
cmp cl, dl
jnz short loc_4179AA
add edi, 2
add esi, 2
sub eax, 2
jnz short loc_41795D
loc_41797A: ; CODE XREF: sub_417930+2B�j
; sub_417930+84�j
pop edi
pop esi
locret_41797C: ; CODE XREF: sub_417930+6�j
retn
; ---------------------------------------------------------------------------
loc_41797D: ; CODE XREF: sub_417930+19�j
mov ecx, eax
and eax, 3
shr ecx, 2
jz short loc_4179B2
repe cmpsd
jz short loc_4179B2
mov ecx, [esi-4]
mov edx, [edi-4]
cmp cl, dl
jnz short loc_4179A5
cmp ch, dh
jnz short loc_4179A5
shr ecx, 10h
shr edx, 10h
cmp cl, dl
jnz short loc_4179A5
cmp ch, dh
loc_4179A5: ; CODE XREF: sub_417930+63�j
; sub_417930+67�j ...
mov eax, 0
loc_4179AA: ; CODE XREF: sub_417930+26�j
; sub_417930+33�j ...
sbb eax, eax
pop edi
sbb eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4179B2: ; CODE XREF: sub_417930+55�j
; sub_417930+59�j
test eax, eax
jz short loc_41797A
mov edx, [esi]
mov ecx, [edi]
cmp dl, cl
jnz short loc_4179A5
dec eax
jz short loc_4179D9
cmp dh, ch
jnz short loc_4179A5
dec eax
jz short loc_4179D9
and ecx, 0FF0000h
and edx, 0FF0000h
cmp edx, ecx
jnz short loc_4179A5
dec eax
loc_4179D9: ; CODE XREF: sub_417930+8F�j
; sub_417930+96�j
pop edi
pop esi
retn
sub_417930 endp
; =============== S U B R O U T I N E =======================================
sub_4179DC proc near ; CODE XREF: sub_413CA9+55�p
; sub_4146BA+236�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
cmp word ptr [ecx], 0
lea eax, [ecx+2]
jz short loc_4179F3
loc_4179E9: ; CODE XREF: sub_4179DC+15�j
mov dx, [eax]
inc eax
inc eax
test dx, dx
jnz short loc_4179E9
loc_4179F3: ; CODE XREF: sub_4179DC+B�j
sub eax, ecx
sar eax, 1
dec eax
retn
sub_4179DC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4179F9 proc near ; CODE XREF: sub_413CA9+19�p
; sub_413CA9+49�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_0]
push ebx
push esi
xor esi, esi
xor eax, eax
cmp edx, esi
push edi
jz loc_417AC6
mov edi, [ebp+arg_8]
cmp edi, esi
jz loc_417AF3
cmp dword_469528, esi
jnz short loc_417A4A
cmp edi, esi
jbe loc_417AF3
loc_417A29: ; CODE XREF: sub_4179F9+4A�j
mov ecx, [ebp+arg_4]
add ecx, eax
movzx si, byte ptr [ecx]
mov [edx], si
cmp byte ptr [ecx], 0
jz loc_417AF3
inc eax
inc edx
inc edx
cmp eax, edi
jb short loc_417A29
jmp loc_417AF3
; ---------------------------------------------------------------------------
loc_417A4A: ; CODE XREF: sub_4179F9+26�j
mov ebx, [ebp+arg_4]
mov esi, dword_421064
push edi
push edx
push 0FFFFFFFFh
push ebx
push 9
push dword_469538
call esi
test eax, eax
jnz loc_417AF2
call dword_421088
cmp eax, 7Ah
jz short loc_417A84
loc_417A75: ; CODE XREF: sub_4179F9+CB�j
; sub_4179F9+F7�j
mov dword_469494, 2Ah
or eax, 0FFFFFFFFh
jmp short loc_417AF3
; ---------------------------------------------------------------------------
loc_417A84: ; CODE XREF: sub_4179F9+7A�j
lea ecx, [edi-1]
mov eax, ebx
mov [ebp+arg_4], ecx
loc_417A8C: ; CODE XREF: sub_4179F9+B3�j
mov cl, [eax]
test cl, cl
jz short loc_417AAE
mov edx, dword_437D70
movzx ecx, cl
test byte ptr [edx+ecx*2+1], 80h
jz short loc_417AA3
inc eax
loc_417AA3: ; CODE XREF: sub_4179F9+A7�j
mov ecx, [ebp+arg_4]
inc eax
dec [ebp+arg_4]
test ecx, ecx
jnz short loc_417A8C
loc_417AAE: ; CODE XREF: sub_4179F9+97�j
push edi
sub eax, ebx
push [ebp+arg_0]
push eax
push ebx
push 1
push dword_469538
call esi
test eax, eax
jnz short loc_417AF3
jmp short loc_417A75
; ---------------------------------------------------------------------------
loc_417AC6: ; CODE XREF: sub_4179F9+F�j
cmp dword_469528, esi
jnz short loc_417AD9
push [ebp+arg_4]
call sub_415CF0
pop ecx
jmp short loc_417AF3
; ---------------------------------------------------------------------------
loc_417AD9: ; CODE XREF: sub_4179F9+D3�j
push esi
push esi
push 0FFFFFFFFh
push [ebp+arg_4]
push 9
push dword_469538
call dword_421064
cmp eax, esi
jz short loc_417A75
loc_417AF2: ; CODE XREF: sub_4179F9+6B�j
dec eax
loc_417AF3: ; CODE XREF: sub_4179F9+1A�j
; sub_4179F9+2A�j ...
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4179F9 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421678
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 58h
push ebx
push esi
push edi
mov [ebp-18h], esp
call dword_42116C
xor edx, edx
mov dl, ah
mov dword_4694AC, edx
mov ecx, eax
and ecx, 0FFh
mov dword_4694A8, ecx
shl ecx, 8
add ecx, edx
mov dword_4694A4, ecx
shr eax, 10h
mov dword_4694A0, eax
xor esi, esi
push esi
call sub_418A83
pop ecx
test eax, eax
jnz short loc_417B64
push 1Ch
call sub_417C13
pop ecx
loc_417B64: ; CODE XREF: .nsp0:00417B5A�j
mov [ebp-4], esi
call sub_41CC52
call dword_421168
mov dword_46AB04, eax
call sub_41CB20
mov dword_4694E0, eax
call sub_41C8D3
call sub_41C81A
call sub_4177FA
mov [ebp-30h], esi
lea eax, [ebp-5Ch]
push eax
call dword_421164
call sub_41C7C2
mov [ebp-64h], eax
test byte ptr [ebp-30h], 1
jz short loc_417BB1
movzx eax, word ptr [ebp-2Ch]
jmp short loc_417BB4
; ---------------------------------------------------------------------------
loc_417BB1: ; CODE XREF: .nsp0:00417BA9�j
push 0Ah
pop eax
loc_417BB4: ; CODE XREF: .nsp0:00417BAF�j
push eax
push dword ptr [ebp-64h]
push esi
push esi
call dword_4210C8
push eax
call sub_40C682
mov [ebp-60h], eax
push eax
call sub_417827
mov eax, [ebp-14h]
mov ecx, [eax]
mov ecx, [ecx]
mov [ebp-68h], ecx
push eax
push ecx
call sub_41C63E
pop ecx
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
push dword ptr [ebp-68h]
call sub_417838
; =============== S U B R O U T I N E =======================================
sub_417BEE proc near ; CODE XREF: .nsp0:00416868�p
; sub_41C81A+4E�p ...
arg_0 = dword ptr 4
cmp dword_4694E8, 1
jnz short loc_417BFC
call sub_41CEE0
loc_417BFC: ; CODE XREF: sub_417BEE+7�j
push [esp+arg_0]
call sub_41CF19
push 0FFh
call dword_437D60
pop ecx
pop ecx
retn
sub_417BEE endp
; =============== S U B R O U T I N E =======================================
sub_417C13 proc near ; CODE XREF: .nsp0:00417B5E�p
arg_0 = dword ptr 4
cmp dword_4694E8, 1
jnz short loc_417C21
call sub_41CEE0
loc_417C21: ; CODE XREF: sub_417C13+7�j
push [esp+arg_0]
call sub_41CF19
pop ecx
push 0FFh
call dword_421114
retn
sub_417C13 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417C37 proc near ; CODE XREF: sub_4154E7+46�p
; sub_415A6A+45�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+arg_4]
mov eax, [esi+0Ch]
mov ebx, [esi+10h]
test al, 82h
jz loc_417D40
test al, 40h
jnz loc_417D40
test al, 1
jz short loc_417C6F
and dword ptr [esi+4], 0
test al, 10h
jz loc_417D40
mov ecx, [esi+8]
and al, 0FEh
mov [esi], ecx
mov [esi+0Ch], eax
loc_417C6F: ; CODE XREF: sub_417C37+20�j
mov eax, [esi+0Ch]
and dword ptr [esi+4], 0
and [ebp+arg_4], 0
and al, 0EFh
or al, 2
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_417CA9
cmp esi, offset dword_438488
jz short loc_417C97
cmp esi, offset dword_4384A8
jnz short loc_417CA2
loc_417C97: ; CODE XREF: sub_417C37+56�j
push ebx
call sub_41D0B0
test eax, eax
pop ecx
jnz short loc_417CA9
loc_417CA2: ; CODE XREF: sub_417C37+5E�j
push esi
call sub_41D06C
pop ecx
loc_417CA9: ; CODE XREF: sub_417C37+4E�j
; sub_417C37+69�j
test word ptr [esi+0Ch], 108h
push edi
jz short loc_417D16
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
lea ecx, [eax+1]
mov [esi], ecx
mov ecx, [esi+18h]
dec ecx
test edi, edi
mov [esi+4], ecx
jle short loc_417CD9
push edi
push eax
push ebx
call sub_41C42A
add esp, 0Ch
mov [ebp+arg_4], eax
jmp short loc_417D0C
; ---------------------------------------------------------------------------
loc_417CD9: ; CODE XREF: sub_417C37+90�j
cmp ebx, 0FFFFFFFFh
jz short loc_417CF4
mov eax, ebx
mov ecx, ebx
sar eax, 5
and ecx, 1Fh
mov eax, dword_46A7C0[eax*4]
lea eax, [eax+ecx*8]
jmp short loc_417CF9
; ---------------------------------------------------------------------------
loc_417CF4: ; CODE XREF: sub_417C37+A5�j
mov eax, offset dword_4383D0
loc_417CF9: ; CODE XREF: sub_417C37+BB�j
test byte ptr [eax+4], 20h
jz short loc_417D0C
push 2
push 0
push ebx
call sub_41BB7F
add esp, 0Ch
loc_417D0C: ; CODE XREF: sub_417C37+A0�j
; sub_417C37+C6�j
mov eax, [esi+8]
mov cl, byte ptr [ebp+arg_0]
mov [eax], cl
jmp short loc_417D2A
; ---------------------------------------------------------------------------
loc_417D16: ; CODE XREF: sub_417C37+79�j
push 1
lea eax, [ebp+arg_0]
pop edi
push edi
push eax
push ebx
call sub_41C42A
add esp, 0Ch
mov [ebp+arg_4], eax
loc_417D2A: ; CODE XREF: sub_417C37+DD�j
cmp [ebp+arg_4], edi
pop edi
jz short loc_417D36
or dword ptr [esi+0Ch], 20h
jmp short loc_417D45
; ---------------------------------------------------------------------------
loc_417D36: ; CODE XREF: sub_417C37+F7�j
mov eax, [ebp+arg_0]
and eax, 0FFh
jmp short loc_417D48
; ---------------------------------------------------------------------------
loc_417D40: ; CODE XREF: sub_417C37+10�j
; sub_417C37+18�j ...
or al, 20h
mov [esi+0Ch], eax
loc_417D45: ; CODE XREF: sub_417C37+FD�j
or eax, 0FFFFFFFFh
loc_417D48: ; CODE XREF: sub_417C37+107�j
pop esi
pop ebx
pop ebp
retn
sub_417C37 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417D4C proc near ; CODE XREF: sub_4154E7+29�p
; sub_415A6A+28�p ...
var_248 = byte ptr -248h
var_247 = byte ptr -247h
var_49 = byte ptr -49h
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 248h
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
xor esi, esi
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+var_C], esi
mov [ebp+var_14], esi
mov [ebp+arg_4], edi
jz loc_418465
mov ecx, [ebp+var_10]
xor edx, edx
jmp short loc_417D80
; ---------------------------------------------------------------------------
loc_417D78: ; CODE XREF: sub_417D4C+713�j
mov ecx, [ebp+var_10]
mov esi, [ebp+var_30]
xor edx, edx
loc_417D80: ; CODE XREF: sub_417D4C+2A�j
cmp [ebp+var_14], edx
jl loc_418465
cmp bl, 20h
jl short loc_417DA1
cmp bl, 78h
jg short loc_417DA1
movsx eax, bl
mov al, [eax+421664h]
and eax, 0Fh
jmp short loc_417DA3
; ---------------------------------------------------------------------------
loc_417DA1: ; CODE XREF: sub_417D4C+40�j
; sub_417D4C+45�j
xor eax, eax
loc_417DA3: ; CODE XREF: sub_417D4C+53�j
movsx eax, byte_421684[esi+eax*8]
sar eax, 4
cmp eax, 7 ; switch 8 cases
mov [ebp+var_30], eax
ja loc_418454 ; default
jmp off_41846D[eax*4] ; switch jump
loc_417DC1: ; DATA XREF: .nsp0:off_41846D�o
or [ebp+var_10], 0FFFFFFFFh ; jumptable 00417DBA case 1
mov [ebp+var_34], edx
mov [ebp+var_28], edx
mov [ebp+var_20], edx
mov [ebp+var_1C], edx
mov [ebp+var_4], edx
mov [ebp+var_24], edx
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417DDC: ; CODE XREF: sub_417D4C+6E�j
; DATA XREF: .nsp0:off_41846D�o
movsx eax, bl ; jumptable 00417DBA case 2
sub eax, 20h
jz short loc_417E1F
sub eax, 3
jz short loc_417E16
sub eax, 8
jz short loc_417E0D
dec eax
dec eax
jz short loc_417E04
sub eax, 3
jnz loc_418454 ; default
or [ebp+var_4], 8
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E04: ; CODE XREF: sub_417D4C+A4�j
or [ebp+var_4], 4
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E0D: ; CODE XREF: sub_417D4C+A0�j
or [ebp+var_4], 1
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E16: ; CODE XREF: sub_417D4C+9B�j
or byte ptr [ebp+var_4], 80h
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E1F: ; CODE XREF: sub_417D4C+96�j
or [ebp+var_4], 2
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E28: ; CODE XREF: sub_417D4C+6E�j
; DATA XREF: .nsp0:off_41846D�o
cmp bl, 2Ah ; jumptable 00417DBA case 3
jnz short loc_417E50
lea eax, [ebp+arg_8]
push eax
call sub_41852B
test eax, eax
pop ecx
mov [ebp+var_20], eax
jge loc_418454 ; default
or [ebp+var_4], 4
neg eax
loc_417E48: ; CODE XREF: sub_417D4C+111�j
mov [ebp+var_20], eax
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E50: ; CODE XREF: sub_417D4C+DF�j
mov eax, [ebp+var_20]
movsx ecx, bl
lea eax, [eax+eax*4]
lea eax, [ecx+eax*2-30h]
jmp short loc_417E48
; ---------------------------------------------------------------------------
loc_417E5F: ; CODE XREF: sub_417D4C+6E�j
; DATA XREF: .nsp0:off_41846D�o
mov [ebp+var_10], edx ; jumptable 00417DBA case 4
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E67: ; CODE XREF: sub_417D4C+6E�j
; DATA XREF: .nsp0:off_41846D�o
cmp bl, 2Ah ; jumptable 00417DBA case 5
jnz short loc_417E8A
lea eax, [ebp+arg_8]
push eax
call sub_41852B
test eax, eax
pop ecx
mov [ebp+var_10], eax
jge loc_418454 ; default
or [ebp+var_10], 0FFFFFFFFh
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E8A: ; CODE XREF: sub_417D4C+11E�j
lea eax, [ecx+ecx*4]
movsx ecx, bl
lea eax, [ecx+eax*2-30h]
mov [ebp+var_10], eax
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417E9C: ; CODE XREF: sub_417D4C+6E�j
; DATA XREF: .nsp0:off_41846D�o
cmp bl, 49h ; jumptable 00417DBA case 6
jz short loc_417ECF
cmp bl, 68h
jz short loc_417EC6
cmp bl, 6Ch
jz short loc_417EBD
cmp bl, 77h
jnz loc_418454 ; default
or byte ptr [ebp+var_4+1], 8
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417EBD: ; CODE XREF: sub_417D4C+15D�j
or [ebp+var_4], 10h
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417EC6: ; CODE XREF: sub_417D4C+158�j
or [ebp+var_4], 20h
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417ECF: ; CODE XREF: sub_417D4C+153�j
cmp byte ptr [edi], 36h
jnz short loc_417EE8
cmp byte ptr [edi+1], 34h
jnz short loc_417EE8
inc edi
inc edi
or byte ptr [ebp+var_4+1], 80h
mov [ebp+arg_4], edi
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417EE8: ; CODE XREF: sub_417D4C+186�j
; sub_417D4C+18C�j
mov [ebp+var_30], edx
loc_417EEB: ; CODE XREF: sub_417D4C+6E�j
; DATA XREF: .nsp0:off_41846D�o
mov ecx, dword_437D70 ; jumptable 00417DBA case 0
mov [ebp+var_24], edx
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_417F17
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41848D
mov bl, [edi]
add esp, 0Ch
inc edi
mov [ebp+arg_4], edi
loc_417F17: ; CODE XREF: sub_417D4C+1B0�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
movsx eax, bl
push eax
call sub_41848D
add esp, 0Ch
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_417F2F: ; CODE XREF: sub_417D4C+6E�j
; DATA XREF: .nsp0:off_41846D�o
movsx eax, bl ; jumptable 00417DBA case 7
cmp eax, 67h
jg loc_418157
cmp eax, 65h
jge loc_417FDA
cmp eax, 58h
jg loc_418038
jz loc_4181CB
sub eax, 43h
jz loc_417FFB
dec eax
dec eax
jz short loc_417FD0
dec eax
dec eax
jz short loc_417FD0
sub eax, 0Ch
jnz loc_418356
test word ptr [ebp+var_4], 830h
jnz short loc_417F79
or byte ptr [ebp+var_4+1], 8
loc_417F79: ; CODE XREF: sub_417D4C+227�j
; sub_417D4C+42A�j
mov esi, [ebp+var_10]
cmp esi, 0FFFFFFFFh
jnz short loc_417F86
mov esi, 7FFFFFFFh
loc_417F86: ; CODE XREF: sub_417D4C+233�j
lea eax, [ebp+arg_8]
push eax
call sub_41852B
test word ptr [ebp+var_4], 810h
pop ecx
mov ecx, eax
mov [ebp+var_8], ecx
jz loc_41819F
test ecx, ecx
jnz short loc_417FAE
mov ecx, dword_437D6C
mov [ebp+var_8], ecx
loc_417FAE: ; CODE XREF: sub_417D4C+257�j
mov [ebp+var_24], 1
mov eax, ecx
loc_417FB7: ; CODE XREF: sub_417D4C+282�j
mov edx, esi
dec esi
test edx, edx
jz loc_418196
cmp word ptr [eax], 0
jz loc_418196
inc eax
inc eax
jmp short loc_417FB7
; ---------------------------------------------------------------------------
loc_417FD0: ; CODE XREF: sub_417D4C+212�j
; sub_417D4C+216�j
mov [ebp+var_34], 1
add bl, 20h
loc_417FDA: ; CODE XREF: sub_417D4C+1F2�j
or [ebp+var_4], 40h
lea edi, [ebp+var_248]
cmp ecx, edx
mov [ebp+var_8], edi
jge loc_4180BE
mov [ebp+var_10], 6
jmp loc_4180CC
; ---------------------------------------------------------------------------
loc_417FFB: ; CODE XREF: sub_417D4C+20A�j
test word ptr [ebp+var_4], 830h
jnz short loc_418007
or byte ptr [ebp+var_4+1], 8
loc_418007: ; CODE XREF: sub_417D4C+2B5�j
; sub_417D4C+2F4�j
test word ptr [ebp+var_4], 810h
lea eax, [ebp+arg_8]
push eax
jz short loc_41804E
call sub_418548
push eax
lea eax, [ebp+var_248]
push eax
call sub_41D18F
add esp, 0Ch
mov [ebp+var_C], eax
test eax, eax
jge short loc_418061
mov [ebp+var_28], 1
jmp short loc_418061
; ---------------------------------------------------------------------------
loc_418038: ; CODE XREF: sub_417D4C+1FB�j
sub eax, 5Ah
jz short loc_41806F
sub eax, 9
jz short loc_418007
dec eax
jz loc_418231
jmp loc_418356
; ---------------------------------------------------------------------------
loc_41804E: ; CODE XREF: sub_417D4C+2C5�j
call sub_41852B
pop ecx
mov [ebp+var_248], al
mov [ebp+var_C], 1
loc_418061: ; CODE XREF: sub_417D4C+2E1�j
; sub_417D4C+2EA�j
lea eax, [ebp+var_248]
mov [ebp+var_8], eax
jmp loc_418356
; ---------------------------------------------------------------------------
loc_41806F: ; CODE XREF: sub_417D4C+2EF�j
lea eax, [ebp+arg_8]
push eax
call sub_41852B
test eax, eax
pop ecx
jz short loc_4180B0
mov ecx, [eax+4]
test ecx, ecx
jz short loc_4180B0
test byte ptr [ebp+var_4+1], 8
jz short loc_4180A1
movsx eax, word ptr [eax]
shr eax, 1
mov [ebp+var_8], ecx
mov [ebp+var_C], eax
mov [ebp+var_24], 1
jmp loc_418356
; ---------------------------------------------------------------------------
loc_4180A1: ; CODE XREF: sub_417D4C+33C�j
and [ebp+var_24], 0
mov [ebp+var_8], ecx
movsx eax, word ptr [eax]
jmp loc_418353
; ---------------------------------------------------------------------------
loc_4180B0: ; CODE XREF: sub_417D4C+32F�j
; sub_417D4C+336�j
mov eax, dword_437D68
mov [ebp+var_8], eax
push eax
jmp loc_41814C
; ---------------------------------------------------------------------------
loc_4180BE: ; CODE XREF: sub_417D4C+29D�j
jnz short loc_4180CC
cmp bl, 67h
jnz short loc_4180CC
mov [ebp+var_10], 1
loc_4180CC: ; CODE XREF: sub_417D4C+2AA�j
; sub_417D4C:loc_4180BE�j ...
mov eax, [ebp+arg_8]
push [ebp+var_34]
add eax, 8
mov [ebp+arg_8], eax
push [ebp+var_10]
mov ecx, [eax-8]
mov [ebp+var_48], ecx
mov eax, [eax-4]
mov [ebp+var_44], eax
movsx eax, bl
push eax
lea eax, [ebp+var_248]
push eax
lea eax, [ebp+var_48]
push eax
call dword_4380A8
mov esi, [ebp+var_4]
add esp, 14h
and esi, 80h
jz short loc_41811E
cmp [ebp+var_10], 0
jnz short loc_41811E
lea eax, [ebp+var_248]
push eax
call dword_4380B4
pop ecx
loc_41811E: ; CODE XREF: sub_417D4C+3BC�j
; sub_417D4C+3C2�j
cmp bl, 67h
jnz short loc_418135
test esi, esi
jnz short loc_418135
lea eax, [ebp+var_248]
push eax
call dword_4380AC
pop ecx
loc_418135: ; CODE XREF: sub_417D4C+3D5�j
; sub_417D4C+3D9�j
cmp [ebp+var_248], 2Dh
jnz short loc_41814B
or byte ptr [ebp+var_4+1], 1
lea edi, [ebp+var_247]
mov [ebp+var_8], edi
loc_41814B: ; CODE XREF: sub_417D4C+3F0�j
push edi
loc_41814C: ; CODE XREF: sub_417D4C+36D�j
call sub_415CF0
pop ecx
jmp loc_418353
; ---------------------------------------------------------------------------
loc_418157: ; CODE XREF: sub_417D4C+1E9�j
sub eax, 69h
jz loc_418231
sub eax, 5
jz loc_418207
dec eax
jz loc_4181F4
dec eax
jz short loc_4181C4
sub eax, 3
jz loc_417F79
dec eax
dec eax
jz loc_418235
sub eax, 3
jnz loc_418356
mov [ebp+var_2C], 27h
jmp short loc_4181D2
; ---------------------------------------------------------------------------
loc_418196: ; CODE XREF: sub_417D4C+270�j
; sub_417D4C+27A�j
sub eax, ecx
sar eax, 1
jmp loc_418353
; ---------------------------------------------------------------------------
loc_41819F: ; CODE XREF: sub_417D4C+24F�j
test ecx, ecx
jnz short loc_4181AC
mov ecx, dword_437D68
mov [ebp+var_8], ecx
loc_4181AC: ; CODE XREF: sub_417D4C+455�j
mov eax, ecx
loc_4181AE: ; CODE XREF: sub_417D4C+46F�j
mov edx, esi
dec esi
test edx, edx
jz short loc_4181BD
cmp byte ptr [eax], 0
jz short loc_4181BD
inc eax
jmp short loc_4181AE
; ---------------------------------------------------------------------------
loc_4181BD: ; CODE XREF: sub_417D4C+467�j
; sub_417D4C+46C�j
sub eax, ecx
jmp loc_418353
; ---------------------------------------------------------------------------
loc_4181C4: ; CODE XREF: sub_417D4C+425�j
mov [ebp+var_10], 8
loc_4181CB: ; CODE XREF: sub_417D4C+201�j
mov [ebp+var_2C], 7
loc_4181D2: ; CODE XREF: sub_417D4C+448�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 10h
jz short loc_41823C
mov al, byte ptr [ebp+var_2C]
mov [ebp+var_16], 30h
add al, 51h
mov [ebp+var_1C], 2
mov [ebp+var_15], al
jmp short loc_41823C
; ---------------------------------------------------------------------------
loc_4181F4: ; CODE XREF: sub_417D4C+41E�j
test byte ptr [ebp+var_4], 80h
mov [ebp+var_C], 8
jz short loc_41823C
or byte ptr [ebp+var_4+1], 2
jmp short loc_41823C
; ---------------------------------------------------------------------------
loc_418207: ; CODE XREF: sub_417D4C+417�j
lea eax, [ebp+arg_8]
push eax
call sub_41852B
test byte ptr [ebp+var_4], 20h
pop ecx
jz short loc_418220
mov cx, word ptr [ebp+var_14]
mov [eax], cx
jmp short loc_418225
; ---------------------------------------------------------------------------
loc_418220: ; CODE XREF: sub_417D4C+4C9�j
mov ecx, [ebp+var_14]
mov [eax], ecx
loc_418225: ; CODE XREF: sub_417D4C+4D2�j
mov [ebp+var_28], 1
jmp loc_418454 ; default
; ---------------------------------------------------------------------------
loc_418231: ; CODE XREF: sub_417D4C+2F7�j
; sub_417D4C+40E�j
or [ebp+var_4], 40h
loc_418235: ; CODE XREF: sub_417D4C+432�j
mov [ebp+var_C], 0Ah
loc_41823C: ; CODE XREF: sub_417D4C+491�j
; sub_417D4C+4A6�j ...
test byte ptr [ebp+var_4+1], 80h
jz short loc_41824E
lea eax, [ebp+arg_8]
push eax
call sub_418538
pop ecx
jmp short loc_41828F
; ---------------------------------------------------------------------------
loc_41824E: ; CODE XREF: sub_417D4C+4F4�j
test byte ptr [ebp+var_4], 20h
jz short loc_418275
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_41826A
call sub_41852B
pop ecx
movsx eax, ax
loc_418267: ; CODE XREF: sub_417D4C+527�j
; sub_417D4C+539�j
cdq
jmp short loc_41828F
; ---------------------------------------------------------------------------
loc_41826A: ; CODE XREF: sub_417D4C+510�j
call sub_41852B
pop ecx
movzx eax, ax
jmp short loc_418267
; ---------------------------------------------------------------------------
loc_418275: ; CODE XREF: sub_417D4C+506�j
test byte ptr [ebp+var_4], 40h
lea eax, [ebp+arg_8]
push eax
jz short loc_418287
call sub_41852B
pop ecx
jmp short loc_418267
; ---------------------------------------------------------------------------
loc_418287: ; CODE XREF: sub_417D4C+531�j
call sub_41852B
pop ecx
xor edx, edx
loc_41828F: ; CODE XREF: sub_417D4C+500�j
; sub_417D4C+51C�j
test byte ptr [ebp+var_4], 40h
jz short loc_4182B0
test edx, edx
jg short loc_4182B0
jl short loc_41829F
test eax, eax
jnb short loc_4182B0
loc_41829F: ; CODE XREF: sub_417D4C+54D�j
neg eax
adc edx, 0
mov esi, eax
neg edx
or byte ptr [ebp+var_4+1], 1
mov edi, edx
jmp short loc_4182B4
; ---------------------------------------------------------------------------
loc_4182B0: ; CODE XREF: sub_417D4C+547�j
; sub_417D4C+54B�j ...
mov esi, eax
mov edi, edx
loc_4182B4: ; CODE XREF: sub_417D4C+562�j
test byte ptr [ebp+var_4+1], 80h
jnz short loc_4182BD
and edi, 0
loc_4182BD: ; CODE XREF: sub_417D4C+56C�j
cmp [ebp+var_10], 0
jge short loc_4182CC
mov [ebp+var_10], 1
jmp short loc_4182D0
; ---------------------------------------------------------------------------
loc_4182CC: ; CODE XREF: sub_417D4C+575�j
and [ebp+var_4], 0FFFFFFF7h
loc_4182D0: ; CODE XREF: sub_417D4C+57E�j
mov eax, esi
or eax, edi
jnz short loc_4182DA
and [ebp+var_1C], 0
loc_4182DA: ; CODE XREF: sub_417D4C+588�j
lea eax, [ebp+var_49]
mov [ebp+var_8], eax
loc_4182E0: ; CODE XREF: sub_417D4C+5DD�j
mov eax, [ebp+var_10]
dec [ebp+var_10]
test eax, eax
jg short loc_4182F0
mov eax, esi
or eax, edi
jz short loc_41832B
loc_4182F0: ; CODE XREF: sub_417D4C+59C�j
mov eax, [ebp+var_C]
cdq
push edx
push eax
push edi
push esi
mov [ebp+var_40], eax
mov [ebp+var_3C], edx
call sub_417260
push [ebp+var_3C]
mov ebx, eax
add ebx, 30h
push [ebp+var_40]
push edi
push esi
call sub_4172E0
cmp ebx, 39h
mov esi, eax
mov edi, edx
jle short loc_418321
add ebx, [ebp+var_2C]
loc_418321: ; CODE XREF: sub_417D4C+5D0�j
mov eax, [ebp+var_8]
dec [ebp+var_8]
mov [eax], bl
jmp short loc_4182E0
; ---------------------------------------------------------------------------
loc_41832B: ; CODE XREF: sub_417D4C+5A2�j
lea eax, [ebp+var_49]
sub eax, [ebp+var_8]
inc [ebp+var_8]
test byte ptr [ebp+var_4+1], 2
mov [ebp+var_C], eax
jz short loc_418356
mov ecx, [ebp+var_8]
cmp byte ptr [ecx], 30h
jnz short loc_418349
test eax, eax
jnz short loc_418356
loc_418349: ; CODE XREF: sub_417D4C+5F7�j
dec [ebp+var_8]
inc eax
mov ecx, [ebp+var_8]
mov byte ptr [ecx], 30h
loc_418353: ; CODE XREF: sub_417D4C+35F�j
; sub_417D4C+406�j ...
mov [ebp+var_C], eax
loc_418356: ; CODE XREF: sub_417D4C+21B�j
; sub_417D4C+2FD�j ...
cmp [ebp+var_28], 0
jnz loc_418454 ; default
mov ebx, [ebp+var_4]
test bl, 40h
jz short loc_41838E
test bh, 1
jz short loc_418373
mov [ebp+var_16], 2Dh
jmp short loc_418387
; ---------------------------------------------------------------------------
loc_418373: ; CODE XREF: sub_417D4C+61F�j
test bl, 1
jz short loc_41837E
mov [ebp+var_16], 2Bh
jmp short loc_418387
; ---------------------------------------------------------------------------
loc_41837E: ; CODE XREF: sub_417D4C+62A�j
test bl, 2
jz short loc_41838E
mov [ebp+var_16], 20h
loc_418387: ; CODE XREF: sub_417D4C+625�j
; sub_417D4C+630�j
mov [ebp+var_1C], 1
loc_41838E: ; CODE XREF: sub_417D4C+61A�j
; sub_417D4C+635�j
mov esi, [ebp+var_20]
sub esi, [ebp+var_1C]
sub esi, [ebp+var_C]
test bl, 0Ch
jnz short loc_4183AE
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4184C2
add esp, 10h
loc_4183AE: ; CODE XREF: sub_417D4C+64E�j
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_16]
push [ebp+arg_0]
push [ebp+var_1C]
push eax
call sub_4184F3
add esp, 10h
test bl, 8
jz short loc_4183E0
test bl, 4
jnz short loc_4183E0
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 30h
call sub_4184C2
add esp, 10h
loc_4183E0: ; CODE XREF: sub_417D4C+67B�j
; sub_417D4C+680�j
cmp [ebp+var_24], 0
jz short loc_418427
cmp [ebp+var_C], 0
jle short loc_418427
mov eax, [ebp+var_C]
mov ebx, [ebp+var_8]
lea edi, [eax-1]
loc_4183F5: ; CODE XREF: sub_417D4C+6D7�j
mov ax, [ebx]
inc ebx
push eax
lea eax, [ebp+var_38]
push eax
inc ebx
call sub_41D18F
pop ecx
test eax, eax
pop ecx
jle short loc_41843C
lea ecx, [ebp+var_14]
push ecx
push [ebp+arg_0]
push eax
lea eax, [ebp+var_38]
push eax
call sub_4184F3
add esp, 10h
mov eax, edi
dec edi
test eax, eax
jnz short loc_4183F5
jmp short loc_41843C
; ---------------------------------------------------------------------------
loc_418427: ; CODE XREF: sub_417D4C+698�j
; sub_417D4C+69E�j
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push [ebp+var_C]
push [ebp+var_8]
call sub_4184F3
add esp, 10h
loc_41843C: ; CODE XREF: sub_417D4C+6BC�j
; sub_417D4C+6D9�j
test byte ptr [ebp+var_4], 4
jz short loc_418454 ; default
lea eax, [ebp+var_14]
push eax
push [ebp+arg_0]
push esi
push 20h
call sub_4184C2
add esp, 10h
loc_418454: ; CODE XREF: sub_417D4C+68�j
; sub_417D4C+8B�j ...
mov edi, [ebp+arg_4] ; default
mov bl, [edi]
inc edi
test bl, bl
mov [ebp+arg_4], edi
jnz loc_417D78
loc_418465: ; CODE XREF: sub_417D4C+1F�j
; sub_417D4C+37�j
mov eax, [ebp+var_14]
pop edi
pop esi
pop ebx
leave
retn
sub_417D4C endp
; ---------------------------------------------------------------------------
off_41846D dd offset loc_417EEB ; DATA XREF: sub_417D4C+6E�r
dd offset loc_417DC1 ; jump table for switch statement
dd offset loc_417DDC
dd offset loc_417E28
dd offset loc_417E5F
dd offset loc_417E67
dd offset loc_417E9C
dd offset loc_417F2F
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41848D proc near ; CODE XREF: sub_417D4C+1BD�p
; sub_417D4C+1D6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_4]
dec dword ptr [ecx+4]
js short loc_4184A6
mov edx, [ecx]
mov al, byte ptr [ebp+arg_0]
mov [edx], al
inc dword ptr [ecx]
movzx eax, al
jmp short loc_4184B1
; ---------------------------------------------------------------------------
loc_4184A6: ; CODE XREF: sub_41848D+9�j
push ecx
push [ebp+arg_0]
call sub_417C37
pop ecx
pop ecx
loc_4184B1: ; CODE XREF: sub_41848D+17�j
cmp eax, 0FFFFFFFFh
mov eax, [ebp+arg_8]
jnz short loc_4184BE
or dword ptr [eax], 0FFFFFFFFh
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4184BE: ; CODE XREF: sub_41848D+2A�j
inc dword ptr [eax]
pop ebp
retn
sub_41848D endp
; =============== S U B R O U T I N E =======================================
sub_4184C2 proc near ; CODE XREF: sub_417D4C+65A�p
; sub_417D4C+68C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push esi
push edi
mov edi, [esp+8+arg_4]
mov eax, edi
dec edi
test eax, eax
jle short loc_4184F0
mov esi, [esp+8+arg_C]
loc_4184D3: ; CODE XREF: sub_4184C2+2C�j
push esi
push [esp+0Ch+arg_8]
push [esp+10h+arg_0]
call sub_41848D
add esp, 0Ch
cmp dword ptr [esi], 0FFFFFFFFh
jz short loc_4184F0
mov eax, edi
dec edi
test eax, eax
jg short loc_4184D3
loc_4184F0: ; CODE XREF: sub_4184C2+B�j
; sub_4184C2+25�j
pop edi
pop esi
retn
sub_4184C2 endp
; =============== S U B R O U T I N E =======================================
sub_4184F3 proc near ; CODE XREF: sub_417D4C+670�p
; sub_417D4C+6CA�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push ebx
mov ebx, [esp+4+arg_4]
mov eax, ebx
dec ebx
push esi
push edi
test eax, eax
jle short loc_418527
mov edi, [esp+0Ch+arg_C]
mov esi, [esp+0Ch+arg_0]
loc_418509: ; CODE XREF: sub_4184F3+32�j
movsx eax, byte ptr [esi]
push edi
inc esi
push [esp+10h+arg_8]
push eax
call sub_41848D
add esp, 0Ch
cmp dword ptr [edi], 0FFFFFFFFh
jz short loc_418527
mov eax, ebx
dec ebx
test eax, eax
jg short loc_418509
loc_418527: ; CODE XREF: sub_4184F3+C�j
; sub_4184F3+2B�j
pop edi
pop esi
pop ebx
retn
sub_4184F3 endp
; =============== S U B R O U T I N E =======================================
sub_41852B proc near ; CODE XREF: sub_417D4C+E5�p
; sub_417D4C+124�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov eax, [eax-4]
retn
sub_41852B endp
; =============== S U B R O U T I N E =======================================
sub_418538 proc near ; CODE XREF: sub_417D4C+4FA�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 8
mov ecx, [eax]
mov eax, [ecx-8]
mov edx, [ecx-4]
retn
sub_418538 endp
; =============== S U B R O U T I N E =======================================
sub_418548 proc near ; CODE XREF: sub_417D4C+2C7�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
add dword ptr [eax], 4
mov eax, [eax]
mov ax, [eax-4]
retn
sub_418548 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418556 proc near ; CODE XREF: sub_4159D4+17�p
; sub_4159D4+58�p ...
var_4 = byte ptr -4
var_3 = byte ptr -3
var_2 = byte ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov eax, [ebp+arg_0]
lea ecx, [eax+1]
cmp ecx, 100h
ja short loc_418574
mov ecx, dword_437D70
movzx eax, word ptr [ecx+eax*2]
jmp short loc_4185C6
; ---------------------------------------------------------------------------
loc_418574: ; CODE XREF: sub_418556+10�j
mov ecx, eax
push esi
mov esi, dword_437D70
sar ecx, 8
movzx edx, cl
test byte ptr [esi+edx*2+1], 80h
pop esi
jz short loc_418599
and [ebp+var_2], 0
mov [ebp+var_4], cl
mov [ebp+var_3], al
push 2
jmp short loc_4185A2
; ---------------------------------------------------------------------------
loc_418599: ; CODE XREF: sub_418556+33�j
and [ebp+var_3], 0
mov [ebp+var_4], al
push 1
loc_4185A2: ; CODE XREF: sub_418556+41�j
pop eax
lea ecx, [ebp+arg_0+2]
push 1
push 0
push 0
push ecx
push eax
lea eax, [ebp+var_4]
push eax
push 1
call sub_41D1F7
add esp, 1Ch
test eax, eax
jnz short loc_4185C2
leave
retn
; ---------------------------------------------------------------------------
loc_4185C2: ; CODE XREF: sub_418556+68�j
movzx eax, word ptr [ebp+arg_0+2]
loc_4185C6: ; CODE XREF: sub_418556+1C�j
and eax, [ebp+arg_4]
leave
retn
sub_418556 endp
; =============== S U B R O U T I N E =======================================
sub_4185CB proc near ; CODE XREF: sub_415B40+2A�p
; sub_41D55A+290�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, [esp+10h+arg_0]
cmp edi, dword_46A8C0
jnb loc_418665
mov eax, edi
mov esi, edi
sar eax, 5
and esi, 1Fh
lea ebx, ds:46A7C0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_418665
push edi
call sub_41D4C6
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_418644
cmp edi, 1
jz short loc_418612
cmp edi, 2
jnz short loc_418628
loc_418612: ; CODE XREF: sub_4185CB+40�j
push 2
call sub_41D4C6
push 1
mov ebp, eax
call sub_41D4C6
pop ecx
cmp eax, ebp
pop ecx
jz short loc_418644
loc_418628: ; CODE XREF: sub_4185CB+45�j
push edi
call sub_41D4C6
pop ecx
push eax
call dword_42106C
test eax, eax
jnz short loc_418644
call dword_421088
mov ebp, eax
jmp short loc_418646
; ---------------------------------------------------------------------------
loc_418644: ; CODE XREF: sub_4185CB+3B�j
; sub_4185CB+5B�j ...
xor ebp, ebp
loc_418646: ; CODE XREF: sub_4185CB+77�j
push edi
call sub_41D44C
mov eax, [ebx]
pop ecx
and byte ptr [eax+esi+4], 0
test ebp, ebp
jz short loc_418661
push ebp
call sub_41C5D7
pop ecx
jmp short loc_418676
; ---------------------------------------------------------------------------
loc_418661: ; CODE XREF: sub_4185CB+8B�j
xor eax, eax
jmp short loc_418679
; ---------------------------------------------------------------------------
loc_418665: ; CODE XREF: sub_4185CB+E�j
; sub_4185CB+2F�j
and dword_469498, 0
mov dword_469494, 9
loc_418676: ; CODE XREF: sub_4185CB+94�j
or eax, 0FFFFFFFFh
loc_418679: ; CODE XREF: sub_4185CB+98�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4185CB endp
; =============== S U B R O U T I N E =======================================
sub_41867E proc near ; CODE XREF: sub_415B40+22�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz short loc_4186A7
test al, 8
jz short loc_4186A7
push dword ptr [esi+8]
call sub_415E3D
and word ptr [esi+0Ch], 0FBF7h
xor eax, eax
pop ecx
mov [esi], eax
mov [esi+8], eax
mov [esi+4], eax
loc_4186A7: ; CODE XREF: sub_41867E+A�j
; sub_41867E+E�j
pop esi
retn
sub_41867E endp
; =============== S U B R O U T I N E =======================================
sub_4186A9 proc near ; CODE XREF: sub_418749+2D�p
; sub_418749+48�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jnz short loc_4186BB
push esi
call sub_418749
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4186BB: ; CODE XREF: sub_4186A9+7�j
push esi
call sub_4186E4
test eax, eax
pop ecx
jz short loc_4186CB
or eax, 0FFFFFFFFh
pop esi
retn
; ---------------------------------------------------------------------------
loc_4186CB: ; CODE XREF: sub_4186A9+1B�j
test byte ptr [esi+0Dh], 40h
jz short loc_4186E0
push dword ptr [esi+10h]
call sub_41D503
neg eax
pop ecx
pop esi
sbb eax, eax
retn
; ---------------------------------------------------------------------------
loc_4186E0: ; CODE XREF: sub_4186A9+26�j
xor eax, eax
pop esi
retn
sub_4186A9 endp
; =============== S U B R O U T I N E =======================================
sub_4186E4 proc near ; CODE XREF: sub_415B40+1A�p
; sub_416E3E+37�p ...
arg_0 = dword ptr 4
push ebx
push esi
mov esi, [esp+8+arg_0]
xor ebx, ebx
push edi
mov eax, [esi+0Ch]
mov ecx, eax
and ecx, 3
cmp cl, 2
jnz short loc_418731
test ax, 108h
jz short loc_418731
mov eax, [esi+8]
mov edi, [esi]
sub edi, eax
test edi, edi
jle short loc_418731
push edi
push eax
push dword ptr [esi+10h]
call sub_41C42A
add esp, 0Ch
cmp eax, edi
jnz short loc_41872A
mov eax, [esi+0Ch]
test al, 80h
jz short loc_418731
and al, 0FDh
mov [esi+0Ch], eax
jmp short loc_418731
; ---------------------------------------------------------------------------
loc_41872A: ; CODE XREF: sub_4186E4+36�j
or dword ptr [esi+0Ch], 20h
or ebx, 0FFFFFFFFh
loc_418731: ; CODE XREF: sub_4186E4+14�j
; sub_4186E4+1A�j ...
mov eax, [esi+8]
and dword ptr [esi+4], 0
mov [esi], eax
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_4186E4 endp
; =============== S U B R O U T I N E =======================================
sub_418740 proc near ; CODE XREF: .nsp0:0041D17B�p
push 1
call sub_418749
pop ecx
retn
sub_418740 endp
; =============== S U B R O U T I N E =======================================
sub_418749 proc near ; CODE XREF: sub_4186A9+A�p
; sub_418740+2�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
xor esi, esi
xor ebx, ebx
xor edi, edi
cmp dword_46A7A0, esi
jle short loc_4187A7
loc_41875A: ; CODE XREF: sub_418749+5C�j
mov eax, dword_469780
mov eax, [eax+esi*4]
test eax, eax
jz short loc_41879E
mov ecx, [eax+0Ch]
test cl, 83h
jz short loc_41879E
cmp [esp+0Ch+arg_0], 1
jnz short loc_418784
push eax
call sub_4186A9
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41879E
inc ebx
jmp short loc_41879E
; ---------------------------------------------------------------------------
loc_418784: ; CODE XREF: sub_418749+2A�j
cmp [esp+0Ch+arg_0], 0
jnz short loc_41879E
test cl, 2
jz short loc_41879E
push eax
call sub_4186A9
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41879E
or edi, eax
loc_41879E: ; CODE XREF: sub_418749+1B�j
; sub_418749+23�j ...
inc esi
cmp esi, dword_46A7A0
jl short loc_41875A
loc_4187A7: ; CODE XREF: sub_418749+F�j
cmp [esp+0Ch+arg_0], 1
mov eax, ebx
jz short loc_4187B2
mov eax, edi
loc_4187B2: ; CODE XREF: sub_418749+65�j
pop edi
pop esi
pop ebx
retn
sub_418749 endp
; =============== S U B R O U T I N E =======================================
sub_4187B6 proc near ; CODE XREF: sub_415B96+8�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push dword ptr [esi+10h]
call sub_41D0B0
test eax, eax
pop ecx
jz short loc_41883F
cmp esi, offset dword_438488
jnz short loc_4187D4
xor eax, eax
jmp short loc_4187DF
; ---------------------------------------------------------------------------
loc_4187D4: ; CODE XREF: sub_4187B6+18�j
cmp esi, offset dword_4384A8
jnz short loc_41883F
push 1
pop eax
loc_4187DF: ; CODE XREF: sub_4187B6+1C�j
inc dword_469654
test word ptr [esi+0Ch], 10Ch
jnz short loc_41883F
cmp dword_4694EC[eax*4], 0
push ebx
push edi
lea edi, ds:4694ECh[eax*4]
mov ebx, 1000h
jnz short loc_418825
push ebx
call sub_415DC9
test eax, eax
pop ecx
mov [edi], eax
jnz short loc_418825
lea eax, [esi+14h]
push 2
mov [esi+8], eax
mov [esi], eax
pop eax
mov [esi+18h], eax
mov [esi+4], eax
jmp short loc_418832
; ---------------------------------------------------------------------------
loc_418825: ; CODE XREF: sub_4187B6+4D�j
; sub_4187B6+5A�j
mov edi, [edi]
mov [esi+18h], ebx
mov [esi+8], edi
mov [esi], edi
mov [esi+4], ebx
loc_418832: ; CODE XREF: sub_4187B6+6D�j
or word ptr [esi+0Ch], 1102h
push 1
pop eax
pop edi
pop ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41883F: ; CODE XREF: sub_4187B6+10�j
; sub_4187B6+24�j ...
xor eax, eax
pop esi
retn
sub_4187B6 endp
; =============== S U B R O U T I N E =======================================
sub_418843 proc near ; CODE XREF: sub_415B96+24�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0
push esi
jz short loc_41886D
mov esi, [esp+4+arg_4]
test byte ptr [esi+0Dh], 10h
jz short loc_41887E
push esi
call sub_4186E4
and byte ptr [esi+0Dh], 0EEh
and dword ptr [esi+18h], 0
and dword ptr [esi], 0
and dword ptr [esi+8], 0
pop ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41886D: ; CODE XREF: sub_418843+6�j
mov eax, [esp+4+arg_4]
test byte ptr [eax+0Dh], 10h
jz short loc_41887E
push eax
call sub_4186E4
pop ecx
loc_41887E: ; CODE XREF: sub_418843+10�j
; sub_418843+32�j
pop esi
retn
sub_418843 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418880 proc near ; CODE XREF: sub_415BC8+17�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
mov esi, dword_46965C
push edi
mov edi, [ebp+arg_4]
xor ebx, ebx
mov [ebp+var_8], ebx
mov [ebp+var_4], ebx
mov al, [edi]
cmp al, 61h
jz short loc_4188B9
cmp al, 72h
jz short loc_4188B2
cmp al, 77h
jnz loc_4189CD
mov ecx, 301h
jmp short loc_4188BE
; ---------------------------------------------------------------------------
loc_4188B2: ; CODE XREF: sub_418880+21�j
xor ecx, ecx
or esi, 1
jmp short loc_4188C1
; ---------------------------------------------------------------------------
loc_4188B9: ; CODE XREF: sub_418880+1D�j
mov ecx, 109h
loc_4188BE: ; CODE XREF: sub_418880+30�j
or esi, 2
loc_4188C1: ; CODE XREF: sub_418880+37�j
push 1
pop edx
loc_4188C4: ; CODE XREF: sub_418880+8B�j
; sub_418880+A0�j ...
mov al, [edi+1]
inc edi
cmp al, bl
jz loc_4189B3
cmp edx, ebx
jz loc_4189B3
movsx eax, al
cmp eax, 54h
jg short loc_418952
jz short loc_418942
sub eax, 2Bh
jz short loc_41892C
sub eax, 19h
jz short loc_418922
sub eax, 0Eh
jz short loc_41890D
dec eax
jnz loc_4189A4
cmp [ebp+var_4], ebx
jnz loc_4189A4
mov [ebp+var_4], 1
or ecx, 20h
jmp short loc_4188C4
; ---------------------------------------------------------------------------
loc_41890D: ; CODE XREF: sub_418880+6F�j
cmp [ebp+var_4], ebx
jnz loc_4189A4
mov [ebp+var_4], 1
or ecx, 10h
jmp short loc_4188C4
; ---------------------------------------------------------------------------
loc_418922: ; CODE XREF: sub_418880+6A�j
test cl, 40h
jnz short loc_4189A4
or ecx, 40h
jmp short loc_4188C4
; ---------------------------------------------------------------------------
loc_41892C: ; CODE XREF: sub_418880+65�j
test cl, 2
jnz short loc_4189A4
and ecx, 0FFFFFFFEh
and esi, 0FFFFFFFCh
or ecx, 2
or esi, 80h
jmp short loc_4188C4
; ---------------------------------------------------------------------------
loc_418942: ; CODE XREF: sub_418880+60�j
mov eax, 1000h
test ecx, eax
jnz short loc_4189A4
or ecx, eax
jmp loc_4188C4
; ---------------------------------------------------------------------------
loc_418952: ; CODE XREF: sub_418880+5E�j
sub eax, 62h
jz short loc_41899F
dec eax
jz short loc_418988
sub eax, 0Bh
jz short loc_418971
sub eax, 6
jnz short loc_4189A4
test ch, 0C0h
jnz short loc_4189A4
or ch, 40h
jmp loc_4188C4
; ---------------------------------------------------------------------------
loc_418971: ; CODE XREF: sub_418880+DD�j
cmp [ebp+var_8], ebx
jnz short loc_4189A4
mov [ebp+var_8], 1
and esi, 0FFFFBFFFh
jmp loc_4188C4
; ---------------------------------------------------------------------------
loc_418988: ; CODE XREF: sub_418880+D8�j
cmp [ebp+var_8], ebx
jnz short loc_4189A4
mov [ebp+var_8], 1
or esi, 4000h
jmp loc_4188C4
; ---------------------------------------------------------------------------
loc_41899F: ; CODE XREF: sub_418880+D5�j
test ch, 0C0h
jz short loc_4189AB
loc_4189A4: ; CODE XREF: sub_418880+72�j
; sub_418880+7B�j ...
xor edx, edx
jmp loc_4188C4
; ---------------------------------------------------------------------------
loc_4189AB: ; CODE XREF: sub_418880+122�j
or ch, 80h
jmp loc_4188C4
; ---------------------------------------------------------------------------
loc_4189B3: ; CODE XREF: sub_418880+4A�j
; sub_418880+52�j
push 1A4h
push [ebp+arg_8]
push ecx
push [ebp+arg_0]
call sub_41D55A
mov ecx, eax
add esp, 10h
cmp ecx, ebx
jge short loc_4189D1
loc_4189CD: ; CODE XREF: sub_418880+25�j
xor eax, eax
jmp short loc_4189EB
; ---------------------------------------------------------------------------
loc_4189D1: ; CODE XREF: sub_418880+14B�j
mov eax, [ebp+arg_C]
inc dword_469654
mov [eax+0Ch], esi
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], ebx
mov [eax+1Ch], ebx
mov [eax+10h], ecx
loc_4189EB: ; CODE XREF: sub_418880+14F�j
pop edi
pop esi
pop ebx
leave
retn
sub_418880 endp
; =============== S U B R O U T I N E =======================================
sub_4189F0 proc near ; CODE XREF: sub_415BC8�p
mov edx, dword_46A7A0
push ebx
push ebp
push esi
xor ebp, ebp
xor esi, esi
xor eax, eax
cmp edx, ebp
push edi
jle short loc_418A61
mov ebx, dword_469780
mov edi, ebx
loc_418A0C: ; CODE XREF: sub_4189F0+2E�j
mov ecx, [edi]
cmp ecx, ebp
jz short loc_418A27
test byte ptr [ecx+0Ch], 83h
jz short loc_418A22
inc eax
add edi, 4
cmp eax, edx
jl short loc_418A0C
jmp short loc_418A61
; ---------------------------------------------------------------------------
loc_418A22: ; CODE XREF: sub_4189F0+26�j
mov esi, [ebx+eax*4]
jmp short loc_418A4B
; ---------------------------------------------------------------------------
loc_418A27: ; CODE XREF: sub_4189F0+20�j
mov edi, eax
push 20h
shl edi, 2
call sub_415DC9
pop ecx
mov ecx, dword_469780
mov [edi+ecx], eax
mov eax, dword_469780
mov edi, [edi+eax]
cmp edi, ebp
jz short loc_418A61
mov esi, edi
loc_418A4B: ; CODE XREF: sub_4189F0+35�j
cmp esi, ebp
jz short loc_418A61
or dword ptr [esi+10h], 0FFFFFFFFh
mov [esi+4], ebp
mov [esi+0Ch], ebp
mov [esi+8], ebp
mov [esi], ebp
mov [esi+1Ch], ebp
loc_418A61: ; CODE XREF: sub_4189F0+12�j
; sub_4189F0+30�j ...
mov eax, esi
pop edi
pop esi
pop ebp
pop ebx
retn
sub_4189F0 endp
; =============== S U B R O U T I N E =======================================
sub_418A68 proc near ; CODE XREF: sub_415DDB+1F�p
; sub_4174DF+106�p
arg_0 = dword ptr 4
mov eax, dword_4694F8
test eax, eax
jz short loc_418A80
push [esp+arg_0]
call eax
test eax, eax
pop ecx
jz short loc_418A80
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_418A80: ; CODE XREF: sub_418A68+7�j
; sub_418A68+12�j
xor eax, eax
retn
sub_418A68 endp
; =============== S U B R O U T I N E =======================================
sub_418A83 proc near ; CODE XREF: .nsp0:00417B52�p
arg_0 = dword ptr 4
xor eax, eax
push 0
cmp [esp+4+arg_0], eax
push 1000h
setz al
push eax
call dword_421174
test eax, eax
mov dword_46AB00, eax
jz short loc_418AB8
call sub_418ABF
test eax, eax
jnz short loc_418ABB
push dword_46AB00
call dword_421170
loc_418AB8: ; CODE XREF: sub_418A83+1E�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_418ABB: ; CODE XREF: sub_418A83+27�j
push 1
pop eax
retn
sub_418A83 endp
; =============== S U B R O U T I N E =======================================
sub_418ABF proc near ; CODE XREF: sub_418A83+20�p
push 140h
push 0
push dword_46AB00
call dword_42114C
test eax, eax
mov dword_46AAFC, eax
jnz short loc_418ADC
retn
; ---------------------------------------------------------------------------
loc_418ADC: ; CODE XREF: sub_418ABF+1A�j
and dword_46AAF4, 0
and dword_46AAF8, 0
push 1
mov dword_46AAF0, eax
mov dword_46AAE8, 10h
pop eax
retn
sub_418ABF endp
; =============== S U B R O U T I N E =======================================
sub_418AFD proc near ; CODE XREF: sub_415E3D+A�p
; sub_4174DF+3D�p ...
arg_0 = dword ptr 4
mov eax, dword_46AAF8
lea ecx, [eax+eax*4]
mov eax, dword_46AAFC
lea ecx, [eax+ecx*4]
loc_418B0D: ; CODE XREF: sub_418AFD+26�j
cmp eax, ecx
jnb short loc_418B25
mov edx, [esp+arg_0]
sub edx, [eax+0Ch]
cmp edx, 100000h
jb short locret_418B27
add eax, 14h
jmp short loc_418B0D
; ---------------------------------------------------------------------------
loc_418B25: ; CODE XREF: sub_418AFD+12�j
xor eax, eax
locret_418B27: ; CODE XREF: sub_418AFD+21�j
retn
sub_418AFD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418B28 proc near ; CODE XREF: sub_415E3D+16�p
; sub_4174DF+89�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 14h
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_0]
push ebx
push esi
mov eax, [ecx+10h]
mov esi, edx
sub esi, [ecx+0Ch]
mov ebx, [edx-4]
add edx, 0FFFFFFFCh
push edi
shr esi, 0Fh
mov ecx, esi
mov edi, [edx-4]
imul ecx, 204h
dec ebx
mov [ebp+var_4], edi
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ebx
mov [ebp+var_10], ecx
mov ecx, [ebx+edx]
test cl, 1
mov [ebp+var_8], ecx
jnz short loc_418BEE
sar ecx, 4
push 3Fh
dec ecx
pop edi
mov [ebp+arg_4], ecx
cmp ecx, edi
jbe short loc_418B80
mov [ebp+arg_4], edi
loc_418B80: ; CODE XREF: sub_418B28+53�j
mov ecx, [ebx+edx+4]
cmp ecx, [ebx+edx+8]
jnz short loc_418BD2
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_418BAE
mov edi, 80000000h
shr edi, cl
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+44h], edi
dec byte ptr [ecx]
jnz short loc_418BD2
mov ecx, [ebp+arg_0]
and [ecx], edi
jmp short loc_418BD2
; ---------------------------------------------------------------------------
loc_418BAE: ; CODE XREF: sub_418B28+68�j
add ecx, 0FFFFFFE0h
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edi
and [eax+esi*4+0C4h], edi
dec byte ptr [ecx]
jnz short loc_418BD2
mov ecx, [ebp+arg_0]
and [ecx+4], edi
loc_418BD2: ; CODE XREF: sub_418B28+60�j
; sub_418B28+7D�j ...
mov ecx, [ebx+edx+8]
mov edi, [ebx+edx+4]
mov [ecx+4], edi
mov ecx, [ebx+edx+4]
mov edi, [ebx+edx+8]
add ebx, [ebp+var_8]
mov [ecx+8], edi
mov [ebp+var_C], ebx
loc_418BEE: ; CODE XREF: sub_418B28+45�j
mov edi, ebx
sar edi, 4
dec edi
cmp edi, 3Fh
jbe short loc_418BFC
push 3Fh
pop edi
loc_418BFC: ; CODE XREF: sub_418B28+CF�j
mov ecx, [ebp+var_4]
and ecx, 1
mov [ebp+var_14], ecx
jnz loc_418CAB
sub edx, [ebp+var_4]
mov ecx, [ebp+var_4]
sar ecx, 4
push 3Fh
mov [ebp+var_8], edx
dec ecx
pop edx
cmp ecx, edx
mov [ebp+arg_4], ecx
jbe short loc_418C27
mov [ebp+arg_4], edx
mov ecx, edx
loc_418C27: ; CODE XREF: sub_418B28+F8�j
add ebx, [ebp+var_4]
mov edi, ebx
mov [ebp+var_C], ebx
sar edi, 4
dec edi
cmp edi, edx
jbe short loc_418C39
mov edi, edx
loc_418C39: ; CODE XREF: sub_418B28+10D�j
cmp ecx, edi
jz short loc_418CA8
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
cmp edx, [ecx+8]
jnz short loc_418C90
mov ecx, [ebp+arg_4]
cmp ecx, 20h
jnb short loc_418C6C
mov edx, 80000000h
shr edx, cl
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+44h], edx
dec byte ptr [ecx]
jnz short loc_418C90
mov ecx, [ebp+arg_0]
and [ecx], edx
jmp short loc_418C90
; ---------------------------------------------------------------------------
loc_418C6C: ; CODE XREF: sub_418B28+126�j
add ecx, 0FFFFFFE0h
mov edx, 80000000h
shr edx, cl
mov ecx, [ebp+arg_4]
lea ecx, [ecx+eax+4]
not edx
and [eax+esi*4+0C4h], edx
dec byte ptr [ecx]
jnz short loc_418C90
mov ecx, [ebp+arg_0]
and [ecx+4], edx
loc_418C90: ; CODE XREF: sub_418B28+11E�j
; sub_418B28+13B�j ...
mov ecx, [ebp+var_8]
mov edx, [ecx+8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_8]
mov edx, [ecx+4]
mov ecx, [ecx+8]
mov [edx+8], ecx
loc_418CA8: ; CODE XREF: sub_418B28+113�j
mov edx, [ebp+var_8]
loc_418CAB: ; CODE XREF: sub_418B28+DD�j
cmp [ebp+var_14], 0
jnz short loc_418CBA
cmp [ebp+arg_4], edi
jz loc_418D43
loc_418CBA: ; CODE XREF: sub_418B28+187�j
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov ecx, [ecx+4]
mov [edx+4], ecx
mov ecx, [ebp+var_10]
lea ecx, [ecx+edi*8]
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_418D43
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_418D17
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_418D06
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_418D06: ; CODE XREF: sub_418B28+1CE�j
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
lea eax, [eax+esi*4+44h]
or [eax], ebx
jmp short loc_418D40
; ---------------------------------------------------------------------------
loc_418D17: ; CODE XREF: sub_418B28+1C8�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_418D2D
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_418D2D: ; CODE XREF: sub_418B28+1F3�j
lea ecx, [edi-20h]
mov edi, 80000000h
shr edi, cl
lea eax, [eax+esi*4+0C4h]
or [eax], edi
loc_418D40: ; CODE XREF: sub_418B28+1ED�j
mov ebx, [ebp+var_C]
loc_418D43: ; CODE XREF: sub_418B28+18C�j
; sub_418B28+1B6�j
mov eax, [ebp+var_10]
mov [edx], ebx
mov [ebx+edx-4], ebx
dec dword ptr [eax]
jnz loc_418E4E
mov eax, dword_46AAF4
test eax, eax
jz loc_418E40
mov ecx, dword_46AAEC
mov edi, dword_421178
shl ecx, 0Fh
add ecx, [eax+0Ch]
mov ebx, 8000h
push 4000h
push ebx
push ecx
call edi
mov ecx, dword_46AAEC
mov eax, dword_46AAF4
mov edx, 80000000h
shr edx, cl
or [eax+8], edx
mov eax, dword_46AAF4
mov ecx, dword_46AAEC
mov eax, [eax+10h]
and dword ptr [eax+ecx*4+0C4h], 0
mov eax, dword_46AAF4
mov eax, [eax+10h]
dec byte ptr [eax+43h]
mov eax, dword_46AAF4
mov ecx, [eax+10h]
cmp byte ptr [ecx+43h], 0
jnz short loc_418DCE
and dword ptr [eax+4], 0FFFFFFFEh
mov eax, dword_46AAF4
loc_418DCE: ; CODE XREF: sub_418B28+29B�j
cmp dword ptr [eax+8], 0FFFFFFFFh
jnz short loc_418E40
push ebx
push 0
push dword ptr [eax+0Ch]
call edi
mov eax, dword_46AAF4
push dword ptr [eax+10h]
push 0
push dword_46AB00
call dword_421150
mov eax, dword_46AAF8
mov edx, dword_46AAFC
lea eax, [eax+eax*4]
shl eax, 2
mov ecx, eax
mov eax, dword_46AAF4
sub ecx, eax
lea ecx, [ecx+edx-14h]
push ecx
lea ecx, [eax+14h]
push ecx
push eax
call sub_416490
mov eax, [ebp+arg_0]
add esp, 0Ch
dec dword_46AAF8
cmp eax, dword_46AAF4
jbe short loc_418E32
sub eax, 14h
loc_418E32: ; CODE XREF: sub_418B28+305�j
mov ecx, dword_46AAFC
mov dword_46AAF0, ecx
jmp short loc_418E43
; ---------------------------------------------------------------------------
loc_418E40: ; CODE XREF: sub_418B28+233�j
; sub_418B28+2AA�j
mov eax, [ebp+arg_0]
loc_418E43: ; CODE XREF: sub_418B28+316�j
mov dword_46AAF4, eax
mov dword_46AAEC, esi
loc_418E4E: ; CODE XREF: sub_418B28+226�j
pop edi
pop esi
pop ebx
leave
retn
sub_418B28 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418E53 proc near ; CODE XREF: sub_415E07+E�p
; sub_4174DF+69�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
mov eax, dword_46AAF8
mov edx, dword_46AAFC
push ebx
push esi
lea eax, [eax+eax*4]
push edi
lea edi, [edx+eax*4]
mov eax, [ebp+arg_0]
mov [ebp+var_4], edi
lea ecx, [eax+17h]
and ecx, 0FFFFFFF0h
mov [ebp+var_10], ecx
sar ecx, 4
dec ecx
cmp ecx, 20h
jge short loc_418E93
or esi, 0FFFFFFFFh
shr esi, cl
or [ebp+var_8], 0FFFFFFFFh
mov [ebp+var_C], esi
jmp short loc_418EA3
; ---------------------------------------------------------------------------
loc_418E93: ; CODE XREF: sub_418E53+30�j
add ecx, 0FFFFFFE0h
or eax, 0FFFFFFFFh
xor esi, esi
shr eax, cl
mov [ebp+var_C], esi
mov [ebp+var_8], eax
loc_418EA3: ; CODE XREF: sub_418E53+3E�j
mov eax, dword_46AAF0
mov ebx, eax
cmp ebx, edi
mov [ebp+arg_0], ebx
jnb short loc_418ECA
loc_418EB1: ; CODE XREF: sub_418E53+75�j
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_418ECA
add ebx, 14h
cmp ebx, [ebp+var_4]
mov [ebp+arg_0], ebx
jb short loc_418EB1
loc_418ECA: ; CODE XREF: sub_418E53+5C�j
; sub_418E53+6A�j
cmp ebx, [ebp+var_4]
jnz short loc_418F48
mov ebx, edx
loc_418ED1: ; CODE XREF: sub_418E53+96�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_418EED
mov ecx, [ebx+4]
mov edi, [ebx]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_418EEB
add ebx, 14h
jmp short loc_418ED1
; ---------------------------------------------------------------------------
loc_418EEB: ; CODE XREF: sub_418E53+91�j
cmp ebx, eax
loc_418EED: ; CODE XREF: sub_418E53+83�j
jnz short loc_418F48
loc_418EEF: ; CODE XREF: sub_418E53+AD�j
cmp ebx, [ebp+var_4]
jnb short loc_418F05
cmp dword ptr [ebx+8], 0
jnz short loc_418F02
add ebx, 14h
mov [ebp+arg_0], ebx
jmp short loc_418EEF
; ---------------------------------------------------------------------------
loc_418F02: ; CODE XREF: sub_418E53+A5�j
cmp ebx, [ebp+var_4]
loc_418F05: ; CODE XREF: sub_418E53+9F�j
jnz short loc_418F2D
mov ebx, edx
loc_418F09: ; CODE XREF: sub_418E53+C6�j
cmp ebx, eax
mov [ebp+arg_0], ebx
jnb short loc_418F1D
cmp dword ptr [ebx+8], 0
jnz short loc_418F1B
add ebx, 14h
jmp short loc_418F09
; ---------------------------------------------------------------------------
loc_418F1B: ; CODE XREF: sub_418E53+C1�j
cmp ebx, eax
loc_418F1D: ; CODE XREF: sub_418E53+BB�j
jnz short loc_418F2D
call sub_41915C
mov ebx, eax
test ebx, ebx
mov [ebp+arg_0], ebx
jz short loc_418F41
loc_418F2D: ; CODE XREF: sub_418E53:loc_418F05�j
; sub_418E53:loc_418F1D�j
push ebx
call sub_41920D
pop ecx
mov ecx, [ebx+10h]
mov [ecx], eax
mov eax, [ebx+10h]
cmp dword ptr [eax], 0FFFFFFFFh
jnz short loc_418F48
loc_418F41: ; CODE XREF: sub_418E53+D8�j
xor eax, eax
jmp loc_419157
; ---------------------------------------------------------------------------
loc_418F48: ; CODE XREF: sub_418E53+7A�j
; sub_418E53:loc_418EED�j ...
mov dword_46AAF0, ebx
mov eax, [ebx+10h]
mov edx, [eax]
cmp edx, 0FFFFFFFFh
mov [ebp+var_4], edx
jz short loc_418F6F
mov ecx, [eax+edx*4+0C4h]
mov edi, [eax+edx*4+44h]
and ecx, [ebp+var_8]
and edi, esi
or ecx, edi
jnz short loc_418FA6
loc_418F6F: ; CODE XREF: sub_418E53+106�j
mov edx, [eax+0C4h]
mov esi, [eax+44h]
and edx, [ebp+var_8]
and esi, [ebp+var_C]
and [ebp+var_4], 0
lea ecx, [eax+44h]
or edx, esi
mov esi, [ebp+var_C]
jnz short loc_418FA3
loc_418F8C: ; CODE XREF: sub_418E53+14E�j
mov edx, [ecx+84h]
inc [ebp+var_4]
and edx, [ebp+var_8]
add ecx, 4
mov edi, esi
and edi, [ecx]
or edx, edi
jz short loc_418F8C
loc_418FA3: ; CODE XREF: sub_418E53+137�j
mov edx, [ebp+var_4]
loc_418FA6: ; CODE XREF: sub_418E53+11A�j
mov ecx, edx
xor edi, edi
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [eax+edx*4+44h]
and ecx, esi
jnz short loc_418FCF
mov ecx, [eax+edx*4+0C4h]
push 20h
and ecx, [ebp+var_8]
pop edi
loc_418FCF: ; CODE XREF: sub_418E53+16D�j
; sub_418E53+183�j
test ecx, ecx
jl short loc_418FD8
shl ecx, 1
inc edi
jmp short loc_418FCF
; ---------------------------------------------------------------------------
loc_418FD8: ; CODE XREF: sub_418E53+17E�j
mov ecx, [ebp+var_C]
mov edx, [ecx+edi*8+4]
mov ecx, [edx]
sub ecx, [ebp+var_10]
mov esi, ecx
mov [ebp+var_8], ecx
sar esi, 4
dec esi
cmp esi, 3Fh
jle short loc_418FF5
push 3Fh
pop esi
loc_418FF5: ; CODE XREF: sub_418E53+19D�j
cmp esi, edi
jz loc_41910A
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_419066
cmp edi, 20h
jge short loc_419035
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
not ebx
mov [ebp+var_14], ebx
and ebx, [eax+ecx*4+44h]
mov [eax+ecx*4+44h], ebx
dec byte ptr [edi]
jnz short loc_419063
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx], ecx
jmp short loc_419066
; ---------------------------------------------------------------------------
loc_419035: ; CODE XREF: sub_418E53+1B5�j
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_4]
lea edi, [eax+edi+4]
lea ecx, [eax+ecx*4+0C4h]
not ebx
and [ecx], ebx
dec byte ptr [edi]
mov [ebp+var_14], ebx
jnz short loc_419063
mov ebx, [ebp+arg_0]
mov ecx, [ebp+var_14]
and [ebx+4], ecx
jmp short loc_419066
; ---------------------------------------------------------------------------
loc_419063: ; CODE XREF: sub_418E53+1D6�j
; sub_418E53+203�j
mov ebx, [ebp+arg_0]
loc_419066: ; CODE XREF: sub_418E53+1B0�j
; sub_418E53+1E0�j ...
mov ecx, [edx+8]
mov edi, [edx+4]
cmp [ebp+var_8], 0
mov [ecx+4], edi
mov ecx, [edx+4]
mov edi, [edx+8]
mov [ecx+8], edi
jz loc_419116
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [edx+4], edi
mov [edx+8], ecx
mov [ecx+4], edx
mov ecx, [edx+4]
mov [ecx+8], edx
mov ecx, [edx+4]
cmp ecx, [edx+8]
jnz short loc_419107
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_0+3], cl
jge short loc_4190D8
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4190C6
mov edi, 80000000h
mov ecx, esi
shr edi, cl
or [ebx], edi
loc_4190C6: ; CODE XREF: sub_418E53+266�j
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+var_4]
or [eax+ecx*4+44h], edi
jmp short loc_419107
; ---------------------------------------------------------------------------
loc_4190D8: ; CODE XREF: sub_418E53+25A�j
inc cl
cmp byte ptr [ebp+arg_0+3], 0
mov [esi+eax+4], cl
jnz short loc_4190F1
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
or [ebx+4], edi
loc_4190F1: ; CODE XREF: sub_418E53+28F�j
mov ecx, [ebp+var_4]
lea edi, [eax+ecx*4+0C4h]
lea ecx, [esi-20h]
mov esi, 80000000h
shr esi, cl
or [edi], esi
loc_419107: ; CODE XREF: sub_418E53+24E�j
; sub_418E53+283�j
mov ecx, [ebp+var_8]
loc_41910A: ; CODE XREF: sub_418E53+1A4�j
test ecx, ecx
jz short loc_419119
mov [edx], ecx
mov [ecx+edx-4], ecx
jmp short loc_419119
; ---------------------------------------------------------------------------
loc_419116: ; CODE XREF: sub_418E53+229�j
mov ecx, [ebp+var_8]
loc_419119: ; CODE XREF: sub_418E53+2B9�j
; sub_418E53+2C1�j
mov esi, [ebp+var_10]
add edx, ecx
lea ecx, [esi+1]
mov [edx], ecx
mov [edx+esi-4], ecx
mov esi, [ebp+var_C]
mov ecx, [esi]
test ecx, ecx
lea edi, [ecx+1]
mov [esi], edi
jnz short loc_41914F
cmp ebx, dword_46AAF4
jnz short loc_41914F
mov ecx, [ebp+var_4]
cmp ecx, dword_46AAEC
jnz short loc_41914F
and dword_46AAF4, 0
loc_41914F: ; CODE XREF: sub_418E53+2E0�j
; sub_418E53+2E8�j ...
mov ecx, [ebp+var_4]
mov [eax], ecx
lea eax, [edx+4]
loc_419157: ; CODE XREF: sub_418E53+F0�j
pop edi
pop esi
pop ebx
leave
retn
sub_418E53 endp
; =============== S U B R O U T I N E =======================================
sub_41915C proc near ; CODE XREF: sub_418E53+CC�p
mov eax, dword_46AAF8
mov ecx, dword_46AAE8
push esi
push edi
xor edi, edi
cmp eax, ecx
jnz short loc_41919F
lea eax, [ecx+ecx*4+50h]
shl eax, 2
push eax
push dword_46AAFC
push edi
push dword_46AB00
call dword_421160
cmp eax, edi
jz short loc_4191EF
add dword_46AAE8, 10h
mov dword_46AAFC, eax
mov eax, dword_46AAF8
loc_41919F: ; CODE XREF: sub_41915C+11�j
mov ecx, dword_46AAFC
push 41C4h
push 8
lea eax, [eax+eax*4]
push dword_46AB00
lea esi, [ecx+eax*4]
call dword_42114C
cmp eax, edi
mov [esi+10h], eax
jz short loc_4191EF
push 4
push 2000h
push 100000h
push edi
call dword_42117C
cmp eax, edi
mov [esi+0Ch], eax
jnz short loc_4191F3
push dword ptr [esi+10h]
push edi
push dword_46AB00
call dword_421150
loc_4191EF: ; CODE XREF: sub_41915C+30�j
; sub_41915C+67�j
xor eax, eax
jmp short loc_41920A
; ---------------------------------------------------------------------------
loc_4191F3: ; CODE XREF: sub_41915C+81�j
or dword ptr [esi+8], 0FFFFFFFFh
mov [esi], edi
mov [esi+4], edi
inc dword_46AAF8
mov eax, [esi+10h]
or dword ptr [eax], 0FFFFFFFFh
mov eax, esi
loc_41920A: ; CODE XREF: sub_41915C+95�j
pop edi
pop esi
retn
sub_41915C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41920D proc near ; CODE XREF: sub_418E53+DB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ecx, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, [ecx+10h]
mov eax, [ecx+8]
xor ebx, ebx
loc_41921F: ; CODE XREF: sub_41920D+19�j
test eax, eax
jl short loc_419228
shl eax, 1
inc ebx
jmp short loc_41921F
; ---------------------------------------------------------------------------
loc_419228: ; CODE XREF: sub_41920D+14�j
mov eax, ebx
push 3Fh
imul eax, 204h
pop edx
lea eax, [eax+esi+144h]
mov [ebp+var_4], eax
loc_41923D: ; CODE XREF: sub_41920D+3A�j
mov [eax+8], eax
mov [eax+4], eax
add eax, 8
dec edx
jnz short loc_41923D
mov edi, ebx
push 4
shl edi, 0Fh
add edi, [ecx+0Ch]
push 1000h
push 8000h
push edi
call dword_42117C
test eax, eax
jnz short loc_419270
or eax, 0FFFFFFFFh
jmp loc_419303
; ---------------------------------------------------------------------------
loc_419270: ; CODE XREF: sub_41920D+59�j
lea edx, [edi+7000h]
cmp edi, edx
ja short loc_4192B6
lea eax, [edi+10h]
loc_41927D: ; CODE XREF: sub_41920D+A7�j
or dword ptr [eax-8], 0FFFFFFFFh
or dword ptr [eax+0FECh], 0FFFFFFFFh
lea ecx, [eax+0FFCh]
mov dword ptr [eax-4], 0FF0h
mov [eax], ecx
lea ecx, [eax-1004h]
mov [eax+4], ecx
mov dword ptr [eax+0FE8h], 0FF0h
add eax, 1000h
lea ecx, [eax-10h]
cmp ecx, edx
jbe short loc_41927D
loc_4192B6: ; CODE XREF: sub_41920D+6B�j
mov eax, [ebp+var_4]
lea ecx, [edi+0Ch]
add eax, 1F8h
push 1
pop edi
mov [eax+4], ecx
mov [ecx+8], eax
lea ecx, [edx+0Ch]
mov [eax+8], ecx
mov [ecx+4], eax
and dword ptr [esi+ebx*4+44h], 0
mov [esi+ebx*4+0C4h], edi
mov al, [esi+43h]
mov cl, al
inc cl
test al, al
mov eax, [ebp+arg_0]
mov [esi+43h], cl
jnz short loc_4192F3
or [eax+4], edi
loc_4192F3: ; CODE XREF: sub_41920D+E1�j
mov edx, 80000000h
mov ecx, ebx
shr edx, cl
not edx
and [eax+8], edx
mov eax, ebx
loc_419303: ; CODE XREF: sub_41920D+5E�j
pop edi
pop esi
pop ebx
leave
retn
sub_41920D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419308 proc near ; CODE XREF: sub_4174DF+58�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov ecx, [ebp+arg_0]
mov eax, [ebp+arg_8]
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov edx, edi
lea esi, [eax+17h]
sub edx, [ecx+0Ch]
mov eax, [ecx+10h]
and esi, 0FFFFFFF0h
shr edx, 0Fh
mov ecx, edx
imul ecx, 204h
lea ecx, [ecx+eax+144h]
mov [ebp+var_C], ecx
mov ecx, [edi-4]
dec ecx
cmp esi, ecx
mov [ebp+arg_8], ecx
mov ebx, [ecx+edi-4]
lea edi, [ecx+edi-4]
mov [ebp+var_4], ebx
jle loc_4194B6
test bl, 1
jnz loc_4194AF
add ebx, ecx
cmp esi, ebx
jg loc_4194AF
mov ecx, [ebp+var_4]
sar ecx, 4
dec ecx
cmp ecx, 3Fh
mov [ebp+var_8], ecx
jbe short loc_41937F
push 3Fh
pop ecx
mov [ebp+var_8], ecx
loc_41937F: ; CODE XREF: sub_419308+6F�j
mov ebx, [edi+4]
cmp ebx, [edi+8]
jnz short loc_4193CF
cmp ecx, 20h
jnb short loc_4193AB
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [ecx]
jnz short loc_4193CF
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_4193CF
; ---------------------------------------------------------------------------
loc_4193AB: ; CODE XREF: sub_419308+82�j
add ecx, 0FFFFFFE0h
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+var_8]
lea ecx, [ecx+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_4193CF
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_4193CF: ; CODE XREF: sub_419308+7D�j
; sub_419308+9A�j ...
mov ecx, [edi+8]
mov ebx, [edi+4]
mov [ecx+4], ebx
mov ecx, [edi+4]
mov edi, [edi+8]
mov [ecx+8], edi
mov ecx, [ebp+arg_8]
sub ecx, esi
add [ebp+var_4], ecx
cmp [ebp+var_4], 0
jle loc_41949D
mov edi, [ebp+var_4]
mov ecx, [ebp+arg_4]
sar edi, 4
dec edi
lea ecx, [ecx+esi-4]
cmp edi, 3Fh
jbe short loc_419409
push 3Fh
pop edi
loc_419409: ; CODE XREF: sub_419308+FC�j
mov ebx, [ebp+var_C]
lea ebx, [ebx+edi*8]
mov [ebp+arg_8], ebx
mov ebx, [ebx+4]
mov [ecx+4], ebx
mov ebx, [ebp+arg_8]
mov [ecx+8], ebx
mov [ebx+4], ecx
mov ebx, [ecx+4]
mov [ebx+8], ecx
mov ebx, [ecx+4]
cmp ebx, [ecx+8]
jnz short loc_41948B
mov cl, [edi+eax+4]
cmp edi, 20h
mov byte ptr [ebp+arg_8+3], cl
inc cl
mov [edi+eax+4], cl
jnb short loc_419462
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_419455
mov ebx, 80000000h
mov ecx, edi
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx], ebx
loc_419455: ; CODE XREF: sub_419308+13D�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, edi
jmp short loc_419487
; ---------------------------------------------------------------------------
loc_419462: ; CODE XREF: sub_419308+137�j
cmp byte ptr [ebp+arg_8+3], 0
jnz short loc_419478
lea ecx, [edi-20h]
mov ebx, 80000000h
shr ebx, cl
mov ecx, [ebp+arg_0]
or [ecx+4], ebx
loc_419478: ; CODE XREF: sub_419308+15E�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [edi-20h]
mov edx, 80000000h
loc_419487: ; CODE XREF: sub_419308+158�j
shr edx, cl
or [eax], edx
loc_41948B: ; CODE XREF: sub_419308+125�j
mov edx, [ebp+arg_4]
mov ecx, [ebp+var_4]
lea eax, [edx+esi-4]
mov [eax], ecx
mov [ecx+eax-4], ecx
jmp short loc_4194A0
; ---------------------------------------------------------------------------
loc_41949D: ; CODE XREF: sub_419308+E5�j
mov edx, [ebp+arg_4]
loc_4194A0: ; CODE XREF: sub_419308+193�j
lea eax, [esi+1]
mov [edx-4], eax
mov [edx+esi-8], eax
jmp loc_4195F6
; ---------------------------------------------------------------------------
loc_4194AF: ; CODE XREF: sub_419308+52�j
; sub_419308+5C�j
xor eax, eax
jmp loc_4195F9
; ---------------------------------------------------------------------------
loc_4194B6: ; CODE XREF: sub_419308+49�j
jge loc_4195F6
mov ebx, [ebp+arg_4]
sub [ebp+arg_8], esi
lea ecx, [esi+1]
mov [ebx-4], ecx
lea ebx, [ebx+esi-4]
mov esi, [ebp+arg_8]
mov [ebp+arg_4], ebx
sar esi, 4
dec esi
mov [ebx-4], ecx
cmp esi, 3Fh
jbe short loc_4194E1
push 3Fh
pop esi
loc_4194E1: ; CODE XREF: sub_419308+1D4�j
test byte ptr [ebp+var_4], 1
jnz loc_419570
mov esi, [ebp+var_4]
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_4194FA
push 3Fh
pop esi
loc_4194FA: ; CODE XREF: sub_419308+1ED�j
mov ecx, [edi+4]
cmp ecx, [edi+8]
jnz short loc_419549
cmp esi, 20h
jnb short loc_419525
mov ebx, 80000000h
mov ecx, esi
shr ebx, cl
lea esi, [esi+eax+4]
not ebx
and [eax+edx*4+44h], ebx
dec byte ptr [esi]
jnz short loc_419546
mov ecx, [ebp+arg_0]
and [ecx], ebx
jmp short loc_419546
; ---------------------------------------------------------------------------
loc_419525: ; CODE XREF: sub_419308+1FD�j
lea ecx, [esi-20h]
mov ebx, 80000000h
shr ebx, cl
lea ecx, [esi+eax+4]
not ebx
and [eax+edx*4+0C4h], ebx
dec byte ptr [ecx]
jnz short loc_419546
mov ecx, [ebp+arg_0]
and [ecx+4], ebx
loc_419546: ; CODE XREF: sub_419308+214�j
; sub_419308+21B�j ...
mov ebx, [ebp+arg_4]
loc_419549: ; CODE XREF: sub_419308+1F8�j
mov ecx, [edi+8]
mov esi, [edi+4]
mov [ecx+4], esi
mov ecx, [edi+4]
mov esi, [edi+8]
mov [ecx+8], esi
mov esi, [ebp+arg_8]
add esi, [ebp+var_4]
mov [ebp+arg_8], esi
sar esi, 4
dec esi
cmp esi, 3Fh
jbe short loc_419570
push 3Fh
pop esi
loc_419570: ; CODE XREF: sub_419308+1DD�j
; sub_419308+263�j
mov ecx, [ebp+var_C]
mov edi, [ecx+esi*8+4]
lea ecx, [ecx+esi*8]
mov [ebx+4], edi
mov [ebx+8], ecx
mov [ecx+4], ebx
mov ecx, [ebx+4]
mov [ecx+8], ebx
mov ecx, [ebx+4]
cmp ecx, [ebx+8]
jnz short loc_4195ED
mov cl, [esi+eax+4]
cmp esi, 20h
mov byte ptr [ebp+arg_4+3], cl
inc cl
mov [esi+eax+4], cl
jnb short loc_4195C4
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4195B7
mov edi, 80000000h
mov ecx, esi
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx], edi
loc_4195B7: ; CODE XREF: sub_419308+29F�j
lea eax, [eax+edx*4+44h]
mov edx, 80000000h
mov ecx, esi
jmp short loc_4195E9
; ---------------------------------------------------------------------------
loc_4195C4: ; CODE XREF: sub_419308+299�j
cmp byte ptr [ebp+arg_4+3], 0
jnz short loc_4195DA
lea ecx, [esi-20h]
mov edi, 80000000h
shr edi, cl
mov ecx, [ebp+arg_0]
or [ecx+4], edi
loc_4195DA: ; CODE XREF: sub_419308+2C0�j
lea eax, [eax+edx*4+0C4h]
lea ecx, [esi-20h]
mov edx, 80000000h
loc_4195E9: ; CODE XREF: sub_419308+2BA�j
shr edx, cl
or [eax], edx
loc_4195ED: ; CODE XREF: sub_419308+287�j
mov eax, [ebp+arg_8]
mov [ebx], eax
mov [eax+ebx-4], eax
loc_4195F6: ; CODE XREF: sub_419308+1A2�j
; sub_419308:loc_4194B6�j
push 1
pop eax
loc_4195F9: ; CODE XREF: sub_419308+1A9�j
pop edi
pop esi
pop ebx
leave
retn
sub_419308 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __fastcall sub_4195FE(int,int,double,int)
sub_4195FE proc near ; CODE XREF: sub_415E6C+51�p
; sub_415FB3+51�p
var_1C = qword ptr -1Ch
var_14 = qword ptr -14h
var_C = qword ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp dword_4386E8, 0
jnz short loc_419633
push [ebp+arg_C] ; int
fld qword ptr [ebp+arg_4]
push ecx
push ecx ; double
fstp [esp+0Ch+var_C]
push ecx ; int
push ecx ; int
fldz
fstp [esp+14h+var_14]
fld qword ptr [ebp+arg_4]
push ecx ; int
push ecx ; int
fstp [esp+1Ch+var_1C]
push [ebp+arg_0] ; int
push 1 ; int
call sub_419BB3
add esp, 24h
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419633: ; CODE XREF: sub_4195FE+A�j
push 0FFFFh
mov dword_469494, 21h
push [ebp+arg_C]
call sub_419E26
fld qword ptr [ebp+arg_4]
pop ecx
pop ecx
pop ebp
retn
sub_4195FE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419651(int,int,double,double,int)
sub_419651 proc near ; CODE XREF: sub_415E6C:loc_415F2F�p
; sub_415FB3:loc_416076�p
var_74 = qword ptr -74h
var_6C = qword ptr -6Ch
var_64 = qword ptr -64h
var_5C = dword ptr -5Ch
var_58 = byte ptr -58h
var_20 = dword ptr -20h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = qword ptr 10h
arg_10 = qword ptr 18h
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 58h
push [ebp+arg_18]
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_0]
call sub_41999C
add esp, 0Ch
test eax, eax
jnz short loc_41968F
lea eax, [ebp+arg_10]
and [ebp+var_20], 0FFFFFFFEh
push eax
lea eax, [ebp+arg_8]
push eax
lea eax, [ebp+arg_18]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
lea eax, [ebp+var_58]
push eax
call sub_4196E9
add esp, 18h
loc_41968F: ; CODE XREF: sub_419651+1A�j
push [ebp+arg_0]
call sub_419C86
cmp dword_4386E8, 0
pop ecx
jnz short loc_4196CD
test eax, eax
jz short loc_4196CD
push [ebp+arg_18] ; int
fld [ebp+arg_10]
push ecx
push ecx ; double
fstp [esp+64h+var_64]
push ecx ; int
push ecx ; int
fldz
fstp [esp+6Ch+var_6C]
fld [ebp+arg_8]
push ecx ; int
push ecx ; int
fstp [esp+74h+var_74]
push [ebp+arg_4] ; int
push eax ; int
call sub_419BB3
add esp, 24h
leave
retn
; ---------------------------------------------------------------------------
loc_4196CD: ; CODE XREF: sub_419651+4E�j
; sub_419651+52�j
push eax
call sub_419C3B
mov [esp+5Ch+var_5C], 0FFFFh
push [ebp+arg_18]
call sub_419E26
fld [ebp+arg_10]
pop ecx
pop ecx
leave
retn
sub_419651 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196E9 proc near ; CODE XREF: sub_419651+36�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
mov ecx, [ebp+arg_0]
xor eax, eax
push ebx
push esi
mov [ecx+4], eax
mov ecx, [ebp+arg_0]
push edi
push 1
mov [ecx+8], eax
mov ecx, [ebp+arg_0]
pop ebx
mov [ecx+0Ch], eax
mov cl, byte ptr [ebp+arg_8]
test cl, 10h
jz short loc_41971B
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Fh
or [eax+4], ebx
loc_41971B: ; CODE XREF: sub_4196E9+23�j
test cl, 2
jz short loc_41972E
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000093h
or dword ptr [eax+4], 2
loc_41972E: ; CODE XREF: sub_4196E9+35�j
test cl, bl
jz short loc_419740
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000091h
or dword ptr [eax+4], 4
loc_419740: ; CODE XREF: sub_4196E9+47�j
test cl, 4
jz short loc_419753
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C000008Eh
or dword ptr [eax+4], 8
loc_419753: ; CODE XREF: sub_4196E9+5A�j
test cl, 8
jz short loc_419766
mov eax, [ebp+arg_0]
mov [ebp+arg_8], 0C0000090h
or dword ptr [eax+4], 10h
loc_419766: ; CODE XREF: sub_4196E9+6D�j
mov esi, [ebp+arg_4]
mov eax, [ebp+arg_0]
push 2
mov ecx, [esi]
mov edx, [eax+8]
not ecx
and ecx, ebx
and edx, 0FFFFFFEFh
shl ecx, 4
or ecx, edx
pop edi
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
and ecx, 4
shl ecx, 1
and edx, 0FFFFFFF7h
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 1
and ecx, 4
and edx, 0FFFFFFFBh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 3
and ecx, edi
and edx, 0FFFFFFFDh
or ecx, edx
mov [eax+8], ecx
mov ecx, [esi]
mov eax, [ebp+arg_0]
not ecx
mov edx, [eax+8]
shr ecx, 5
and ecx, ebx
and edx, 0FFFFFFFEh
or ecx, edx
mov [eax+8], ecx
call sub_419E09
test al, bl
jz short loc_4197EF
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 10h
loc_4197EF: ; CODE XREF: sub_4196E9+FD�j
test al, 4
jz short loc_4197FA
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 8
loc_4197FA: ; CODE XREF: sub_4196E9+108�j
test al, 8
jz short loc_419805
mov ecx, [ebp+arg_0]
or dword ptr [ecx+0Ch], 4
loc_419805: ; CODE XREF: sub_4196E9+113�j
test al, 10h
jz short loc_41980F
mov ecx, [ebp+arg_0]
or [ecx+0Ch], edi
loc_41980F: ; CODE XREF: sub_4196E9+11E�j
test al, 20h
jz short loc_419819
mov eax, [ebp+arg_0]
or [eax+0Ch], ebx
loc_419819: ; CODE XREF: sub_4196E9+128�j
mov eax, [esi]
mov ecx, 0C00h
and eax, ecx
jz short loc_419858
cmp eax, 400h
jz short loc_41984A
cmp eax, 800h
jz short loc_41983E
cmp eax, ecx
jnz short loc_41985E
mov eax, [ebp+arg_0]
or dword ptr [eax], 3
jmp short loc_41985E
; ---------------------------------------------------------------------------
loc_41983E: ; CODE XREF: sub_4196E9+147�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFEh
or ecx, edi
jmp short loc_419854
; ---------------------------------------------------------------------------
loc_41984A: ; CODE XREF: sub_4196E9+140�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFFDh
or ecx, ebx
loc_419854: ; CODE XREF: sub_4196E9+15F�j
mov [eax], ecx
jmp short loc_41985E
; ---------------------------------------------------------------------------
loc_419858: ; CODE XREF: sub_4196E9+139�j
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFFCh
loc_41985E: ; CODE XREF: sub_4196E9+14B�j
; sub_4196E9+153�j ...
mov eax, [esi]
mov ecx, 300h
and eax, ecx
jz short loc_419889
cmp eax, 200h
jz short loc_41987C
cmp eax, ecx
jnz short loc_419896
mov eax, [ebp+arg_0]
and dword ptr [eax], 0FFFFFFE3h
jmp short loc_419896
; ---------------------------------------------------------------------------
loc_41987C: ; CODE XREF: sub_4196E9+185�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFE7h
or ecx, 4
jmp short loc_419894
; ---------------------------------------------------------------------------
loc_419889: ; CODE XREF: sub_4196E9+17E�j
mov eax, [ebp+arg_0]
mov ecx, [eax]
and ecx, 0FFFFFFEBh
or ecx, 8
loc_419894: ; CODE XREF: sub_4196E9+19E�j
mov [eax], ecx
loc_419896: ; CODE XREF: sub_4196E9+189�j
; sub_4196E9+191�j
mov eax, [ebp+arg_0]
mov ecx, [ebp+arg_C]
and ecx, 0FFFh
mov edx, [eax]
shl ecx, 5
and edx, 0FFFE001Fh
or ecx, edx
mov [eax], ecx
mov eax, [ebp+arg_0]
or [eax+20h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+20h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov [eax+20h], ecx
mov eax, [ebp+arg_10]
fld qword ptr [eax]
mov eax, [ebp+arg_0]
fstp qword ptr [eax+10h]
mov eax, [ebp+arg_0]
or [eax+50h], ebx
mov eax, [ebp+arg_0]
mov ecx, [eax+50h]
and ecx, 0FFFFFFE3h
or ecx, edi
mov edi, [ebp+arg_14]
mov [eax+50h], ecx
mov eax, [ebp+arg_0]
fld qword ptr [edi]
fstp qword ptr [eax+40h]
call sub_419E17
lea eax, [ebp+arg_0]
push eax
push ebx
push 0
push [ebp+arg_8]
call dword_421184
mov eax, [ebp+arg_0]
test byte ptr [eax+8], 10h
jz short loc_419910
and dword ptr [esi], 0FFFFFFFEh
loc_419910: ; CODE XREF: sub_4196E9+222�j
test byte ptr [eax+8], 8
jz short loc_419919
and dword ptr [esi], 0FFFFFFFBh
loc_419919: ; CODE XREF: sub_4196E9+22B�j
test byte ptr [eax+8], 4
jz short loc_419922
and dword ptr [esi], 0FFFFFFF7h
loc_419922: ; CODE XREF: sub_4196E9+234�j
test byte ptr [eax+8], 2
jz short loc_41992B
and dword ptr [esi], 0FFFFFFEFh
loc_41992B: ; CODE XREF: sub_4196E9+23D�j
test [eax+8], bl
jz short loc_419933
and dword ptr [esi], 0FFFFFFDFh
loc_419933: ; CODE XREF: sub_4196E9+245�j
mov ecx, [eax]
mov edx, 0FFFFF3FFh
and ecx, 3
sub ecx, 0
jz short loc_419967
dec ecx
jz short loc_41995B
dec ecx
jz short loc_419951
dec ecx
jnz short loc_419969
or byte ptr [esi+1], 0Ch
jmp short loc_419969
; ---------------------------------------------------------------------------
loc_419951: ; CODE XREF: sub_4196E9+25D�j
mov ecx, [esi]
and ch, 0FBh
or ch, 8
jmp short loc_419963
; ---------------------------------------------------------------------------
loc_41995B: ; CODE XREF: sub_4196E9+25A�j
mov ecx, [esi]
and ch, 0F7h
or ch, 4
loc_419963: ; CODE XREF: sub_4196E9+270�j
mov [esi], ecx
jmp short loc_419969
; ---------------------------------------------------------------------------
loc_419967: ; CODE XREF: sub_4196E9+257�j
and [esi], edx
loc_419969: ; CODE XREF: sub_4196E9+260�j
; sub_4196E9+266�j ...
mov ecx, [eax]
shr ecx, 2
and ecx, 7
sub ecx, 0
jz short loc_419989
dec ecx
jz short loc_419980
dec ecx
jnz short loc_419992
and [esi], edx
jmp short loc_419992
; ---------------------------------------------------------------------------
loc_419980: ; CODE XREF: sub_4196E9+28E�j
mov ecx, [esi]
and ecx, edx
or ch, 2
jmp short loc_419990
; ---------------------------------------------------------------------------
loc_419989: ; CODE XREF: sub_4196E9+28B�j
mov ecx, [esi]
and ecx, edx
or ch, 3
loc_419990: ; CODE XREF: sub_4196E9+29E�j
mov [esi], ecx
loc_419992: ; CODE XREF: sub_4196E9+291�j
; sub_4196E9+295�j
fld qword ptr [eax+40h]
fstp qword ptr [edi]
pop edi
pop esi
pop ebx
pop ebp
retn
sub_4196E9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41999C proc near ; CODE XREF: sub_419651+10�p
var_24 = qword ptr -24h
var_C = qword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_0]
push ebx
push edi
mov edi, eax
and edi, 1Fh
push 1
test al, 8
pop ebx
jz short loc_4199C7
test byte ptr [ebp+arg_8], bl
jz short loc_4199C7
push ebx
call sub_419E49
pop ecx
and edi, 0FFFFFFF7h
jmp loc_419B91
; ---------------------------------------------------------------------------
loc_4199C7: ; CODE XREF: sub_41999C+15�j
; sub_41999C+1A�j
test al, 4
jz short loc_4199E1
test byte ptr [ebp+arg_8], 4
jz short loc_4199E1
push 4
call sub_419E49
pop ecx
and edi, 0FFFFFFFBh
jmp loc_419B91
; ---------------------------------------------------------------------------
loc_4199E1: ; CODE XREF: sub_41999C+2D�j
; sub_41999C+33�j
test al, bl
jz loc_419ABB
test byte ptr [ebp+arg_8], 8
jz loc_419ABB
push 8
call sub_419E49
pop ecx
mov eax, 0C00h
mov ecx, [ebp+arg_8]
and ecx, eax
jz loc_419A93
cmp ecx, 400h
jz short loc_419A6B
cmp ecx, 800h
jz short loc_419A43
cmp ecx, eax
jnz loc_419AB3
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_4217B0
fld dbl_438078
fnstsw ax
sahf
ja short loc_419A3B
fchs
loc_419A3B: ; CODE XREF: sub_41999C+9B�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_419AB1
; ---------------------------------------------------------------------------
loc_419A43: ; CODE XREF: sub_41999C+7D�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_4217B0
fnstsw ax
sahf
jbe short loc_419A5B
fld dbl_438068
jmp short loc_419A63
; ---------------------------------------------------------------------------
loc_419A5B: ; CODE XREF: sub_41999C+B5�j
fld dbl_438078
fchs
loc_419A63: ; CODE XREF: sub_41999C+BD�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_419AB1
; ---------------------------------------------------------------------------
loc_419A6B: ; CODE XREF: sub_41999C+75�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_4217B0
fnstsw ax
sahf
jbe short loc_419A83
fld dbl_438078
jmp short loc_419A8B
; ---------------------------------------------------------------------------
loc_419A83: ; CODE XREF: sub_41999C+DD�j
fld dbl_438068
fchs
loc_419A8B: ; CODE XREF: sub_41999C+E5�j
fstp [ebp+var_C]
fld [ebp+var_C]
jmp short loc_419AB1
; ---------------------------------------------------------------------------
loc_419A93: ; CODE XREF: sub_41999C+69�j
mov ecx, [ebp+arg_4]
fld qword ptr [ecx]
fcomp dbl_4217B0
fld dbl_438068
fnstsw ax
sahf
ja short loc_419AAB
fchs
loc_419AAB: ; CODE XREF: sub_41999C+10B�j
fstp [ebp+var_C]
fld [ebp+var_C]
loc_419AB1: ; CODE XREF: sub_41999C+A5�j
; sub_41999C+CD�j ...
fstp qword ptr [ecx]
loc_419AB3: ; CODE XREF: sub_41999C+81�j
and edi, 0FFFFFFFEh
jmp loc_419B91
; ---------------------------------------------------------------------------
loc_419ABB: ; CODE XREF: sub_41999C+47�j
; sub_41999C+51�j
test al, 2
jz loc_419B91
test byte ptr [ebp+arg_8], 10h
jz loc_419B91
push esi
xor esi, esi
test al, 10h
jz short loc_419AD6
mov esi, ebx
loc_419AD6: ; CODE XREF: sub_41999C+136�j
mov eax, [ebp+arg_4]
fld qword ptr [eax]
fstp [ebp+var_C]
fld [ebp+var_C]
fcomp dbl_4217B0
fnstsw ax
sahf
jz loc_419B7F
fld [ebp+var_C]
lea eax, [ebp+var_4]
push eax ; int
push ecx
push ecx ; double
fstp [esp+24h+var_24]
call sub_419D48
mov eax, [ebp+var_4]
add esp, 0Ch
fstp [ebp+var_C]
lea ecx, [eax-600h]
cmp ecx, 0FFFFFBCEh
jge short loc_419B21
fldz
mov esi, ebx
fstp [ebp+var_C]
jmp short loc_419B75
; ---------------------------------------------------------------------------
loc_419B21: ; CODE XREF: sub_41999C+17A�j
fld [ebp+var_C]
fcomp dbl_4217B0
fnstsw ax
sahf
jnb short loc_419B33
mov edx, ebx
jmp short loc_419B35
; ---------------------------------------------------------------------------
loc_419B33: ; CODE XREF: sub_41999C+191�j
xor edx, edx
loc_419B35: ; CODE XREF: sub_41999C+195�j
mov al, byte ptr [ebp+var_C+6]
and eax, 0Fh
or al, 10h
mov word ptr [ebp+var_C+6], ax
mov eax, 0FFFFFC03h
cmp ecx, eax
jge short loc_419B69
sub eax, ecx
loc_419B4C: ; CODE XREF: sub_41999C+1CB�j
test byte ptr [ebp+var_C], bl
jz short loc_419B57
test esi, esi
jnz short loc_419B57
mov esi, ebx
loc_419B57: ; CODE XREF: sub_41999C+1B3�j
; sub_41999C+1B7�j
shr dword ptr [ebp+var_C], 1
test byte ptr [ebp+var_C+4], bl
jz short loc_419B63
or byte ptr [ebp+var_C+3], 80h
loc_419B63: ; CODE XREF: sub_41999C+1C1�j
shr dword ptr [ebp+var_C+4], 1
dec eax
jnz short loc_419B4C
loc_419B69: ; CODE XREF: sub_41999C+1AC�j
test edx, edx
jz short loc_419B75
fld [ebp+var_C]
fchs
fstp [ebp+var_C]
loc_419B75: ; CODE XREF: sub_41999C+183�j
; sub_41999C+1CF�j
fld [ebp+var_C]
mov eax, [ebp+arg_4]
fstp qword ptr [eax]
jmp short loc_419B81
; ---------------------------------------------------------------------------
loc_419B7F: ; CODE XREF: sub_41999C+14E�j
mov esi, ebx
loc_419B81: ; CODE XREF: sub_41999C+1E1�j
test esi, esi
pop esi
jz short loc_419B8E
push 10h
call sub_419E49
pop ecx
loc_419B8E: ; CODE XREF: sub_41999C+1E8�j
and edi, 0FFFFFFFDh
loc_419B91: ; CODE XREF: sub_41999C+26�j
; sub_41999C+40�j ...
test byte ptr [ebp+arg_0], 10h
jz short loc_419BA8
test byte ptr [ebp+arg_8], 20h
jz short loc_419BA8
push 20h
call sub_419E49
pop ecx
and edi, 0FFFFFFEFh
loc_419BA8: ; CODE XREF: sub_41999C+1F9�j
; sub_41999C+1FF�j
xor eax, eax
test edi, edi
pop edi
pop ebx
setz al
leave
retn
sub_41999C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419BB3(int,int,int,int,int,int,double,int)
sub_419BB3 proc near ; CODE XREF: sub_4195FE+2B�p
; sub_419651+72�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = qword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = qword ptr 20h
arg_20 = dword ptr 28h
push ebp
mov ebp, esp
sub esp, 20h
push [ebp+arg_4]
call sub_419C61
test eax, eax
pop ecx
mov [ebp+var_1C], eax
jz short loc_419C1E
mov eax, [ebp+arg_8]
push esi
mov [ebp+var_18], eax
mov eax, [ebp+arg_C]
mov [ebp+var_14], eax
mov eax, [ebp+arg_10]
mov esi, [ebp+arg_0]
mov [ebp+var_10], eax
mov eax, [ebp+arg_14]
push 0FFFFh
push [ebp+arg_20]
mov [ebp+var_C], eax
mov eax, dword ptr [ebp+arg_18]
mov [ebp+var_20], esi
mov dword ptr [ebp+var_8], eax
mov eax, dword ptr [ebp+arg_18+4]
mov dword ptr [ebp+var_8+4], eax
call sub_419E26
lea eax, [ebp+var_20]
push eax
call sub_41D813
add esp, 0Ch
test eax, eax
jnz short loc_419C18
push esi
call sub_419C3B
pop ecx
loc_419C18: ; CODE XREF: sub_419BB3+5C�j
fld [ebp+var_8]
pop esi
leave
retn
; ---------------------------------------------------------------------------
loc_419C1E: ; CODE XREF: sub_419BB3+14�j
push 0FFFFh
push [ebp+arg_20]
call sub_419E26
push [ebp+arg_0]
call sub_419C3B
fld [ebp+arg_18]
add esp, 0Ch
leave
retn
sub_419BB3 endp
; =============== S U B R O U T I N E =======================================
sub_419C3B proc near ; CODE XREF: sub_419651+7D�p
; sub_419BB3+5F�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, 1
jz short loc_419C56
jle short locret_419C60
cmp eax, 3
jg short locret_419C60
mov dword_469494, 22h
retn
; ---------------------------------------------------------------------------
loc_419C56: ; CODE XREF: sub_419C3B+7�j
mov dword_469494, 21h
locret_419C60: ; CODE XREF: sub_419C3B+9�j
; sub_419C3B+E�j
retn
sub_419C3B endp
; =============== S U B R O U T I N E =======================================
sub_419C61 proc near ; CODE XREF: sub_419BB3+9�p
arg_0 = dword ptr 4
xor ecx, ecx
mov eax, offset dword_437F90
loc_419C68: ; CODE XREF: sub_419C61+18�j
mov edx, [eax]
cmp edx, [esp+arg_0]
jz short loc_419C7E
add eax, 8
inc ecx
cmp eax, offset dbl_438068
jl short loc_419C68
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_419C7E: ; CODE XREF: sub_419C61+D�j
mov eax, dword_437F94[ecx*8]
retn
sub_419C61 endp
; =============== S U B R O U T I N E =======================================
sub_419C86 proc near ; CODE XREF: sub_419651+41�p
arg_0 = byte ptr 4
mov al, [esp+arg_0]
test al, 20h
jz short loc_419C92
push 5
jmp short loc_419CA8
; ---------------------------------------------------------------------------
loc_419C92: ; CODE XREF: sub_419C86+6�j
test al, 8
jz short loc_419C9A
push 1
jmp short loc_419CA8
; ---------------------------------------------------------------------------
loc_419C9A: ; CODE XREF: sub_419C86+E�j
test al, 4
jz short loc_419CA2
push 2
jmp short loc_419CA8
; ---------------------------------------------------------------------------
loc_419CA2: ; CODE XREF: sub_419C86+16�j
test al, 1
jz short loc_419CAA
push 3
loc_419CA8: ; CODE XREF: sub_419C86+A�j
; sub_419C86+12�j ...
pop eax
retn
; ---------------------------------------------------------------------------
loc_419CAA: ; CODE XREF: sub_419C86+1E�j
movzx eax, al
and eax, 2
shl eax, 1
retn
sub_419C86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419CB3(double)
sub_419CB3 proc near ; CODE XREF: sub_415E6C:loc_415EF2�p
; sub_415FB3:loc_416039�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
frndint
fstp [ebp+var_8]
fld [ebp+var_8]
leave
retn
sub_419CB3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419CC5(double,int)
sub_419CC5 proc near ; CODE XREF: sub_419D48+82�p
; sub_419D48+98�p
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_8]
mov ecx, [ebp+0Eh]
fld [ebp+arg_0]
add eax, 3FEh
and cx, 800Fh
fstp [ebp+var_8]
shl eax, 4
or eax, ecx
mov word ptr [ebp+var_8+6], ax
fld [ebp+var_8]
leave
retn
sub_419CC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419CEE proc near ; CODE XREF: sub_415E6C+31�p
; sub_415FB3+31�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
xor edx, edx
cmp [ebp+arg_4], 7FF00000h
jnz short loc_419D05
cmp [ebp+arg_0], edx
jnz short loc_419D17
push 1
jmp short loc_419D41
; ---------------------------------------------------------------------------
loc_419D05: ; CODE XREF: sub_419CEE+C�j
cmp [ebp+arg_4], 0FFF00000h
jnz short loc_419D17
cmp [ebp+arg_0], edx
jnz short loc_419D17
push 2
jmp short loc_419D41
; ---------------------------------------------------------------------------
loc_419D17: ; CODE XREF: sub_419CEE+11�j
; sub_419CEE+1E�j ...
mov ecx, [ebp+arg_4+2]
mov eax, 7FF8h
and ecx, eax
cmp cx, ax
jnz short loc_419D2A
push 3
jmp short loc_419D41
; ---------------------------------------------------------------------------
loc_419D2A: ; CODE XREF: sub_419CEE+36�j
cmp cx, 7FF0h
jnz short loc_419D44
test [ebp+arg_4], 7FFFFh
jnz short loc_419D3F
cmp [ebp+arg_0], edx
jz short loc_419D44
loc_419D3F: ; CODE XREF: sub_419CEE+4A�j
push 4
loc_419D41: ; CODE XREF: sub_419CEE+15�j
; sub_419CEE+27�j ...
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419D44: ; CODE XREF: sub_419CEE+41�j
; sub_419CEE+4F�j
xor eax, eax
pop ebp
retn
sub_419CEE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419D48(double,int)
sub_419D48 proc near ; CODE XREF: sub_41999C+160�p
var_18 = qword ptr -18h
var_8 = qword ptr -8
arg_0 = qword ptr 8
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
fld [ebp+arg_0]
fcomp dbl_4217B0
push esi
fnstsw ax
sahf
jnz short loc_419D68
fldz
xor esi, esi
fstp [ebp+var_8]
jmp loc_419DFE
; ---------------------------------------------------------------------------
loc_419D68: ; CODE XREF: sub_419D48+12�j
xor ecx, ecx
test word ptr [ebp+arg_0+6], 7FF0h
jnz short loc_419DD7
test dword ptr [ebp+arg_0+4], 0FFFFFh
jnz short loc_419D80
cmp dword ptr [ebp+arg_0], ecx
jz short loc_419DD7
loc_419D80: ; CODE XREF: sub_419D48+31�j
fld [ebp+arg_0]
fcomp dbl_4217B0
mov esi, 0FFFFFC03h
fnstsw ax
sahf
jnb short loc_419D98
push 1
pop eax
jmp short loc_419D9A
; ---------------------------------------------------------------------------
loc_419D98: ; CODE XREF: sub_419D48+49�j
xor eax, eax
loc_419D9A: ; CODE XREF: sub_419D48+4E�j
; sub_419D48+69�j
test byte ptr [ebp+arg_0+6], 10h
jnz short loc_419DB3
shl dword ptr [ebp+arg_0+4], 1
test byte ptr [ebp+arg_0+3], 80h
jz short loc_419DAD
or dword ptr [ebp+arg_0+4], 1
loc_419DAD: ; CODE XREF: sub_419D48+5F�j
shl dword ptr [ebp+arg_0], 1
dec esi
jmp short loc_419D9A
; ---------------------------------------------------------------------------
loc_419DB3: ; CODE XREF: sub_419D48+56�j
and word ptr [ebp+arg_0+6], 0FFEFh
cmp eax, ecx
jz short loc_419DC1
or byte ptr [ebp+arg_0+7], 80h
loc_419DC1: ; CODE XREF: sub_419D48+73�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_419CC5
fstp [ebp+var_8]
add esp, 0Ch
jmp short loc_419DFE
; ---------------------------------------------------------------------------
loc_419DD7: ; CODE XREF: sub_419D48+28�j
; sub_419D48+36�j
fld [ebp+arg_0]
push ecx ; int
push ecx
push ecx ; double
fstp [esp+18h+var_18]
call sub_419CC5
mov eax, dword ptr [ebp+arg_0+6]
add esp, 0Ch
fstp [ebp+var_8]
shr eax, 4
and ax, 7FFh
movsx esi, ax
sub esi, 3FEh
loc_419DFE: ; CODE XREF: sub_419D48+1B�j
; sub_419D48+8D�j
mov eax, [ebp+arg_8]
fld [ebp+var_8]
mov [eax], esi
pop esi
leave
retn
sub_419D48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E09 proc near ; CODE XREF: sub_4196E9+F6�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fstsw [ebp+var_2]
movsx eax, [ebp+var_2]
leave
retn
sub_419E09 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E17 proc near ; CODE XREF: sub_4196E9+206�p
var_2 = word ptr -2
push ebp
mov ebp, esp
push ecx
fnstsw [ebp+var_2]
fnclex
movsx eax, [ebp+var_2]
leave
retn
sub_419E17 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E26 proc near ; CODE XREF: sub_415E6C+13�p
; sub_415E6C+5D�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
fstcw word ptr [ebp+var_4]
mov eax, [ebp+arg_4]
mov ecx, eax
and eax, [ebp+arg_0]
not ecx
and ecx, [ebp+var_4]
or ecx, eax
mov [ebp+arg_4], ecx
fldcw word ptr [ebp+arg_4]
movsx eax, word ptr [ebp+var_4]
leave
retn
sub_419E26 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E49 proc near ; CODE XREF: sub_41999C+1D�p
; sub_41999C+37�p ...
var_8 = qword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
mov cl, byte ptr [ebp+arg_0]
test cl, 1
jz short loc_419E60
fld tbyte_438090
fistp [ebp+arg_0]
wait
loc_419E60: ; CODE XREF: sub_419E49+B�j
test cl, 8
jz short loc_419E75
fstsw ax
fld tbyte_438090
fstp [ebp+var_8]
wait
fstsw ax
loc_419E75: ; CODE XREF: sub_419E49+1A�j
test cl, 10h
jz short loc_419E84
fld tbyte_43809C
fstp [ebp+var_8]
wait
loc_419E84: ; CODE XREF: sub_419E49+2F�j
test cl, 4
jz short loc_419E92
fldz
fld1
fdivrp st(1), st
fstp st
wait
loc_419E92: ; CODE XREF: sub_419E49+3E�j
test cl, 20h
jz short locret_419E9D
fldpi
fstp [ebp+var_8]
wait
locret_419E9D: ; CODE XREF: sub_419E49+4C�j
leave
retn
sub_419E49 endp
; =============== S U B R O U T I N E =======================================
sub_419E9F proc near ; CODE XREF: .nsp0:00415F4A�p
push 30000h
push 10000h
call sub_41D84B
pop ecx
pop ecx
retn
sub_419E9F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EB1 proc near ; CODE XREF: sub_419EEF:loc_419F13�j
var_18 = qword ptr -18h
var_10 = qword ptr -10h
var_8 = qword ptr -8
push ebp
mov ebp, esp
sub esp, 18h
fld dbl_4217C0
fstp [ebp+var_8]
fld dbl_4217B8
fstp [ebp+var_10]
fld [ebp+var_10]
fdiv [ebp+var_8]
fmul [ebp+var_8]
fsubr [ebp+var_10]
fstp [ebp+var_18]
fld [ebp+var_18]
fcomp dbl_421670
fnstsw ax
sahf
jbe short loc_419EEB
push 1
pop eax
leave
retn
; ---------------------------------------------------------------------------
loc_419EEB: ; CODE XREF: sub_419EB1+33�j
xor eax, eax
leave
retn
sub_419EB1 endp
; =============== S U B R O U T I N E =======================================
sub_419EEF proc near ; CODE XREF: .nsp0:00415F40�p
push offset dword_4217E4
call dword_4210C8
test eax, eax
jz short loc_419F13
push offset dword_4217C8
push eax
call dword_4210C4
test eax, eax
jz short loc_419F13
push 0
call eax
retn
; ---------------------------------------------------------------------------
loc_419F13: ; CODE XREF: sub_419EEF+D�j
; sub_419EEF+1D�j
jmp sub_419EB1
sub_419EEF endp
; =============== S U B R O U T I N E =======================================
sub_419F18 proc near ; DATA XREF: sub_415F53+1E�o
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
movsx eax, byte ptr [esi]
push eax
call sub_417193
cmp eax, 65h
pop ecx
jz short loc_419F58
loc_419F2C: ; CODE XREF: sub_419F18+3E�j
inc esi
cmp dword_437F7C, 1
jle short loc_419F45
movsx eax, byte ptr [esi]
push 4
push eax
call sub_418556
pop ecx
pop ecx
jmp short loc_419F54
; ---------------------------------------------------------------------------
loc_419F45: ; CODE XREF: sub_419F18+1C�j
movsx eax, byte ptr [esi]
mov ecx, dword_437D70
mov al, [ecx+eax*2]
and eax, 4
loc_419F54: ; CODE XREF: sub_419F18+2B�j
test eax, eax
jnz short loc_419F2C
loc_419F58: ; CODE XREF: sub_419F18+12�j
mov cl, byte_437F80
mov al, [esi]
mov [esi], cl
inc esi
loc_419F63: ; CODE XREF: sub_419F18+56�j
mov cl, [esi]
mov [esi], al
mov al, cl
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_419F63
pop esi
retn
sub_419F18 endp
; ---------------------------------------------------------------------------
loc_419F72: ; DATA XREF: sub_415F53+5�o
mov eax, [esp+4]
mov dl, byte_437F80
mov cl, [eax]
test cl, cl
jz short loc_419F8E
loc_419F82: ; CODE XREF: .nsp0:00419F8C�j
cmp cl, dl
jz short loc_419F8E
mov cl, [eax+1]
inc eax
test cl, cl
jnz short loc_419F82
loc_419F8E: ; CODE XREF: .nsp0:00419F80�j
; .nsp0:00419F84�j
mov cl, [eax]
inc eax
test cl, cl
jz short locret_419FBF
loc_419F95: ; CODE XREF: .nsp0:00419FA6�j
mov cl, [eax]
test cl, cl
jz short loc_419FA8
cmp cl, 65h
jz short loc_419FA8
cmp cl, 45h
jz short loc_419FA8
inc eax
jmp short loc_419F95
; ---------------------------------------------------------------------------
loc_419FA8: ; CODE XREF: .nsp0:00419F99�j
; .nsp0:00419F9E�j ...
mov ecx, eax
loc_419FAA: ; CODE XREF: .nsp0:00419FAE�j
dec eax
cmp byte ptr [eax], 30h
jz short loc_419FAA
cmp [eax], dl
jnz short loc_419FB5
dec eax
loc_419FB5: ; CODE XREF: .nsp0:00419FB2�j
; .nsp0:00419FBD�j
mov dl, [ecx]
inc eax
inc ecx
test dl, dl
mov [eax], dl
jnz short loc_419FB5
locret_419FBF: ; CODE XREF: .nsp0:00419F93�j
retn
; ---------------------------------------------------------------------------
loc_419FC0: ; DATA XREF: sub_415F53+28�o
mov eax, [esp+4]
fld qword ptr [eax]
fcomp dbl_4217B0
fnstsw ax
sahf
jb short loc_419FD5
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_419FD5: ; CODE XREF: .nsp0:00419FCF�j
xor eax, eax
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419FD8 proc near ; DATA XREF: sub_415F53+14�o
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_0], 0
push [ebp+arg_8]
jz short loc_41A001
lea eax, [ebp+var_8]
push eax
call sub_41DD0E
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+var_8]
mov [eax], ecx
mov ecx, [ebp+var_4]
mov [eax+4], ecx
leave
retn
; ---------------------------------------------------------------------------
loc_41A001: ; CODE XREF: sub_419FD8+C�j
lea eax, [ebp+arg_8]
push eax
call sub_41DD3B
mov eax, [ebp+arg_4]
pop ecx
pop ecx
mov ecx, [ebp+arg_8]
mov [eax], ecx
leave
retn
sub_419FD8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A016 proc near ; CODE XREF: sub_41A293+17�p
; sub_41A2DD+47�p
var_10 = qword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp byte_469500, 0
push ebx
push esi
jz short loc_41A04B
mov ebx, [ebp+arg_8]
mov eax, dword_4694FC
xor ecx, ecx
mov esi, eax
test ebx, ebx
setnle cl
push ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
setz cl
add ecx, [ebp+arg_4]
push ecx
call sub_41A32E
pop ecx
pop ecx
jmp short loc_41A083
; ---------------------------------------------------------------------------
loc_41A04B: ; CODE XREF: sub_41A016+C�j
mov eax, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+10h+var_10]
call sub_41DDDF
mov ebx, [ebp+arg_8]
mov esi, eax
push esi
mov edx, [ebp+arg_4]
lea eax, [ebx+1]
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
xor ecx, ecx
test ebx, ebx
setnle cl
add edx, eax
add ecx, edx
push ecx
call sub_41DD68
add esp, 14h
loc_41A083: ; CODE XREF: sub_41A016+33�j
cmp dword ptr [esi], 2Dh
mov eax, [ebp+arg_4]
jnz short loc_41A08F
mov byte ptr [eax], 2Dh
inc eax
loc_41A08F: ; CODE XREF: sub_41A016+73�j
test ebx, ebx
jle short loc_41A0A7
mov cl, [eax+1]
push edi
lea edi, [eax+1]
mov [eax], cl
mov cl, byte_437F80
mov eax, edi
pop edi
mov [eax], cl
loc_41A0A7: ; CODE XREF: sub_41A016+7B�j
xor ecx, ecx
push offset dword_4217F0
cmp byte_469500, cl
setz cl
add ecx, eax
add ecx, ebx
push ecx
call sub_415C00
cmp [ebp+arg_C], 0
pop ecx
pop ecx
mov ecx, eax
jz short loc_41A0CE
mov byte ptr [ecx], 45h
loc_41A0CE: ; CODE XREF: sub_41A016+B3�j
mov eax, [esi+0Ch]
inc ecx
cmp byte ptr [eax], 30h
jz short loc_41A113
mov ebx, [esi+4]
dec ebx
jns short loc_41A0E2
neg ebx
mov byte ptr [ecx], 2Dh
loc_41A0E2: ; CODE XREF: sub_41A016+C5�j
inc ecx
cmp ebx, 64h
jl short loc_41A0F9
mov eax, ebx
push 64h
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41A0F9: ; CODE XREF: sub_41A016+D0�j
inc ecx
cmp ebx, 0Ah
jl short loc_41A110
mov eax, ebx
push 0Ah
cdq
pop esi
idiv esi
add [ecx], al
mov eax, ebx
cdq
idiv esi
mov ebx, edx
loc_41A110: ; CODE XREF: sub_41A016+E7�j
add [ecx+1], bl
loc_41A113: ; CODE XREF: sub_41A016+BF�j
mov eax, [ebp+arg_4]
pop esi
pop ebx
pop ebp
retn
sub_41A016 endp
; =============== S U B R O U T I N E =======================================
sub_41A11A proc near ; CODE XREF: sub_41A2BA+13�p
; sub_41A2DD+1E�p
var_18 = qword ptr -18h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
cmp byte_469500, 0
push ebx
push ebp
mov ebp, [esp+8+arg_4]
push esi
push edi
jz short loc_41A155
mov eax, dword_469504
mov ebx, [esp+10h+arg_8]
mov esi, dword_4694FC
cmp eax, ebx
jnz short loc_41A185
xor ecx, ecx
cmp dword ptr [esi], 2Dh
setz cl
add ecx, eax
add ecx, ebp
mov eax, ecx
mov byte ptr [eax], 30h
and byte ptr [eax+1], 0
jmp short loc_41A185
; ---------------------------------------------------------------------------
loc_41A155: ; CODE XREF: sub_41A11A+F�j
mov eax, [esp+10h+arg_0]
push ecx
push ecx
fld qword ptr [eax]
fstp [esp+18h+var_18]
call sub_41DDDF
mov ebx, [esp+18h+arg_8]
mov esi, eax
push esi
mov eax, [esi+4]
add eax, ebx
push eax
xor eax, eax
cmp dword ptr [esi], 2Dh
setz al
add eax, ebp
push eax
call sub_41DD68
add esp, 14h
loc_41A185: ; CODE XREF: sub_41A11A+22�j
; sub_41A11A+39�j
cmp dword ptr [esi], 2Dh
mov edi, ebp
jnz short loc_41A193
mov byte ptr [ebp+0], 2Dh
lea edi, [ebp+1]
loc_41A193: ; CODE XREF: sub_41A11A+70�j
mov eax, [esi+4]
test eax, eax
jg short loc_41A1AA
push 1
push edi
call sub_41A32E
pop ecx
mov byte ptr [edi], 30h
pop ecx
inc edi
jmp short loc_41A1AC
; ---------------------------------------------------------------------------
loc_41A1AA: ; CODE XREF: sub_41A11A+7E�j
add edi, eax
loc_41A1AC: ; CODE XREF: sub_41A11A+8E�j
test ebx, ebx
jle short loc_41A1F1
push 1
push edi
call sub_41A32E
mov al, byte_437F80
pop ecx
mov [edi], al
mov esi, [esi+4]
inc edi
pop ecx
test esi, esi
jge short loc_41A1F1
cmp byte_469500, 0
jz short loc_41A1D6
neg esi
jmp short loc_41A1DC
; ---------------------------------------------------------------------------
loc_41A1D6: ; CODE XREF: sub_41A11A+B6�j
neg esi
cmp ebx, esi
jl short loc_41A1DE
loc_41A1DC: ; CODE XREF: sub_41A11A+BA�j
mov ebx, esi
loc_41A1DE: ; CODE XREF: sub_41A11A+C0�j
push ebx
push edi
call sub_41A32E
push ebx
push 30h
push edi
call sub_415570
add esp, 14h
loc_41A1F1: ; CODE XREF: sub_41A11A+94�j
; sub_41A11A+AD�j
pop edi
mov eax, ebp
pop esi
pop ebp
pop ebx
retn
sub_41A11A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A1F8 proc near ; CODE XREF: sub_41A2DD+34�p
var_14 = qword ptr -14h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
push ecx
push ecx
fld qword ptr [edi]
fstp [esp+14h+var_14]
call sub_41DDDF
mov dword_4694FC, eax
mov ecx, [eax+4]
dec ecx
mov ebx, [ebp+arg_8]
mov dword_469504, ecx
xor ecx, ecx
cmp dword ptr [eax], 2Dh
push eax
push ebx
setz cl
add ecx, [ebp+arg_4]
mov esi, ecx
push esi
call sub_41DD68
mov eax, dword_4694FC
add esp, 14h
mov ecx, [eax+4]
dec ecx
cmp dword_469504, ecx
setl cl
mov byte_469508, cl
mov eax, [eax+4]
dec eax
cmp eax, 0FFFFFFFCh
mov dword_469504, eax
jl short loc_41A27E
cmp eax, ebx
jge short loc_41A27E
test cl, cl
jz short loc_41A26F
loc_41A265: ; CODE XREF: sub_41A1F8+72�j
mov al, [esi]
inc esi
test al, al
jnz short loc_41A265
and [esi-2], al
loc_41A26F: ; CODE XREF: sub_41A1F8+6B�j
push ebx
push [ebp+arg_4]
push edi
call sub_41A2BA
add esp, 0Ch
jmp short loc_41A28E
; ---------------------------------------------------------------------------
loc_41A27E: ; CODE XREF: sub_41A1F8+63�j
; sub_41A1F8+67�j
push [ebp+arg_C]
push ebx
push [ebp+arg_4]
push edi
call sub_41A293
add esp, 10h
loc_41A28E: ; CODE XREF: sub_41A1F8+84�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41A1F8 endp
; =============== S U B R O U T I N E =======================================
sub_41A293 proc near ; CODE XREF: sub_41A1F8+8E�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
push [esp+arg_C]
mov byte_469500, 1
push [esp+4+arg_8]
push [esp+8+arg_4]
push [esp+0Ch+arg_0]
call sub_41A016
and byte_469500, 0
add esp, 10h
retn
sub_41A293 endp
; =============== S U B R O U T I N E =======================================
sub_41A2BA proc near ; CODE XREF: sub_41A1F8+7C�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push [esp+arg_8]
mov byte_469500, 1
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41A11A
and byte_469500, 0
add esp, 0Ch
retn
sub_41A2BA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A2DD proc near ; DATA XREF: sub_415F53�o
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
cmp [ebp+arg_8], 65h
jz short loc_41A318
cmp [ebp+arg_8], 45h
jz short loc_41A318
cmp [ebp+arg_8], 66h
jnz short loc_41A305
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A11A
add esp, 0Ch
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41A305: ; CODE XREF: sub_41A2DD+13�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A1F8
jmp short loc_41A329
; ---------------------------------------------------------------------------
loc_41A318: ; CODE XREF: sub_41A2DD+7�j
; sub_41A2DD+D�j
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A016
loc_41A329: ; CODE XREF: sub_41A2DD+39�j
add esp, 10h
pop ebp
retn
sub_41A2DD endp
; =============== S U B R O U T I N E =======================================
sub_41A32E proc near ; CODE XREF: sub_41A016+2C�p
; sub_41A11A+83�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push edi
mov edi, [esp+4+arg_4]
test edi, edi
jz short loc_41A351
push esi
mov esi, [esp+8+arg_0]
push esi
call sub_415CF0
inc eax
push eax
push esi
add esi, edi
push esi
call sub_416490
add esp, 10h
pop esi
loc_41A351: ; CODE XREF: sub_41A32E+7�j
pop edi
retn
sub_41A32E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A353 proc near ; CODE XREF: .nsp0:00416134�p
; sub_41619D+1B�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push esi
mov esi, [ebp+arg_10]
push edi
mov edi, 19930520h
cmp [esi], edi
jz short loc_41A369
call sub_41ABF2
loc_41A369: ; CODE XREF: sub_41A353+F�j
mov eax, [ebp+arg_0]
test byte ptr [eax+4], 66h
jz short loc_41A391
cmp dword ptr [esi+4], 0
jz short loc_41A3E7
cmp [ebp+arg_14], 0
jnz short loc_41A3E7
push 0FFFFFFFFh
push esi
push [ebp+arg_C]
push [ebp+arg_4]
call sub_41A69A
add esp, 10h
jmp short loc_41A3E7
; ---------------------------------------------------------------------------
loc_41A391: ; CODE XREF: sub_41A353+1D�j
cmp dword ptr [esi+0Ch], 0
jz short loc_41A3E7
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41A3CB
cmp [eax+14h], edi
jbe short loc_41A3CB
mov ecx, [eax+1Ch]
mov ecx, [ecx+8]
test ecx, ecx
jz short loc_41A3CB
movzx edx, byte ptr [ebp+arg_1C]
push edx
push [ebp+arg_18]
push [ebp+arg_14]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call ecx
add esp, 20h
jmp short loc_41A3EA
; ---------------------------------------------------------------------------
loc_41A3CB: ; CODE XREF: sub_41A353+4A�j
; sub_41A353+4F�j ...
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_1C]
push esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push eax
call sub_41A3EE
add esp, 20h
loc_41A3E7: ; CODE XREF: sub_41A353+23�j
; sub_41A353+29�j ...
push 1
pop eax
loc_41A3EA: ; CODE XREF: sub_41A353+76�j
pop edi
pop esi
pop ebp
retn
sub_41A353 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A3EE proc near ; CODE XREF: sub_41A353+8C�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = byte ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_4]
and byte ptr [ebp+var_14], 0
mov eax, [eax+8]
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jl short loc_41A40E
mov ecx, [ebp+arg_10]
cmp eax, [ecx+4]
jl short loc_41A413
loc_41A40E: ; CODE XREF: sub_41A3EE+16�j
call sub_41ABF2
loc_41A413: ; CODE XREF: sub_41A3EE+1E�j
push ebx
push esi
mov esi, [ebp+arg_0]
mov ebx, 0E06D7363h
push edi
mov edi, 19930520h
cmp [esi], ebx
jnz loc_41A56A
cmp dword ptr [esi+10h], 3
jnz short loc_41A487
cmp [esi+14h], edi
jnz short loc_41A487
cmp dword ptr [esi+1Ch], 0
jnz short loc_41A487
mov esi, dword_46950C
test esi, esi
jz loc_41A565
mov eax, dword_469510
push 1
push esi
mov [ebp+arg_8], eax
mov byte ptr [ebp+var_14], 1
call sub_41DF66
pop ecx
test eax, eax
pop ecx
jnz short loc_41A469
call sub_41ABF2
loc_41A469: ; CODE XREF: sub_41A3EE+74�j
cmp [esi], ebx
jnz loc_41A56A
cmp dword ptr [esi+10h], 3
jnz short loc_41A487
cmp [esi+14h], edi
jnz short loc_41A487
cmp dword ptr [esi+1Ch], 0
jnz short loc_41A487
call sub_41ABF2
loc_41A487: ; CODE XREF: sub_41A3EE+41�j
; sub_41A3EE+46�j ...
cmp [esi], ebx
jnz loc_41A56A
cmp dword ptr [esi+10h], 3
jnz loc_41A56A
cmp [esi+14h], edi
jnz loc_41A56A
mov edi, [ebp+var_10]
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4162EB
add esp, 14h
mov ebx, eax
loc_41A4BE: ; CODE XREF: sub_41A3EE+162�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_18]
jnb loc_41A555
cmp [ebx], edi
jg short loc_41A54A
cmp edi, [ebx+4]
jg short loc_41A54A
mov eax, [ebx+10h]
mov [ebp+arg_0], eax
mov eax, [ebx+0Ch]
test eax, eax
mov [ebp+var_C], eax
jle short loc_41A547
loc_41A4E3: ; CODE XREF: sub_41A3EE+131�j
mov eax, [esi+1Ch]
mov eax, [eax+0Ch]
lea edi, [eax+4]
mov eax, [eax]
test eax, eax
mov [ebp+var_8], eax
jle short loc_41A514
loc_41A4F5: ; CODE XREF: sub_41A3EE+124�j
push dword ptr [esi+1Ch]
push dword ptr [edi]
push [ebp+arg_0]
call sub_41A63D
add esp, 0Ch
test eax, eax
jnz short loc_41A523
dec [ebp+var_8]
add edi, 4
cmp [ebp+var_8], eax
jg short loc_41A4F5
loc_41A514: ; CODE XREF: sub_41A3EE+105�j
dec [ebp+var_C]
add [ebp+arg_0], 10h
cmp [ebp+var_C], 0
jg short loc_41A4E3
jmp short loc_41A547
; ---------------------------------------------------------------------------
loc_41A523: ; CODE XREF: sub_41A3EE+119�j
push [ebp+var_14]
push [ebp+arg_1C]
push [ebp+arg_18]
push ebx
push dword ptr [edi]
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41A74E
add esp, 2Ch
loc_41A547: ; CODE XREF: sub_41A3EE+F3�j
; sub_41A3EE+133�j
mov edi, [ebp+var_10]
loc_41A54A: ; CODE XREF: sub_41A3EE+DE�j
; sub_41A3EE+E3�j
inc [ebp+var_4]
add ebx, 14h
jmp loc_41A4BE
; ---------------------------------------------------------------------------
loc_41A555: ; CODE XREF: sub_41A3EE+D6�j
cmp [ebp+arg_14], 0
jz short loc_41A565
push 1
push esi
call sub_41AAC3
pop ecx
pop ecx
loc_41A565: ; CODE XREF: sub_41A3EE+56�j
; sub_41A3EE+16B�j ...
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41A56A: ; CODE XREF: sub_41A3EE+37�j
; sub_41A3EE+7D�j ...
cmp [ebp+arg_14], 0
jnz short loc_41A590
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+var_10]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push esi
call sub_41A595
add esp, 20h
jmp short loc_41A565
; ---------------------------------------------------------------------------
loc_41A590: ; CODE XREF: sub_41A3EE+180�j
jmp sub_41AB9C
sub_41A3EE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A595 proc near ; CODE XREF: sub_41A3EE+198�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push ecx
push ecx
cmp dword_469514, 0
push esi
push edi
jz short loc_41A5C6
push [ebp+arg_1C]
push [ebp+arg_18]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_4161C2
add esp, 1Ch
test eax, eax
jnz short loc_41A639
loc_41A5C6: ; CODE XREF: sub_41A595+E�j
mov edi, [ebp+arg_14]
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push edi
push [ebp+arg_18]
push [ebp+arg_10]
call sub_4162EB
add esp, 14h
mov esi, eax
loc_41A5E2: ; CODE XREF: sub_41A595+A2�j
mov eax, [ebp+var_4]
cmp eax, [ebp+var_8]
jnb short loc_41A639
cmp edi, [esi]
jl short loc_41A631
cmp edi, [esi+4]
jg short loc_41A631
mov eax, [esi+0Ch]
mov ecx, [esi+10h]
shl eax, 4
add eax, ecx
mov ecx, [eax-0Ch]
test ecx, ecx
jz short loc_41A60B
cmp byte ptr [ecx+8], 0
jnz short loc_41A631
loc_41A60B: ; CODE XREF: sub_41A595+6E�j
push 1
add eax, 0FFFFFFF0h
push [ebp+arg_1C]
push [ebp+arg_18]
push esi
push 0
push eax
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_41A74E
add esp, 2Ch
loc_41A631: ; CODE XREF: sub_41A595+57�j
; sub_41A595+5C�j ...
inc [ebp+var_4]
add esi, 14h
jmp short loc_41A5E2
; ---------------------------------------------------------------------------
loc_41A639: ; CODE XREF: sub_41A595+2F�j
; sub_41A595+53�j
pop edi
pop esi
leave
retn
sub_41A595 endp
; =============== S U B R O U T I N E =======================================
sub_41A63D proc near ; CODE XREF: sub_41A3EE+10F�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push esi
push edi
mov edi, [esp+8+arg_0]
mov eax, [edi+4]
test eax, eax
jz short loc_41A694
cmp byte ptr [eax+8], 0
lea edx, [eax+8]
jz short loc_41A694
mov esi, [esp+8+arg_4]
mov ecx, [esi+4]
cmp eax, ecx
jz short loc_41A66E
add ecx, 8
push ecx
push edx
call sub_415910
pop ecx
test eax, eax
pop ecx
jnz short loc_41A690
loc_41A66E: ; CODE XREF: sub_41A63D+1F�j
test byte ptr [esi], 2
jz short loc_41A678
test byte ptr [edi], 8
jz short loc_41A690
loc_41A678: ; CODE XREF: sub_41A63D+34�j
mov eax, [esp+8+arg_8]
mov eax, [eax]
test al, 1
jz short loc_41A687
test byte ptr [edi], 1
jz short loc_41A690
loc_41A687: ; CODE XREF: sub_41A63D+43�j
test al, 2
jz short loc_41A694
test byte ptr [edi], 2
jnz short loc_41A694
loc_41A690: ; CODE XREF: sub_41A63D+2F�j
; sub_41A63D+39�j ...
xor eax, eax
jmp short loc_41A697
; ---------------------------------------------------------------------------
loc_41A694: ; CODE XREF: sub_41A63D+B�j
; sub_41A63D+14�j ...
push 1
pop eax
loc_41A697: ; CODE XREF: sub_41A63D+55�j
pop edi
pop esi
retn
sub_41A63D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A69A proc near ; CODE XREF: sub_41A353+34�p
; sub_41A74E+42�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_4217F8
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ebx, [ebp+arg_0]
mov esi, [ebx+8]
mov [ebp+var_1C], esi
mov edi, [ebp+arg_8]
loc_41A6CC: ; CODE XREF: sub_41A69A+8A�j
cmp esi, [ebp+arg_C]
jz short loc_41A726
cmp esi, 0FFFFFFFFh
jle short loc_41A6DB
cmp esi, [edi+4]
jl short loc_41A6E0
loc_41A6DB: ; CODE XREF: sub_41A69A+3A�j
call sub_41ABF2
loc_41A6E0: ; CODE XREF: sub_41A69A+3F�j
and [ebp+var_4], 0
mov eax, [edi+8]
mov eax, [eax+esi*8+4]
test eax, eax
jz short loc_41A6FB
push 103h
push ebx
push eax
call sub_41AB50
loc_41A6FB: ; CODE XREF: sub_41A69A+53�j
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41A71B
; ---------------------------------------------------------------------------
push [ebp+var_14]
call sub_41A738
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
or [ebp+var_4], 0FFFFFFFFh
mov edi, [ebp+arg_8]
mov ebx, [ebp+arg_0]
mov esi, [ebp+var_1C]
loc_41A71B: ; CODE XREF: sub_41A69A+65�j
mov eax, [edi+8]
mov esi, [eax+esi*8]
mov [ebp+var_1C], esi
jmp short loc_41A6CC
; ---------------------------------------------------------------------------
loc_41A726: ; CODE XREF: sub_41A69A+35�j
mov [ebx+8], esi
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41A69A endp
; =============== S U B R O U T I N E =======================================
sub_41A738 proc near ; CODE XREF: sub_41A69A+6A�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jz short loc_41A749
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41A749: ; CODE XREF: sub_41A738+C�j
jmp sub_41AB9C
sub_41A738 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A74E proc near ; CODE XREF: sub_41A3EE+151�p
; sub_41A595+94�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
arg_20 = dword ptr 28h
arg_24 = dword ptr 2Ch
push ebp
mov ebp, esp
cmp [ebp+arg_18], 0
push ebx
mov ebx, [ebp+arg_14]
push esi
push edi
mov edi, [ebp+arg_4]
jz short loc_41A770
push [ebp+arg_18]
push ebx
push edi
push [ebp+arg_0]
call sub_41A8FF
add esp, 10h
loc_41A770: ; CODE XREF: sub_41A74E+10�j
cmp [ebp+arg_24], 0
push [ebp+arg_0]
jnz short loc_41A77C
push edi
jmp short loc_41A77F
; ---------------------------------------------------------------------------
loc_41A77C: ; CODE XREF: sub_41A74E+29�j
push [ebp+arg_24]
loc_41A77F: ; CODE XREF: sub_41A74E+2C�j
call sub_4160C4
mov esi, [ebp+arg_1C]
push dword ptr [esi]
push [ebp+arg_10]
push [ebp+arg_C]
push edi
call sub_41A69A
mov eax, [esi+4]
push 100h
push [ebp+arg_20]
inc eax
mov [edi+8], eax
push dword ptr [ebx+0Ch]
push [ebp+arg_10]
push [ebp+arg_8]
push edi
push [ebp+arg_0]
call sub_41A7C9
add esp, 2Ch
test eax, eax
jz short loc_41A7C4
push edi
push eax
call sub_416082
loc_41A7C4: ; CODE XREF: sub_41A74E+6D�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41A74E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A7C9 proc near ; CODE XREF: sub_41A74E+63�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421808
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_10]
mov [ebp+var_2C], eax
xor ebx, ebx
mov [ebp+var_24], ebx
mov esi, [ebp+arg_4]
mov ecx, [esi-4]
mov [ebp+var_28], ecx
mov ecx, dword_46950C
mov [ebp+var_1C], ecx
mov ecx, dword_469510
mov [ebp+var_20], ecx
mov edi, [ebp+arg_0]
mov dword_46950C, edi
mov ecx, [ebp+arg_8]
mov dword_469510, ecx
mov [ebp+var_4], ebx
mov [ebp+var_4], 1
push [ebp+arg_18]
push [ebp+arg_14]
push eax
push [ebp+arg_C]
push esi
call sub_416149
add esp, 14h
mov [ebp+var_2C], eax
mov [ebp+var_4], ebx
or [ebp+var_4], 0FFFFFFFFh
call sub_41A88F
mov eax, [ebp+var_2C]
loc_41A856: ; CODE XREF: .nsp0:0041A885�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41A7C9 endp
; ---------------------------------------------------------------------------
push dword ptr [ebp-14h]
call sub_41A8D5
pop ecx
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
and dword ptr [ebp-2Ch], 0
push 0FFFFFFFFh
lea eax, [ebp-10h]
push eax
call sub_4163AA
pop ecx
pop ecx
xor eax, eax
jmp short loc_41A856
; ---------------------------------------------------------------------------
xor ebx, ebx
mov esi, [ebp+0Ch]
mov edi, [ebp+8]
; =============== S U B R O U T I N E =======================================
sub_41A88F proc near ; CODE XREF: sub_41A7C9+85�p
mov eax, [ebp-28h]
mov [esi-4], eax
mov eax, [ebp-1Ch]
mov dword_46950C, eax
mov eax, [ebp-20h]
mov dword_469510, eax
cmp dword ptr [edi], 0E06D7363h
jnz short locret_41A8D4
cmp dword ptr [edi+10h], 3
jnz short locret_41A8D4
cmp dword ptr [edi+14h], 19930520h
jnz short locret_41A8D4
cmp [ebp-24h], ebx
jnz short locret_41A8D4
cmp [ebp-2Ch], ebx
jz short locret_41A8D4
call sub_416412
push eax
push edi
call sub_41AAC3
pop ecx
pop ecx
locret_41A8D4: ; CODE XREF: sub_41A88F+1C�j
; sub_41A88F+22�j ...
retn
sub_41A88F endp
; =============== S U B R O U T I N E =======================================
sub_41A8D5 proc near ; CODE XREF: .nsp0:0041A868�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov eax, [eax]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41A8FC
cmp dword ptr [eax+10h], 3
jnz short loc_41A8FC
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41A8FC
cmp dword ptr [eax+1Ch], 0
jnz short loc_41A8FC
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41A8FC: ; CODE XREF: sub_41A8D5+C�j
; sub_41A8D5+12�j ...
xor eax, eax
retn
sub_41A8D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A8FF proc near ; CODE XREF: sub_41A74E+1A�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421820
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov ecx, [ebp+arg_8]
mov eax, [ecx+4]
test eax, eax
jz loc_41AAA8
cmp byte ptr [eax+8], 0
jz loc_41AAA8
mov eax, [ecx+8]
test eax, eax
jz loc_41AAA8
mov edx, [ebp+arg_4]
lea edi, [eax+edx+0Ch]
and [ebp+var_4], 0
test byte ptr [ecx], 8
jz short loc_41A99C
mov esi, [ebp+arg_0]
push 1
push dword ptr [esi+18h]
call sub_41DF66
pop ecx
pop ecx
test eax, eax
jz loc_41AA9F
push 1
push edi
call sub_41DF82
pop ecx
pop ecx
test eax, eax
jz loc_41AA9F
mov eax, [esi+18h]
mov [edi], eax
mov ecx, [ebp+arg_C]
add ecx, 8
push ecx
loc_41A98D: ; CODE XREF: sub_41A8FF+F5�j
push eax
call sub_41AB2A
pop ecx
pop ecx
mov [edi], eax
jmp loc_41AAA4
; ---------------------------------------------------------------------------
loc_41A99C: ; CODE XREF: sub_41A8FF+57�j
mov esi, [ebp+arg_C]
test byte ptr [esi], 1
jz short loc_41A9F6
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
call sub_41DF66
pop ecx
pop ecx
test eax, eax
jz loc_41AA9F
push 1
push edi
call sub_41DF82
pop ecx
pop ecx
test eax, eax
jz loc_41AA9F
push dword ptr [esi+14h]
push dword ptr [ebx+18h]
push edi
call sub_416490
add esp, 0Ch
cmp dword ptr [esi+14h], 4
jnz loc_41AAA4
mov eax, [edi]
test eax, eax
jz loc_41AAA4
add esi, 8
push esi
jmp short loc_41A98D
; ---------------------------------------------------------------------------
loc_41A9F6: ; CODE XREF: sub_41A8FF+A3�j
cmp dword ptr [esi+18h], 0
mov ebx, [ebp+arg_0]
push 1
push dword ptr [ebx+18h]
jnz short loc_41AA3E
call sub_41DF66
pop ecx
pop ecx
test eax, eax
jz loc_41AA9F
push 1
push edi
call sub_41DF82
pop ecx
pop ecx
test eax, eax
jz short loc_41AA9F
push dword ptr [esi+14h]
add esi, 8
push esi
push dword ptr [ebx+18h]
call sub_41AB2A
pop ecx
pop ecx
push eax
push edi
call sub_416490
add esp, 0Ch
jmp short loc_41AAA4
; ---------------------------------------------------------------------------
loc_41AA3E: ; CODE XREF: sub_41A8FF+103�j
call sub_41DF66
pop ecx
pop ecx
test eax, eax
jz short loc_41AA9F
push 1
push edi
call sub_41DF82
pop ecx
pop ecx
test eax, eax
jz short loc_41AA9F
push dword ptr [esi+18h]
call sub_41DF9E
pop ecx
test eax, eax
jz short loc_41AA9F
test byte ptr [esi], 4
jz short loc_41AA85
push 1
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41AB2A
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_4160BD
jmp short loc_41AAA4
; ---------------------------------------------------------------------------
loc_41AA85: ; CODE XREF: sub_41A8FF+168�j
lea eax, [esi+8]
push eax
push dword ptr [ebx+18h]
call sub_41AB2A
pop ecx
pop ecx
push eax
push dword ptr [esi+18h]
push edi
call sub_4160B6
jmp short loc_41AAA4
; ---------------------------------------------------------------------------
loc_41AA9F: ; CODE XREF: sub_41A8FF+6A�j
; sub_41A8FF+7C�j ...
call sub_41ABF2
loc_41AAA4: ; CODE XREF: sub_41A8FF+98�j
; sub_41A8FF+E1�j ...
or [ebp+var_4], 0FFFFFFFFh
loc_41AAA8: ; CODE XREF: sub_41A8FF+2E�j
; sub_41A8FF+38�j ...
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41A8FF endp
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41AB9C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AAC3 proc near ; CODE XREF: sub_41A3EE+170�p
; sub_41A88F+3E�p
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421830
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, [ebp+arg_0]
test eax, eax
jz short loc_41AB0A
mov ecx, [eax+1Ch]
mov ecx, [ecx+4]
test ecx, ecx
jz short loc_41AB0A
and [ebp+var_4], 0
push ecx
push dword ptr [eax+18h]
call sub_4160B6
or [ebp+var_4], 0FFFFFFFFh
loc_41AB0A: ; CODE XREF: sub_41AAC3+2A�j
; sub_41AAC3+34�j
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41AAC3 endp
; ---------------------------------------------------------------------------
xor eax, eax
cmp [ebp+0Ch], al
setnz al
retn
; ---------------------------------------------------------------------------
mov esp, [ebp-18h]
jmp sub_41AB9C
; =============== S U B R O U T I N E =======================================
sub_41AB2A proc near ; CODE XREF: sub_41A8FF+8F�p
; sub_41A8FF+12C�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov ecx, [esp+arg_4]
push esi
mov esi, [esp+4+arg_0]
mov eax, [ecx]
mov edx, [ecx+4]
add eax, esi
test edx, edx
jl short loc_41AB4B
mov esi, [edx+esi]
mov ecx, [ecx+8]
mov ecx, [esi+ecx]
add ecx, edx
add eax, ecx
loc_41AB4B: ; CODE XREF: sub_41AB2A+12�j
pop esi
retn
sub_41AB2A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB50 proc near ; CODE XREF: sub_416149+40�p
; sub_41A69A+5C�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 4
push ebx
push ecx
mov eax, [ebp+arg_4]
add eax, 0Ch
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebp
push [ebp+arg_8]
mov ecx, [ebp+arg_8]
mov ebp, [ebp+var_4]
call sub_416435
push esi
push edi
call eax
pop edi
pop esi
mov ebx, ebp
pop ebp
mov ecx, [ebp+arg_8]
push ebp
mov ebp, ebx
cmp ecx, 100h
jnz short loc_41AB8F
mov ecx, 2
loc_41AB8F: ; CODE XREF: sub_41AB50+38�j
push ecx
call sub_416435
pop ebp
pop ecx
pop ebx
leave
retn 0Ch
sub_41AB50 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AB9C proc near ; CODE XREF: sub_41A3EE:loc_41A590�j
; sub_41A738:loc_41A749�j ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
; FUNCTION CHUNK AT 0041DFB6 SIZE 00000017 BYTES
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421840
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, dword_469518
test eax, eax
jz short loc_41ABE4
mov [ebp+var_4], 1
call eax
jmp short loc_41ABE0
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_41ABE0: ; CODE XREF: sub_41AB9C+3B�j
and [ebp+var_4], 0
loc_41ABE4: ; CODE XREF: sub_41AB9C+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
jmp loc_41DFB6
sub_41AB9C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41ABF2 proc near ; CODE XREF: sub_4162EB+23�p
; sub_4162EB:loc_416356�p ...
var_18 = dword ptr -18h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421858
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
push ecx
push ecx
push ebx
push esi
push edi
mov [ebp+var_18], esp
and [ebp+var_4], 0
mov eax, dword_4380D4
test eax, eax
jz short loc_41AC3A
mov [ebp+var_4], 1
call eax
jmp short loc_41AC36
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
loc_41AC36: ; CODE XREF: sub_41ABF2+3B�j
and [ebp+var_4], 0
loc_41AC3A: ; CODE XREF: sub_41ABF2+30�j
or [ebp+var_4], 0FFFFFFFFh
call $+5
jmp sub_41AB9C
sub_41ABF2 endp
; =============== S U B R O U T I N E =======================================
sub_41AC48 proc near ; CODE XREF: sub_4167D3+7�p
; sub_4167D3+26�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push esi
call sub_418AFD
test eax, eax
pop ecx
jz short loc_41AC60
mov eax, [esi-4]
pop esi
sub eax, 9
retn
; ---------------------------------------------------------------------------
loc_41AC60: ; CODE XREF: sub_41AC48+E�j
push esi
push 0
push dword_46AB00
call dword_421188
pop esi
retn
sub_41AC48 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AC71 proc near ; CODE XREF: sub_416881+12B�p
var_4 = byte ptr -4
var_3 = byte ptr -3
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
cmp dword_469528, 0
push ebx
jnz short loc_41AC9C
mov eax, [ebp+arg_0]
cmp eax, 61h
jl loc_41AD3A
cmp eax, 7Ah
jg loc_41AD3A
sub eax, 20h
jmp loc_41AD3A
; ---------------------------------------------------------------------------
loc_41AC9C: ; CODE XREF: sub_41AC71+C�j
mov ebx, [ebp+arg_0]
cmp ebx, 100h
jge short loc_41ACCF
cmp dword_437F7C, 1
jle short loc_41ACBC
push 2
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41ACC7
; ---------------------------------------------------------------------------
loc_41ACBC: ; CODE XREF: sub_41AC71+3D�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 2
loc_41ACC7: ; CODE XREF: sub_41AC71+49�j
test eax, eax
jnz short loc_41ACCF
loc_41ACCB: ; CODE XREF: sub_41AC71+AF�j
mov eax, ebx
jmp short loc_41AD3A
; ---------------------------------------------------------------------------
loc_41ACCF: ; CODE XREF: sub_41AC71+34�j
; sub_41AC71+58�j
mov edx, dword_437D70
mov eax, ebx
sar eax, 8
movzx ecx, al
test byte ptr [edx+ecx*2+1], 80h
jz short loc_41ACF2
and byte ptr [ebp+arg_0+2], 0
mov byte ptr [ebp+arg_0], al
mov byte ptr [ebp+arg_0+1], bl
push 2
jmp short loc_41ACFB
; ---------------------------------------------------------------------------
loc_41ACF2: ; CODE XREF: sub_41AC71+71�j
and byte ptr [ebp+arg_0+1], 0
mov byte ptr [ebp+arg_0], bl
push 1
loc_41ACFB: ; CODE XREF: sub_41AC71+7F�j
pop eax
lea ecx, [ebp+var_4]
push 1
push 0
push 3
push ecx
push eax
lea eax, [ebp+arg_0]
push eax
push 200h
push dword_469528
call sub_41BD71
add esp, 20h
test eax, eax
jz short loc_41ACCB
cmp eax, 1
jnz short loc_41AD2D
movzx eax, [ebp+var_4]
jmp short loc_41AD3A
; ---------------------------------------------------------------------------
loc_41AD2D: ; CODE XREF: sub_41AC71+B4�j
movzx eax, [ebp+var_3]
movzx ecx, [ebp+var_4]
shl eax, 8
or eax, ecx
loc_41AD3A: ; CODE XREF: sub_41AC71+14�j
; sub_41AC71+1D�j ...
pop ebx
leave
retn
sub_41AC71 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41AD3D proc near ; CODE XREF: sub_416AA0+2A�p
var_1C4 = byte ptr -1C4h
var_1C3 = byte ptr -1C3h
var_64 = byte ptr -64h
var_59 = byte ptr -59h
var_44 = dword ptr -44h
var_3E = word ptr -3Eh
var_3C = dword ptr -3Ch
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_35 = byte ptr -35h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_16 = byte ptr -16h
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_F = byte ptr -0Fh
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1C4h
and [ebp+var_15], 0
push ebx
push esi
mov esi, [ebp+arg_4]
xor ebx, ebx
push edi
mov al, [esi]
mov [ebp+var_4], ebx
test al, al
mov [ebp+var_34], ebx
jz loc_41B743
mov edi, [ebp+arg_0]
jmp short loc_41AD6C
; ---------------------------------------------------------------------------
loc_41AD67: ; CODE XREF: sub_41AD3D+9CE�j
mov edi, [ebp+arg_0]
xor ebx, ebx
loc_41AD6C: ; CODE XREF: sub_41AD3D+28�j
cmp dword_437F7C, 1
jle short loc_41AD84
movzx eax, al
push 8
push eax
call sub_418556
pop ecx
pop ecx
jmp short loc_41AD93
; ---------------------------------------------------------------------------
loc_41AD84: ; CODE XREF: sub_41AD3D+36�j
mov ecx, dword_437D70
movzx eax, al
mov al, [ecx+eax*2]
and eax, 8
loc_41AD93: ; CODE XREF: sub_41AD3D+45�j
cmp eax, ebx
jz short loc_41ADCD
dec [ebp+var_4]
push edi
lea eax, [ebp+var_4]
push edi
push eax
call sub_41B7CA
pop ecx
pop ecx
push eax
call sub_41B7B3
movzx eax, byte ptr [esi+1]
inc esi
push eax
call near ptr byte_41E095
add esp, 0Ch
loc_41ADBB: ; CODE XREF: sub_41AD3D+8E�j
test eax, eax
jz short loc_41ADCD
movzx eax, byte ptr [esi+1]
inc esi
push eax
call near ptr byte_41E095
pop ecx
jmp short loc_41ADBB
; ---------------------------------------------------------------------------
loc_41ADCD: ; CODE XREF: sub_41AD3D+58�j
; sub_41AD3D+80�j
cmp byte ptr [esi], 25h
jnz loc_41B6AF
and [ebp+var_35], 0
and [ebp+var_18], 0
and [ebp+var_17], 0
and [ebp+var_E], 0
and [ebp+var_F], 0
and [ebp+var_16], 0
xor edi, edi
and [ebp+var_5], 0
mov [ebp+var_1C], ebx
mov [ebp+var_20], ebx
mov [ebp+var_C], ebx
mov [ebp+var_D], 1
mov [ebp+var_30], ebx
loc_41AE04: ; CODE XREF: sub_41AD3D+172�j
movzx ebx, byte ptr [esi+1]
inc esi
cmp dword_437F7C, 1
jle short loc_41AE21
movzx eax, bl
push 4
push eax
call sub_418556
pop ecx
pop ecx
jmp short loc_41AE30
; ---------------------------------------------------------------------------
loc_41AE21: ; CODE XREF: sub_41AD3D+D3�j
mov ecx, dword_437D70
movzx eax, bl
mov al, [ecx+eax*2]
and eax, 4
loc_41AE30: ; CODE XREF: sub_41AD3D+E2�j
test eax, eax
jz short loc_41AE46
mov eax, [ebp+var_C]
inc [ebp+var_20]
lea eax, [eax+eax*4]
lea eax, [ebx+eax*2-30h]
mov [ebp+var_C], eax
jmp short loc_41AEAB
; ---------------------------------------------------------------------------
loc_41AE46: ; CODE XREF: sub_41AD3D+F5�j
cmp ebx, 4Eh
jg short loc_41AE89
jz short loc_41AEAB
cmp ebx, 2Ah
jz short loc_41AE84
cmp ebx, 46h
jz short loc_41AEAB
cmp ebx, 49h
jz short loc_41AE66
cmp ebx, 4Ch
jnz short loc_41AE98
inc [ebp+var_D]
jmp short loc_41AEAB
; ---------------------------------------------------------------------------
loc_41AE66: ; CODE XREF: sub_41AD3D+11D�j
cmp byte ptr [esi+1], 36h
jnz short loc_41AE98
cmp byte ptr [esi+2], 34h
lea eax, [esi+2]
jnz short loc_41AE98
inc [ebp+var_30]
and [ebp+var_28], 0
and [ebp+var_24], 0
mov esi, eax
jmp short loc_41AEAB
; ---------------------------------------------------------------------------
loc_41AE84: ; CODE XREF: sub_41AD3D+113�j
inc [ebp+var_E]
jmp short loc_41AEAB
; ---------------------------------------------------------------------------
loc_41AE89: ; CODE XREF: sub_41AD3D+10C�j
cmp ebx, 68h
jz short loc_41AEA5
cmp ebx, 6Ch
jz short loc_41AE9D
cmp ebx, 77h
jz short loc_41AEA0
loc_41AE98: ; CODE XREF: sub_41AD3D+122�j
; sub_41AD3D+12D�j ...
inc [ebp+var_F]
jmp short loc_41AEAB
; ---------------------------------------------------------------------------
loc_41AE9D: ; CODE XREF: sub_41AD3D+154�j
inc [ebp+var_D]
loc_41AEA0: ; CODE XREF: sub_41AD3D+159�j
inc [ebp+var_5]
jmp short loc_41AEAB
; ---------------------------------------------------------------------------
loc_41AEA5: ; CODE XREF: sub_41AD3D+14F�j
dec [ebp+var_D]
dec [ebp+var_5]
loc_41AEAB: ; CODE XREF: sub_41AD3D+107�j
; sub_41AD3D+10E�j ...
cmp [ebp+var_F], 0
jz loc_41AE04
cmp [ebp+var_E], 0
mov [ebp+arg_4], esi
jnz short loc_41AED0
mov eax, [ebp+arg_8]
mov [ebp+var_44], eax
add eax, 4
mov [ebp+arg_8], eax
mov eax, [eax-4]
mov [ebp+var_2C], eax
loc_41AED0: ; CODE XREF: sub_41AD3D+17F�j
and [ebp+var_F], 0
cmp [ebp+var_5], 0
jnz short loc_41AEEE
mov al, [esi]
cmp al, 53h
jz short loc_41AEEA
cmp al, 43h
jz short loc_41AEEA
or [ebp+var_5], 0FFh
jmp short loc_41AEEE
; ---------------------------------------------------------------------------
loc_41AEEA: ; CODE XREF: sub_41AD3D+1A1�j
; sub_41AD3D+1A5�j
mov [ebp+var_5], 1
loc_41AEEE: ; CODE XREF: sub_41AD3D+19B�j
; sub_41AD3D+1AB�j
mov ebx, [ebp+arg_4]
movzx esi, byte ptr [ebx]
or esi, 20h
cmp esi, 6Eh
mov [ebp+var_3C], esi
jz short loc_41AF27
cmp esi, 63h
jz short loc_41AF18
cmp esi, 7Bh
jz short loc_41AF18
push [ebp+arg_0]
lea eax, [ebp+var_4]
push eax
call sub_41B7CA
pop ecx
jmp short loc_41AF23
; ---------------------------------------------------------------------------
loc_41AF18: ; CODE XREF: sub_41AD3D+1C5�j
; sub_41AD3D+1CA�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41B799
loc_41AF23: ; CODE XREF: sub_41AD3D+1D9�j
pop ecx
mov [ebp+var_14], eax
loc_41AF27: ; CODE XREF: sub_41AD3D+1C0�j
xor eax, eax
cmp [ebp+var_20], eax
jz short loc_41AF37
cmp [ebp+var_C], eax
jz loc_41B713
loc_41AF37: ; CODE XREF: sub_41AD3D+1EF�j
cmp esi, 6Fh
jg loc_41B19E
jz loc_41B450
cmp esi, 63h
jz loc_41B17B
cmp esi, 64h
jz loc_41B450
jle loc_41B1C8
cmp esi, 67h
jle short loc_41AF9B
cmp esi, 69h
jz short loc_41AF83
cmp esi, 6Eh
jnz loc_41B1C8
cmp [ebp+var_E], 0
mov edi, [ebp+var_4]
jz loc_41B67E
jmp loc_41B6A4
; ---------------------------------------------------------------------------
loc_41AF83: ; CODE XREF: sub_41AD3D+229�j
push 64h
pop esi
loc_41AF86: ; CODE XREF: sub_41AD3D+480�j
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz loc_41B210
mov [ebp+var_17], 1
jmp loc_41B215
; ---------------------------------------------------------------------------
loc_41AF9B: ; CODE XREF: sub_41AD3D+224�j
mov ebx, [ebp+var_14]
lea esi, [ebp+var_1C4]
cmp ebx, 2Dh
jnz short loc_41AFB7
mov [ebp+var_1C4], bl
lea esi, [ebp+var_1C3]
jmp short loc_41AFBC
; ---------------------------------------------------------------------------
loc_41AFB7: ; CODE XREF: sub_41AD3D+26A�j
cmp ebx, 2Bh
jnz short loc_41AFD3
loc_41AFBC: ; CODE XREF: sub_41AD3D+278�j
mov edi, [ebp+arg_0]
dec [ebp+var_C]
inc [ebp+var_4]
push edi
call sub_41B799
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41AFD6
; ---------------------------------------------------------------------------
loc_41AFD3: ; CODE XREF: sub_41AD3D+27D�j
mov edi, [ebp+arg_0]
loc_41AFD6: ; CODE XREF: sub_41AD3D+294�j
cmp [ebp+var_20], 0
jz short loc_41AFE5
cmp [ebp+var_C], 15Dh
jle short loc_41AFEC
loc_41AFE5: ; CODE XREF: sub_41AD3D+29D�j
mov [ebp+var_C], 15Dh
loc_41AFEC: ; CODE XREF: sub_41AD3D+2A6�j
; sub_41AD3D+2F2�j
cmp dword_437F7C, 1
jle short loc_41B001
push 4
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41B00C
; ---------------------------------------------------------------------------
loc_41B001: ; CODE XREF: sub_41AD3D+2B6�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 4
loc_41B00C: ; CODE XREF: sub_41AD3D+2C2�j
test eax, eax
jz short loc_41B031
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41B031
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41B799
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41AFEC
; ---------------------------------------------------------------------------
loc_41B031: ; CODE XREF: sub_41AD3D+2D1�j
; sub_41AD3D+2DB�j
cmp byte_437F80, bl
jnz short loc_41B09F
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41B09F
inc [ebp+var_4]
push edi
call sub_41B799
mov ebx, eax
mov al, byte_437F80
mov [esi], al
pop ecx
mov [ebp+var_14], ebx
inc esi
loc_41B05A: ; CODE XREF: sub_41AD3D+360�j
cmp dword_437F7C, 1
jle short loc_41B06F
push 4
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41B07A
; ---------------------------------------------------------------------------
loc_41B06F: ; CODE XREF: sub_41AD3D+324�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 4
loc_41B07A: ; CODE XREF: sub_41AD3D+330�j
test eax, eax
jz short loc_41B09F
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41B09F
inc [ebp+var_1C]
mov [esi], bl
inc esi
inc [ebp+var_4]
push edi
call sub_41B799
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41B05A
; ---------------------------------------------------------------------------
loc_41B09F: ; CODE XREF: sub_41AD3D+2FA�j
; sub_41AD3D+304�j ...
cmp [ebp+var_1C], 0
jz loc_41B137
cmp ebx, 65h
jz short loc_41B0B7
cmp ebx, 45h
jnz loc_41B137
loc_41B0B7: ; CODE XREF: sub_41AD3D+36F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41B137
mov byte ptr [esi], 65h
inc esi
inc [ebp+var_4]
push edi
call sub_41B799
mov ebx, eax
pop ecx
cmp ebx, 2Dh
mov [ebp+var_14], ebx
jnz short loc_41B0DE
mov [esi], al
inc esi
jmp short loc_41B0E3
; ---------------------------------------------------------------------------
loc_41B0DE: ; CODE XREF: sub_41AD3D+39A�j
cmp ebx, 2Bh
jnz short loc_41B101
loc_41B0E3: ; CODE XREF: sub_41AD3D+39F�j
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jnz short loc_41B0F2
and [ebp+var_C], eax
jmp short loc_41B101
; ---------------------------------------------------------------------------
loc_41B0F2: ; CODE XREF: sub_41AD3D+3AE�j
; sub_41AD3D+3F8�j
inc [ebp+var_4]
push edi
call sub_41B799
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41B101: ; CODE XREF: sub_41AD3D+3A4�j
; sub_41AD3D+3B3�j
cmp dword_437F7C, 1
jle short loc_41B116
push 4
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41B121
; ---------------------------------------------------------------------------
loc_41B116: ; CODE XREF: sub_41AD3D+3CB�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 4
loc_41B121: ; CODE XREF: sub_41AD3D+3D7�j
test eax, eax
jz short loc_41B137
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz short loc_41B137
inc [ebp+var_1C]
mov [esi], bl
inc esi
jmp short loc_41B0F2
; ---------------------------------------------------------------------------
loc_41B137: ; CODE XREF: sub_41AD3D+366�j
; sub_41AD3D+374�j ...
dec [ebp+var_4]
push edi
push ebx
call sub_41B7B3
cmp [ebp+var_1C], 0
pop ecx
pop ecx
jz loc_41B743
cmp [ebp+var_E], 0
jnz loc_41B6A4
inc [ebp+var_34]
and byte ptr [esi], 0
lea eax, [ebp+var_1C4]
push eax
movsx eax, [ebp+var_D]
push [ebp+var_2C]
dec eax
push eax
call dword_4380B0
add esp, 0Ch
jmp loc_41B6A4
; ---------------------------------------------------------------------------
loc_41B17B: ; CODE XREF: sub_41AD3D+20C�j
cmp [ebp+var_20], eax
jnz short loc_41B18A
inc [ebp+var_C]
mov [ebp+var_20], 1
loc_41B18A: ; CODE XREF: sub_41AD3D+441�j
cmp [ebp+var_5], 0
jle short loc_41B194
mov [ebp+var_16], 1
loc_41B194: ; CODE XREF: sub_41AD3D+451�j
mov edi, offset dword_4380E0
jmp loc_41B2A9
; ---------------------------------------------------------------------------
loc_41B19E: ; CODE XREF: sub_41AD3D+1FD�j
mov eax, esi
sub eax, 70h
jz loc_41B44C
sub eax, 3
jz loc_41B29A
dec eax
dec eax
jz loc_41B450
sub eax, 3
jz loc_41AF86
sub eax, 3
jz short loc_41B1EC
loc_41B1C8: ; CODE XREF: sub_41AD3D+21B�j
; sub_41AD3D+22E�j
movzx eax, byte ptr [ebx]
cmp eax, [ebp+var_14]
jnz loc_41B713
dec [ebp+var_15]
cmp [ebp+var_E], 0
jnz loc_41B6A4
mov eax, [ebp+var_44]
mov [ebp+arg_8], eax
jmp loc_41B6A4
; ---------------------------------------------------------------------------
loc_41B1EC: ; CODE XREF: sub_41AD3D+489�j
cmp [ebp+var_5], 0
jle short loc_41B1F6
mov [ebp+var_16], 1
loc_41B1F6: ; CODE XREF: sub_41AD3D+4B3�j
mov edi, [ebp+arg_4]
inc edi
mov [ebp+arg_4], edi
cmp byte ptr [edi], 5Eh
jnz loc_41B2AD
mov eax, edi
lea edi, [eax+1]
jmp loc_41B2A9
; ---------------------------------------------------------------------------
loc_41B210: ; CODE XREF: sub_41AD3D+24F�j
cmp ebx, 2Bh
jnz short loc_41B237
loc_41B215: ; CODE XREF: sub_41AD3D+259�j
dec [ebp+var_C]
jnz short loc_41B226
cmp [ebp+var_20], 0
jz short loc_41B226
mov [ebp+var_F], 1
jmp short loc_41B237
; ---------------------------------------------------------------------------
loc_41B226: ; CODE XREF: sub_41AD3D+4DB�j
; sub_41AD3D+4E1�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41B799
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41B237: ; CODE XREF: sub_41AD3D+4D6�j
; sub_41AD3D+4E7�j
cmp ebx, 30h
jnz loc_41B485
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41B799
mov ebx, eax
pop ecx
cmp bl, 78h
mov [ebp+var_14], ebx
jz short loc_41B285
cmp bl, 58h
jz short loc_41B285
cmp esi, 78h
mov [ebp+var_1C], 1
jz short loc_41B26F
push 6Fh
loc_41B269: ; CODE XREF: sub_41AD3D+55B�j
pop esi
jmp loc_41B485
; ---------------------------------------------------------------------------
loc_41B26F: ; CODE XREF: sub_41AD3D+528�j
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41B7B3
pop ecx
pop ecx
push 30h
pop ebx
jmp loc_41B482
; ---------------------------------------------------------------------------
loc_41B285: ; CODE XREF: sub_41AD3D+517�j
; sub_41AD3D+51C�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41B799
pop ecx
mov ebx, eax
mov [ebp+var_14], ebx
push 78h
jmp short loc_41B269
; ---------------------------------------------------------------------------
loc_41B29A: ; CODE XREF: sub_41AD3D+46F�j
cmp [ebp+var_5], 0
jle short loc_41B2A4
mov [ebp+var_16], 1
loc_41B2A4: ; CODE XREF: sub_41AD3D+561�j
mov edi, offset dword_4380D8
loc_41B2A9: ; CODE XREF: sub_41AD3D+45C�j
; sub_41AD3D+4CE�j
or [ebp+var_18], 0FFh
loc_41B2AD: ; CODE XREF: sub_41AD3D+4C3�j
push 20h
lea eax, [ebp+var_64]
push 0
push eax
call sub_415570
add esp, 0Ch
cmp [ebp+var_3C], 7Bh
jnz short loc_41B2D1
cmp byte ptr [edi], 5Dh
jnz short loc_41B2D1
mov dl, 5Dh
inc edi
mov [ebp+var_59], 20h
jmp short loc_41B2D4
; ---------------------------------------------------------------------------
loc_41B2D1: ; CODE XREF: sub_41AD3D+584�j
; sub_41AD3D+589�j
mov dl, [ebp+var_35]
loc_41B2D4: ; CODE XREF: sub_41AD3D+592�j
; sub_41AD3D+5E1�j ...
mov al, [edi]
cmp al, 5Dh
jz short loc_41B339
inc edi
cmp al, 2Dh
jnz short loc_41B320
test dl, dl
jz short loc_41B320
mov cl, [edi]
cmp cl, 5Dh
jz short loc_41B320
inc edi
cmp dl, cl
jnb short loc_41B2F3
mov al, cl
jmp short loc_41B2F7
; ---------------------------------------------------------------------------
loc_41B2F3: ; CODE XREF: sub_41AD3D+5B0�j
mov al, dl
mov dl, cl
loc_41B2F7: ; CODE XREF: sub_41AD3D+5B4�j
cmp dl, al
ja short loc_41B31C
movzx edx, dl
movzx esi, al
sub esi, edx
inc esi
loc_41B304: ; CODE XREF: sub_41AD3D+5DD�j
mov ecx, edx
mov eax, edx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
inc edx
dec esi
jnz short loc_41B304
loc_41B31C: ; CODE XREF: sub_41AD3D+5BC�j
xor dl, dl
jmp short loc_41B2D4
; ---------------------------------------------------------------------------
loc_41B320: ; CODE XREF: sub_41AD3D+5A0�j
; sub_41AD3D+5A4�j ...
movzx ecx, al
mov dl, al
mov eax, ecx
and ecx, 7
mov bl, 1
shr eax, 3
shl bl, cl
lea eax, [ebp+eax+var_64]
or [eax], bl
jmp short loc_41B2D4
; ---------------------------------------------------------------------------
loc_41B339: ; CODE XREF: sub_41AD3D+59B�j
cmp byte ptr [edi], 0
jz loc_41B743
cmp [ebp+var_3C], 7Bh
jnz short loc_41B34B
mov [ebp+arg_4], edi
loc_41B34B: ; CODE XREF: sub_41AD3D+609�j
mov edi, [ebp+arg_0]
mov esi, [ebp+var_2C]
dec [ebp+var_4]
push edi
push [ebp+var_14]
mov [ebp+var_30], esi
call sub_41B7B3
pop ecx
pop ecx
loc_41B362: ; CODE XREF: sub_41AD3D+6BC�j
; sub_41AD3D+6C4�j
cmp [ebp+var_20], 0
jz short loc_41B376
mov eax, [ebp+var_C]
dec [ebp+var_C]
test eax, eax
jz loc_41B412
loc_41B376: ; CODE XREF: sub_41AD3D+629�j
inc [ebp+var_4]
push edi
call sub_41B799
cmp eax, 0FFFFFFFFh
pop ecx
mov [ebp+var_14], eax
jz short loc_41B406
mov ecx, eax
push 1
and ecx, 7
pop edx
movsx ebx, [ebp+var_18]
shl edx, cl
mov ecx, eax
sar ecx, 3
movsx ecx, [ebp+ecx+var_64]
xor ecx, ebx
test edx, ecx
jz short loc_41B406
cmp [ebp+var_E], 0
jnz short loc_41B3FE
cmp [ebp+var_16], 0
jz short loc_41B3F3
mov ecx, dword_437D70
mov [ebp+var_38], al
movzx eax, al
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41B3D2
inc [ebp+var_4]
push edi
call sub_41B799
pop ecx
mov [ebp+var_37], al
loc_41B3D2: ; CODE XREF: sub_41AD3D+686�j
push dword_437F7C
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_3E]
push eax
call loc_41DFCD
mov ax, [ebp+var_3E]
add esp, 0Ch
mov [esi], ax
inc esi
inc esi
jmp short loc_41B3F6
; ---------------------------------------------------------------------------
loc_41B3F3: ; CODE XREF: sub_41AD3D+673�j
mov [esi], al
inc esi
loc_41B3F6: ; CODE XREF: sub_41AD3D+6B4�j
mov [ebp+var_2C], esi
jmp loc_41B362
; ---------------------------------------------------------------------------
loc_41B3FE: ; CODE XREF: sub_41AD3D+66D�j
inc [ebp+var_30]
jmp loc_41B362
; ---------------------------------------------------------------------------
loc_41B406: ; CODE XREF: sub_41AD3D+649�j
; sub_41AD3D+667�j
dec [ebp+var_4]
push edi
push eax
call sub_41B7B3
pop ecx
pop ecx
loc_41B412: ; CODE XREF: sub_41AD3D+633�j
cmp [ebp+var_30], esi
jz loc_41B743
cmp [ebp+var_E], 0
jnz loc_41B6A4
inc [ebp+var_34]
cmp [ebp+var_3C], 63h
jz loc_41B6A4
cmp [ebp+var_16], 0
mov eax, [ebp+var_2C]
jz short loc_41B444
and word ptr [eax], 0
jmp loc_41B6A4
; ---------------------------------------------------------------------------
loc_41B444: ; CODE XREF: sub_41AD3D+6FC�j
and byte ptr [eax], 0
jmp loc_41B6A4
; ---------------------------------------------------------------------------
loc_41B44C: ; CODE XREF: sub_41AD3D+466�j
mov [ebp+var_D], 1
loc_41B450: ; CODE XREF: sub_41AD3D+203�j
; sub_41AD3D+215�j ...
mov ebx, [ebp+var_14]
cmp ebx, 2Dh
jnz short loc_41B45E
mov [ebp+var_17], 1
jmp short loc_41B463
; ---------------------------------------------------------------------------
loc_41B45E: ; CODE XREF: sub_41AD3D+719�j
cmp ebx, 2Bh
jnz short loc_41B485
loc_41B463: ; CODE XREF: sub_41AD3D+71F�j
dec [ebp+var_C]
jnz short loc_41B474
cmp [ebp+var_20], 0
jz short loc_41B474
mov [ebp+var_F], 1
jmp short loc_41B485
; ---------------------------------------------------------------------------
loc_41B474: ; CODE XREF: sub_41AD3D+729�j
; sub_41AD3D+72F�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41B799
pop ecx
mov ebx, eax
loc_41B482: ; CODE XREF: sub_41AD3D+543�j
mov [ebp+var_14], ebx
loc_41B485: ; CODE XREF: sub_41AD3D+4FD�j
; sub_41AD3D+52D�j ...
cmp [ebp+var_30], 0
jz loc_41B59E
cmp [ebp+var_F], 0
jnz loc_41B57C
loc_41B499: ; CODE XREF: sub_41AD3D+82C�j
cmp esi, 78h
jnz short loc_41B4ED
cmp dword_437F7C, 1
jle short loc_41B4B6
push 80h
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41B4C3
; ---------------------------------------------------------------------------
loc_41B4B6: ; CODE XREF: sub_41AD3D+768�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 80h
loc_41B4C3: ; CODE XREF: sub_41AD3D+777�j
test eax, eax
jz loc_41B56E
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 4
pop ecx
call near ptr dword_41E0C0
push ebx
mov [ebp+var_28], eax
mov [ebp+var_24], edx
call sub_41B762
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp short loc_41B540
; ---------------------------------------------------------------------------
loc_41B4ED: ; CODE XREF: sub_41AD3D+75F�j
cmp dword_437F7C, 1
jle short loc_41B502
push 4
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41B50D
; ---------------------------------------------------------------------------
loc_41B502: ; CODE XREF: sub_41AD3D+7B7�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 4
loc_41B50D: ; CODE XREF: sub_41AD3D+7C3�j
test eax, eax
jz short loc_41B56E
cmp esi, 6Fh
jnz short loc_41B52B
cmp ebx, 38h
jge short loc_41B56E
mov eax, [ebp+var_28]
mov edx, [ebp+var_24]
push 3
pop ecx
call near ptr dword_41E0C0
jmp short loc_41B53A
; ---------------------------------------------------------------------------
loc_41B52B: ; CODE XREF: sub_41AD3D+7D7�j
push 0
push 0Ah
push [ebp+var_24]
push [ebp+var_28]
call sub_4159A0
loc_41B53A: ; CODE XREF: sub_41AD3D+7EC�j
mov [ebp+var_28], eax
mov [ebp+var_24], edx
loc_41B540: ; CODE XREF: sub_41AD3D+7AE�j
inc [ebp+var_1C]
lea eax, [ebx-30h]
cdq
add [ebp+var_28], eax
adc [ebp+var_24], edx
cmp [ebp+var_20], 0
jz short loc_41B558
dec [ebp+var_C]
jz short loc_41B57C
loc_41B558: ; CODE XREF: sub_41AD3D+814�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41B799
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41B499
; ---------------------------------------------------------------------------
loc_41B56E: ; CODE XREF: sub_41AD3D+788�j
; sub_41AD3D+7D2�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41B7B3
pop ecx
pop ecx
loc_41B57C: ; CODE XREF: sub_41AD3D+756�j
; sub_41AD3D+819�j
cmp [ebp+var_17], 0
jz loc_41B662
mov eax, [ebp+var_28]
mov ecx, [ebp+var_24]
neg eax
adc ecx, 0
mov [ebp+var_28], eax
neg ecx
mov [ebp+var_24], ecx
jmp loc_41B662
; ---------------------------------------------------------------------------
loc_41B59E: ; CODE XREF: sub_41AD3D+74C�j
cmp [ebp+var_F], 0
jnz loc_41B65A
loc_41B5A8: ; CODE XREF: sub_41AD3D+90A�j
cmp esi, 78h
jz short loc_41B5EC
cmp esi, 70h
jz short loc_41B5EC
cmp dword_437F7C, 1
jle short loc_41B5C7
push 4
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41B5D2
; ---------------------------------------------------------------------------
loc_41B5C7: ; CODE XREF: sub_41AD3D+87C�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 4
loc_41B5D2: ; CODE XREF: sub_41AD3D+888�j
test eax, eax
jz short loc_41B64C
cmp esi, 6Fh
jnz short loc_41B5E5
cmp ebx, 38h
jge short loc_41B64C
shl edi, 3
jmp short loc_41B624
; ---------------------------------------------------------------------------
loc_41B5E5: ; CODE XREF: sub_41AD3D+89C�j
lea edi, [edi+edi*4]
shl edi, 1
jmp short loc_41B624
; ---------------------------------------------------------------------------
loc_41B5EC: ; CODE XREF: sub_41AD3D+86E�j
; sub_41AD3D+873�j
cmp dword_437F7C, 1
jle short loc_41B604
push 80h
push ebx
call sub_418556
pop ecx
pop ecx
jmp short loc_41B611
; ---------------------------------------------------------------------------
loc_41B604: ; CODE XREF: sub_41AD3D+8B6�j
mov eax, dword_437D70
mov al, [eax+ebx*2]
and eax, 80h
loc_41B611: ; CODE XREF: sub_41AD3D+8C5�j
test eax, eax
jz short loc_41B64C
push ebx
shl edi, 4
call sub_41B762
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
loc_41B624: ; CODE XREF: sub_41AD3D+8A6�j
; sub_41AD3D+8AD�j
inc [ebp+var_1C]
cmp [ebp+var_20], 0
lea edi, [edi+ebx-30h]
jz short loc_41B636
dec [ebp+var_C]
jz short loc_41B65A
loc_41B636: ; CODE XREF: sub_41AD3D+8F2�j
push [ebp+arg_0]
inc [ebp+var_4]
call sub_41B799
mov ebx, eax
pop ecx
mov [ebp+var_14], ebx
jmp loc_41B5A8
; ---------------------------------------------------------------------------
loc_41B64C: ; CODE XREF: sub_41AD3D+897�j
; sub_41AD3D+8A1�j ...
push [ebp+arg_0]
dec [ebp+var_4]
push ebx
call sub_41B7B3
pop ecx
pop ecx
loc_41B65A: ; CODE XREF: sub_41AD3D+865�j
; sub_41AD3D+8F7�j
cmp [ebp+var_17], 0
jz short loc_41B662
neg edi
loc_41B662: ; CODE XREF: sub_41AD3D+843�j
; sub_41AD3D+85C�j ...
cmp esi, 46h
jnz short loc_41B66B
and [ebp+var_1C], 0
loc_41B66B: ; CODE XREF: sub_41AD3D+928�j
cmp [ebp+var_1C], 0
jz loc_41B743
cmp [ebp+var_E], 0
jnz short loc_41B6A4
inc [ebp+var_34]
loc_41B67E: ; CODE XREF: sub_41AD3D+23B�j
cmp [ebp+var_30], 0
jz short loc_41B694
mov eax, [ebp+var_2C]
mov ecx, [ebp+var_28]
mov [eax], ecx
mov ecx, [ebp+var_24]
mov [eax+4], ecx
jmp short loc_41B6A4
; ---------------------------------------------------------------------------
loc_41B694: ; CODE XREF: sub_41AD3D+945�j
cmp [ebp+var_D], 0
mov eax, [ebp+var_2C]
jz short loc_41B6A1
mov [eax], edi
jmp short loc_41B6A4
; ---------------------------------------------------------------------------
loc_41B6A1: ; CODE XREF: sub_41AD3D+95E�j
mov [eax], di
loc_41B6A4: ; CODE XREF: sub_41AD3D+241�j
; sub_41AD3D+414�j ...
inc [ebp+var_15]
inc [ebp+arg_4]
mov esi, [ebp+arg_4]
jmp short loc_41B6F1
; ---------------------------------------------------------------------------
loc_41B6AF: ; CODE XREF: sub_41AD3D+93�j
inc [ebp+var_4]
push edi
call sub_41B799
mov ebx, eax
pop ecx
movzx eax, byte ptr [esi]
inc esi
cmp eax, ebx
mov [ebp+var_14], ebx
mov [ebp+arg_4], esi
jnz short loc_41B71E
mov ecx, dword_437D70
movzx eax, bl
test byte ptr [ecx+eax*2+1], 80h
jz short loc_41B6F1
inc [ebp+var_4]
push edi
call sub_41B799
pop ecx
movzx ecx, byte ptr [esi]
inc esi
cmp ecx, eax
mov [ebp+arg_4], esi
jnz short loc_41B72C
dec [ebp+var_4]
loc_41B6F1: ; CODE XREF: sub_41AD3D+970�j
; sub_41AD3D+99A�j
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41B707
cmp byte ptr [esi], 25h
jnz short loc_41B749
mov eax, [ebp+arg_4]
cmp byte ptr [eax+1], 6Eh
jnz short loc_41B749
mov esi, eax
loc_41B707: ; CODE XREF: sub_41AD3D+9B8�j
mov al, [esi]
test al, al
jnz loc_41AD67
jmp short loc_41B743
; ---------------------------------------------------------------------------
loc_41B713: ; CODE XREF: sub_41AD3D+1F4�j
; sub_41AD3D+491�j
push [ebp+arg_0]
dec [ebp+var_4]
push [ebp+var_14]
jmp short loc_41B723
; ---------------------------------------------------------------------------
loc_41B71E: ; CODE XREF: sub_41AD3D+98A�j
dec [ebp+var_4]
push edi
push ebx
loc_41B723: ; CODE XREF: sub_41AD3D+9DF�j
call sub_41B7B3
pop ecx
pop ecx
jmp short loc_41B743
; ---------------------------------------------------------------------------
loc_41B72C: ; CODE XREF: sub_41AD3D+9AF�j
dec [ebp+var_4]
push edi
push eax
call sub_41B7B3
dec [ebp+var_4]
push edi
push ebx
call sub_41B7B3
add esp, 10h
loc_41B743: ; CODE XREF: sub_41AD3D+1F�j
; sub_41AD3D+40A�j ...
cmp [ebp+var_14], 0FFFFFFFFh
jnz short loc_41B75A
loc_41B749: ; CODE XREF: sub_41AD3D+9BD�j
; sub_41AD3D+9C6�j
mov eax, [ebp+var_34]
test eax, eax
jnz short loc_41B75D
cmp [ebp+var_15], al
jnz short loc_41B75D
or eax, 0FFFFFFFFh
jmp short loc_41B75D
; ---------------------------------------------------------------------------
loc_41B75A: ; CODE XREF: sub_41AD3D+A0A�j
mov eax, [ebp+var_34]
loc_41B75D: ; CODE XREF: sub_41AD3D+A11�j
; sub_41AD3D+A16�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41AD3D endp
; =============== S U B R O U T I N E =======================================
sub_41B762 proc near ; CODE XREF: sub_41AD3D+7A3�p
; sub_41AD3D+8DC�p
arg_0 = dword ptr 4
cmp dword_437F7C, 1
push esi
jle short loc_41B77C
mov esi, [esp+4+arg_0]
push 4
push esi
call sub_418556
pop ecx
pop ecx
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B77C: ; CODE XREF: sub_41B762+8�j
mov esi, [esp+4+arg_0]
mov eax, dword_437D70
mov al, [eax+esi*2]
and eax, 4
loc_41B78B: ; CODE XREF: sub_41B762+18�j
test eax, eax
jnz short loc_41B795
and esi, 0FFFFFFDFh
sub esi, 7
loc_41B795: ; CODE XREF: sub_41B762+2B�j
mov eax, esi
pop esi
retn
sub_41B762 endp
; =============== S U B R O U T I N E =======================================
sub_41B799 proc near ; CODE XREF: sub_41AD3D+1E1�p
; sub_41AD3D+289�p ...
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
dec dword ptr [edx+4]
js short loc_41B7AB
mov ecx, [edx]
movzx eax, byte ptr [ecx]
inc ecx
mov [edx], ecx
retn
; ---------------------------------------------------------------------------
loc_41B7AB: ; CODE XREF: sub_41B799+7�j
push edx
call sub_41B8B0
pop ecx
retn
sub_41B799 endp
; =============== S U B R O U T I N E =======================================
sub_41B7B3 proc near ; CODE XREF: sub_41AD3D+6B�p
; sub_41AD3D+3FF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
cmp [esp+arg_0], 0FFFFFFFFh
jz short locret_41B7C9
push [esp+arg_4]
push [esp+4+arg_0]
call near ptr byte_41E0DF
pop ecx
pop ecx
locret_41B7C9: ; CODE XREF: sub_41B7B3+5�j
retn
sub_41B7B3 endp
; =============== S U B R O U T I N E =======================================
sub_41B7CA proc near ; CODE XREF: sub_41AD3D+63�p
; sub_41AD3D+1D3�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
loc_41B7D0: ; CODE XREF: sub_41B7CA+1D�j
push [esp+8+arg_4]
inc dword ptr [esi]
call sub_41B799
mov edi, eax
push edi
call near ptr byte_41E095
pop ecx
test eax, eax
pop ecx
jnz short loc_41B7D0
mov eax, edi
pop edi
pop esi
retn
sub_41B7CA endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7EE proc near ; CODE XREF: sub_416AD4+C9�p
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
mov ebx, [ebp+arg_0]
sub ebx, 76Ch
cmp ebx, 46h
jl loc_41B8AA
cmp ebx, 8Ah
jg loc_41B8AA
push esi
push edi
mov edi, [ebp+arg_4]
mov esi, dword_438804[edi*4]
add esi, [ebp+arg_8]
test bl, 3
jnz short loc_41B82D
cmp edi, 2
jle short loc_41B82D
inc esi
loc_41B82D: ; CODE XREF: sub_41B7EE+37�j
; sub_41B7EE+3C�j
call near ptr byte_41E14D
mov eax, ebx
lea ecx, [ebx-1]
imul eax, 16Dh
sar ecx, 2
mov edx, esi
mov [ebp+var_8], esi
add edx, ecx
mov [ebp+var_10], ebx
add eax, edx
mov edx, [ebp+arg_14]
lea ecx, [eax+eax*2]
mov eax, [ebp+arg_C]
mov [ebp+var_1C], eax
lea ecx, [eax+ecx*8]
imul ecx, 3Ch
add ecx, [ebp+arg_10]
imul ecx, 3Ch
add ecx, dword_438720
dec edi
cmp [ebp+arg_18], 1
mov [ebp+var_14], edi
pop edi
pop esi
lea ecx, [ecx+edx+7C558180h]
mov [ebp+arg_0], ecx
jz short loc_41B8A0
cmp [ebp+arg_18], 0FFFFFFFFh
jnz short loc_41B8A6
cmp dword_438724, 0
jz short loc_41B8A6
lea eax, [ebp+var_24]
push eax
call near ptr dword_41E3C0
pop ecx
mov ecx, [ebp+arg_0]
test eax, eax
jz short loc_41B8A6
loc_41B8A0: ; CODE XREF: sub_41B7EE+90�j
add ecx, dword_438728
loc_41B8A6: ; CODE XREF: sub_41B7EE+96�j
; sub_41B7EE+9F�j ...
mov eax, ecx
jmp short loc_41B8AD
; ---------------------------------------------------------------------------
loc_41B8AA: ; CODE XREF: sub_41B7EE+13�j
; sub_41B7EE+1F�j
or eax, 0FFFFFFFFh
loc_41B8AD: ; CODE XREF: sub_41B7EE+BA�j
pop ebx
leave
retn
sub_41B7EE endp
; =============== S U B R O U T I N E =======================================
sub_41B8B0 proc near ; CODE XREF: sub_416BB0+A9�p
; sub_41713C+2D�p ...
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+0Ch]
test al, 83h
jz loc_41B984
test al, 40h
jnz loc_41B984
test al, 2
jz short loc_41B8D6
or al, 20h
mov [esi+0Ch], eax
jmp loc_41B984
; ---------------------------------------------------------------------------
loc_41B8D6: ; CODE XREF: sub_41B8B0+1A�j
or al, 1
test ax, 10Ch
mov [esi+0Ch], eax
jnz short loc_41B8EA
push esi
call sub_41D06C
pop ecx
jmp short loc_41B8EF
; ---------------------------------------------------------------------------
loc_41B8EA: ; CODE XREF: sub_41B8B0+2F�j
mov eax, [esi+8]
mov [esi], eax
loc_41B8EF: ; CODE XREF: sub_41B8B0+38�j
push dword ptr [esi+18h]
push dword ptr [esi+8]
push dword ptr [esi+10h]
call sub_41B989
add esp, 0Ch
mov [esi+4], eax
test eax, eax
jz short loc_41B973
cmp eax, 0FFFFFFFFh
jz short loc_41B973
mov edx, [esi+0Ch]
test dl, 82h
jnz short loc_41B948
mov ecx, [esi+10h]
push edi
cmp ecx, 0FFFFFFFFh
jz short loc_41B931
mov edi, ecx
sar edi, 5
and ecx, 1Fh
mov edi, dword_46A7C0[edi*4]
lea edi, [edi+ecx*8]
jmp short loc_41B936
; ---------------------------------------------------------------------------
loc_41B931: ; CODE XREF: sub_41B8B0+6B�j
mov edi, offset dword_4383D0
loc_41B936: ; CODE XREF: sub_41B8B0+7F�j
mov cl, [edi+4]
pop edi
and cl, 82h
cmp cl, 82h
jnz short loc_41B948
or dh, 20h
mov [esi+0Ch], edx
loc_41B948: ; CODE XREF: sub_41B8B0+62�j
; sub_41B8B0+90�j
cmp dword ptr [esi+18h], 200h
jnz short loc_41B965
mov ecx, [esi+0Ch]
test cl, 8
jz short loc_41B965
test ch, 4
jnz short loc_41B965
mov dword ptr [esi+18h], 1000h
loc_41B965: ; CODE XREF: sub_41B8B0+9F�j
; sub_41B8B0+A7�j ...
mov ecx, [esi]
dec eax
mov [esi+4], eax
movzx eax, byte ptr [ecx]
inc ecx
mov [esi], ecx
pop esi
retn
; ---------------------------------------------------------------------------
loc_41B973: ; CODE XREF: sub_41B8B0+55�j
; sub_41B8B0+5A�j
neg eax
sbb eax, eax
and eax, 10h
add eax, 10h
or [esi+0Ch], eax
and dword ptr [esi+4], 0
loc_41B984: ; CODE XREF: sub_41B8B0+A�j
; sub_41B8B0+12�j ...
or eax, 0FFFFFFFFh
pop esi
retn
sub_41B8B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B989 proc near ; CODE XREF: sub_416BB0+90�p
; sub_41B8B0+48�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
cmp esi, dword_46A8C0
jnb loc_41BB66
mov eax, esi
and esi, 1Fh
sar eax, 5
shl esi, 3
lea ebx, ds:46A7C0h[eax*4]
mov eax, dword_46A7C0[eax*4]
add eax, esi
mov dl, [eax+4]
test dl, 1
jz loc_41BB66
and [ebp+var_8], 0
mov edi, [ebp+arg_4]
cmp [ebp+arg_8], 0
mov ecx, edi
jz short loc_41BA3E
test dl, 2
jnz short loc_41BA3E
test dl, 48h
jz short loc_41B9FE
mov al, [eax+5]
cmp al, 0Ah
jz short loc_41B9FE
dec [ebp+arg_8]
mov [edi], al
mov eax, [ebx]
lea ecx, [edi+1]
mov [ebp+var_8], 1
mov byte ptr [eax+esi+5], 0Ah
loc_41B9FE: ; CODE XREF: sub_41B989+56�j
; sub_41B989+5D�j
lea eax, [ebp+var_C]
push 0
push eax
mov eax, [ebx]
push [ebp+arg_8]
push ecx
push dword ptr [eax+esi]
call dword_421068
test eax, eax
jnz short loc_41BA51
call dword_421088
push 5
pop ecx
cmp eax, ecx
jnz short loc_41BA39
mov dword_469494, 9
mov dword_469498, ecx
jmp loc_41BB77
; ---------------------------------------------------------------------------
loc_41BA39: ; CODE XREF: sub_41B989+99�j
cmp eax, 6Dh
jnz short loc_41BA45
loc_41BA3E: ; CODE XREF: sub_41B989+4C�j
; sub_41B989+51�j
xor eax, eax
jmp loc_41BB7A
; ---------------------------------------------------------------------------
loc_41BA45: ; CODE XREF: sub_41B989+B3�j
push eax
call sub_41C5D7
pop ecx
jmp loc_41BB77
; ---------------------------------------------------------------------------
loc_41BA51: ; CODE XREF: sub_41B989+8C�j
mov eax, [ebx]
mov edx, [ebp+var_C]
add [ebp+var_8], edx
lea ecx, [eax+esi+4]
mov al, [eax+esi+4]
test al, 80h
jz loc_41BB61
test edx, edx
jz short loc_41BA76
cmp byte ptr [edi], 0Ah
jnz short loc_41BA76
or al, 4
jmp short loc_41BA78
; ---------------------------------------------------------------------------
loc_41BA76: ; CODE XREF: sub_41B989+E2�j
; sub_41B989+E7�j
and al, 0FBh
loc_41BA78: ; CODE XREF: sub_41B989+EB�j
mov [ecx], al
mov eax, [ebp+arg_4]
mov ecx, [ebp+var_8]
mov [ebp+arg_8], eax
add ecx, eax
cmp eax, ecx
mov [ebp+var_8], ecx
jnb loc_41BB5B
loc_41BA90: ; CODE XREF: sub_41B989+1BA�j
mov eax, [ebp+arg_8]
mov al, [eax]
cmp al, 1Ah
jz loc_41BB4B
cmp al, 0Dh
jz short loc_41BAAC
mov [edi], al
inc edi
inc [ebp+arg_8]
jmp loc_41BB3D
; ---------------------------------------------------------------------------
loc_41BAAC: ; CODE XREF: sub_41B989+116�j
dec ecx
cmp [ebp+arg_8], ecx
jnb short loc_41BACA
mov eax, [ebp+arg_8]
inc eax
cmp byte ptr [eax], 0Ah
jnz short loc_41BAC1
add [ebp+arg_8], 2
jmp short loc_41BB1F
; ---------------------------------------------------------------------------
loc_41BAC1: ; CODE XREF: sub_41B989+130�j
mov byte ptr [edi], 0Dh
inc edi
mov [ebp+arg_8], eax
jmp short loc_41BB3D
; ---------------------------------------------------------------------------
loc_41BACA: ; CODE XREF: sub_41B989+127�j
lea eax, [ebp+var_C]
push 0
push eax
inc [ebp+arg_8]
lea eax, [ebp+var_1]
push 1
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_421068
test eax, eax
jnz short loc_41BAF2
call dword_421088
test eax, eax
jnz short loc_41BB39
loc_41BAF2: ; CODE XREF: sub_41B989+15D�j
cmp [ebp+var_C], 0
jz short loc_41BB39
mov eax, [ebx]
test byte ptr [eax+esi+4], 48h
jz short loc_41BB14
mov al, [ebp+var_1]
cmp al, 0Ah
jz short loc_41BB1F
mov byte ptr [edi], 0Dh
mov ecx, [ebx]
inc edi
mov [ecx+esi+5], al
jmp short loc_41BB3D
; ---------------------------------------------------------------------------
loc_41BB14: ; CODE XREF: sub_41B989+176�j
cmp edi, [ebp+arg_4]
jnz short loc_41BB24
cmp [ebp+var_1], 0Ah
jnz short loc_41BB24
loc_41BB1F: ; CODE XREF: sub_41B989+136�j
; sub_41B989+17D�j
mov byte ptr [edi], 0Ah
jmp short loc_41BB3C
; ---------------------------------------------------------------------------
loc_41BB24: ; CODE XREF: sub_41B989+18E�j
; sub_41B989+194�j
push 1
push 0FFFFFFFFh
push [ebp+arg_0]
call sub_41BB7F
add esp, 0Ch
cmp [ebp+var_1], 0Ah
jz short loc_41BB3D
loc_41BB39: ; CODE XREF: sub_41B989+167�j
; sub_41B989+16D�j
mov byte ptr [edi], 0Dh
loc_41BB3C: ; CODE XREF: sub_41B989+199�j
inc edi
loc_41BB3D: ; CODE XREF: sub_41B989+11E�j
; sub_41B989+13F�j ...
mov ecx, [ebp+var_8]
cmp [ebp+arg_8], ecx
jb loc_41BA90
jmp short loc_41BB5B
; ---------------------------------------------------------------------------
loc_41BB4B: ; CODE XREF: sub_41B989+10E�j
mov eax, [ebx]
lea esi, [eax+esi+4]
mov al, [esi]
test al, 40h
jnz short loc_41BB5B
or al, 2
mov [esi], al
loc_41BB5B: ; CODE XREF: sub_41B989+101�j
; sub_41B989+1C0�j ...
sub edi, [ebp+arg_4]
mov [ebp+var_8], edi
loc_41BB61: ; CODE XREF: sub_41B989+DA�j
mov eax, [ebp+var_8]
jmp short loc_41BB7A
; ---------------------------------------------------------------------------
loc_41BB66: ; CODE XREF: sub_41B989+12�j
; sub_41B989+39�j
and dword_469498, 0
mov dword_469494, 9
loc_41BB77: ; CODE XREF: sub_41B989+AB�j
; sub_41B989+C3�j
or eax, 0FFFFFFFFh
loc_41BB7A: ; CODE XREF: sub_41B989+B7�j
; sub_41B989+1DB�j
pop edi
pop esi
pop ebx
leave
retn
sub_41B989 endp
; =============== S U B R O U T I N E =======================================
sub_41BB7F proc near ; CODE XREF: sub_416E3E+67�p
; sub_417C37+CD�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
mov eax, [esp+arg_0]
push ebx
cmp eax, dword_46A8C0
push esi
push edi
jnb short loc_41BC01
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:46A7C0h[ecx*4]
shl esi, 3
mov ecx, [edi]
test byte ptr [ecx+esi+4], 1
jz short loc_41BC01
push eax
call sub_41D4C6
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_41BBC3
mov dword_469494, 9
jmp short loc_41BC12
; ---------------------------------------------------------------------------
loc_41BBC3: ; CODE XREF: sub_41BB7F+36�j
push [esp+0Ch+arg_8]
push 0
push [esp+14h+arg_4]
push eax
call dword_4210AC
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41BBE3
call dword_421088
jmp short loc_41BBE5
; ---------------------------------------------------------------------------
loc_41BBE3: ; CODE XREF: sub_41BB7F+5A�j
xor eax, eax
loc_41BBE5: ; CODE XREF: sub_41BB7F+62�j
test eax, eax
jz short loc_41BBF2
push eax
call sub_41C5D7
pop ecx
jmp short loc_41BC12
; ---------------------------------------------------------------------------
loc_41BBF2: ; CODE XREF: sub_41BB7F+68�j
mov eax, [edi]
and byte ptr [eax+esi+4], 0FDh
lea eax, [eax+esi+4]
mov eax, ebx
jmp short loc_41BC15
; ---------------------------------------------------------------------------
loc_41BC01: ; CODE XREF: sub_41BB7F+D�j
; sub_41BB7F+2A�j
and dword_469498, 0
mov dword_469494, 9
loc_41BC12: ; CODE XREF: sub_41BB7F+42�j
; sub_41BB7F+71�j
or eax, 0FFFFFFFFh
loc_41BC15: ; CODE XREF: sub_41BB7F+80�j
pop edi
pop esi
pop ebx
retn
sub_41BB7F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BC19 proc near ; CODE XREF: sub_416E3E+2A�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
xor ebx, ebx
mov esi, [edi+10h]
cmp [edi+4], ebx
mov [ebp+var_C], esi
jge short loc_41BC35
mov [edi+4], ebx
loc_41BC35: ; CODE XREF: sub_41BC19+17�j
push 1
push ebx
push esi
call sub_41BB7F
add esp, 0Ch
cmp eax, ebx
mov [ebp+var_4], eax
jl short loc_41BCA3
mov edx, [edi+0Ch]
test dx, 108h
jnz short loc_41BC5A
sub eax, [edi+4]
jmp loc_41BD6C
; ---------------------------------------------------------------------------
loc_41BC5A: ; CODE XREF: sub_41BC19+37�j
mov eax, [edi]
mov ecx, [edi+8]
mov ebx, eax
sub ebx, ecx
test dl, 3
mov [ebp+var_8], ebx
jz short loc_41BC94
mov edx, esi
mov ebx, esi
sar edx, 5
and ebx, 1Fh
mov edx, dword_46A7C0[edx*4]
test byte ptr [edx+ebx*8+4], 80h
jz short loc_41BCAB
mov edx, ecx
loc_41BC85: ; CODE XREF: sub_41BC19+79�j
cmp edx, eax
jnb short loc_41BCAB
cmp byte ptr [edx], 0Ah
jnz short loc_41BC91
inc [ebp+var_8]
loc_41BC91: ; CODE XREF: sub_41BC19+73�j
inc edx
jmp short loc_41BC85
; ---------------------------------------------------------------------------
loc_41BC94: ; CODE XREF: sub_41BC19+50�j
test dl, 80h
jnz short loc_41BCAB
mov dword_469494, 16h
loc_41BCA3: ; CODE XREF: sub_41BC19+2D�j
or eax, 0FFFFFFFFh
jmp loc_41BD6C
; ---------------------------------------------------------------------------
loc_41BCAB: ; CODE XREF: sub_41BC19+68�j
; sub_41BC19+6E�j ...
cmp [ebp+var_4], 0
jnz short loc_41BCB9
mov eax, [ebp+var_8]
jmp loc_41BD6C
; ---------------------------------------------------------------------------
loc_41BCB9: ; CODE XREF: sub_41BC19+96�j
test byte ptr [edi+0Ch], 1
jz loc_41BD64
mov edx, [edi+4]
test edx, edx
jnz short loc_41BCD2
and [ebp+var_8], edx
jmp loc_41BD64
; ---------------------------------------------------------------------------
loc_41BCD2: ; CODE XREF: sub_41BC19+AF�j
sub eax, ecx
add eax, edx
mov [ebp+arg_0], eax
mov eax, esi
sar eax, 5
and esi, 1Fh
lea ebx, ds:46A7C0h[eax*4]
shl esi, 3
mov eax, [ebx]
test byte ptr [esi+eax+4], 80h
jz short loc_41BD5E
push 2
push 0
push [ebp+var_C]
call sub_41BB7F
add esp, 0Ch
cmp eax, [ebp+var_4]
jnz short loc_41BD25
mov eax, [edi+8]
mov ecx, [ebp+arg_0]
add ecx, eax
loc_41BD10: ; CODE XREF: sub_41BC19+104�j
cmp eax, ecx
jnb short loc_41BD1F
cmp byte ptr [eax], 0Ah
jnz short loc_41BD1C
inc [ebp+arg_0]
loc_41BD1C: ; CODE XREF: sub_41BC19+FE�j
inc eax
jmp short loc_41BD10
; ---------------------------------------------------------------------------
loc_41BD1F: ; CODE XREF: sub_41BC19+F9�j
test byte ptr [edi+0Dh], 20h
jmp short loc_41BD59
; ---------------------------------------------------------------------------
loc_41BD25: ; CODE XREF: sub_41BC19+ED�j
push 0
push [ebp+var_4]
push [ebp+var_C]
call sub_41BB7F
mov eax, 200h
add esp, 0Ch
cmp [ebp+arg_0], eax
ja short loc_41BD4C
mov ecx, [edi+0Ch]
test cl, 8
jz short loc_41BD4C
test ch, 4
jz short loc_41BD4F
loc_41BD4C: ; CODE XREF: sub_41BC19+124�j
; sub_41BC19+12C�j
mov eax, [edi+18h]
loc_41BD4F: ; CODE XREF: sub_41BC19+131�j
mov [ebp+arg_0], eax
mov eax, [ebx]
test byte ptr [esi+eax+4], 4
loc_41BD59: ; CODE XREF: sub_41BC19+10A�j
jz short loc_41BD5E
inc [ebp+arg_0]
loc_41BD5E: ; CODE XREF: sub_41BC19+D9�j
; sub_41BC19:loc_41BD59�j
mov eax, [ebp+arg_0]
sub [ebp+var_4], eax
loc_41BD64: ; CODE XREF: sub_41BC19+A4�j
; sub_41BC19+B4�j
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
add eax, ecx
loc_41BD6C: ; CODE XREF: sub_41BC19+3C�j
; sub_41BC19+8D�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_41BC19 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BD71 proc near ; CODE XREF: sub_417193+A3�p
; sub_41AC71+A5�p ...
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421878
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_18], esp
xor edi, edi
cmp dword_46951C, edi
jnz short loc_41BDE7
push edi
push edi
push 1
pop ebx
push ebx
push offset dword_421870
mov esi, 100h
push esi
push edi
call dword_421190
test eax, eax
jz short loc_41BDC5
mov dword_46951C, ebx
jmp short loc_41BDE7
; ---------------------------------------------------------------------------
loc_41BDC5: ; CODE XREF: sub_41BD71+4A�j
push edi
push edi
push ebx
push offset dword_438FD4
push esi
push edi
call dword_42118C
test eax, eax
jz loc_41BEFF
mov dword_46951C, 2
loc_41BDE7: ; CODE XREF: sub_41BD71+2E�j
; sub_41BD71+52�j
cmp [ebp+arg_C], edi
jle short loc_41BDFC
push [ebp+arg_C]
push [ebp+arg_8]
call sub_41BF95
pop ecx
pop ecx
mov [ebp+arg_C], eax
loc_41BDFC: ; CODE XREF: sub_41BD71+79�j
mov eax, dword_46951C
cmp eax, 2
jnz short loc_41BE23
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_42118C
jmp loc_41BF01
; ---------------------------------------------------------------------------
loc_41BE23: ; CODE XREF: sub_41BD71+93�j
cmp eax, 1
jnz loc_41BEFF
cmp [ebp+arg_18], edi
jnz short loc_41BE39
mov eax, dword_469538
mov [ebp+arg_18], eax
loc_41BE39: ; CODE XREF: sub_41BD71+BE�j
push edi
push edi
push [ebp+arg_C]
push [ebp+arg_8]
mov eax, [ebp+arg_1C]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_18]
call dword_421064
mov ebx, eax
mov [ebp+var_1C], ebx
cmp ebx, edi
jz loc_41BEFF
mov [ebp+var_4], edi
lea eax, [ebx+ebx]
add eax, 3
and al, 0FCh
call sub_415D70
mov [ebp+var_18], esp
mov eax, esp
mov [ebp+var_24], eax
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41BE94
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
mov [ebp+var_24], edi
or [ebp+var_4], 0FFFFFFFFh
mov ebx, [ebp+var_1C]
loc_41BE94: ; CODE XREF: sub_41BD71+10E�j
cmp [ebp+var_24], edi
jz short loc_41BEFF
push ebx
push [ebp+var_24]
push [ebp+arg_C]
push [ebp+arg_8]
push 1
push [ebp+arg_18]
call dword_421064
test eax, eax
jz short loc_41BEFF
push edi
push edi
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_421190
mov esi, eax
mov [ebp+var_28], esi
cmp esi, edi
jz short loc_41BEFF
test byte ptr [ebp+arg_4+1], 4
jz short loc_41BF13
cmp [ebp+arg_14], edi
jz loc_41BF8E
cmp esi, [ebp+arg_14]
jg short loc_41BEFF
push [ebp+arg_14]
push [ebp+arg_10]
push ebx
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_421190
test eax, eax
jnz loc_41BF8E
loc_41BEFF: ; CODE XREF: sub_41BD71+66�j
; sub_41BD71+B5�j ...
xor eax, eax
loc_41BF01: ; CODE XREF: sub_41BD71+AD�j
; sub_41BD71+21F�j
lea esp, [ebp-38h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_41BF13: ; CODE XREF: sub_41BD71+160�j
mov [ebp+var_4], 1
lea eax, [esi+esi]
add eax, 3
and al, 0FCh
call sub_415D70
mov [ebp+var_18], esp
mov ebx, esp
mov [ebp+var_20], ebx
or [ebp+var_4], 0FFFFFFFFh
jmp short loc_41BF47
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor edi, edi
xor ebx, ebx
or [ebp+var_4], 0FFFFFFFFh
mov esi, [ebp+var_28]
loc_41BF47: ; CODE XREF: sub_41BD71+1C2�j
cmp ebx, edi
jz short loc_41BEFF
push esi
push ebx
push [ebp+var_1C]
push [ebp+var_24]
push [ebp+arg_4]
push [ebp+arg_0]
call dword_421190
test eax, eax
jz short loc_41BEFF
cmp [ebp+arg_14], edi
push edi
push edi
jnz short loc_41BF6E
push edi
push edi
jmp short loc_41BF74
; ---------------------------------------------------------------------------
loc_41BF6E: ; CODE XREF: sub_41BD71+1F7�j
push [ebp+arg_14]
push [ebp+arg_10]
loc_41BF74: ; CODE XREF: sub_41BD71+1FB�j
push esi
push ebx
push 220h
push [ebp+arg_18]
call dword_421138
mov esi, eax
cmp esi, edi
jz loc_41BEFF
loc_41BF8E: ; CODE XREF: sub_41BD71+165�j
; sub_41BD71+188�j
mov eax, esi
jmp loc_41BF01
sub_41BD71 endp
; =============== S U B R O U T I N E =======================================
sub_41BF95 proc near ; CODE XREF: sub_41BD71+81�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
mov eax, [esp+arg_0]
test edx, edx
push esi
lea ecx, [edx-1]
jz short loc_41BFB2
loc_41BFA5: ; CODE XREF: sub_41BF95+1B�j
cmp byte ptr [eax], 0
jz short loc_41BFB2
inc eax
mov esi, ecx
dec ecx
test esi, esi
jnz short loc_41BFA5
loc_41BFB2: ; CODE XREF: sub_41BF95+E�j
; sub_41BF95+13�j
cmp byte ptr [eax], 0
pop esi
jnz short loc_41BFBD
sub eax, [esp+arg_0]
retn
; ---------------------------------------------------------------------------
loc_41BFBD: ; CODE XREF: sub_41BF95+21�j
mov eax, edx
retn
sub_41BF95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41BFC0 proc near ; CODE XREF: sub_41C384+B�p
var_18 = dword ptr -18h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
push ebx
push esi
push edi
push [ebp+arg_0]
call sub_41C159
mov esi, eax
pop ecx
cmp esi, dword_46A8C4
mov [ebp+arg_0], esi
jz loc_41C14D
xor ebx, ebx
cmp esi, ebx
jz loc_41C143
xor edx, edx
mov eax, offset dword_4380F0
loc_41BFF4: ; CODE XREF: sub_41BFC0+41�j
cmp [eax], esi
jz short loc_41C06A
add eax, 30h
inc edx
cmp eax, offset dword_4381E0
jl short loc_41BFF4
lea eax, [ebp+var_18]
push eax
push esi
call dword_421194
cmp eax, 1
jnz loc_41C13B
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_46A9E0
cmp [ebp+var_18], 1
mov dword_46A8C4, esi
rep stosd
stosb
mov dword_46AAE4, ebx
jbe loc_41C129
cmp [ebp+var_12], 0
jz loc_41C0FF
lea ecx, [ebp+var_11]
loc_41C047: ; CODE XREF: sub_41BFC0+139�j
mov dl, [ecx]
test dl, dl
jz loc_41C0FF
movzx eax, byte ptr [ecx-1]
movzx edx, dl
loc_41C058: ; CODE XREF: sub_41BFC0+A8�j
cmp eax, edx
ja loc_41C0F3
or byte_46A9E1[eax], 4
inc eax
jmp short loc_41C058
; ---------------------------------------------------------------------------
loc_41C06A: ; CODE XREF: sub_41BFC0+36�j
push 40h
xor eax, eax
pop ecx
mov edi, offset byte_46A9E0
rep stosd
lea esi, [edx+edx*2]
mov [ebp+var_4], ebx
shl esi, 4
stosb
lea ebx, dword_438100[esi]
loc_41C086: ; CODE XREF: sub_41BFC0+103�j
cmp byte ptr [ebx], 0
mov ecx, ebx
jz short loc_41C0B9
loc_41C08D: ; CODE XREF: sub_41BFC0+F7�j
mov dl, [ecx+1]
test dl, dl
jz short loc_41C0B9
movzx eax, byte ptr [ecx]
movzx edi, dl
cmp eax, edi
ja short loc_41C0B2
mov edx, [ebp+var_4]
mov dl, byte_4380E8[edx]
loc_41C0A7: ; CODE XREF: sub_41BFC0+F0�j
or byte_46A9E1[eax], dl
inc eax
cmp eax, edi
jbe short loc_41C0A7
loc_41C0B2: ; CODE XREF: sub_41BFC0+DC�j
inc ecx
inc ecx
cmp byte ptr [ecx], 0
jnz short loc_41C08D
loc_41C0B9: ; CODE XREF: sub_41BFC0+CB�j
; sub_41BFC0+D2�j
inc [ebp+var_4]
add ebx, 8
cmp [ebp+var_4], 4
jb short loc_41C086
mov eax, [ebp+arg_0]
mov dword_46A8DC, 1
push eax
mov dword_46A8C4, eax
call sub_41C1A3
lea esi, dword_4380F4[esi]
mov edi, offset dword_46A8D0
movsd
movsd
pop ecx
mov dword_46AAE4, eax
movsd
jmp short loc_41C148
; ---------------------------------------------------------------------------
loc_41C0F3: ; CODE XREF: sub_41BFC0+9A�j
inc ecx
inc ecx
cmp byte ptr [ecx-1], 0
jnz loc_41C047
loc_41C0FF: ; CODE XREF: sub_41BFC0+7E�j
; sub_41BFC0+8B�j
push 1
pop eax
loc_41C102: ; CODE XREF: sub_41BFC0+14F�j
or byte_46A9E1[eax], 8
inc eax
cmp eax, 0FFh
jb short loc_41C102
push esi
call sub_41C1A3
pop ecx
mov dword_46AAE4, eax
mov dword_46A8DC, 1
jmp short loc_41C12F
; ---------------------------------------------------------------------------
loc_41C129: ; CODE XREF: sub_41BFC0+74�j
mov dword_46A8DC, ebx
loc_41C12F: ; CODE XREF: sub_41BFC0+167�j
xor eax, eax
mov edi, offset dword_46A8D0
stosd
stosd
stosd
jmp short loc_41C148
; ---------------------------------------------------------------------------
loc_41C13B: ; CODE XREF: sub_41BFC0+51�j
cmp dword_469540, ebx
jz short loc_41C151
loc_41C143: ; CODE XREF: sub_41BFC0+27�j
call sub_41C1D6
loc_41C148: ; CODE XREF: sub_41BFC0+131�j
; sub_41BFC0+179�j
call sub_41C1FF
loc_41C14D: ; CODE XREF: sub_41BFC0+1D�j
xor eax, eax
jmp short loc_41C154
; ---------------------------------------------------------------------------
loc_41C151: ; CODE XREF: sub_41BFC0+181�j
or eax, 0FFFFFFFFh
loc_41C154: ; CODE XREF: sub_41BFC0+18F�j
pop edi
pop esi
pop ebx
leave
retn
sub_41BFC0 endp
; =============== S U B R O U T I N E =======================================
sub_41C159 proc near ; CODE XREF: sub_41BFC0+C�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
and dword_469540, 0
cmp eax, 0FFFFFFFEh
jnz short loc_41C179
mov dword_469540, 1
jmp dword_42119C
; ---------------------------------------------------------------------------
loc_41C179: ; CODE XREF: sub_41C159+E�j
cmp eax, 0FFFFFFFDh
jnz short loc_41C18E
mov dword_469540, 1
jmp dword_421198
; ---------------------------------------------------------------------------
loc_41C18E: ; CODE XREF: sub_41C159+23�j
cmp eax, 0FFFFFFFCh
jnz short locret_41C1A2
mov eax, dword_469538
mov dword_469540, 1
locret_41C1A2: ; CODE XREF: sub_41C159+38�j
retn
sub_41C159 endp
; =============== S U B R O U T I N E =======================================
sub_41C1A3 proc near ; CODE XREF: sub_41BFC0+118�p
; sub_41BFC0+152�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
sub eax, 3A4h
jz short loc_41C1D0
sub eax, 4
jz short loc_41C1CA
sub eax, 0Dh
jz short loc_41C1C4
dec eax
jz short loc_41C1BE
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41C1BE: ; CODE XREF: sub_41C1A3+16�j
mov eax, 404h
retn
; ---------------------------------------------------------------------------
loc_41C1C4: ; CODE XREF: sub_41C1A3+13�j
mov eax, 412h
retn
; ---------------------------------------------------------------------------
loc_41C1CA: ; CODE XREF: sub_41C1A3+E�j
mov eax, 804h
retn
; ---------------------------------------------------------------------------
loc_41C1D0: ; CODE XREF: sub_41C1A3+9�j
mov eax, 411h
retn
sub_41C1A3 endp
; =============== S U B R O U T I N E =======================================
sub_41C1D6 proc near ; CODE XREF: sub_41BFC0:loc_41C143�p
push edi
push 40h
pop ecx
xor eax, eax
mov edi, offset byte_46A9E0
rep stosd
stosb
xor eax, eax
mov edi, offset dword_46A8D0
mov dword_46A8C4, eax
mov dword_46A8DC, eax
mov dword_46AAE4, eax
stosd
stosd
stosd
pop edi
retn
sub_41C1D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C1FF proc near ; CODE XREF: sub_41BFC0:loc_41C148�p
var_514 = byte ptr -514h
var_314 = byte ptr -314h
var_214 = byte ptr -214h
var_114 = byte ptr -114h
var_14 = byte ptr -14h
var_E = byte ptr -0Eh
var_D = byte ptr -0Dh
push ebp
mov ebp, esp
sub esp, 514h
lea eax, [ebp+var_14]
push esi
push eax
push dword_46A8C4
call dword_421194
cmp eax, 1
jnz loc_41C338
xor eax, eax
mov esi, 100h
loc_41C229: ; CODE XREF: sub_41C1FF+34�j
mov [ebp+eax+var_114], al
inc eax
cmp eax, esi
jb short loc_41C229
mov al, [ebp+var_E]
mov [ebp+var_114], 20h
test al, al
jz short loc_41C27A
push ebx
push edi
lea edx, [ebp+var_D]
loc_41C248: ; CODE XREF: sub_41C1FF+77�j
movzx ecx, byte ptr [edx]
movzx eax, al
cmp eax, ecx
ja short loc_41C26F
sub ecx, eax
lea edi, [ebp+eax+var_114]
inc ecx
mov eax, 20202020h
mov ebx, ecx
shr ecx, 2
rep stosd
mov ecx, ebx
and ecx, 3
rep stosb
loc_41C26F: ; CODE XREF: sub_41C1FF+51�j
inc edx
inc edx
mov al, [edx-1]
test al, al
jnz short loc_41C248
pop edi
pop ebx
loc_41C27A: ; CODE XREF: sub_41C1FF+42�j
push 0
lea eax, [ebp+var_514]
push dword_46AAE4
push dword_46A8C4
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 1
call sub_41D1F7
push 0
lea eax, [ebp+var_214]
push dword_46A8C4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push esi
push dword_46AAE4
call sub_41BD71
push 0
lea eax, [ebp+var_314]
push dword_46A8C4
push esi
push eax
lea eax, [ebp+var_114]
push esi
push eax
push 200h
push dword_46AAE4
call sub_41BD71
add esp, 5Ch
xor eax, eax
lea ecx, [ebp+var_514]
loc_41C2F5: ; CODE XREF: sub_41C1FF+135�j
mov dx, [ecx]
test dl, 1
jz short loc_41C313
or byte_46A9E1[eax], 10h
mov dl, [ebp+eax+var_214]
loc_41C30B: ; CODE XREF: sub_41C1FF+127�j
mov byte_46A8E0[eax], dl
jmp short loc_41C32F
; ---------------------------------------------------------------------------
loc_41C313: ; CODE XREF: sub_41C1FF+FC�j
test dl, 2
jz short loc_41C328
or byte_46A9E1[eax], 20h
mov dl, [ebp+eax+var_314]
jmp short loc_41C30B
; ---------------------------------------------------------------------------
loc_41C328: ; CODE XREF: sub_41C1FF+117�j
and byte_46A8E0[eax], 0
loc_41C32F: ; CODE XREF: sub_41C1FF+112�j
inc eax
inc ecx
inc ecx
cmp eax, esi
jb short loc_41C2F5
jmp short loc_41C381
; ---------------------------------------------------------------------------
loc_41C338: ; CODE XREF: sub_41C1FF+1D�j
xor eax, eax
mov esi, 100h
loc_41C33F: ; CODE XREF: sub_41C1FF+180�j
cmp eax, 41h
jb short loc_41C35D
cmp eax, 5Ah
ja short loc_41C35D
or byte_46A9E1[eax], 10h
mov cl, al
add cl, 20h
loc_41C355: ; CODE XREF: sub_41C1FF+174�j
mov byte_46A8E0[eax], cl
jmp short loc_41C37C
; ---------------------------------------------------------------------------
loc_41C35D: ; CODE XREF: sub_41C1FF+143�j
; sub_41C1FF+148�j
cmp eax, 61h
jb short loc_41C375
cmp eax, 7Ah
ja short loc_41C375
or byte_46A9E1[eax], 20h
mov cl, al
sub cl, 20h
jmp short loc_41C355
; ---------------------------------------------------------------------------
loc_41C375: ; CODE XREF: sub_41C1FF+161�j
; sub_41C1FF+166�j
and byte_46A8E0[eax], 0
loc_41C37C: ; CODE XREF: sub_41C1FF+15C�j
inc eax
cmp eax, esi
jb short loc_41C33F
loc_41C381: ; CODE XREF: sub_41C1FF+137�j
pop esi
leave
retn
sub_41C1FF endp
; =============== S U B R O U T I N E =======================================
sub_41C384 proc near ; CODE XREF: sub_41C7C2+9�p
; sub_41C81A+D�p ...
cmp dword_46AB0C, 0
jnz short locret_41C39F
push 0FFFFFFFDh
call sub_41BFC0
pop ecx
mov dword_46AB0C, 1
locret_41C39F: ; CODE XREF: sub_41C384+7�j
retn
sub_41C384 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C3A0 proc near ; CODE XREF: sub_417348+2B�p
; sub_417348+A6�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
cmp dword_46A8DC, 0
push edi
mov edi, [ebp+arg_0]
mov [ebp+arg_0], edi
jnz short loc_41C3C4
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_416D40
add esp, 0Ch
jmp short loc_41C427
; ---------------------------------------------------------------------------
loc_41C3C4: ; CODE XREF: sub_41C3A0+11�j
mov edx, [ebp+arg_8]
push esi
test edx, edx
jz short loc_41C409
mov ecx, [ebp+arg_4]
loc_41C3CF: ; CODE XREF: sub_41C3A0+5B�j
mov al, [ecx]
dec edx
movzx esi, al
test byte_46A9E1[esi], 4
mov [edi], al
jz short loc_41C3F3
inc edi
inc ecx
test edx, edx
jz short loc_41C3FF
mov al, [ecx]
dec edx
mov [edi], al
inc edi
inc ecx
test al, al
jz short loc_41C405
jmp short loc_41C3F9
; ---------------------------------------------------------------------------
loc_41C3F3: ; CODE XREF: sub_41C3A0+3E�j
inc edi
inc ecx
test al, al
jz short loc_41C409
loc_41C3F9: ; CODE XREF: sub_41C3A0+51�j
test edx, edx
jnz short loc_41C3CF
jmp short loc_41C409
; ---------------------------------------------------------------------------
loc_41C3FF: ; CODE XREF: sub_41C3A0+44�j
and byte ptr [edi-1], 0
jmp short loc_41C409
; ---------------------------------------------------------------------------
loc_41C405: ; CODE XREF: sub_41C3A0+4F�j
and byte ptr [edi-2], 0
loc_41C409: ; CODE XREF: sub_41C3A0+2A�j
; sub_41C3A0+57�j ...
mov eax, edx
dec edx
test eax, eax
pop esi
jz short loc_41C424
lea ecx, [edx+1]
xor eax, eax
mov edx, ecx
shr ecx, 2
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_41C424: ; CODE XREF: sub_41C3A0+6F�j
mov eax, [ebp+arg_0]
loc_41C427: ; CODE XREF: sub_41C3A0+22�j
pop edi
pop ebp
retn
sub_41C3A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C42A proc near ; CODE XREF: sub_4175FF+A2�p
; sub_417C37+95�p ...
var_414 = byte ptr -414h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 414h
mov ecx, [ebp+arg_0]
push ebx
cmp ecx, dword_46A8C0
push esi
push edi
jnb loc_41C5BE
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea ebx, ds:46A7C0h[eax*4]
shl esi, 3
mov eax, [ebx]
mov al, [eax+esi+4]
test al, 1
jz loc_41C5BE
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebp+var_8], edi
mov [ebp+var_10], edi
jnz short loc_41C47B
loc_41C474: ; CODE XREF: sub_41C42A+177�j
xor eax, eax
jmp loc_41C5D2
; ---------------------------------------------------------------------------
loc_41C47B: ; CODE XREF: sub_41C42A+48�j
test al, 20h
jz short loc_41C48B
push 2
push edi
push ecx
call sub_41BB7F
add esp, 0Ch
loc_41C48B: ; CODE XREF: sub_41C42A+53�j
mov eax, [ebx]
add eax, esi
test byte ptr [eax+4], 80h
jz loc_41C55A
mov eax, [ebp+arg_4]
cmp [ebp+arg_8], edi
mov [ebp+var_4], eax
mov [ebp+arg_0], edi
jbe loc_41C592
loc_41C4AB: ; CODE XREF: sub_41C42A+F5�j
lea eax, [ebp+var_414]
loc_41C4B1: ; CODE XREF: sub_41C42A+B9�j
mov ecx, [ebp+var_4]
sub ecx, [ebp+arg_4]
cmp ecx, [ebp+arg_8]
jnb short loc_41C4E5
mov ecx, [ebp+var_4]
inc [ebp+var_4]
mov cl, [ecx]
cmp cl, 0Ah
jnz short loc_41C4D0
inc [ebp+var_10]
mov byte ptr [eax], 0Dh
inc eax
loc_41C4D0: ; CODE XREF: sub_41C42A+9D�j
mov [eax], cl
inc eax
mov ecx, eax
lea edx, [ebp+var_414]
sub ecx, edx
cmp ecx, 400h
jl short loc_41C4B1
loc_41C4E5: ; CODE XREF: sub_41C42A+90�j
mov edi, eax
lea eax, [ebp+var_414]
sub edi, eax
lea eax, [ebp+var_C]
push 0
push eax
lea eax, [ebp+var_414]
push edi
push eax
mov eax, [ebx]
push dword ptr [eax+esi]
call dword_421070
test eax, eax
jz short loc_41C54F
mov eax, [ebp+var_C]
add [ebp+var_8], eax
cmp eax, edi
jl short loc_41C521
mov eax, [ebp+var_4]
sub eax, [ebp+arg_4]
cmp eax, [ebp+arg_8]
jb short loc_41C4AB
loc_41C521: ; CODE XREF: sub_41C42A+EA�j
; sub_41C42A+12E�j
xor edi, edi
loc_41C523: ; CODE XREF: sub_41C42A+150�j
; sub_41C42A+15B�j
mov eax, [ebp+var_8]
cmp eax, edi
jnz loc_41C5B9
cmp [ebp+arg_0], edi
jz short loc_41C592
push 5
pop eax
cmp [ebp+arg_0], eax
jnz short loc_41C587
mov dword_469494, 9
mov dword_469498, eax
jmp loc_41C5CF
; ---------------------------------------------------------------------------
loc_41C54F: ; CODE XREF: sub_41C42A+E0�j
call dword_421088
mov [ebp+arg_0], eax
jmp short loc_41C521
; ---------------------------------------------------------------------------
loc_41C55A: ; CODE XREF: sub_41C42A+69�j
lea ecx, [ebp+var_C]
push edi
push ecx
push [ebp+arg_8]
push [ebp+arg_4]
push dword ptr [eax]
call dword_421070
test eax, eax
jz short loc_41C57C
mov eax, [ebp+var_C]
mov [ebp+arg_0], edi
mov [ebp+var_8], eax
jmp short loc_41C523
; ---------------------------------------------------------------------------
loc_41C57C: ; CODE XREF: sub_41C42A+145�j
call dword_421088
mov [ebp+arg_0], eax
jmp short loc_41C523
; ---------------------------------------------------------------------------
loc_41C587: ; CODE XREF: sub_41C42A+10F�j
push [ebp+arg_0]
call sub_41C5D7
pop ecx
jmp short loc_41C5CF
; ---------------------------------------------------------------------------
loc_41C592: ; CODE XREF: sub_41C42A+7B�j
; sub_41C42A+107�j
mov eax, [ebx]
test byte ptr [eax+esi+4], 40h
jz short loc_41C5A7
mov eax, [ebp+arg_4]
cmp byte ptr [eax], 1Ah
jz loc_41C474
loc_41C5A7: ; CODE XREF: sub_41C42A+16F�j
mov dword_469494, 1Ch
mov dword_469498, edi
jmp short loc_41C5CF
; ---------------------------------------------------------------------------
loc_41C5B9: ; CODE XREF: sub_41C42A+FE�j
sub eax, [ebp+var_10]
jmp short loc_41C5D2
; ---------------------------------------------------------------------------
loc_41C5BE: ; CODE XREF: sub_41C42A+15�j
; sub_41C42A+37�j
and dword_469498, 0
mov dword_469494, 9
loc_41C5CF: ; CODE XREF: sub_41C42A+120�j
; sub_41C42A+166�j ...
or eax, 0FFFFFFFFh
loc_41C5D2: ; CODE XREF: sub_41C42A+4C�j
; sub_41C42A+192�j
pop edi
pop esi
pop ebx
leave
retn
sub_41C42A endp
; =============== S U B R O U T I N E =======================================
sub_41C5D7 proc near ; CODE XREF: sub_417709+16�p
; sub_4178FC+1D�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
xor edx, edx
mov dword_469498, ecx
mov eax, offset dword_4381E0
loc_41C5E8: ; CODE XREF: sub_41C5D7+1E�j
cmp ecx, [eax]
jz short loc_41C60C
add eax, 8
inc edx
cmp eax, offset dword_438348
jl short loc_41C5E8
cmp ecx, 13h
jb short loc_41C619
cmp ecx, 24h
ja short loc_41C619
mov dword_469494, 0Dh
retn
; ---------------------------------------------------------------------------
loc_41C60C: ; CODE XREF: sub_41C5D7+13�j
mov eax, dword_4381E4[edx*8]
mov dword_469494, eax
retn
; ---------------------------------------------------------------------------
loc_41C619: ; CODE XREF: sub_41C5D7+23�j
; sub_41C5D7+28�j
cmp ecx, 0BCh
jb short loc_41C633
cmp ecx, 0CAh
mov dword_469494, 8
jbe short locret_41C63D
loc_41C633: ; CODE XREF: sub_41C5D7+48�j
mov dword_469494, 16h
locret_41C63D: ; CODE XREF: sub_41C5D7+5A�j
retn
sub_41C5D7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C63E proc near ; CODE XREF: .nsp0:00417BDB�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ebx
push [ebp+arg_0]
call sub_41C77F
test eax, eax
pop ecx
jz loc_41C773
mov ebx, [eax+8]
test ebx, ebx
jz loc_41C773
cmp ebx, 5
jnz short loc_41C66F
and dword ptr [eax+8], 0
push 1
pop eax
jmp loc_41C77C
; ---------------------------------------------------------------------------
loc_41C66F: ; CODE XREF: sub_41C63E+23�j
cmp ebx, 1
jz loc_41C76E
mov ecx, dword_469544
mov [ebp+arg_0], ecx
mov ecx, [ebp+arg_4]
mov dword_469544, ecx
mov ecx, [eax+4]
cmp ecx, 8
jnz loc_41C75E
mov ecx, dword_4383C0
mov edx, dword_4383C4
add edx, ecx
push esi
cmp ecx, edx
jge short loc_41C6BE
lea esi, [ecx+ecx*2]
sub edx, ecx
lea esi, ds:438350h[esi*4]
loc_41C6B5: ; CODE XREF: sub_41C63E+7E�j
and dword ptr [esi], 0
add esi, 0Ch
dec edx
jnz short loc_41C6B5
loc_41C6BE: ; CODE XREF: sub_41C63E+69�j
mov eax, [eax]
mov esi, dword_4383CC
cmp eax, 0C000008Eh
jnz short loc_41C6D9
mov dword_4383CC, 83h
jmp short loc_41C749
; ---------------------------------------------------------------------------
loc_41C6D9: ; CODE XREF: sub_41C63E+8D�j
cmp eax, 0C0000090h
jnz short loc_41C6EC
mov dword_4383CC, 81h
jmp short loc_41C749
; ---------------------------------------------------------------------------
loc_41C6EC: ; CODE XREF: sub_41C63E+A0�j
cmp eax, 0C0000091h
jnz short loc_41C6FF
mov dword_4383CC, 84h
jmp short loc_41C749
; ---------------------------------------------------------------------------
loc_41C6FF: ; CODE XREF: sub_41C63E+B3�j
cmp eax, 0C0000093h
jnz short loc_41C712
mov dword_4383CC, 85h
jmp short loc_41C749
; ---------------------------------------------------------------------------
loc_41C712: ; CODE XREF: sub_41C63E+C6�j
cmp eax, 0C000008Dh
jnz short loc_41C725
mov dword_4383CC, 82h
jmp short loc_41C749
; ---------------------------------------------------------------------------
loc_41C725: ; CODE XREF: sub_41C63E+D9�j
cmp eax, 0C000008Fh
jnz short loc_41C738
mov dword_4383CC, 86h
jmp short loc_41C749
; ---------------------------------------------------------------------------
loc_41C738: ; CODE XREF: sub_41C63E+EC�j
cmp eax, 0C0000092h
jnz short loc_41C749
mov dword_4383CC, 8Ah
loc_41C749: ; CODE XREF: sub_41C63E+99�j
; sub_41C63E+AC�j ...
push dword_4383CC
push 8
call ebx
pop ecx
mov dword_4383CC, esi
pop ecx
pop esi
jmp short loc_41C766
; ---------------------------------------------------------------------------
loc_41C75E: ; CODE XREF: sub_41C63E+52�j
and dword ptr [eax+8], 0
push ecx
call ebx
pop ecx
loc_41C766: ; CODE XREF: sub_41C63E+11E�j
mov eax, [ebp+arg_0]
mov dword_469544, eax
loc_41C76E: ; CODE XREF: sub_41C63E+34�j
or eax, 0FFFFFFFFh
jmp short loc_41C77C
; ---------------------------------------------------------------------------
loc_41C773: ; CODE XREF: sub_41C63E+F�j
; sub_41C63E+1A�j
push [ebp+arg_4]
call dword_4211A0
loc_41C77C: ; CODE XREF: sub_41C63E+2C�j
; sub_41C63E+133�j
pop ebx
pop ebp
retn
sub_41C63E endp
; =============== S U B R O U T I N E =======================================
sub_41C77F proc near ; CODE XREF: sub_41C63E+7�p
arg_0 = dword ptr 4
mov edx, [esp+arg_0]
mov ecx, dword_4383C8
cmp dword_438348, edx
push esi
mov eax, offset dword_438348
jz short loc_41C7AC
lea esi, [ecx+ecx*2]
lea esi, ds:438348h[esi*4]
loc_41C7A1: ; CODE XREF: sub_41C77F+2B�j
add eax, 0Ch
cmp eax, esi
jnb short loc_41C7AC
cmp [eax], edx
jnz short loc_41C7A1
loc_41C7AC: ; CODE XREF: sub_41C77F+16�j
; sub_41C77F+27�j
lea ecx, [ecx+ecx*2]
pop esi
lea ecx, ds:438348h[ecx*4]
cmp eax, ecx
jnb short loc_41C7BF
cmp [eax], edx
jz short locret_41C7C1
loc_41C7BF: ; CODE XREF: sub_41C77F+3A�j
xor eax, eax
locret_41C7C1: ; CODE XREF: sub_41C77F+3E�j
retn
sub_41C77F endp
; =============== S U B R O U T I N E =======================================
sub_41C7C2 proc near ; CODE XREF: .nsp0:00417B9D�p
cmp dword_46AB0C, 0
jnz short loc_41C7D0
call sub_41C384
loc_41C7D0: ; CODE XREF: sub_41C7C2+7�j
push esi
mov esi, dword_46AB04
mov al, [esi]
cmp al, 22h
jnz short loc_41C802
loc_41C7DD: ; CODE XREF: sub_41C7C2+33�j
; sub_41C7C2+36�j
mov al, [esi+1]
inc esi
cmp al, 22h
jz short loc_41C7FA
test al, al
jz short loc_41C7FA
movzx eax, al
push eax
call near ptr dword_41E6AC
test eax, eax
pop ecx
jz short loc_41C7DD
inc esi
jmp short loc_41C7DD
; ---------------------------------------------------------------------------
loc_41C7FA: ; CODE XREF: sub_41C7C2+21�j
; sub_41C7C2+25�j
cmp byte ptr [esi], 22h
jnz short loc_41C80C
loc_41C7FF: ; CODE XREF: sub_41C7C2+52�j
inc esi
jmp short loc_41C80C
; ---------------------------------------------------------------------------
loc_41C802: ; CODE XREF: sub_41C7C2+19�j
cmp al, 20h
jbe short loc_41C80C
loc_41C806: ; CODE XREF: sub_41C7C2+48�j
inc esi
cmp byte ptr [esi], 20h
ja short loc_41C806
loc_41C80C: ; CODE XREF: sub_41C7C2+3B�j
; sub_41C7C2+3E�j ...
mov al, [esi]
test al, al
jz short loc_41C816
cmp al, 20h
jbe short loc_41C7FF
loc_41C816: ; CODE XREF: sub_41C7C2+4E�j
mov eax, esi
pop esi
retn
sub_41C7C2 endp
; =============== S U B R O U T I N E =======================================
sub_41C81A proc near ; CODE XREF: .nsp0:00417B86�p
push ebx
xor ebx, ebx
cmp dword_46AB0C, ebx
push esi
push edi
jnz short loc_41C82C
call sub_41C384
loc_41C82C: ; CODE XREF: sub_41C81A+B�j
mov esi, dword_4694E0
xor edi, edi
loc_41C834: ; CODE XREF: sub_41C81A+30�j
mov al, [esi]
cmp al, bl
jz short loc_41C84C
cmp al, 3Dh
jz short loc_41C83F
inc edi
loc_41C83F: ; CODE XREF: sub_41C81A+22�j
push esi
call sub_415CF0
pop ecx
lea esi, [esi+eax+1]
jmp short loc_41C834
; ---------------------------------------------------------------------------
loc_41C84C: ; CODE XREF: sub_41C81A+1E�j
lea eax, ds:4[edi*4]
push eax
call sub_415DC9
mov esi, eax
pop ecx
cmp esi, ebx
mov dword_4694BC, esi
jnz short loc_41C86E
push 9
call sub_417BEE
pop ecx
loc_41C86E: ; CODE XREF: sub_41C81A+4A�j
mov edi, dword_4694E0
cmp [edi], bl
jz short loc_41C8B1
push ebp
loc_41C879: ; CODE XREF: sub_41C81A+94�j
push edi
call sub_415CF0
mov ebp, eax
pop ecx
inc ebp
cmp byte ptr [edi], 3Dh
jz short loc_41C8AA
push ebp
call sub_415DC9
cmp eax, ebx
pop ecx
mov [esi], eax
jnz short loc_41C89D
push 9
call sub_417BEE
pop ecx
loc_41C89D: ; CODE XREF: sub_41C81A+79�j
push edi
push dword ptr [esi]
call sub_415C00
pop ecx
add esi, 4
pop ecx
loc_41C8AA: ; CODE XREF: sub_41C81A+6C�j
add edi, ebp
cmp [edi], bl
jnz short loc_41C879
pop ebp
loc_41C8B1: ; CODE XREF: sub_41C81A+5C�j
push dword_4694E0
call sub_415E3D
pop ecx
mov dword_4694E0, ebx
mov [esi], ebx
pop edi
pop esi
mov dword_46AB08, 1
pop ebx
retn
sub_41C81A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C8D3 proc near ; CODE XREF: .nsp0:00417B81�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
xor ebx, ebx
cmp dword_46AB0C, ebx
push esi
push edi
jnz short loc_41C8EA
call sub_41C384
loc_41C8EA: ; CODE XREF: sub_41C8D3+10�j
mov esi, offset dword_469548
push 104h
push esi
push ebx
call dword_42107C
mov eax, dword_46AB04
mov dword_4694CC, esi
mov edi, esi
cmp [eax], bl
jz short loc_41C90F
mov edi, eax
loc_41C90F: ; CODE XREF: sub_41C8D3+38�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push ebx
push ebx
push edi
call sub_41C96C
mov eax, [ebp+var_8]
mov ecx, [ebp+var_4]
lea eax, [eax+ecx*4]
push eax
call sub_415DC9
mov esi, eax
add esp, 18h
cmp esi, ebx
jnz short loc_41C93F
push 8
call sub_417BEE
pop ecx
loc_41C93F: ; CODE XREF: sub_41C8D3+62�j
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
mov eax, [ebp+var_4]
lea eax, [esi+eax*4]
push eax
push esi
push edi
call sub_41C96C
mov eax, [ebp+var_4]
add esp, 14h
dec eax
mov dword_4694B4, esi
pop edi
pop esi
mov dword_4694B0, eax
pop ebx
leave
retn
sub_41C8D3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41C96C proc near ; CODE XREF: sub_41C8D3+47�p
; sub_41C8D3+7D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov ecx, [ebp+arg_10]
mov eax, [ebp+arg_C]
push ebx
push esi
and dword ptr [ecx], 0
mov esi, [ebp+arg_8]
push edi
mov edi, [ebp+arg_4]
mov dword ptr [eax], 1
mov eax, [ebp+arg_0]
test edi, edi
jz short loc_41C996
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41C996: ; CODE XREF: sub_41C96C+20�j
cmp byte ptr [eax], 22h
jnz short loc_41C9DF
loc_41C99B: ; CODE XREF: sub_41C96C+58�j
; sub_41C96C+5F�j
mov dl, [eax+1]
inc eax
cmp dl, 22h
jz short loc_41C9CD
test dl, dl
jz short loc_41C9CD
movzx edx, dl
test byte_46A9E1[edx], 4
jz short loc_41C9C0
inc dword ptr [ecx]
test esi, esi
jz short loc_41C9C0
mov dl, [eax]
mov [esi], dl
inc esi
inc eax
loc_41C9C0: ; CODE XREF: sub_41C96C+46�j
; sub_41C96C+4C�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41C99B
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41C99B
; ---------------------------------------------------------------------------
loc_41C9CD: ; CODE XREF: sub_41C96C+36�j
; sub_41C96C+3A�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41C9D7
and byte ptr [esi], 0
inc esi
loc_41C9D7: ; CODE XREF: sub_41C96C+65�j
cmp byte ptr [eax], 22h
jnz short loc_41CA22
inc eax
jmp short loc_41CA22
; ---------------------------------------------------------------------------
loc_41C9DF: ; CODE XREF: sub_41C96C+2D�j
; sub_41C96C+A5�j
inc dword ptr [ecx]
test esi, esi
jz short loc_41C9EA
mov dl, [eax]
mov [esi], dl
inc esi
loc_41C9EA: ; CODE XREF: sub_41C96C+77�j
mov dl, [eax]
inc eax
movzx ebx, dl
test byte_46A9E1[ebx], 4
jz short loc_41CA05
inc dword ptr [ecx]
test esi, esi
jz short loc_41CA04
mov bl, [eax]
mov [esi], bl
inc esi
loc_41CA04: ; CODE XREF: sub_41C96C+91�j
inc eax
loc_41CA05: ; CODE XREF: sub_41C96C+8B�j
cmp dl, 20h
jz short loc_41CA13
test dl, dl
jz short loc_41CA17
cmp dl, 9
jnz short loc_41C9DF
loc_41CA13: ; CODE XREF: sub_41C96C+9C�j
test dl, dl
jnz short loc_41CA1A
loc_41CA17: ; CODE XREF: sub_41C96C+A0�j
dec eax
jmp short loc_41CA22
; ---------------------------------------------------------------------------
loc_41CA1A: ; CODE XREF: sub_41C96C+A9�j
test esi, esi
jz short loc_41CA22
and byte ptr [esi-1], 0
loc_41CA22: ; CODE XREF: sub_41C96C+6E�j
; sub_41C96C+71�j ...
and [ebp+arg_10], 0
loc_41CA26: ; CODE XREF: sub_41C96C+19E�j
cmp byte ptr [eax], 0
jz loc_41CB0F
loc_41CA2F: ; CODE XREF: sub_41C96C+D0�j
mov dl, [eax]
cmp dl, 20h
jz short loc_41CA3B
cmp dl, 9
jnz short loc_41CA3E
loc_41CA3B: ; CODE XREF: sub_41C96C+C8�j
inc eax
jmp short loc_41CA2F
; ---------------------------------------------------------------------------
loc_41CA3E: ; CODE XREF: sub_41C96C+CD�j
cmp byte ptr [eax], 0
jz loc_41CB0F
test edi, edi
jz short loc_41CA53
mov [edi], esi
add edi, 4
mov [ebp+arg_4], edi
loc_41CA53: ; CODE XREF: sub_41C96C+DD�j
mov edx, [ebp+arg_C]
inc dword ptr [edx]
loc_41CA58: ; CODE XREF: sub_41C96C+18F�j
mov [ebp+arg_0], 1
xor ebx, ebx
loc_41CA61: ; CODE XREF: sub_41C96C+FC�j
cmp byte ptr [eax], 5Ch
jnz short loc_41CA6A
inc eax
inc ebx
jmp short loc_41CA61
; ---------------------------------------------------------------------------
loc_41CA6A: ; CODE XREF: sub_41C96C+F8�j
cmp byte ptr [eax], 22h
jnz short loc_41CA9B
test bl, 1
jnz short loc_41CA99
xor edi, edi
cmp [ebp+arg_10], edi
jz short loc_41CA88
cmp byte ptr [eax+1], 22h
lea edx, [eax+1]
jnz short loc_41CA88
mov eax, edx
jmp short loc_41CA8B
; ---------------------------------------------------------------------------
loc_41CA88: ; CODE XREF: sub_41C96C+10D�j
; sub_41C96C+116�j
mov [ebp+arg_0], edi
loc_41CA8B: ; CODE XREF: sub_41C96C+11A�j
mov edi, [ebp+arg_4]
xor edx, edx
cmp [ebp+arg_10], edx
setz dl
mov [ebp+arg_10], edx
loc_41CA99: ; CODE XREF: sub_41C96C+106�j
shr ebx, 1
loc_41CA9B: ; CODE XREF: sub_41C96C+101�j
mov edx, ebx
dec ebx
test edx, edx
jz short loc_41CAB0
inc ebx
loc_41CAA3: ; CODE XREF: sub_41C96C+142�j
test esi, esi
jz short loc_41CAAB
mov byte ptr [esi], 5Ch
inc esi
loc_41CAAB: ; CODE XREF: sub_41C96C+139�j
inc dword ptr [ecx]
dec ebx
jnz short loc_41CAA3
loc_41CAB0: ; CODE XREF: sub_41C96C+134�j
mov dl, [eax]
test dl, dl
jz short loc_41CB00
cmp [ebp+arg_10], 0
jnz short loc_41CAC6
cmp dl, 20h
jz short loc_41CB00
cmp dl, 9
jz short loc_41CB00
loc_41CAC6: ; CODE XREF: sub_41C96C+14E�j
cmp [ebp+arg_0], 0
jz short loc_41CAFA
test esi, esi
jz short loc_41CAE9
movzx ebx, dl
test byte_46A9E1[ebx], 4
jz short loc_41CAE2
mov [esi], dl
inc esi
inc eax
inc dword ptr [ecx]
loc_41CAE2: ; CODE XREF: sub_41C96C+16E�j
mov dl, [eax]
mov [esi], dl
inc esi
jmp short loc_41CAF8
; ---------------------------------------------------------------------------
loc_41CAE9: ; CODE XREF: sub_41C96C+162�j
movzx edx, dl
test byte_46A9E1[edx], 4
jz short loc_41CAF8
inc eax
inc dword ptr [ecx]
loc_41CAF8: ; CODE XREF: sub_41C96C+17B�j
; sub_41C96C+187�j
inc dword ptr [ecx]
loc_41CAFA: ; CODE XREF: sub_41C96C+15E�j
inc eax
jmp loc_41CA58
; ---------------------------------------------------------------------------
loc_41CB00: ; CODE XREF: sub_41C96C+148�j
; sub_41C96C+153�j ...
test esi, esi
jz short loc_41CB08
and byte ptr [esi], 0
inc esi
loc_41CB08: ; CODE XREF: sub_41C96C+196�j
inc dword ptr [ecx]
jmp loc_41CA26
; ---------------------------------------------------------------------------
loc_41CB0F: ; CODE XREF: sub_41C96C+BD�j
; sub_41C96C+D5�j
test edi, edi
jz short loc_41CB16
and dword ptr [edi], 0
loc_41CB16: ; CODE XREF: sub_41C96C+1A5�j
mov eax, [ebp+arg_C]
pop edi
pop esi
pop ebx
inc dword ptr [eax]
pop ebp
retn
sub_41C96C endp
; =============== S U B R O U T I N E =======================================
sub_41CB20 proc near ; CODE XREF: .nsp0:00417B77�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ecx
push ecx
mov eax, dword_46964C
push ebx
push ebp
mov ebp, dword_42103C
push esi
push edi
xor ebx, ebx
xor esi, esi
xor edi, edi
cmp eax, ebx
jnz short loc_41CB6E
call ebp
mov esi, eax
cmp esi, ebx
jz short loc_41CB4F
mov dword_46964C, 1
jmp short loc_41CB77
; ---------------------------------------------------------------------------
loc_41CB4F: ; CODE XREF: sub_41CB20+21�j
call dword_421040
mov edi, eax
cmp edi, ebx
jz loc_41CC49
mov dword_46964C, 2
jmp loc_41CBFD
; ---------------------------------------------------------------------------
loc_41CB6E: ; CODE XREF: sub_41CB20+19�j
cmp eax, 1
jnz loc_41CBF8
loc_41CB77: ; CODE XREF: sub_41CB20+2D�j
cmp esi, ebx
jnz short loc_41CB87
call ebp
mov esi, eax
cmp esi, ebx
jz loc_41CC49
loc_41CB87: ; CODE XREF: sub_41CB20+59�j
cmp [esi], bx
mov eax, esi
jz short loc_41CB9C
loc_41CB8E: ; CODE XREF: sub_41CB20+73�j
; sub_41CB20+7A�j
inc eax
inc eax
cmp [eax], bx
jnz short loc_41CB8E
inc eax
inc eax
cmp [eax], bx
jnz short loc_41CB8E
loc_41CB9C: ; CODE XREF: sub_41CB20+6C�j
sub eax, esi
mov edi, dword_421138
sar eax, 1
push ebx
push ebx
inc eax
push ebx
push ebx
push eax
push esi
push ebx
push ebx
mov [esp+38h+var_4], eax
call edi
mov ebp, eax
cmp ebp, ebx
jz short loc_41CBED
push ebp
call sub_415DC9
cmp eax, ebx
pop ecx
mov [esp+18h+var_8], eax
jz short loc_41CBED
push ebx
push ebx
push ebp
push eax
push [esp+28h+var_4]
push esi
push ebx
push ebx
call edi
test eax, eax
jnz short loc_41CBE9
push [esp+18h+var_8]
call sub_415E3D
pop ecx
mov [esp+18h+var_8], ebx
loc_41CBE9: ; CODE XREF: sub_41CB20+B9�j
mov ebx, [esp+18h+var_8]
loc_41CBED: ; CODE XREF: sub_41CB20+99�j
; sub_41CB20+A8�j
push esi
call dword_421044
mov eax, ebx
jmp short loc_41CC4B
; ---------------------------------------------------------------------------
loc_41CBF8: ; CODE XREF: sub_41CB20+51�j
cmp eax, 2
jnz short loc_41CC49
loc_41CBFD: ; CODE XREF: sub_41CB20+49�j
cmp edi, ebx
jnz short loc_41CC0D
call dword_421040
mov edi, eax
cmp edi, ebx
jz short loc_41CC49
loc_41CC0D: ; CODE XREF: sub_41CB20+DF�j
cmp [edi], bl
mov eax, edi
jz short loc_41CC1D
loc_41CC13: ; CODE XREF: sub_41CB20+F6�j
; sub_41CB20+FB�j
inc eax
cmp [eax], bl
jnz short loc_41CC13
inc eax
cmp [eax], bl
jnz short loc_41CC13
loc_41CC1D: ; CODE XREF: sub_41CB20+F1�j
sub eax, edi
inc eax
mov ebp, eax
push ebp
call sub_415DC9
mov esi, eax
pop ecx
cmp esi, ebx
jnz short loc_41CC33
xor esi, esi
jmp short loc_41CC3E
; ---------------------------------------------------------------------------
loc_41CC33: ; CODE XREF: sub_41CB20+10D�j
push ebp
push edi
push esi
call sub_4155D0
add esp, 0Ch
loc_41CC3E: ; CODE XREF: sub_41CB20+111�j
push edi
call dword_4211A4
mov eax, esi
jmp short loc_41CC4B
; ---------------------------------------------------------------------------
loc_41CC49: ; CODE XREF: sub_41CB20+39�j
; sub_41CB20+61�j ...
xor eax, eax
loc_41CC4B: ; CODE XREF: sub_41CB20+D6�j
; sub_41CB20+127�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
pop ecx
retn
sub_41CB20 endp
; =============== S U B R O U T I N E =======================================
sub_41CC52 proc near ; CODE XREF: .nsp0:00417B67�p
var_44 = byte ptr -44h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
sub esp, 44h
push ebx
push ebp
push esi
push edi
push 100h
call sub_415DC9
mov esi, eax
pop ecx
test esi, esi
jnz short loc_41CC72
push 1Bh
call sub_417BEE
pop ecx
loc_41CC72: ; CODE XREF: sub_41CC52+16�j
mov dword_46A7C0, esi
mov dword_46A8C0, 20h
lea eax, [esi+100h]
loc_41CC88: ; CODE XREF: sub_41CC52+52�j
cmp esi, eax
jnb short loc_41CCA6
and byte ptr [esi+4], 0
or dword ptr [esi], 0FFFFFFFFh
mov byte ptr [esi+5], 0Ah
mov eax, dword_46A7C0
add esi, 8
add eax, 100h
jmp short loc_41CC88
; ---------------------------------------------------------------------------
loc_41CCA6: ; CODE XREF: sub_41CC52+38�j
lea eax, [esp+54h+var_44]
push eax
call dword_421164
cmp word ptr [esp+54h+var_14+2], 0
jz loc_41CD82
mov eax, [esp+54h+var_10]
test eax, eax
jz loc_41CD82
mov esi, [eax]
lea ebp, [eax+4]
mov eax, 800h
cmp esi, eax
lea ebx, [esi+ebp]
jl short loc_41CCDC
mov esi, eax
loc_41CCDC: ; CODE XREF: sub_41CC52+86�j
cmp dword_46A8C0, esi
jge short loc_41CD36
mov edi, offset dword_46A7C4
loc_41CCE9: ; CODE XREF: sub_41CC52+DA�j
push 100h
call sub_415DC9
test eax, eax
pop ecx
jz short loc_41CD30
add dword_46A8C0, 20h
mov [edi], eax
lea ecx, [eax+100h]
loc_41CD07: ; CODE XREF: sub_41CC52+CF�j
cmp eax, ecx
jnb short loc_41CD23
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov ecx, [edi]
add eax, 8
add ecx, 100h
jmp short loc_41CD07
; ---------------------------------------------------------------------------
loc_41CD23: ; CODE XREF: sub_41CC52+B7�j
add edi, 4
cmp dword_46A8C0, esi
jl short loc_41CCE9
jmp short loc_41CD36
; ---------------------------------------------------------------------------
loc_41CD30: ; CODE XREF: sub_41CC52+A4�j
mov esi, dword_46A8C0
loc_41CD36: ; CODE XREF: sub_41CC52+90�j
; sub_41CC52+DC�j
xor edi, edi
test esi, esi
jle short loc_41CD82
loc_41CD3C: ; CODE XREF: sub_41CC52+12E�j
mov eax, [ebx]
cmp eax, 0FFFFFFFFh
jz short loc_41CD79
mov cl, [ebp+0]
test cl, 1
jz short loc_41CD79
test cl, 8
jnz short loc_41CD5B
push eax
call dword_421030
test eax, eax
jz short loc_41CD79
loc_41CD5B: ; CODE XREF: sub_41CC52+FC�j
mov eax, edi
mov ecx, edi
sar eax, 5
and ecx, 1Fh
mov eax, dword_46A7C0[eax*4]
lea eax, [eax+ecx*8]
mov ecx, [ebx]
mov [eax], ecx
mov cl, [ebp+0]
mov [eax+4], cl
loc_41CD79: ; CODE XREF: sub_41CC52+EF�j
; sub_41CC52+F7�j ...
inc edi
inc ebp
add ebx, 4
cmp edi, esi
jl short loc_41CD3C
loc_41CD82: ; CODE XREF: sub_41CC52+65�j
; sub_41CC52+71�j ...
xor ebx, ebx
loc_41CD84: ; CODE XREF: sub_41CC52+195�j
mov eax, dword_46A7C0
cmp dword ptr [eax+ebx*8], 0FFFFFFFFh
lea esi, [eax+ebx*8]
jnz short loc_41CDDF
test ebx, ebx
mov byte ptr [esi+4], 81h
jnz short loc_41CD9F
push 0FFFFFFF6h
pop eax
jmp short loc_41CDA9
; ---------------------------------------------------------------------------
loc_41CD9F: ; CODE XREF: sub_41CC52+146�j
mov eax, ebx
dec eax
neg eax
sbb eax, eax
add eax, 0FFFFFFF5h
loc_41CDA9: ; CODE XREF: sub_41CC52+14B�j
push eax
call dword_421034
mov edi, eax
cmp edi, 0FFFFFFFFh
jz short loc_41CDCE
push edi
call dword_421030
test eax, eax
jz short loc_41CDCE
and eax, 0FFh
mov [esi], edi
cmp eax, 2
jnz short loc_41CDD4
loc_41CDCE: ; CODE XREF: sub_41CC52+163�j
; sub_41CC52+16E�j
or byte ptr [esi+4], 40h
jmp short loc_41CDE3
; ---------------------------------------------------------------------------
loc_41CDD4: ; CODE XREF: sub_41CC52+17A�j
cmp eax, 3
jnz short loc_41CDE3
or byte ptr [esi+4], 8
jmp short loc_41CDE3
; ---------------------------------------------------------------------------
loc_41CDDF: ; CODE XREF: sub_41CC52+13E�j
or byte ptr [esi+4], 80h
loc_41CDE3: ; CODE XREF: sub_41CC52+180�j
; sub_41CC52+185�j ...
inc ebx
cmp ebx, 3
jl short loc_41CD84
push dword_46A8C0
call dword_421038
pop edi
pop esi
pop ebp
pop ebx
add esp, 44h
retn
sub_41CC52 endp
; ---------------------------------------------------------------------------
align 10h
push esi
inc ebx
xor dh, [eax]
pop eax
inc ebx
xor [eax], dh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CE08 proc near ; DATA XREF: .nsp0:00417B02�o
; sub_41A69A+A�o ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
cld
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
test dword ptr [eax+4], 6
jnz loc_41CEA8
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_41CE3B: ; CODE XREF: sub_41CE08+90�j
cmp esi, 0FFFFFFFFh
jz short loc_41CEA1
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_41CE8F
push esi
push ebp
lea ebp, [ebx+10h]
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_41CE8F
js short loc_41CE9A
mov edi, [ebx+8]
push ebx
call sub_416368
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_4163AA
add esp, 8
lea ecx, [esi+esi*2]
push 1
mov eax, [edi+ecx*4+8]
call sub_41643E
mov eax, [edi+ecx*4]
mov [ebx+0Ch], eax
call dword ptr [edi+ecx*4+8]
loc_41CE8F: ; CODE XREF: sub_41CE08+40�j
; sub_41CE08+52�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp short loc_41CE3B
; ---------------------------------------------------------------------------
loc_41CE9A: ; CODE XREF: sub_41CE08+54�j
mov eax, 0
jmp short loc_41CEBD
; ---------------------------------------------------------------------------
loc_41CEA1: ; CODE XREF: sub_41CE08+36�j
mov eax, 1
jmp short loc_41CEBD
; ---------------------------------------------------------------------------
loc_41CEA8: ; CODE XREF: sub_41CE08+18�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_4163AA
add esp, 8
pop ebp
mov eax, 1
loc_41CEBD: ; CODE XREF: sub_41CE08+97�j
; sub_41CE08+9E�j
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_41CE08 endp
; ---------------------------------------------------------------------------
push ebp
mov ecx, [esp+8]
mov ebp, [ecx]
mov eax, [ecx+1Ch]
push eax
mov eax, [ecx+18h]
push eax
call sub_4163AA
add esp, 8
pop ebp
retn 4
; =============== S U B R O U T I N E =======================================
sub_41CEE0 proc near ; CODE XREF: sub_417BEE+9�p
; sub_417C13+9�p
mov eax, dword_4694E8
cmp eax, 1
jz short loc_41CEF7
test eax, eax
jnz short locret_41CF18
cmp dword_437D64, 1
jnz short locret_41CF18
loc_41CEF7: ; CODE XREF: sub_41CEE0+8�j
push 0FCh
call sub_41CF19
mov eax, dword_469650
pop ecx
test eax, eax
jz short loc_41CF0D
call eax
loc_41CF0D: ; CODE XREF: sub_41CEE0+29�j
push 0FFh
call sub_41CF19
pop ecx
locret_41CF18: ; CODE XREF: sub_41CEE0+C�j
; sub_41CEE0+15�j
retn
sub_41CEE0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41CF19 proc near ; CODE XREF: sub_417BEE+12�p
; sub_417C13+12�p ...
var_1A4 = byte ptr -1A4h
var_A0 = byte ptr -0A0h
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1A4h
mov edx, [ebp+arg_0]
xor ecx, ecx
mov eax, offset dword_4383D8
loc_41CF2C: ; CODE XREF: sub_41CF19+20�j
cmp edx, [eax]
jz short loc_41CF3B
add eax, 8
inc ecx
cmp eax, offset dword_438468
jl short loc_41CF2C
loc_41CF3B: ; CODE XREF: sub_41CF19+15�j
push esi
mov esi, ecx
shl esi, 3
cmp edx, dword_4383D8[esi]
jnz loc_41D069
mov eax, dword_4694E8
cmp eax, 1
jz loc_41D043
test eax, eax
jnz short loc_41CF6C
cmp dword_437D64, 1
jz loc_41D043
loc_41CF6C: ; CODE XREF: sub_41CF19+44�j
cmp edx, 0FCh
jz loc_41D069
lea eax, [ebp+var_1A4]
push 104h
push eax
push 0
call dword_42107C
test eax, eax
jnz short loc_41CFA3
lea eax, [ebp+var_1A4]
push offset dword_421B64
push eax
call sub_415C00
pop ecx
pop ecx
loc_41CFA3: ; CODE XREF: sub_41CF19+75�j
lea eax, [ebp+var_1A4]
push edi
push eax
lea edi, [ebp+var_1A4]
call sub_415CF0
inc eax
pop ecx
cmp eax, 3Ch
jbe short loc_41CFE6
lea eax, [ebp+var_1A4]
push eax
call sub_415CF0
mov edi, eax
lea eax, [ebp+var_1A4]
sub eax, 3Bh
push 3
add edi, eax
push offset dword_421B60
push edi
call sub_416D40
add esp, 10h
loc_41CFE6: ; CODE XREF: sub_41CF19+A2�j
lea eax, [ebp+var_A0]
push offset dword_421B44
push eax
call sub_415C00
lea eax, [ebp+var_A0]
push edi
push eax
call sub_415C10
lea eax, [ebp+var_A0]
push offset dword_421B40
push eax
call sub_415C10
push dword_4383DC[esi]
lea eax, [ebp+var_A0]
push eax
call sub_415C10
push 12010h
lea eax, [ebp+var_A0]
push offset dword_421B18
push eax
call near ptr word_41E6EE
add esp, 2Ch
pop edi
jmp short loc_41D069
; ---------------------------------------------------------------------------
loc_41D043: ; CODE XREF: sub_41CF19+3C�j
; sub_41CF19+4D�j
lea eax, [ebp+arg_0]
lea esi, dword_4383DC[esi]
push 0
push eax
push dword ptr [esi]
call sub_415CF0
pop ecx
push eax
push dword ptr [esi]
push 0FFFFFFF4h
call dword_421034
push eax
call dword_421070
loc_41D069: ; CODE XREF: sub_41CF19+2E�j
; sub_41CF19+59�j ...
pop esi
leave
retn
sub_41CF19 endp
; =============== S U B R O U T I N E =======================================
sub_41D06C proc near ; CODE XREF: sub_417C37+6C�p
; sub_41B8B0+32�p
arg_0 = dword ptr 4
inc dword_469654
push 1000h
call sub_415DC9
pop ecx
mov ecx, [esp+arg_0]
test eax, eax
mov [ecx+8], eax
jz short loc_41D095
or dword ptr [ecx+0Ch], 8
mov dword ptr [ecx+18h], 1000h
jmp short loc_41D0A6
; ---------------------------------------------------------------------------
loc_41D095: ; CODE XREF: sub_41D06C+1A�j
or dword ptr [ecx+0Ch], 4
lea eax, [ecx+14h]
mov [ecx+8], eax
mov dword ptr [ecx+18h], 2
loc_41D0A6: ; CODE XREF: sub_41D06C+27�j
mov eax, [ecx+8]
and dword ptr [ecx+4], 0
mov [ecx], eax
retn
sub_41D06C endp
; =============== S U B R O U T I N E =======================================
sub_41D0B0 proc near ; CODE XREF: sub_417C37+61�p
; sub_4187B6+8�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_46A8C0
jb short loc_41D0BF
xor eax, eax
retn
; ---------------------------------------------------------------------------
loc_41D0BF: ; CODE XREF: sub_41D0B0+A�j
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_46A7C0[ecx*4]
mov al, [ecx+eax*8+4]
and eax, 40h
retn
sub_41D0B0 endp
; ---------------------------------------------------------------------------
mov eax, dword_46A7A0
push esi
push 14h
test eax, eax
pop esi
jnz short loc_41D0EA
mov eax, 200h
jmp short loc_41D0F0
; ---------------------------------------------------------------------------
loc_41D0EA: ; CODE XREF: .nsp0:0041D0E1�j
cmp eax, esi
jge short loc_41D0F5
mov eax, esi
loc_41D0F0: ; CODE XREF: .nsp0:0041D0E8�j
mov dword_46A7A0, eax
loc_41D0F5: ; CODE XREF: .nsp0:0041D0EC�j
push 4
push eax
call near ptr byte_41E777
pop ecx
mov dword_469780, eax
test eax, eax
pop ecx
jnz short loc_41D129
push 4
push esi
mov dword_46A7A0, esi
call near ptr byte_41E777
pop ecx
mov dword_469780, eax
test eax, eax
pop ecx
jnz short loc_41D129
push 1Ah
call sub_417BEE
pop ecx
loc_41D129: ; CODE XREF: .nsp0:0041D106�j
; .nsp0:0041D11F�j
xor ecx, ecx
mov eax, offset dword_438468
loc_41D130: ; CODE XREF: .nsp0:0041D144�j
mov edx, dword_469780
mov [ecx+edx], eax
add eax, 20h
add ecx, 4
cmp eax, offset dword_4386E8
jl short loc_41D130
xor edx, edx
mov ecx, offset dword_438478
loc_41D14D: ; CODE XREF: .nsp0:0041D177�j
mov eax, edx
mov esi, edx
sar eax, 5
and esi, 1Fh
mov eax, dword_46A7C0[eax*4]
mov eax, [eax+esi*8]
cmp eax, 0FFFFFFFFh
jz short loc_41D16A
test eax, eax
jnz short loc_41D16D
loc_41D16A: ; CODE XREF: .nsp0:0041D164�j
or dword ptr [ecx], 0FFFFFFFFh
loc_41D16D: ; CODE XREF: .nsp0:0041D168�j
add ecx, 20h
inc edx
cmp ecx, offset dword_4384D8
jl short loc_41D14D
pop esi
retn
; ---------------------------------------------------------------------------
call sub_418740
cmp byte_4694D4, 0
jz short locret_41D18E
jmp near ptr dword_41E7F4
; ---------------------------------------------------------------------------
locret_41D18E: ; CODE XREF: .nsp0:0041D187�j
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D18F proc near ; CODE XREF: sub_417D4C+2D4�p
; sub_417D4C+6B3�p
arg_0 = dword ptr 8
arg_4 = word ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
test eax, eax
jnz short loc_41D19B
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41D19B: ; CODE XREF: sub_41D18F+8�j
cmp dword_469528, 0
jnz short loc_41D1B6
mov cx, [ebp+arg_4]
cmp cx, 0FFh
ja short loc_41D1E8
push 1
mov [eax], cl
pop eax
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41D1B6: ; CODE XREF: sub_41D18F+13�j
lea ecx, [ebp+arg_0]
and [ebp+arg_0], 0
push ecx
push 0
push dword_437F7C
push eax
lea eax, [ebp+arg_4]
push 1
push eax
push 220h
push dword_469538
call dword_421138
test eax, eax
jz short loc_41D1E8
cmp [ebp+arg_0], 0
jz short loc_41D1F5
loc_41D1E8: ; CODE XREF: sub_41D18F+1E�j
; sub_41D18F+51�j
mov dword_469494, 2Ah
or eax, 0FFFFFFFFh
loc_41D1F5: ; CODE XREF: sub_41D18F+57�j
pop ebp
retn
sub_41D18F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D1F7 proc near ; CODE XREF: sub_418556+5E�p
; sub_41C1FF+9A�p
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_421B80
push offset sub_41CE08
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 18h
push ebx
push esi
push edi
mov [ebp+var_18], esp
mov eax, dword_469658
xor ebx, ebx
cmp eax, ebx
jnz short loc_41D266
lea eax, [ebp+var_1C]
push eax
push 1
pop esi
push esi
push offset dword_421870
push esi
call dword_421028
test eax, eax
jz short loc_41D244
mov eax, esi
jmp short loc_41D261
; ---------------------------------------------------------------------------
loc_41D244: ; CODE XREF: sub_41D1F7+47�j
lea eax, [ebp+var_1C]
push eax
push esi
push offset dword_438FD4
push esi
push ebx
call dword_42102C
test eax, eax
jz loc_41D32C
push 2
pop eax
loc_41D261: ; CODE XREF: sub_41D1F7+4B�j
mov dword_469658, eax
loc_41D266: ; CODE XREF: sub_41D1F7+2F�j
cmp eax, 2
jnz short loc_41D28F
mov eax, [ebp+arg_14]
cmp eax, ebx
jnz short loc_41D277
mov eax, dword_469528
loc_41D277: ; CODE XREF: sub_41D1F7+79�j
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push eax
call dword_42102C
jmp loc_41D32E
; ---------------------------------------------------------------------------
loc_41D28F: ; CODE XREF: sub_41D1F7+72�j
cmp eax, 1
jnz loc_41D32C
cmp [ebp+arg_10], ebx
jnz short loc_41D2A5
mov eax, dword_469538
mov [ebp+arg_10], eax
loc_41D2A5: ; CODE XREF: sub_41D1F7+A4�j
push ebx
push ebx
push [ebp+arg_8]
push [ebp+arg_4]
mov eax, [ebp+arg_18]
neg eax
sbb eax, eax
and eax, 8
inc eax
push eax
push [ebp+arg_10]
call dword_421064
mov [ebp+var_20], eax
cmp eax, ebx
jz short loc_41D32C
mov [ebp+var_4], ebx
lea edi, [eax+eax]
mov eax, edi
add eax, 3
and al, 0FCh
call sub_415D70
mov [ebp+var_18], esp
mov esi, esp
mov [ebp+var_24], esi
push edi
push ebx
push esi
call sub_415570
add esp, 0Ch
jmp short loc_41D2FB
; ---------------------------------------------------------------------------
push 1
pop eax
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
xor ebx, ebx
xor esi, esi
loc_41D2FB: ; CODE XREF: sub_41D1F7+F7�j
or [ebp+var_4], 0FFFFFFFFh
cmp esi, ebx
jz short loc_41D32C
push [ebp+var_20]
push esi
push [ebp+arg_8]
push [ebp+arg_4]
push 1
push [ebp+arg_10]
call dword_421064
cmp eax, ebx
jz short loc_41D32C
push [ebp+arg_C]
push eax
push esi
push [ebp+arg_0]
call dword_421028
jmp short loc_41D32E
; ---------------------------------------------------------------------------
loc_41D32C: ; CODE XREF: sub_41D1F7+61�j
; sub_41D1F7+9B�j ...
xor eax, eax
loc_41D32E: ; CODE XREF: sub_41D1F7+93�j
; sub_41D1F7+133�j
lea esp, [ebp-34h]
mov ecx, [ebp+var_10]
mov large fs:0, ecx
pop edi
pop esi
pop ebx
leave
retn
sub_41D1F7 endp
; =============== S U B R O U T I N E =======================================
sub_41D340 proc near ; CODE XREF: sub_41D55A:loc_41D6D2�p
push ebx
push esi
push edi
or ebx, 0FFFFFFFFh
xor edi, edi
xor esi, esi
mov ecx, offset dword_46A7C0
loc_41D34F: ; CODE XREF: sub_41D340+48�j
mov eax, [ecx]
test eax, eax
jz short loc_41D38C
lea edx, [eax+100h]
loc_41D35B: ; CODE XREF: sub_41D340+28�j
cmp eax, edx
jnb short loc_41D37B
test byte ptr [eax+4], 1
jz short loc_41D36A
add eax, 8
jmp short loc_41D35B
; ---------------------------------------------------------------------------
loc_41D36A: ; CODE XREF: sub_41D340+23�j
or dword ptr [eax], 0FFFFFFFFh
sub eax, [ecx]
sar eax, 3
add eax, esi
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jnz short loc_41D3CF
loc_41D37B: ; CODE XREF: sub_41D340+1D�j
add ecx, 4
inc edi
add esi, 20h
cmp ecx, offset dword_46A8C0
jl short loc_41D34F
jmp short loc_41D3CF
; ---------------------------------------------------------------------------
loc_41D38C: ; CODE XREF: sub_41D340+13�j
mov esi, 100h
push esi
call sub_415DC9
test eax, eax
pop ecx
jz short loc_41D3CF
add dword_46A8C0, 20h
lea ecx, ds:46A7C0h[edi*4]
lea edx, [eax+100h]
mov [ecx], eax
loc_41D3B2: ; CODE XREF: sub_41D340+88�j
cmp eax, edx
jnb short loc_41D3CA
and byte ptr [eax+4], 0
or dword ptr [eax], 0FFFFFFFFh
mov byte ptr [eax+5], 0Ah
mov edx, [ecx]
add eax, 8
add edx, esi
jmp short loc_41D3B2
; ---------------------------------------------------------------------------
loc_41D3CA: ; CODE XREF: sub_41D340+74�j
shl edi, 5
mov ebx, edi
loc_41D3CF: ; CODE XREF: sub_41D340+39�j
; sub_41D340+4A�j ...
pop edi
mov eax, ebx
pop esi
pop ebx
retn
sub_41D340 endp
; =============== S U B R O U T I N E =======================================
sub_41D3D5 proc near ; CODE XREF: sub_41D55A+1F4�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_0]
push esi
cmp eax, dword_46A8C0
push edi
jnb short loc_41D435
mov ecx, eax
mov esi, eax
sar ecx, 5
and esi, 1Fh
lea edi, ds:46A7C0h[ecx*4]
shl esi, 3
mov ecx, [edi]
cmp dword ptr [ecx+esi], 0FFFFFFFFh
jnz short loc_41D435
cmp dword_437D64, 1
push ebx
mov ebx, [esp+0Ch+arg_4]
jnz short loc_41D42B
sub eax, 0
jz short loc_41D422
dec eax
jz short loc_41D41D
dec eax
jnz short loc_41D42B
push ebx
push 0FFFFFFF4h
jmp short loc_41D425
; ---------------------------------------------------------------------------
loc_41D41D: ; CODE XREF: sub_41D3D5+3E�j
push ebx
push 0FFFFFFF5h
jmp short loc_41D425
; ---------------------------------------------------------------------------
loc_41D422: ; CODE XREF: sub_41D3D5+3B�j
push ebx
push 0FFFFFFF6h
loc_41D425: ; CODE XREF: sub_41D3D5+46�j
; sub_41D3D5+4B�j
call dword_421024
loc_41D42B: ; CODE XREF: sub_41D3D5+36�j
; sub_41D3D5+41�j
mov eax, [edi]
mov [eax+esi], ebx
xor eax, eax
pop ebx
jmp short loc_41D449
; ---------------------------------------------------------------------------
loc_41D435: ; CODE XREF: sub_41D3D5+C�j
; sub_41D3D5+28�j
and dword_469498, 0
mov dword_469494, 9
or eax, 0FFFFFFFFh
loc_41D449: ; CODE XREF: sub_41D3D5+5E�j
pop edi
pop esi
retn
sub_41D3D5 endp
; =============== S U B R O U T I N E =======================================
sub_41D44C proc near ; CODE XREF: sub_4185CB+7C�p
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
cmp ecx, dword_46A8C0
push edi
jnb short loc_41D4AF
mov eax, ecx
mov esi, ecx
sar eax, 5
and esi, 1Fh
lea edi, ds:46A7C0h[eax*4]
shl esi, 3
mov eax, [edi]
add eax, esi
test byte ptr [eax+4], 1
jz short loc_41D4AF
cmp dword ptr [eax], 0FFFFFFFFh
jz short loc_41D4AF
cmp dword_437D64, 1
jnz short loc_41D4A5
xor eax, eax
sub ecx, eax
jz short loc_41D49C
dec ecx
jz short loc_41D497
dec ecx
jnz short loc_41D4A5
push eax
push 0FFFFFFF4h
jmp short loc_41D49F
; ---------------------------------------------------------------------------
loc_41D497: ; CODE XREF: sub_41D44C+41�j
push eax
push 0FFFFFFF5h
jmp short loc_41D49F
; ---------------------------------------------------------------------------
loc_41D49C: ; CODE XREF: sub_41D44C+3E�j
push eax
push 0FFFFFFF6h
loc_41D49F: ; CODE XREF: sub_41D44C+49�j
; sub_41D44C+4E�j
call dword_421024
loc_41D4A5: ; CODE XREF: sub_41D44C+38�j
; sub_41D44C+44�j
mov eax, [edi]
or dword ptr [eax+esi], 0FFFFFFFFh
xor eax, eax
jmp short loc_41D4C3
; ---------------------------------------------------------------------------
loc_41D4AF: ; CODE XREF: sub_41D44C+C�j
; sub_41D44C+2A�j ...
and dword_469498, 0
mov dword_469494, 9
or eax, 0FFFFFFFFh
loc_41D4C3: ; CODE XREF: sub_41D44C+61�j
pop edi
pop esi
retn
sub_41D44C endp
; =============== S U B R O U T I N E =======================================
sub_41D4C6 proc near ; CODE XREF: sub_4185CB+32�p
; sub_4185CB+49�p ...
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_46A8C0
jnb short loc_41D4EE
mov ecx, eax
and eax, 1Fh
sar ecx, 5
mov ecx, dword_46A7C0[ecx*4]
test byte ptr [ecx+eax*8+4], 1
lea eax, [ecx+eax*8]
jz short loc_41D4EE
mov eax, [eax]
retn
; ---------------------------------------------------------------------------
loc_41D4EE: ; CODE XREF: sub_41D4C6+A�j
; sub_41D4C6+23�j
and dword_469498, 0
mov dword_469494, 9
or eax, 0FFFFFFFFh
retn
sub_41D4C6 endp
; =============== S U B R O U T I N E =======================================
sub_41D503 proc near ; CODE XREF: sub_4186A9+2B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
cmp eax, dword_46A8C0
jnb short loc_41D54C
mov ecx, eax
mov edx, eax
sar ecx, 5
and edx, 1Fh
mov ecx, dword_46A7C0[ecx*4]
test byte ptr [ecx+edx*8+4], 1
jz short loc_41D54C
push eax
call sub_41D4C6
pop ecx
push eax
call dword_421020
test eax, eax
jnz short loc_41D541
call dword_421088
jmp short loc_41D543
; ---------------------------------------------------------------------------
loc_41D541: ; CODE XREF: sub_41D503+34�j
xor eax, eax
loc_41D543: ; CODE XREF: sub_41D503+3C�j
test eax, eax
jz short locret_41D559
mov dword_469498, eax
loc_41D54C: ; CODE XREF: sub_41D503+A�j
; sub_41D503+22�j
mov dword_469494, 9
or eax, 0FFFFFFFFh
locret_41D559: ; CODE XREF: sub_41D503+42�j
retn
sub_41D503 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D55A proc near ; CODE XREF: sub_418880+13F�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
mov ecx, [ebp+arg_4]
push ebx
xor ebx, ebx
push esi
test cl, 80h
push edi
mov [ebp+var_1C], 0Ch
mov [ebp+var_18], ebx
jz short loc_41D580
mov [ebp+var_14], ebx
mov [ebp+var_1], 10h
jmp short loc_41D58B
; ---------------------------------------------------------------------------
loc_41D580: ; CODE XREF: sub_41D55A+1B�j
and [ebp+var_1], 0
mov [ebp+var_14], 1
loc_41D58B: ; CODE XREF: sub_41D55A+24�j
mov eax, 8000h
test ecx, eax
jnz short loc_41D5A5
test ch, 40h
jnz short loc_41D5A1
cmp dword_469760, eax
jz short loc_41D5A5
loc_41D5A1: ; CODE XREF: sub_41D55A+3D�j
or [ebp+var_1], 80h
loc_41D5A5: ; CODE XREF: sub_41D55A+38�j
; sub_41D55A+45�j
push 3
mov eax, ecx
pop esi
and eax, esi
sub eax, ebx
jz short loc_41D5DD
dec eax
jz short loc_41D5D4
dec eax
jz short loc_41D5CB
loc_41D5B6: ; CODE XREF: sub_41D55A+9F�j
; sub_41D55A+E8�j ...
mov dword_469494, 16h
mov dword_469498, ebx
jmp loc_41D7F0
; ---------------------------------------------------------------------------
loc_41D5CB: ; CODE XREF: sub_41D55A+5A�j
mov [ebp+var_C], 0C0000000h
jmp short loc_41D5E4
; ---------------------------------------------------------------------------
loc_41D5D4: ; CODE XREF: sub_41D55A+57�j
mov [ebp+var_C], 40000000h
jmp short loc_41D5E4
; ---------------------------------------------------------------------------
loc_41D5DD: ; CODE XREF: sub_41D55A+54�j
mov [ebp+var_C], 80000000h
loc_41D5E4: ; CODE XREF: sub_41D55A+78�j
; sub_41D55A+81�j
mov eax, [ebp+arg_8]
cmp eax, 10h
jz short loc_41D612
cmp eax, 20h
jz short loc_41D609
cmp eax, 30h
jz short loc_41D600
cmp eax, 40h
jnz short loc_41D5B6
mov [ebp+var_10], esi
jmp short loc_41D615
; ---------------------------------------------------------------------------
loc_41D600: ; CODE XREF: sub_41D55A+9A�j
mov [ebp+var_10], 2
jmp short loc_41D615
; ---------------------------------------------------------------------------
loc_41D609: ; CODE XREF: sub_41D55A+95�j
mov [ebp+var_10], 1
jmp short loc_41D615
; ---------------------------------------------------------------------------
loc_41D612: ; CODE XREF: sub_41D55A+90�j
mov [ebp+var_10], ebx
loc_41D615: ; CODE XREF: sub_41D55A+A4�j
; sub_41D55A+AD�j ...
mov edx, 700h
mov eax, 400h
and ecx, edx
mov edi, 100h
cmp ecx, eax
jg short loc_41D65F
jz short loc_41D65A
cmp ecx, ebx
jz short loc_41D65A
cmp ecx, edi
jz short loc_41D651
cmp ecx, 200h
jz short loc_41D678
cmp ecx, 300h
jnz loc_41D5B6
mov [ebp+var_8], 2
jmp short loc_41D688
; ---------------------------------------------------------------------------
loc_41D651: ; CODE XREF: sub_41D55A+D8�j
mov [ebp+var_8], 4
jmp short loc_41D688
; ---------------------------------------------------------------------------
loc_41D65A: ; CODE XREF: sub_41D55A+D0�j
; sub_41D55A+D4�j
mov [ebp+var_8], esi
jmp short loc_41D688
; ---------------------------------------------------------------------------
loc_41D65F: ; CODE XREF: sub_41D55A+CE�j
cmp ecx, 500h
jz short loc_41D681
cmp ecx, 600h
jz short loc_41D678
cmp ecx, edx
jz short loc_41D681
jmp loc_41D5B6
; ---------------------------------------------------------------------------
loc_41D678: ; CODE XREF: sub_41D55A+E0�j
; sub_41D55A+113�j
mov [ebp+var_8], 5
jmp short loc_41D688
; ---------------------------------------------------------------------------
loc_41D681: ; CODE XREF: sub_41D55A+10B�j
; sub_41D55A+117�j
mov [ebp+var_8], 1
loc_41D688: ; CODE XREF: sub_41D55A+F5�j
; sub_41D55A+FE�j ...
mov eax, [ebp+arg_4]
mov esi, 80h
test eax, edi
jz short loc_41D6A7
mov ecx, dword_46949C
not ecx
and ecx, [ebp+arg_C]
test cl, 80h
jnz short loc_41D6A7
push 1
pop esi
loc_41D6A7: ; CODE XREF: sub_41D55A+138�j
; sub_41D55A+148�j
test al, 40h
jz short loc_41D6B5
or esi, 4000000h
or byte ptr [ebp+var_C+2], 1
loc_41D6B5: ; CODE XREF: sub_41D55A+14F�j
test ah, 10h
jz short loc_41D6BC
or esi, edi
loc_41D6BC: ; CODE XREF: sub_41D55A+15E�j
test al, 20h
jz short loc_41D6C8
or esi, 8000000h
jmp short loc_41D6D2
; ---------------------------------------------------------------------------
loc_41D6C8: ; CODE XREF: sub_41D55A+164�j
test al, 10h
jz short loc_41D6D2
or esi, 10000000h
loc_41D6D2: ; CODE XREF: sub_41D55A+16C�j
; sub_41D55A+170�j
call sub_41D340
mov ebx, eax
or edi, 0FFFFFFFFh
cmp ebx, edi
jnz short loc_41D6F3
and dword_469498, 0
mov dword_469494, 18h
jmp short loc_41D731
; ---------------------------------------------------------------------------
loc_41D6F3: ; CODE XREF: sub_41D55A+184�j
push 0
push esi
push [ebp+var_8]
lea eax, [ebp+var_1C]
push eax
push [ebp+var_10]
push [ebp+var_C]
push [ebp+arg_0]
call dword_421078
mov esi, eax
cmp esi, edi
jz short loc_41D724
push esi
call dword_421030
test eax, eax
jnz short loc_41D738
push esi
call dword_42106C
loc_41D724: ; CODE XREF: sub_41D55A+1B6�j
call dword_421088
push eax
call sub_41C5D7
pop ecx
loc_41D731: ; CODE XREF: sub_41D55A+197�j
mov eax, edi
jmp loc_41D80E
; ---------------------------------------------------------------------------
loc_41D738: ; CODE XREF: sub_41D55A+1C1�j
cmp eax, 2
jnz short loc_41D743
or [ebp+var_1], 40h
jmp short loc_41D74C
; ---------------------------------------------------------------------------
loc_41D743: ; CODE XREF: sub_41D55A+1E1�j
cmp eax, 3
jnz short loc_41D74C
or [ebp+var_1], 8
loc_41D74C: ; CODE XREF: sub_41D55A+1E7�j
; sub_41D55A+1EC�j
push esi
push ebx
call sub_41D3D5
pop ecx
mov al, [ebp+var_1]
pop ecx
mov esi, ebx
mov ecx, ebx
or al, 1
sar ecx, 5
and esi, 1Fh
mov byte ptr [ebp+arg_0+3], al
lea edi, ds:46A7C0h[ecx*4]
shl esi, 3
mov ecx, [edi]
and byte ptr [ebp+arg_0+3], 48h
mov [ecx+esi+4], al
jnz short loc_41D7F5
test al, 80h
jz short loc_41D7F5
test byte ptr [ebp+arg_4], 2
jz short loc_41D7F5
push 2
push 0FFFFFFFFh
push ebx
call sub_41BB7F
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [ebp+var_10], eax
jnz short loc_41D7AA
cmp dword_469498, 83h
jz short loc_41D7F5
jmp short loc_41D7E9
; ---------------------------------------------------------------------------
loc_41D7AA: ; CODE XREF: sub_41D55A+240�j
and byte ptr [ebp+arg_8+3], 0
lea eax, [ebp+arg_8+3]
push 1
push eax
push ebx
call sub_41B989
add esp, 0Ch
test eax, eax
jnz short loc_41D7D7
cmp byte ptr [ebp+arg_8+3], 1Ah
jnz short loc_41D7D7
push [ebp+var_10]
push ebx
call near ptr dword_41E84C
pop ecx
cmp eax, 0FFFFFFFFh
pop ecx
jz short loc_41D7E9
loc_41D7D7: ; CODE XREF: sub_41D55A+265�j
; sub_41D55A+26B�j
push 0
push 0
push ebx
call sub_41BB7F
add esp, 0Ch
cmp eax, 0FFFFFFFFh
jnz short loc_41D7F5
loc_41D7E9: ; CODE XREF: sub_41D55A+24E�j
; sub_41D55A+27B�j
push ebx
call sub_4185CB
pop ecx
loc_41D7F0: ; CODE XREF: sub_41D55A+6C�j
or eax, 0FFFFFFFFh
jmp short loc_41D80E
; ---------------------------------------------------------------------------
loc_41D7F5: ; CODE XREF: sub_41D55A+221�j
; sub_41D55A+225�j ...
cmp byte ptr [ebp+arg_0+3], 0
jnz short loc_41D80C
test byte ptr [ebp+arg_4], 8
jz short loc_41D80C
mov eax, [edi]
or byte ptr [eax+esi+4], 20h
lea eax, [eax+esi+4]
loc_41D80C: ; CODE XREF: sub_41D55A+29F�j
; sub_41D55A+2A5�j
mov eax, ebx
loc_41D80E: ; CODE XREF: sub_41D55A+1D9�j
; sub_41D55A+299�j
pop edi
pop esi
pop ebx
leave
retn
sub_41D55A endp
; =============== S U B R O U T I N E =======================================
sub_41D813 proc near ; CODE XREF: sub_419BB3+52�p
xor eax, eax
retn
sub_41D813 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41D816 proc near ; CODE XREF: sub_41D84B+E�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
fstcw word ptr [ebp+var_4]
push [ebp+var_4]
call sub_41D861
mov esi, eax
mov eax, [ebp+arg_4]
not eax
and esi, eax
mov eax, [ebp+arg_0]
and eax, [ebp+arg_4]
or esi, eax
push esi
call sub_41D8F3
pop ecx
mov [ebp+arg_4], eax
pop ecx
fldcw word ptr [ebp+arg_4]
mov eax, esi
pop esi
leave
retn
sub_41D816 endp
; =============== S U B R O U T I N E =======================================
sub_41D84B proc near ; CODE XREF: sub_419E9F+A�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
and eax, 0FFF7FFFFh
push eax
push [esp+4+arg_0]
call sub_41D816
pop ecx
pop ecx
retn
sub_41D84B endp
; =============== S U B R O U T I N E =======================================
sub_41D861 proc near ; CODE XREF: sub_41D816+C�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push ebp
test bl, 1
push edi
jz short loc_41D872
push 10h
pop eax
loc_41D872: ; CODE XREF: sub_41D861+C�j
test bl, 4
jz short loc_41D879
or al, 8
loc_41D879: ; CODE XREF: sub_41D861+14�j
test bl, 8
jz short loc_41D880
or al, 4
loc_41D880: ; CODE XREF: sub_41D861+1B�j
test bl, 10h
jz short loc_41D887
or al, 2
loc_41D887: ; CODE XREF: sub_41D861+22�j
test bl, 20h
jz short loc_41D88E
or al, 1
loc_41D88E: ; CODE XREF: sub_41D861+29�j
test bl, 2
jz short loc_41D898
or eax, 80000h
loc_41D898: ; CODE XREF: sub_41D861+30�j
movzx ecx, bx
push esi
mov edx, ecx
mov esi, 0C00h
mov edi, 300h
and edx, esi
mov ebp, 200h
jz short loc_41D8D0
cmp edx, 400h
jz short loc_41D8CD
cmp edx, 800h
jz short loc_41D8C9
cmp edx, esi
jnz short loc_41D8D0
or eax, edi
jmp short loc_41D8D0
; ---------------------------------------------------------------------------
loc_41D8C9: ; CODE XREF: sub_41D861+5E�j
or eax, ebp
jmp short loc_41D8D0
; ---------------------------------------------------------------------------
loc_41D8CD: ; CODE XREF: sub_41D861+56�j
or ah, 1
loc_41D8D0: ; CODE XREF: sub_41D861+4E�j
; sub_41D861+62�j ...
and ecx, edi
pop esi
jz short loc_41D8E0
cmp ecx, ebp
jnz short loc_41D8E5
or eax, 10000h
jmp short loc_41D8E5
; ---------------------------------------------------------------------------
loc_41D8E0: ; CODE XREF: sub_41D861+72�j
or eax, 20000h
loc_41D8E5: ; CODE XREF: sub_41D861+76�j
; sub_41D861+7D�j
pop edi
pop ebp
test bh, 10h
pop ebx
jz short locret_41D8F2
or eax, 40000h
locret_41D8F2: ; CODE XREF: sub_41D861+8A�j
retn
sub_41D861 endp
; =============== S U B R O U T I N E =======================================
sub_41D8F3 proc near ; CODE XREF: sub_41D816+23�p
arg_0 = dword ptr 4
push ebx
mov ebx, [esp+4+arg_0]
xor eax, eax
push esi
test bl, 10h
jz short loc_41D903
push 1
pop eax
loc_41D903: ; CODE XREF: sub_41D8F3+B�j
test bl, 8
jz short loc_41D90A
or al, 4
loc_41D90A: ; CODE XREF: sub_41D8F3+13�j
test bl, 4
jz short loc_41D911
or al, 8
loc_41D911: ; CODE XREF: sub_41D8F3+1A�j
test bl, 2
jz short loc_41D918
or al, 10h
loc_41D918: ; CODE XREF: sub_41D8F3+21�j
test bl, 1
jz short loc_41D91F
or al, 20h
loc_41D91F: ; CODE XREF: sub_41D8F3+28�j
test ebx, 80000h
jz short loc_41D929
or al, 2
loc_41D929: ; CODE XREF: sub_41D8F3+32�j
mov ecx, ebx
mov edx, 300h
and ecx, edx
mov esi, 200h
jz short loc_41D956
cmp ecx, 100h
jz short loc_41D953
cmp ecx, esi
jz short loc_41D94E
cmp ecx, edx
jnz short loc_41D956
or ah, 0Ch
jmp short loc_41D956
; ---------------------------------------------------------------------------
loc_41D94E: ; CODE XREF: sub_41D8F3+50�j
or ah, 8
jmp short loc_41D956
; ---------------------------------------------------------------------------
loc_41D953: ; CODE XREF: sub_41D8F3+4C�j
or ah, 4
loc_41D956: ; CODE XREF: sub_41D8F3+44�j
; sub_41D8F3+54�j ...
mov ecx, ebx
and ecx, 30000h
jz short loc_41D96C
cmp ecx, 10000h
jnz short loc_41D96E
or eax, esi
jmp short loc_41D96E
; ---------------------------------------------------------------------------
loc_41D96C: ; CODE XREF: sub_41D8F3+6B�j
or eax, edx
loc_41D96E: ; CODE XREF: sub_41D8F3+73�j
; sub_41D8F3+77�j
pop esi
test ebx, 40000h
pop ebx
jz short locret_41D97B
or ah, 10h
locret_41D97B: ; CODE XREF: sub_41D8F3+83�j
retn
sub_41D8F3 endp
; =============== S U B R O U T I N E =======================================
sub_41D97C proc near ; CODE XREF: sub_41DA1B+48�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push esi
push 20h
cdq
pop ecx
idiv ecx
push 1Fh
mov esi, eax
mov eax, [esp+8+arg_4]
cdq
idiv ecx
pop ecx
mov eax, [esp+4+arg_0]
sub ecx, edx
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [eax+esi*4], edx
jnz short loc_41D9C1
inc esi
cmp esi, 3
jge short loc_41D9BC
lea eax, [eax+esi*4]
loc_41D9AE: ; CODE XREF: sub_41D97C+3E�j
cmp dword ptr [eax], 0
jnz short loc_41D9C1
inc esi
add eax, 4
cmp esi, 3
jl short loc_41D9AE
loc_41D9BC: ; CODE XREF: sub_41D97C+2D�j
push 1
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_41D9C1: ; CODE XREF: sub_41D97C+27�j
; sub_41D97C+35�j
xor eax, eax
pop esi
retn
sub_41D97C endp
; =============== S U B R O U T I N E =======================================
sub_41D9C5 proc near ; CODE XREF: sub_41DA1B+57�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
push ebx
push esi
push edi
push 20h
mov ebx, [esp+10h+arg_0]
cdq
pop ecx
idiv ecx
mov esi, eax
mov eax, [esp+0Ch+arg_4]
cdq
idiv ecx
lea edi, [ebx+esi*4]
push edi
push 1Fh
pop ecx
push 1
pop eax
sub ecx, edx
shl eax, cl
push eax
push dword ptr [edi]
call near ptr word_41E992
add esp, 0Ch
dec esi
js short loc_41DA17
lea edi, [ebx+esi*4]
loc_41D9FE: ; CODE XREF: sub_41D9C5+50�j
test eax, eax
jz short loc_41DA17
push edi
push 1
push dword ptr [edi]
call near ptr word_41E992
add esp, 0Ch
dec esi
sub edi, 4
test esi, esi
jge short loc_41D9FE
loc_41DA17: ; CODE XREF: sub_41D9C5+34�j
; sub_41D9C5+3B�j
pop edi
pop esi
pop ebx
retn
sub_41D9C5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DA1B proc near ; CODE XREF: sub_41DB76+81�p
; sub_41DB76+CC�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ecx
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
lea edi, [eax-1]
push 20h
pop ecx
and [ebp+var_4], 0
lea ebx, [edi+1]
push 20h
mov eax, ebx
pop esi
cdq
idiv ecx
push 1Fh
mov ecx, eax
mov eax, ebx
cdq
idiv esi
mov eax, [ebp+arg_0]
pop esi
push 1
mov [ebp+var_8], ecx
lea eax, [eax+ecx*4]
mov [ebp+arg_4], eax
sub esi, edx
pop edx
mov ecx, esi
shl edx, cl
test [eax], edx
jz short loc_41DA7F
inc ebx
push ebx
push [ebp+arg_0]
call sub_41D97C
pop ecx
test eax, eax
pop ecx
jnz short loc_41DA7C
push edi
push [ebp+arg_0]
call sub_41D9C5
pop ecx
mov [ebp+var_4], eax
pop ecx
loc_41DA7C: ; CODE XREF: sub_41DA1B+51�j
mov eax, [ebp+arg_4]
loc_41DA7F: ; CODE XREF: sub_41DA1B+41�j
or edx, 0FFFFFFFFh
mov ecx, esi
shl edx, cl
push 3
pop ecx
and [eax], edx
mov eax, [ebp+var_8]
inc eax
cmp eax, ecx
jge short loc_41DA9F
mov edx, [ebp+arg_0]
sub ecx, eax
lea edi, [edx+eax*4]
xor eax, eax
rep stosd
loc_41DA9F: ; CODE XREF: sub_41DA1B+76�j
mov eax, [ebp+var_4]
pop edi
pop esi
pop ebx
leave
retn
sub_41DA1B endp
; =============== S U B R O U T I N E =======================================
sub_41DAA7 proc near ; CODE XREF: sub_41DB76+75�p
; sub_41DB76+B6�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov eax, [esp+arg_4]
mov ecx, [esp+arg_0]
push esi
push 3
sub ecx, eax
pop edx
loc_41DAB5: ; CODE XREF: sub_41DAA7+17�j
mov esi, [eax]
mov [ecx+eax], esi
add eax, 4
dec edx
jnz short loc_41DAB5
pop esi
retn
sub_41DAA7 endp
; =============== S U B R O U T I N E =======================================
sub_41DAC2 proc near ; CODE XREF: sub_41DB76+5F�p
; sub_41DB76+9E�p ...
arg_0 = dword ptr 4
push edi
mov edi, [esp+4+arg_0]
xor eax, eax
stosd
stosd
stosd
pop edi
retn
sub_41DAC2 endp
; =============== S U B R O U T I N E =======================================
sub_41DACE proc near ; CODE XREF: sub_41DB76+4D�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
xor ecx, ecx
loc_41DAD4: ; CODE XREF: sub_41DACE+12�j
cmp dword ptr [eax], 0
jnz short loc_41DAE6
inc ecx
add eax, 4
cmp ecx, 3
jl short loc_41DAD4
push 1
pop eax
retn
; ---------------------------------------------------------------------------
loc_41DAE6: ; CODE XREF: sub_41DACE+9�j
xor eax, eax
retn
sub_41DACE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DAE9 proc near ; CODE XREF: sub_41DB76+C0�p
; sub_41DB76+DA�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, [ebp+arg_4]
push ebx
push esi
push edi
push 20h
mov edi, [ebp+arg_0]
pop ebx
or esi, 0FFFFFFFFh
cdq
mov ecx, ebx
mov [ebp+var_4], 3
idiv ecx
mov [ebp+var_C], eax
mov eax, [ebp+arg_4]
cdq
idiv ecx
and [ebp+arg_4], 0
mov ecx, edx
shl esi, cl
sub ebx, edx
not esi
loc_41DB1F: ; CODE XREF: sub_41DAE9+58�j
mov eax, [edi]
mov ecx, eax
and ecx, esi
mov [ebp+var_8], ecx
mov ecx, edx
shr eax, cl
or eax, [ebp+arg_4]
mov [edi], eax
mov eax, [ebp+var_8]
mov ecx, ebx
add edi, 4
shl eax, cl
dec [ebp+var_4]
mov [ebp+arg_4], eax
jnz short loc_41DB1F
mov edi, [ebp+var_C]
push 2
pop ebx
mov esi, edi
push 8
pop ecx
shl esi, 2
loc_41DB51: ; CODE XREF: sub_41DAE9+86�j
cmp ebx, edi
jl short loc_41DB64
mov edx, [ebp+arg_0]
mov eax, ecx
sub eax, esi
mov eax, [eax+edx]
mov [ecx+edx], eax
jmp short loc_41DB6B
; ---------------------------------------------------------------------------
loc_41DB64: ; CODE XREF: sub_41DAE9+6A�j
mov eax, [ebp+arg_0]
and dword ptr [ecx+eax], 0
loc_41DB6B: ; CODE XREF: sub_41DAE9+79�j
dec ebx
sub ecx, 4
jns short loc_41DB51
pop edi
pop esi
pop ebx
leave
retn
sub_41DAE9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DB76 proc near ; CODE XREF: sub_41DCE2+D�p
; sub_41DCF8+D�p
var_18 = byte ptr -18h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
movzx ecx, word ptr [eax+0Ah]
mov ebx, ecx
and ecx, 8000h
mov [ebp+arg_0], ecx
mov ecx, [eax+6]
mov [ebp+var_C], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
mov edi, [ebp+arg_8]
and ebx, 7FFFh
sub ebx, 3FFFh
mov [ebp+var_8], ecx
shl eax, 10h
cmp ebx, 0FFFFC001h
mov [ebp+var_4], eax
jnz short loc_41DBE3
lea eax, [ebp+var_C]
xor esi, esi
push eax
call sub_41DACE
test eax, eax
pop ecx
jnz loc_41DCA2
lea eax, [ebp+var_C]
push eax
call sub_41DAC2
pop ecx
loc_41DBDB: ; CODE XREF: sub_41DB76+E4�j
push 2
loc_41DBDD: ; CODE XREF: sub_41DB76+110�j
pop eax
jmp loc_41DCA4
; ---------------------------------------------------------------------------
loc_41DBE3: ; CODE XREF: sub_41DB76+45�j
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_18]
push eax
call sub_41DAA7
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_41DA1B
add esp, 10h
test eax, eax
jz short loc_41DC04
inc ebx
loc_41DC04: ; CODE XREF: sub_41DB76+8B�j
mov eax, [edi+4]
mov ecx, eax
sub ecx, [edi+8]
cmp ebx, ecx
jge short loc_41DC1C
lea eax, [ebp+var_C]
push eax
call sub_41DAC2
pop ecx
jmp short loc_41DC58
; ---------------------------------------------------------------------------
loc_41DC1C: ; CODE XREF: sub_41DB76+98�j
cmp ebx, eax
jg short loc_41DC5F
sub eax, ebx
mov esi, eax
lea eax, [ebp+var_18]
push eax
lea eax, [ebp+var_C]
push eax
call sub_41DAA7
lea eax, [ebp+var_C]
push esi
push eax
call sub_41DAE9
push dword ptr [edi+8]
lea eax, [ebp+var_C]
push eax
call sub_41DA1B
mov eax, [edi+0Ch]
inc eax
push eax
lea eax, [ebp+var_C]
push eax
call sub_41DAE9
add esp, 20h
loc_41DC58: ; CODE XREF: sub_41DB76+A4�j
xor esi, esi
jmp loc_41DBDB
; ---------------------------------------------------------------------------
loc_41DC5F: ; CODE XREF: sub_41DB76+A8�j
cmp ebx, [edi]
jl short loc_41DC8B
lea eax, [ebp+var_C]
push eax
call sub_41DAC2
push dword ptr [edi+0Ch]
or byte ptr [ebp+var_C+3], 80h
lea eax, [ebp+var_C]
push eax
call sub_41DAE9
mov esi, [edi+14h]
add esp, 0Ch
add esi, [edi]
push 1
jmp loc_41DBDD
; ---------------------------------------------------------------------------
loc_41DC8B: ; CODE XREF: sub_41DB76+EB�j
push dword ptr [edi+0Ch]
mov esi, [edi+14h]
and byte ptr [ebp+var_C+3], 7Fh
lea eax, [ebp+var_C]
push eax
add esi, ebx
call sub_41DAE9
pop ecx
pop ecx
loc_41DCA2: ; CODE XREF: sub_41DB76+55�j
xor eax, eax
loc_41DCA4: ; CODE XREF: sub_41DB76+68�j
push 1Fh
pop ecx
sub ecx, [edi+0Ch]
mov edi, [edi+10h]
shl esi, cl
mov ecx, [ebp+arg_0]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or esi, ecx
or esi, [ebp+var_C]
cmp edi, 40h
jnz short loc_41DCD3
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_8]
mov [ecx+4], esi
mov [ecx], edx
jmp short loc_41DCDD
; ---------------------------------------------------------------------------
loc_41DCD3: ; CODE XREF: sub_41DB76+14E�j
cmp edi, 20h
jnz short loc_41DCDD
mov ecx, [ebp+arg_4]
mov [ecx], esi
loc_41DCDD: ; CODE XREF: sub_41DB76+15B�j
; sub_41DB76+160�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DB76 endp
; =============== S U B R O U T I N E =======================================
sub_41DCE2 proc near ; CODE XREF: sub_41DD0E+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_4386F0
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41DB76
add esp, 0Ch
retn
sub_41DCE2 endp
; =============== S U B R O U T I N E =======================================
sub_41DCF8 proc near ; CODE XREF: sub_41DD3B+23�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push offset dword_438708
push [esp+4+arg_4]
push [esp+8+arg_0]
call sub_41DB76
add esp, 0Ch
retn
sub_41DCF8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD0E proc near ; CODE XREF: sub_419FD8+12�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call near ptr byte_41EB33
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_41DCE2
add esp, 24h
leave
retn
sub_41DD0E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD3B proc near ; CODE XREF: sub_419FD8+2D�p
var_C = byte ptr -0Ch
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
xor eax, eax
push eax
push eax
push eax
push eax
push [ebp+arg_4]
lea eax, [ebp+arg_4]
push eax
lea eax, [ebp+var_C]
push eax
call near ptr byte_41EB33
push [ebp+arg_0]
lea eax, [ebp+var_C]
push eax
call sub_41DCF8
add esp, 24h
leave
retn
sub_41DD3B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DD68 proc near ; CODE XREF: sub_41A016+65�p
; sub_41A11A+63�p ...
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov edx, [ebp+arg_8]
push ebx
mov ebx, [ebp+arg_4]
push esi
mov esi, [ebp+arg_0]
mov ecx, [edx+0Ch]
push edi
lea edi, [esi+1]
mov byte ptr [esi], 30h
test ebx, ebx
mov eax, edi
jle short loc_41DDA5
mov [ebp+arg_0], ebx
xor ebx, ebx
loc_41DD8B: ; CODE XREF: sub_41DD68+38�j
mov dl, [ecx]
test dl, dl
jz short loc_41DD97
movsx edx, dl
inc ecx
jmp short loc_41DD9A
; ---------------------------------------------------------------------------
loc_41DD97: ; CODE XREF: sub_41DD68+27�j
push 30h
pop edx
loc_41DD9A: ; CODE XREF: sub_41DD68+2D�j
mov [eax], dl
inc eax
dec [ebp+arg_0]
jnz short loc_41DD8B
mov edx, [ebp+arg_8]
loc_41DDA5: ; CODE XREF: sub_41DD68+1C�j
and byte ptr [eax], 0
test ebx, ebx
jl short loc_41DDBE
cmp byte ptr [ecx], 35h
jl short loc_41DDBE
loc_41DDB1: ; CODE XREF: sub_41DD68+52�j
dec eax
cmp byte ptr [eax], 39h
jnz short loc_41DDBC
mov byte ptr [eax], 30h
jmp short loc_41DDB1
; ---------------------------------------------------------------------------
loc_41DDBC: ; CODE XREF: sub_41DD68+4D�j
inc byte ptr [eax]
loc_41DDBE: ; CODE XREF: sub_41DD68+42�j
; sub_41DD68+47�j
cmp byte ptr [esi], 31h
jnz short loc_41DDC8
inc dword ptr [edx+4]
jmp short loc_41DDDA
; ---------------------------------------------------------------------------
loc_41DDC8: ; CODE XREF: sub_41DD68+59�j
push edi
call sub_415CF0
inc eax
push eax
push edi
push esi
call sub_416490
add esp, 10h
loc_41DDDA: ; CODE XREF: sub_41DD68+5E�j
pop edi
pop esi
pop ebx
pop ebp
retn
sub_41DD68 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DDDF proc near ; CODE XREF: sub_41A016+3F�p
; sub_41A11A+46�p ...
var_C = byte ptr -0Ch
arg_0 = byte ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
lea eax, [ebp+arg_0]
push edi
push eax
lea eax, [ebp+var_C]
push eax
call sub_41DE43
pop ecx
lea esi, [ebp+var_C]
pop ecx
push offset word_469660
push 0
push 11h
sub esp, 0Ch
mov edi, esp
movsd
movsd
movsw
call near ptr dword_41F004
mov dword_469688, eax
add esp, 18h
movsx eax, byte_469662
mov dword_469680, eax
pop edi
movsx eax, word_469660
mov dword_469684, eax
mov dword_46968C, offset dword_469664
mov eax, offset dword_469680
pop esi
leave
retn
sub_41DDDF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41DE43 proc near ; CODE XREF: sub_41DDDF+10�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
mov edx, [ebp+arg_4]
push ebx
push esi
push edi
mov ax, [edx+6]
mov edi, 7FFh
mov ecx, eax
and eax, 8000h
shr ecx, 4
and ecx, edi
mov [ebp+arg_4], eax
mov eax, [edx+4]
mov edx, [edx]
movzx ebx, cx
mov esi, 80000000h
and eax, 0FFFFFh
test ebx, ebx
mov [ebp+var_4], esi
jz short loc_41DE91
cmp ebx, edi
jz short loc_41DE8A
lea edi, [ecx+3C00h]
jmp short loc_41DEB2
; ---------------------------------------------------------------------------
loc_41DE8A: ; CODE XREF: sub_41DE43+3D�j
mov edi, 7FFFh
jmp short loc_41DEB2
; ---------------------------------------------------------------------------
loc_41DE91: ; CODE XREF: sub_41DE43+39�j
xor ebx, ebx
cmp eax, ebx
jnz short loc_41DEA9
cmp edx, ebx
jnz short loc_41DEA9
mov eax, [ebp+arg_0]
mov [eax+4], ebx
mov [eax], ebx
mov [eax+8], bx
jmp short loc_41DEF4
; ---------------------------------------------------------------------------
loc_41DEA9: ; CODE XREF: sub_41DE43+52�j
; sub_41DE43+56�j
lea edi, [ecx+3C01h]
mov [ebp+var_4], ebx
loc_41DEB2: ; CODE XREF: sub_41DE43+45�j
; sub_41DE43+4C�j
mov ecx, edx
shr ecx, 15h
shl eax, 0Bh
or ecx, eax
mov eax, [ebp+arg_0]
or ecx, [ebp+var_4]
shl edx, 0Bh
mov [eax+4], ecx
mov [eax], edx
loc_41DECA: ; CODE XREF: sub_41DE43+A6�j
test ecx, esi
jnz short loc_41DEEB
mov edx, [eax]
add ecx, ecx
mov ebx, edx
shr ebx, 1Fh
or ebx, ecx
lea ecx, [edx+edx]
mov [eax], ecx
mov [eax+4], ebx
add edi, 0FFFFh
mov ecx, ebx
jmp short loc_41DECA
; ---------------------------------------------------------------------------
loc_41DEEB: ; CODE XREF: sub_41DE43+89�j
mov ecx, [ebp+arg_4]
or ecx, edi
mov [eax+8], cx
loc_41DEF4: ; CODE XREF: sub_41DE43+64�j
pop edi
pop esi
pop ebx
leave
retn
sub_41DE43 endp
; ---------------------------------------------------------------------------
push 2
call sub_417BEE
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41DF02: ; DATA XREF: .nsp0:0041DF48�o
push esi
mov esi, [esp+8]
mov eax, [esi]
cmp dword ptr [eax], 0E06D7363h
jnz short loc_41DF25
cmp dword ptr [eax+10h], 3
jnz short loc_41DF25
cmp dword ptr [eax+14h], 19930520h
jnz short loc_41DF25
jmp sub_41AB9C
; ---------------------------------------------------------------------------
loc_41DF25: ; CODE XREF: .nsp0:0041DF0F�j
; .nsp0:0041DF15�j ...
mov eax, dword_469690
test eax, eax
jz short loc_41DF42
push eax
call sub_41DF9E
test eax, eax
pop ecx
jz short loc_41DF42
push esi
call dword_469690
jmp short loc_41DF44
; ---------------------------------------------------------------------------
loc_41DF42: ; CODE XREF: .nsp0:0041DF2C�j
; .nsp0:0041DF37�j
xor eax, eax
loc_41DF44: ; CODE XREF: .nsp0:0041DF40�j
pop esi
retn 4
; ---------------------------------------------------------------------------
push offset loc_41DF02
call dword_42101C
mov dword_469690, eax
retn
; ---------------------------------------------------------------------------
push dword_469690
call dword_42101C
retn
; =============== S U B R O U T I N E =======================================
sub_41DF66 proc near ; CODE XREF: sub_41A3EE+6B�p
; sub_41A8FF+61�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_421018
test eax, eax
jz short loc_41DF7E
xor esi, esi
loc_41DF7E: ; CODE XREF: sub_41DF66+14�j
mov eax, esi
pop esi
retn
sub_41DF66 endp
; =============== S U B R O U T I N E =======================================
sub_41DF82 proc near ; CODE XREF: sub_41A8FF+73�p
; sub_41A8FF+BF�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
push 1
pop esi
push [esp+4+arg_4]
push [esp+8+arg_0]
call dword_421180
test eax, eax
jz short loc_41DF9A
xor esi, esi
loc_41DF9A: ; CODE XREF: sub_41DF82+14�j
mov eax, esi
pop esi
retn
sub_41DF82 endp
; =============== S U B R O U T I N E =======================================
sub_41DF9E proc near ; CODE XREF: sub_41A8FF+15B�p
; .nsp0:0041DF2F�p
arg_0 = dword ptr 4
push esi
push 1
pop esi
push [esp+4+arg_0]
call dword_421014
test eax, eax
jz short loc_41DFB2
xor esi, esi
loc_41DFB2: ; CODE XREF: sub_41DF9E+10�j
mov eax, esi
pop esi
retn
sub_41DF9E endp
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_41AB9C
loc_41DFB6: ; CODE XREF: sub_41AB9C+51�j
push 0Ah
call sub_41CF19
push 16h
call near ptr byte_41F297
pop ecx
pop ecx
push 3
call sub_417838
; END OF FUNCTION CHUNK FOR sub_41AB9C
loc_41DFCD: ; CODE XREF: sub_41AD3D+6A3�p
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+0Ch]
xor ebx, ebx
cmp esi, ebx
jz short loc_41DFF0
cmp [ebp+10h], ebx
jz short loc_41DFF0
mov al, [esi]
cmp al, bl
jnz short loc_41DFF6
mov eax, [ebp+8]
cmp eax, ebx
jz short loc_41DFF0
mov [eax], bx
loc_41DFF0: ; CODE XREF: .nsp0:0041DFD9�j
; .nsp0:0041DFDE�j ...
xor eax, eax
pop esi
pop ebx
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41DFF6: ; CODE XREF: .nsp0:0041DFE4�j
cmp dword_469528, ebx
jnz short near ptr byte_41E011
mov ecx, [ebp+0]
; ---------------------------------------------------------------------------
db 3 dup(0)
dd 3 dup(0)
db 0
byte_41E011 db 3 dup(0) ; CODE XREF: .nsp0:0041DFFC�j
dd 20h dup(0)
db 0
byte_41E095 db 3 dup(0) ; CODE XREF: sub_41AD3D+76�p
; sub_41AD3D+88�p ...
dd 0Ah dup(0)
dword_41E0C0 dd 7 dup(0) ; sub_41AD3D+7E7�p
db 3 dup(0)
byte_41E0DF db 0 ; CODE XREF: sub_41B7B3+F�p
dd 1Bh dup(0)
db 0
byte_41E14D db 3 dup(0) ; CODE XREF: sub_41B7EE:loc_41B82D�p
dd 9Ch dup(0)
dword_41E3C0 dd 0BBh dup(0) dword_41E6AC dd 10h dup(0) db 2 dup(0)
word_41E6EE dw 0 ; CODE XREF: sub_41CF19+11F�p
dd 21h dup(0)
db 3 dup(0)
byte_41E777 db 0 ; CODE XREF: .nsp0:0041D0F8�p
; .nsp0:0041D111�p
dd 1Fh dup(0)
dword_41E7F4 dd 16h dup(0) dword_41E84C dd 51h dup(0) db 2 dup(0)
word_41E992 dw 0 ; CODE XREF: sub_41D9C5+2B�p
; sub_41D9C5+42�p
dd 67h dup(0)
db 3 dup(0)
byte_41EB33 db 0 ; CODE XREF: sub_41DD0E+17�p
; sub_41DD3B+17�p
dd 134h dup(0)
dword_41F004 dd 0A4h dup(0) db 3 dup(0)
byte_41F297 db 0 ; CODE XREF: sub_41AB9C+3423�p
dd 2B8h dup(0)
db 3 dup(0)
byte_41FD7B db 0 ; CODE XREF: sub_4099AA+21�p
dd 0Dh dup(0)
dword_41FDB0 dd 8Bh dup(0) ; sub_404B77+15�p ...
dword_41FFDC dd 4Ah dup(0) ; sub_404D92+E�p
db 2 dup(0)
word_420106 dw 0 ; CODE XREF: sub_40446E+5E�p
; sub_405409+159�p
dd 0
dword_42010C dd 55h dup(0) ; sub_416368+13�p
db 3 dup(0)
byte_420263 db 0 ; DATA XREF: sub_4046AA�o
dd 7 dup(0)
dword_420280 dd 3 dup(0) dword_42028C dd 35Dh dup(0) dword_421000 dd 0 dd 4 dup(0)
dword_421014 dd 0 dword_421018 dd 0 dword_42101C dd 0 ; .nsp0:0041DF5F�r
dword_421020 dd 0 dword_421024 dd 0 ; sub_41D44C:loc_41D49F�r
dword_421028 dd 0 ; sub_41D1F7+12D�r
dword_42102C dd 0 ; sub_41D1F7+8D�r
dword_421030 dd 0 ; sub_41CC52+166�r ...
dword_421034 dd 0 ; sub_41CF19+143�r
dword_421038 dd 0 dword_42103C dd 0 dword_421040 dd 0 ; sub_41CB20+E1�r
dword_421044 dd 0 dword_421048 dd 0 ; sub_401447+95�r ...
dword_42104C dd 0 ; sub_401447+1A6�r ...
dword_421050 dd 0 ; sub_4010B2+2D4�r ...
dword_421054 dd 0 ; sub_4018CA+FF�r
dword_421058 dd 0 ; sub_40AAD1+183�r ...
dword_42105C dd 0 ; sub_40B16D+D�r ...
dword_421060 dd 0 ; sub_40283D+E3�r ...
dword_421064 dd 0 ; sub_4030C0+65�r ...
dword_421068 dd 0 ; sub_406A32+80�r ...
dword_42106C dd 0 ; sub_4033CB+150�r ...
dword_421070 dd 0 ; sub_409E15+AE�r ...
dword_421074 dd 0 dword_421078 dd 0 ; sub_406100+1C4�r ...
dword_42107C dd 0 ; sub_407276+58�r ...
dword_421080 dd 0 ; sub_40AAD1+1B6�r
dword_421084 dd 0 ; sub_40AAD1+19F�r
dword_421088 dd 0 ; sub_407276:loc_4073B2�r ...
dword_42108C dd 0 ; sub_407276+10E�r ...
dword_421090 dd 0 ; sub_406A32+38�r ...
dword_421094 dd 0 ; sub_409E15+10F�r ...
dword_421098 dd 0 ; sub_4088A0+C0�r ...
dword_42109C dd 0 dword_4210A0 dd 0 dword_4210A4 dd 0 ; sub_4063B0+5D7�r ...
dword_4210A8 dd 0 ; sub_4088A0+26�r
dword_4210AC dd 0 ; sub_40B712+259�r ...
dword_4210B0 dd 0 dword_4210B4 dd 0 dword_4210B8 dd 0 dword_4210BC dd 0 ; sub_40799F+22F�r
dword_4210C0 dd 0 ; sub_4089F2:loc_408EE2�r
dword_4210C4 dd 0 ; sub_419EEF+15�r
dword_4210C8 dd 0 ; sub_409E15+FB�r ...
dword_4210CC dd 0 dword_4210D0 dd 0 dword_4210D4 dd 0 dword_4210D8 dd 0 dword_4210DC dd 0 dword_4210E0 dd 0 dword_4210E4 dd 0 dword_4210E8 dd 0 dword_4210EC dd 0 ; sub_409F9D+B4�r ...
dword_4210F0 dd 0 dword_4210F4 dd 0 ; sub_40C682+1BF�r ...
dword_4210F8 dd 0 ; sub_40CE55+3D2F�r
dword_4210FC dd 0 dword_421100 dd 0 dword_421104 dd 0 ; sub_413D67+C�r ...
dword_421108 dd 0 dword_42110C dd 0 ; .nsp0:004142A7�r
dword_421110 dd 0 dword_421114 dd 0 ; sub_40C59A+DF�r ...
dword_421118 dd 0 ; sub_40CE55+473E�r ...
dword_42111C dd 0 ; sub_413DD2+175�r ...
dword_421120 dd 0 dword_421124 dd 0 dword_421128 dd 0 ; sub_40C682+309�r
dword_42112C dd 0 dword_421130 dd 0 ; sub_4150CE+2B�r
dword_421134 dd 0 dword_421138 dd 0 ; sub_41BD71+20D�r ...
dword_42113C dd 0 ; .nsp0:0041419C�r
dword_421140 dd 0 ; sub_414061+1F�r ...
dword_421144 dd 0 dword_421148 dd 0 dword_42114C dd 0 ; sub_4174DF+AF�r ...
dword_421150 dd 0 ; sub_418B28+2C4�r ...
align 8
dword_421158 dd 0 dword_42115C dd 0 dword_421160 dd 0 ; sub_41915C+28�r
dword_421164 dd 0 ; sub_41CC52+59�r
dword_421168 dd 0 dword_42116C dd 0 dword_421170 dd 0 dword_421174 dd 0 dword_421178 dd 0 dword_42117C dd 0 ; sub_41920D+51�r
dword_421180 dd 0 dword_421184 dd 0 dword_421188 dd 0 dword_42118C dd 0 ; sub_41BD71+A7�r
dword_421190 dd 0 ; sub_41BD71+14D�r ...
dword_421194 dd 0 ; sub_41C1FF+14�r
dword_421198 dd 0 dword_42119C dd 0 dword_4211A0 dd 0 dword_4211A4 dd 0 dd 0
dword_4211AC dd 0 ; sub_405A89+8E�r
dword_4211B0 dd 0 ; sub_405A0C+15�r
dword_4211B4 dd 0 dword_4211B8 dd 0 dword_4211BC dd 0 dword_4211C0 dd 0 dword_4211C4 dd 0 dword_4211C8 dd 0 dword_4211CC dd 0 dword_4211D0 dd 0 ; sub_405409+115�r
align 8
dword_4211D8 dd 0 ; sub_402DDD+2A�r ...
dword_4211DC dd 0 ; sub_402988+ED�r ...
dword_4211E0 dd 0 ; sub_402DDD+49�r ...
dword_4211E4 dd 0 ; sub_402DDD+64�r ...
dword_4211E8 dd 0 ; sub_40283D+135�r ...
dword_4211EC dd 0 ; sub_402988+26B�r ...
dword_4211F0 dd 0 ; sub_402DDD+154�r ...
align 8
dword_4211F8 dd 10h dup(0) dbl_421238 dq 0.0 ; DATA XREF: sub_40465E+2F�r
dbl_421240 dq 0.0 ; DATA XREF: sub_40465E+15�r
dword_421248 dd 0 ; sub_404B1E�r ...
align 10h
dbl_421250 dq 0.0 ; DATA XREF: sub_4046AA+79�r
dword_421258 dd 0 ; sub_404BCE+5B�o ...
dword_42125C dd 0 dd 100h dup(0)
dbl_421660 dq 0.0 ; DATA XREF: sub_40BCEF+2BD�r
; sub_40BCEF+2D8�r ...
dbl_421668 dq 0.0 ; DATA XREF: sub_414098+1E�r
dbl_421670 dq 0.0 ; DATA XREF: sub_415E6C+6C�r
; sub_415FB3+6C�r ...
dword_421678 dd 3 dup(0) byte_421684 db 0 ; DATA XREF: sub_417D4C:loc_417DA3�r
align 4
dd 4Ah dup(0)
dbl_4217B0 dq 0.0 ; DATA XREF: sub_41999C+8C�r
; sub_41999C+AC�r ...
dbl_4217B8 dq 0.0 ; DATA XREF: sub_419EB1+F�r
dbl_4217C0 dq 0.0 ; DATA XREF: sub_419EB1+6�r
dword_4217C8 dd 7 dup(0) dword_4217E4 dd 3 dup(0) dword_4217F0 dd 2 dup(0) dword_4217F8 dd 4 dup(0) dword_421808 dd 6 dup(0) dword_421820 dd 4 dup(0) dword_421830 dd 4 dup(0) dword_421840 dd 6 dup(0) dword_421858 dd 6 dup(0) dword_421870 dd 2 dup(0) ; sub_41D1F7+39�o
dword_421878 dd 0A8h dup(0) dword_421B18 dd 0Ah dup(0) dword_421B40 dd 0 dword_421B44 dd 7 dup(0) dword_421B60 dd 0 dword_421B64 dd 7 dup(0) dword_421B80 dd 520h dup(0) dword_423000 dd 4 dup(0) dword_423010 dd 0 dword_423014 dd 5 dup(0) dword_423028 dd 0 dword_42302C dd 2 dup(0) dword_423034 dd 0 dword_423038 dd 2 dup(0) dword_423040 dd 4 dup(0) dword_423050 dd 0Fh dup(0) dword_42308C dd 0Dh dup(0) dword_4230C0 dd 3 dup(0) dword_4230CC dd 3 dup(0) dword_4230D8 dd 3 dup(0) dword_4230E4 dd 19h dup(0) dword_423148 dd 19h dup(0) dword_4231AC dd 0Dh dup(0) dword_4231E0 dd 13h dup(0) dword_42322C dd 12h dup(0) dword_423274 dd 0Fh dup(0) dword_4232B0 dd 0Ch dup(0) dword_4232E0 dd 19h dup(0) dword_423344 dd 19h dup(0) dword_4233A8 dd 2 dup(0) ; sub_40CE55+2B28�o
dword_4233B0 dd 0 ; sub_40CE55+2B11�o
dword_4233B4 dd 0 ; sub_40CE55+2AF9�o
dword_4233B8 dd 0Dh dup(0) dword_4233EC dd 13h dup(0) dword_423438 dd 13h dup(0) dword_423484 dd 1CCh dup(0) dword_423BB4 dd 0Eh dup(0) dword_423BEC dd 9 dup(0) dword_423C10 dd 7 dup(0) dword_423C2C dd 0 ; sub_40CE55+29D7�o
dword_423C30 dd 0 dword_423C34 dd 5 dup(0) dword_423C48 dd 6 dup(0) dword_423C60 dd 8 dup(0) dword_423C80 dd 0 align 10h
dword_423C90 dd 5 dup(0) dword_423CA4 dd 0 dd 215h dup(0)
dword_4244FC dd 12h dup(0) dword_424544 dd 12h dup(0) dword_42458C dd 3 dup(0) dword_424598 dd 13h dup(0) dword_4245E4 dd 12h dup(0) dword_42462C dd 63h dup(0) dword_4247B8 dd 2Ch dup(0) ; sub_402988+20D�o
dword_424868 dd 3Ah dup(0) dword_424950 dd 23h dup(0) dword_4249DC dd 2Bh dup(0) dword_424A88 dd 38h dup(0) dword_424B68 dd 15h dup(0) db 3 dup(0)
byte_424BBF db 0 ; DATA XREF: sub_402988+86�o
dd 3 dup(0)
dword_424BCC dd 1Bh dup(0) dword_424C38 dd 29h dup(0) dword_424CDC dd 20h dup(0) dword_424D5C dd 25h dup(0) dword_424DF0 dd 1Bh dup(0) dword_424E5C dd 1Dh dup(0) dword_424ED0 dd 22h dup(0) word_424F58 dw 0 ; DATA XREF: sub_40283D+30�r
; sub_402988+E3�r
align 4
dd 0Fh dup(0)
dword_424F98 dd 0 ; sub_402988+240�r
dd 2Dh dup(0)
dword_425050 dd 2 dup(0) ; sub_4036EB+102�o ...
dword_425058 dd 19h dup(0) dword_4250BC dd 2 dup(0) ; sub_40384C+177�o
dword_4250C4 dd 3 dup(0) ; sub_40384C+27�o
dword_4250D0 dd 0 ; sub_40384C+D�r
dword_4250D4 dd 0 ; sub_40384C+16�r
dword_4250D8 dd 13h dup(0) ; sub_4033CB+21B�o
dword_425124 dd 0D9h dup(0) dword_425488 dd 5 dup(0) dword_42549C dd 10h dup(0) dword_4254DC dd 0Dh dup(0) dword_425510 dd 37h dup(0) dword_4255EC dd 0 dword_4255F0 dd 0 dword_4255F4 dd 2 dup(0) ; sub_4030C0+16�o
dword_4255FC dd 3 dup(0) ; sub_4030C0+B�o
dword_425608 dd 56h dup(0) dword_425760 dd 2Ch dup(0) ; sub_40384C+212�o
dword_425810 dd 3Ah dup(0) dword_4258F8 dd 23h dup(0) dword_425984 dd 2Bh dup(0) dword_425A30 dd 38h dup(0) dword_425B10 dd 15h dup(0) db 3 dup(0)
byte_425B67 db 0 ; DATA XREF: sub_40384C+8A�o
dd 3 dup(0)
dword_425B74 dd 1Bh dup(0) dword_425BE0 dd 29h dup(0) dword_425C84 dd 20h dup(0) dword_425D04 dd 25h dup(0) dword_425D98 dd 1Bh dup(0) dword_425E04 dd 1Dh dup(0) dword_425E78 dd 30h dup(0) dword_425F38 dd 0 ; sub_40384C+245�r
dd 2Dh dup(0)
dword_425FF0 dd 1Bh dup(0) ; sub_4051BC+9D�o
dword_42605C dd 5 dup(0) dword_426070 dd 3 dup(0) dword_42607C dd 2 dup(0) dword_426084 dd 0 dword_426088 dd 2 dup(0) dword_426090 dd 22h dup(0) dword_426118 dd 0Ch dup(0) dword_426148 dd 3 dup(0) dword_426154 dd 13h dup(0) byte_4261A0 db 0 ; DATA XREF: sub_4046AA+107�r
align 4
dd 10h dup(0)
dword_4261E4 dd 5Ah dup(0) dword_42634C dd 24h dup(0) dword_4263DC dd 0 ; sub_40CE55+819�o
dword_4263E0 dd 0 dword_4263E4 dd 3 dup(0) dword_4263F0 dd 0 dword_4263F4 dd 0 dword_4263F8 dd 0 dword_4263FC dd 2 dup(0) dword_426404 dd 3 dup(0) dword_426410 dd 3 dup(0) dword_42641C dd 1Ch dup(0) dword_42648C dd 8 dup(0) dword_4264AC dd 24h dup(0) dword_42653C dd 0Dh dup(0) dword_426570 dd 2 dup(0) dword_426578 dd 4 dup(0) dword_426588 dd 4 dup(0) dword_426598 dd 4 dup(0) dword_4265A8 dd 2 dup(0) dword_4265B0 dd 2 dup(0) dword_4265B8 dd 0 dword_4265BC dd 55h dup(0) word_426710 dw 0 ; DATA XREF: sub_4051BC+30�r
align 4
dword_426714 dd 7 dup(0) dword_426730 dd 2 dup(0) ; sub_40CE55+534�o
dword_426738 dd 9 dup(0) dword_42675C dd 18h dup(0) dword_4267BC dd 6 dup(0) dword_4267D4 dd 0Bh dup(0) dword_426800 dd 2 dup(0) dword_426808 dd 8 dup(0) dword_426828 dd 3 dup(0) dword_426834 dd 2 dup(0) dword_42683C dd 0Ah dup(0) dword_426864 dd 2 dup(0) dword_42686C dd 6 dup(0) dword_426884 dd 2 dup(0) dword_42688C dd 0Bh dup(0) dword_4268B8 dd 2 dup(0) dword_4268C0 dd 5 dup(0) dword_4268D4 dd 0 dword_4268D8 dd 5 dup(0) dword_4268EC dd 0 dword_4268F0 dd 2 dup(0) ; sub_405409+361�o
dword_4268F8 dd 8 dup(0) dword_426918 dd 0 dword_42691C dd 5 dup(0) dword_426930 dd 2 dup(0) dword_426938 dd 4 dup(0) dword_426948 dd 2 dup(0) dword_426950 dd 6 dup(0) dword_426968 dd 2 dup(0) dword_426970 dd 6 dup(0) dword_426988 dd 2 dup(0) dword_426990 dd 2 dup(0) dword_426998 dd 6 dup(0) dword_4269B0 dd 0 ; sub_406C3E+12E�o ...
dword_4269B4 dd 12h dup(0) dword_4269FC dd 0 dword_426A00 dd 0 ; sub_40CE55+A8�o ...
dword_426A04 dd 2 dup(0) dword_426A0C dd 3Ch dup(0) dword_426AFC dd 37h dup(0) dword_426BD8 dd 3 dup(0) ; sub_40AAD1+1AE�o
dword_426BE4 dd 5 dup(0) dword_426BF8 dd 7 dup(0) dword_426C14 dd 3 dup(0) dword_426C20 dd 13h dup(0) dword_426C6C dd 11h dup(0) dword_426CB0 dd 0 dword_426CB4 dd 0 ; sub_4063B0+29�o ...
dword_426CB8 dd 2 dup(0) ; sub_4063B0+4CA�o ...
dword_426CC0 dd 0 ; sub_40A621+4C�o ...
dword_426CC4 dd 0 dword_426CC8 dd 0Ah dup(0) dword_426CF0 dd 12h dup(0) dword_426D38 dd 0Ch dup(0) dword_426D68 dd 7 dup(0) dword_426D84 dd 1Ah dup(0) dword_426DEC dd 6 dup(0) dword_426E04 dd 8 dup(0) dword_426E24 dd 0Ah dup(0) dword_426E4C dd 4 dup(0) dword_426E5C dd 1Ah dup(0) dword_426EC4 dd 6 dup(0) dword_426EDC dd 8 dup(0) dword_426EFC dd 2 dup(0) dword_426F04 dd 8 dup(0) ; sub_4063B0+486�o
dword_426F24 dd 7 dup(0) dword_426F40 dd 2 dup(0) ; sub_4063B0+413�o
dword_426F48 dd 8 dup(0) dword_426F68 dd 0 dword_426F6C dd 0 dword_426F70 dd 0 dword_426F74 dd 0 dword_426F78 dd 15h dup(0) dword_426FCC dd 5 dup(0) dword_426FE0 dd 0Bh dup(0) dword_42700C dd 27h dup(0) dword_4270A8 dd 0Bh dup(0) dword_4270D4 dd 10h dup(0) dword_427114 dd 8 dup(0) dword_427134 dd 0Eh dup(0) dword_42716C dd 3 dup(0) dword_427178 dd 14h dup(0) dword_4271C8 dd 0Fh dup(0) dword_427204 dd 5 dup(0) dword_427218 dd 15h dup(0) dword_42726C dd 14h dup(0) dword_4272BC dd 12h dup(0) dword_427304 dd 3 dup(0) dword_427310 dd 2 dup(0) db 2 dup(0)
word_42731A dw 0 ; DATA XREF: .nsp0:00404ACF�o
dd 7 dup(0)
dword_427338 dd 0 ; sub_40CE55+2F87�r ...
dword_42733C dd 0 dword_427340 dd 0 ; sub_402DDD+199�r ...
dword_427344 dd 0 dword_427348 dd 0 dd 0D5h dup(0)
db 2 dup(0)
byte_4276A2 db 0 ; DATA XREF: sub_40CE55:loc_411958�r
; sub_40CE55+4B0D�o
align 4
dd 6 dup(0)
dword_4276BC dd 5 dup(0) dword_4276D0 dd 3 dup(0) dword_4276DC dd 0Eh dup(0) dword_427714 dd 0Dh dup(0) dword_427748 dd 0Dh dup(0) dword_42777C dd 12h dup(0) dword_4277C4 dd 14h dup(0) ; sub_40CE55+5039�o
dword_427814 dd 11h dup(0) dword_427858 dd 15h dup(0) dword_4278AC dd 12h dup(0) dword_4278F4 dd 15h dup(0) ; sub_40CE55+4EC3�o
dword_427948 dd 3 dup(0) ; sub_40A171+46�o
dword_427954 dd 0Fh dup(0) dword_427990 dd 14h dup(0) dword_4279E0 dd 16h dup(0) dword_427A38 dd 14h dup(0) dword_427A88 dd 13h dup(0) dword_427AD4 dd 13h dup(0) dword_427B20 dd 14h dup(0) dword_427B70 dd 16h dup(0) dword_427BC8 dd 15h dup(0) dword_427C1C dd 16h dup(0) dword_427C74 dd 11h dup(0) dword_427CB8 dd 13h dup(0) dword_427D04 dd 16h dup(0) dword_427D5C dd 0Fh dup(0) ; sub_40CE55+587C�o
dword_427D98 dd 15h dup(0) dword_427DEC dd 14h dup(0) dword_427E3C dd 16h dup(0) dword_427E94 dd 0 ; sub_4085D3+21�o
align 10h
dword_427EA0 dd 47Eh dup(0) dword_429098 dd 0 ; sub_4085D3+F4�o
dword_42909C dd 0 ; sub_40CE55:loc_4112AD�o
dword_4290A0 dd 2 dup(0) ; sub_4088A0+45�o ...
dword_4290A8 dd 5 dup(0) dword_4290BC dd 0Dh dup(0) dword_4290F0 dd 0Fh dup(0) dword_42912C dd 4 dup(0) dword_42913C dd 2 dup(0) dword_429144 dd 7 dup(0) dword_429160 dd 6 dup(0) dword_429178 dd 4 dup(0) dword_429188 dd 4 dup(0) dword_429198 dd 4 dup(0) dword_4291A8 dd 4 dup(0) dword_4291B8 dd 4 dup(0) dword_4291C8 dd 4 dup(0) dword_4291D8 dd 5 dup(0) dword_4291EC dd 3 dup(0) dword_4291F8 dd 4 dup(0) dword_429208 dd 4 dup(0) dword_429218 dd 3 dup(0) dword_429224 dd 6 dup(0) dword_42923C dd 6 dup(0) dword_429254 dd 5 dup(0) dword_429268 dd 5 dup(0) dword_42927C dd 2 dup(0) dword_429284 dd 5 dup(0) dword_429298 dd 4 dup(0) dword_4292A8 dd 4 dup(0) dword_4292B8 dd 8 dup(0) dword_4292D8 dd 6 dup(0) dword_4292F0 dd 3 dup(0) dword_4292FC dd 6 dup(0) dword_429314 dd 4 dup(0) dword_429324 dd 3 dup(0) dword_429330 dd 3 dup(0) dword_42933C dd 3 dup(0) dword_429348 dd 4 dup(0) dword_429358 dd 5 dup(0) dword_42936C dd 5 dup(0) dword_429380 dd 4 dup(0) dword_429390 dd 3 dup(0) dword_42939C dd 3 dup(0) dword_4293A8 dd 4 dup(0) dword_4293B8 dd 4 dup(0) dword_4293C8 dd 4 dup(0) dword_4293D8 dd 4 dup(0) dword_4293E8 dd 3 dup(0) dword_4293F4 dd 7 dup(0) dword_429410 dd 5 dup(0) dword_429424 dd 5 dup(0) dword_429438 dd 5 dup(0) dword_42944C dd 5 dup(0) dword_429460 dd 4 dup(0) dword_429470 dd 5 dup(0) dword_429484 dd 5 dup(0) dword_429498 dd 5 dup(0) dword_4294AC dd 7 dup(0) dword_4294C8 dd 7 dup(0) dword_4294E4 dd 3 dup(0) dword_4294F0 dd 3 dup(0) dword_4294FC dd 3 dup(0) dword_429508 dd 4 dup(0) dword_429518 dd 4 dup(0) dword_429528 dd 3 dup(0) dword_429534 dd 3 dup(0) dword_429540 dd 3 dup(0) dword_42954C dd 2 dup(0) dword_429554 dd 2 dup(0) dword_42955C dd 2 dup(0) dword_429564 dd 2 dup(0) dword_42956C dd 3 dup(0) dword_429578 dd 2 dup(0) dword_429580 dd 2 dup(0) dword_429588 dd 2 dup(0) ; sub_40CE55+20D7�o
dword_429590 dd 2 dup(0) dword_429598 dd 2 dup(0) dword_4295A0 dd 2 dup(0) dword_4295A8 dd 2 dup(0) dword_4295B0 dd 3 dup(0) dword_4295BC dd 3 dup(0) dword_4295C8 dd 2 dup(0) dword_4295D0 dd 3 dup(0) dword_4295DC dd 2 dup(0) dword_4295E4 dd 3 dup(0) dword_4295F0 dd 4 dup(0) dword_429600 dd 3 dup(0) dword_42960C dd 4 dup(0) dword_42961C dd 4 dup(0) dword_42962C dd 3 dup(0) dword_429638 dd 3 dup(0) dword_429644 dd 3 dup(0) dword_429650 dd 4 dup(0) dword_429660 dd 3 dup(0) dword_42966C dd 2 dup(0) dword_429674 dd 4 dup(0) dword_429684 dd 5 dup(0) dword_429698 dd 4 dup(0) dword_4296A8 dd 5 dup(0) dword_4296BC dd 5 dup(0) dword_4296D0 dd 3 dup(0) dword_4296DC dd 3 dup(0) dword_4296E8 dd 4 dup(0) dword_4296F8 dd 7 dup(0) dword_429714 dd 5 dup(0) dword_429728 dd 5 dup(0) dword_42973C dd 4 dup(0) dword_42974C dd 4 dup(0) dword_42975C dd 4 dup(0) dword_42976C dd 4 dup(0) dword_42977C dd 4 dup(0) dword_42978C dd 6 dup(0) dword_4297A4 dd 6 dup(0) dword_4297BC dd 5 dup(0) dword_4297D0 dd 3 dup(0) dword_4297DC dd 4 dup(0) dword_4297EC dd 5 dup(0) dword_429800 dd 4 dup(0) dword_429810 dd 4 dup(0) dword_429820 dd 4 dup(0) dword_429830 dd 4 dup(0) dword_429840 dd 5 dup(0) dword_429854 dd 4 dup(0) dword_429864 dd 3 dup(0) dword_429870 dd 5 dup(0) dword_429884 dd 4 dup(0) dword_429894 dd 4 dup(0) dword_4298A4 dd 5 dup(0) dword_4298B8 dd 4 dup(0) dword_4298C8 dd 4 dup(0) dword_4298D8 dd 3 dup(0) dword_4298E4 dd 3 dup(0) dword_4298F0 dd 4 dup(0) dword_429900 dd 3 dup(0) dword_42990C dd 6 dup(0) dword_429924 dd 7 dup(0) dword_429940 dd 6 dup(0) dword_429958 dd 3 dup(0) dword_429964 dd 4 dup(0) dword_429974 dd 6 dup(0) dword_42998C dd 5 dup(0) dword_4299A0 dd 4 dup(0) dword_4299B0 dd 4 dup(0) dword_4299C0 dd 4 dup(0) dword_4299D0 dd 7 dup(0) dword_4299EC dd 4 dup(0) dword_4299FC dd 4 dup(0) dword_429A0C dd 0Dh dup(0) dword_429A40 dd 7 dup(0) dword_429A5C dd 6 dup(0) dword_429A74 dd 7 dup(0) dword_429A90 dd 6 dup(0) dword_429AA8 dd 7 dup(0) dword_429AC4 dd 6 dup(0) dword_429ADC dd 7 dup(0) dword_429AF8 dd 6 dup(0) dword_429B10 dd 7 dup(0) dword_429B2C dd 6 dup(0) dword_429B44 dd 6 dup(0) dword_429B5C dd 7 dup(0) dword_429B78 dd 6 dup(0) dword_429B90 dd 7 dup(0) dword_429BAC dd 5 dup(0) dword_429BC0 dd 2 dup(0) ; sub_414390+18�o
dword_429BC8 dd 4 dup(0) dword_429BD8 dd 5 dup(0) dword_429BEC dd 6 dup(0) dword_429C04 dd 11h dup(0) dword_429C48 dd 3 dup(0) dword_429C54 dd 3 dup(0) dword_429C60 dd 5C2h dup(0) dword_42B368 dd 11h dup(0) dword_42B3AC dd 11h dup(0) dword_42B3F0 dd 0Eh dup(0) dword_42B428 dd 11h dup(0) dword_42B46C dd 10h dup(0) dword_42B4AC dd 0Fh dup(0) dword_42B4E8 dd 10h dup(0) dword_42B528 dd 0Fh dup(0) dword_42B564 dd 4 dup(0) dword_42B574 dd 11h dup(0) dword_42B5B8 dd 0Fh dup(0) dword_42B5F4 dd 11h dup(0) dword_42B638 dd 12h dup(0) dword_42B680 dd 0Dh dup(0) dword_42B6B4 dd 2 dup(0) dword_42B6BC dd 3 dup(0) dword_42B6C8 dd 36h dup(0) dword_42B7A0 dd 3 dup(0) dword_42B7AC dd 6 dup(0) word_42B7C4 dw 0 ; DATA XREF: sub_40AAD1:loc_40ABD3�r
; sub_40C297+1F�o
align 4
dword_42B7C8 dd 2 dup(0) dword_42B7D0 dd 0 ; .nsp0:loc_414341�o
dword_42B7D4 dd 2 dup(0) dword_42B7DC dd 0 ; .nsp0:0041432C�o
dword_42B7E0 dd 0 ; .nsp0:0041431C�o
dword_42B7E4 dd 0 ; .nsp0:00414303�o
dword_42B7E8 dd 0 ; .nsp0:004142F3�o
dword_42B7EC dd 0 ; .nsp0:004142E3�o
dword_42B7F0 dd 0 ; .nsp0:004142D5�o
dword_42B7F4 dd 10h dup(0) dword_42B834 dd 0 dword_42B838 dd 0 dword_42B83C dd 2 dup(0) dword_42B844 dd 4 dup(0) dword_42B854 dd 11h dup(0) dword_42B898 dd 10h dup(0) dword_42B8D8 dd 0Ch dup(0) dword_42B908 dd 14h dup(0) dword_42B958 dd 0Ch dup(0) dword_42B988 dd 0 dword_42B98C dd 3 dup(0) dword_42B998 dd 4 dup(0) dword_42B9A8 dd 9 dup(0) dword_42B9CC dd 0Eh dup(0) dword_42BA04 dd 0Ch dup(0) dword_42BA34 dd 9 dup(0) dword_42BA58 dd 6 dup(0) dword_42BA70 dd 12h dup(0) ; sub_40B551+170�o
dword_42BAB8 dd 11h dup(0) dword_42BAFC dd 0Eh dup(0) ; sub_40B712+FD�o
dword_42BB34 dd 0Bh dup(0) ; sub_40BAB4+156�o
dword_42BB60 dd 15h dup(0) dword_42BBB4 dd 0Eh dup(0) dword_42BBEC dd 0Bh dup(0) dword_42BC18 dd 6 dup(0) dword_42BC30 dd 0Dh dup(0) dword_42BC64 dd 0Eh dup(0) dword_42BC9C dd 0Eh dup(0) dword_42BCD4 dd 16h dup(0) dword_42BD2C dd 0Dh dup(0) dword_42BD60 dd 10h dup(0) dword_42BDA0 dd 0 dword_42BDA4 dd 11h dup(0) dword_42BDE8 dd 10h dup(0) dword_42BE28 dd 13h dup(0) dword_42BE74 dd 15h dup(0) dword_42BEC8 dd 0Ch dup(0) dword_42BEF8 dd 2 dup(0) ; sub_40CE55+2A37�o ...
dword_42BF00 dd 13h dup(0) dword_42BF4C dd 0Fh dup(0) dword_42BF88 dd 12h dup(0) dword_42BFD0 dd 11h dup(0) dword_42C014 dd 13h dup(0) dword_42C060 dd 0Fh dup(0) dword_42C09C dd 2 dup(0) ; sub_413627+104�o
dword_42C0A4 dd 2 dup(0) dword_42C0AC dd 2 dup(0) dword_42C0B4 dd 2 dup(0) dword_42C0BC dd 2 dup(0) dword_42C0C4 dd 0 dword_42C0C8 dd 2 dup(0) ; sub_40C443+3B�o
dword_42C0D0 dd 2 dup(0) dword_42C0D8 dd 14h dup(0) dword_42C128 dd 14h dup(0) dword_42C178 dd 0 dword_42C17C dd 0 ; sub_40C682+460�r
dword_42C180 dd 0 dword_42C184 dd 0 dword_42C188 dd 0 ; sub_40CE55+4E69�r
dword_42C18C dd 0 ; sub_40CE55:loc_411DB0�r
dword_42C190 dd 0 dword_42C194 dd 0 dword_42C198 dd 0 ; sub_40C682:loc_40C9BB�r
byte_42C19C db 0 ; DATA XREF: sub_40C1E1:loc_40C1ED�r
; sub_40CE55+AF6�r ...
align 10h
dword_42C1A0 dd 0 ; .nsp0:00414119�r ...
dword_42C1A4 dd 0 ; sub_40CE55+27C�r ...
dword_42C1A8 dd 2 dup(0) ; sub_40CE55+3D0F�o ...
dword_42C1B0 dd 3 dup(0) dword_42C1BC dd 0 ; sub_40CE55+5C5C�o
dword_42C1C0 dd 4 dup(0) ; sub_40C682+451�o
dword_42C1D0 dd 0 ; sub_40C682+467�o
dword_42C1D4 dd 2 dup(0) ; sub_40C682+479�o
byte_42C1DC db 0 ; DATA XREF: sub_40C682:loc_40CB11�r
; sub_40C682+49D�o
align 10h
dd 4 dup(0)
dword_42C1F0 dd 0 dword_42C1F4 dd 2 dup(0) byte_42C1FC db 0 ; DATA XREF: sub_40283D+84�o
; sub_403178+F�o ...
align 10h
dd 3 dup(0)
dword_42C20C dd 4 dup(0) dword_42C21C dd 3 dup(0) dword_42C228 dd 5 dup(0) dword_42C23C dd 2 dup(0) dword_42C244 dd 0 ; sub_40CE55+4CCF�o ...
dword_42C248 dd 0 dword_42C24C dd 0 dword_42C250 dd 2 dup(0) dword_42C258 dd 0 dword_42C25C dd 0 dword_42C260 dd 0 dword_42C264 dd 0 ; sub_40CE55+5C05�o
dd 1Ah dup(0)
dword_42C2D0 dd 6 dup(0) ; sub_4149DE+28�o
dword_42C2E8 dd 20h dup(0) ; sub_4149DE+D4�o
dword_42C368 dd 0 ; sub_404F08+C2�o
dd 90Eh dup(0)
dword_42E7A4 dd 0 ; sub_40CE55+B60�r ...
dd 56h dup(0)
dword_42E900 dd 26Eh dup(0) dword_42F2B8 dd 4 dup(0) dword_42F2C8 dd 39h dup(0) dword_42F3AC dd 0Eh dup(0) dword_42F3E4 dd 347h dup(0) ; sub_40CE55+5B5F�o
dword_430100 dd 6C6h dup(0) dword_431C18 dd 1AAh dup(0) ; sub_40CE55+1D85�o
dword_4322C0 dd 390h dup(0) dword_433100 dd 9 dup(0) dword_433124 dd 0Bh dup(0) dword_433150 dd 3 dup(0) dword_43315C dd 0Ch dup(0) dword_43318C dd 7 dup(0) dword_4331A8 dd 3 dup(0) dword_4331B4 dd 4 dup(0) dword_4331C4 dd 4 dup(0) dword_4331D4 dd 0Dh dup(0) dword_433208 dd 0Dh dup(0) dword_43323C dd 10h dup(0) dword_43327C dd 10h dup(0) dword_4332BC dd 9 dup(0) ; sub_40CE55+5C31�o
dword_4332E0 dd 0Ah dup(0) ; sub_40CE55+5C1D�o
dword_433308 dd 0 dword_43330C dd 0Eh dup(0) dword_433344 dd 10h dup(0) dword_433384 dd 10h dup(0) dword_4333C4 dd 9 dup(0) dword_4333E8 dd 14h dup(0) dword_433438 dd 0Bh dup(0) dword_433464 dd 3 dup(0) dword_433470 dd 3 dup(0) dword_43347C dd 0 dword_433480 dd 2 dup(0) dword_433488 dd 13h dup(0) dword_4334D4 dd 4 dup(0) dword_4334E4 dd 3 dup(0) dword_4334F0 dd 3 dup(0) dword_4334FC dd 4 dup(0) dword_43350C dd 0Bh dup(0) dword_433538 dd 6 dup(0) dword_433550 dd 0Ch dup(0) dword_433580 dd 6 dup(0) dword_433598 dd 3 dup(0) dword_4335A4 dd 10h dup(0) dword_4335E4 dd 0Bh dup(0) dword_433610 dd 13h dup(0) dword_43365C dd 0Ch dup(0) dword_43368C dd 0 dword_433690 dd 0Bh dup(0) dword_4336BC dd 13h dup(0) dword_433708 dd 0Bh dup(0) dword_433734 dd 0Bh dup(0) dword_433760 dd 0Bh dup(0) dword_43378C dd 0Bh dup(0) dword_4337B8 dd 14h dup(0) dword_433808 dd 0Dh dup(0) dword_43383C dd 2 dup(0) dword_433844 dd 0Dh dup(0) dword_433878 dd 0Dh dup(0) dword_4338AC dd 0Bh dup(0) dword_4338D8 dd 0Dh dup(0) dword_43390C dd 0Fh dup(0) dword_433948 dd 0Fh dup(0) dword_433984 dd 0Ch dup(0) dword_4339B4 dd 5 dup(0) dword_4339C8 dd 10h dup(0) dword_433A08 dd 0Eh dup(0) dword_433A40 dd 10h dup(0) dword_433A80 dd 10h dup(0) dword_433AC0 dd 0Eh dup(0) dword_433AF8 dd 13h dup(0) dword_433B44 dd 13h dup(0) dword_433B90 dd 0Dh dup(0) dword_433BC4 dd 13h dup(0) dword_433C10 dd 1Fh dup(0) dword_433C8C dd 0Eh dup(0) dword_433CC4 dd 0Dh dup(0) dword_433CF8 dd 0Dh dup(0) dword_433D2C dd 0Bh dup(0) dword_433D58 dd 10h dup(0) dword_433D98 dd 0Eh dup(0) dword_433DD0 dd 0Fh dup(0) dword_433E0C dd 0Fh dup(0) dword_433E48 dd 0 dword_433E4C dd 4 dup(0) ; sub_40CE55:loc_412589�o
dword_433E5C dd 0Eh dup(0) dword_433E94 dd 0Eh dup(0) dword_433ECC dd 0Ch dup(0) dword_433EFC dd 0Eh dup(0) dword_433F34 dd 0Fh dup(0) dword_433F70 dd 0Ch dup(0) dword_433FA0 dd 11h dup(0) dword_433FE4 dd 0Eh dup(0) dword_43401C dd 12h dup(0) dword_434064 dd 0Eh dup(0) dword_43409C dd 0Ch dup(0) dword_4340CC dd 0Eh dup(0) dword_434104 dd 0Ah dup(0) dword_43412C dd 14h dup(0) dword_43417C dd 0Bh dup(0) dword_4341A8 dd 0Ch dup(0) dword_4341D8 dd 0Ch dup(0) dword_434208 dd 0Bh dup(0) dword_434234 dd 10h dup(0) dword_434274 dd 0Dh dup(0) dword_4342A8 dd 0Eh dup(0) dword_4342E0 dd 0Bh dup(0) dword_43430C dd 11h dup(0) dword_434350 dd 0Eh dup(0) dword_434388 dd 0Ch dup(0) dword_4343B8 dd 0Ch dup(0) dword_4343E8 dd 0Ch dup(0) dword_434418 dd 0Ah dup(0) dword_434440 dd 3 dup(0) ; sub_40CE55+4AB2�o
dword_43444C dd 0Ch dup(0) dword_43447C dd 3 dup(0) dword_434488 dd 0Ch dup(0) dword_4344B8 dd 0Ch dup(0) dword_4344E8 dd 2 dup(0) dword_4344F0 dd 0Ch dup(0) dword_434520 dd 2 dup(0) ; sub_40CE55+48F9�o
dword_434528 dd 3 dup(0) dword_434534 dd 2 dup(0) dword_43453C dd 12h dup(0) dword_434584 dd 0Bh dup(0) dword_4345B0 dd 2 dup(0) dword_4345B8 dd 0Ah dup(0) dword_4345E0 dd 4 dup(0) ; sub_40CE55+3F84�o ...
dword_4345F0 dd 16h dup(0) dword_434648 dd 14h dup(0) dword_434698 dd 10h dup(0) dword_4346D8 dd 3 dup(0) dword_4346E4 dd 0Bh dup(0) dword_434710 dd 0Eh dup(0) dword_434748 dd 14h dup(0) dword_434798 dd 11h dup(0) dword_4347DC dd 8 dup(0) ; sub_40CE55:loc_4115A5�o
dword_4347FC dd 0Eh dup(0) dword_434834 dd 13h dup(0) dword_434880 dd 13h dup(0) dword_4348CC dd 10h dup(0) dword_43490C dd 13h dup(0) dword_434958 dd 11h dup(0) dword_43499C dd 13h dup(0) dword_4349E8 dd 11h dup(0) dword_434A2C dd 13h dup(0) dword_434A78 dd 10h dup(0) dword_434AB8 dd 15h dup(0) dword_434B0C dd 10h dup(0) dword_434B4C dd 15h dup(0) dword_434BA0 dd 14h dup(0) dword_434BF0 dd 14h dup(0) dword_434C40 dd 14h dup(0) dword_434C90 dd 4 dup(0) dword_434CA0 dd 4 dup(0) dword_434CB0 dd 3 dup(0) ; sub_40CE55+42B1�o
dword_434CBC dd 13h dup(0) ; sub_40CE55+4DA6�o
dword_434D08 dd 1Eh dup(0) dword_434D80 dd 3 dup(0) ; sub_40CE55+4D0A�o
dword_434D8C dd 2 dup(0) ; sub_40CE55+4D03�o
dword_434D94 dd 13h dup(0) dword_434DE0 dd 15h dup(0) ; sub_40CE55+4B52�o
dword_434E34 dd 13h dup(0) dword_434E80 dd 17h dup(0) dword_434EDC dd 6 dup(0) dword_434EF4 dd 13h dup(0) dword_434F40 dd 17h dup(0) dword_434F9C dd 13h dup(0) dword_434FE8 dd 13h dup(0) dword_435034 dd 12h dup(0) dword_43507C dd 2 dup(0) dword_435084 dd 2 dup(0) dword_43508C dd 0Fh dup(0) dword_4350C8 dd 10h dup(0) dword_435108 dd 0Eh dup(0) dword_435140 dd 2 dup(0) dword_435148 dd 2 dup(0) dword_435150 dd 9 dup(0) dword_435174 dd 4 dup(0) dword_435184 dd 0Dh dup(0) dword_4351B8 dd 3 dup(0) dword_4351C4 dd 3 dup(0) dword_4351D0 dd 4 dup(0) dword_4351E0 dd 11h dup(0) dword_435224 dd 13h dup(0) dword_435270 dd 0 dword_435274 dd 3 dup(0) dword_435280 dd 0 dword_435284 dd 4 dup(0) dword_435294 dd 0 dword_435298 dd 3 dup(0) dword_4352A4 dd 4 dup(0) dword_4352B4 dd 0 dword_4352B8 dd 3 dup(0) dword_4352C4 dd 4 dup(0) dword_4352D4 dd 3 dup(0) dword_4352E0 dd 3 dup(0) dword_4352EC dd 4 dup(0) dword_4352FC dd 3 dup(0) dword_435308 dd 4 dup(0) dword_435318 dd 2 dup(0) dword_435320 dd 4 dup(0) dword_435330 dd 4 dup(0) dword_435340 dd 5 dup(0) dword_435354 dd 0 dword_435358 dd 5 dup(0) dword_43536C dd 0 dword_435370 dd 4 dup(0) dword_435380 dd 2 dup(0) dword_435388 dd 2 dup(0) dword_435390 dd 2 dup(0) dword_435398 dd 3 dup(0) dword_4353A4 dd 3 dup(0) dword_4353B0 dd 2 dup(0) dword_4353B8 dd 3 dup(0) dword_4353C4 dd 2 dup(0) dword_4353CC dd 3 dup(0) dword_4353D8 dd 2 dup(0) dword_4353E0 dd 4 dup(0) dword_4353F0 dd 2 dup(0) dword_4353F8 dd 3 dup(0) dword_435404 dd 4 dup(0) dword_435414 dd 4 dup(0) dword_435424 dd 2 dup(0) dword_43542C dd 3 dup(0) dword_435438 dd 2 dup(0) dword_435440 dd 3 dup(0) dword_43544C dd 2 dup(0) dword_435454 dd 3 dup(0) dword_435460 dd 2 dup(0) dword_435468 dd 3 dup(0) dword_435474 dd 3 dup(0) dword_435480 dd 3 dup(0) dword_43548C dd 2 dup(0) dword_435494 dd 3 dup(0) dword_4354A0 dd 3 dup(0) dword_4354AC dd 3 dup(0) dword_4354B8 dd 2 dup(0) dword_4354C0 dd 3 dup(0) dword_4354CC dd 2 dup(0) dword_4354D4 dd 3 dup(0) dword_4354E0 dd 2 dup(0) dword_4354E8 dd 3 dup(0) dword_4354F4 dd 2 dup(0) dword_4354FC dd 3 dup(0) dword_435508 dd 2 dup(0) dword_435510 dd 4 dup(0) dword_435520 dd 2 dup(0) dword_435528 dd 3 dup(0) dword_435534 dd 0Ch dup(0) dword_435564 dd 0Dh dup(0) dword_435598 dd 0Ch dup(0) dword_4355C8 dd 0Dh dup(0) dword_4355FC dd 2 dup(0) dword_435604 dd 0Dh dup(0) dword_435638 dd 0Dh dup(0) dword_43566C dd 2 dup(0) dword_435674 dd 2 dup(0) dword_43567C dd 2 dup(0) dword_435684 dd 2 dup(0) dword_43568C dd 0Dh dup(0) dword_4356C0 dd 0Eh dup(0) dword_4356F8 dd 13h dup(0) dword_435744 dd 2 dup(0) dword_43574C dd 14h dup(0) dword_43579C dd 0Dh dup(0) dword_4357D0 dd 0Dh dup(0) dword_435804 dd 10h dup(0) dword_435844 dd 14h dup(0) dword_435894 dd 3 dup(0) dword_4358A0 dd 0Fh dup(0) dword_4358DC dd 13h dup(0) dword_435928 dd 0 ; sub_40CE55+1D20�o
dword_43592C dd 14h dup(0) dword_43597C dd 11h dup(0) dword_4359C0 dd 0Dh dup(0) dword_4359F4 dd 0 ; sub_40CE55+1CFE�o
dword_4359F8 dd 2 dup(0) dword_435A00 dd 2 dup(0) dword_435A08 dd 4 dup(0) dword_435A18 dd 2 dup(0) dword_435A20 dd 2 dup(0) dword_435A28 dd 3 dup(0) ; sub_40CE55+1B2C�o
dword_435A34 dd 2 dup(0) dword_435A3C dd 3 dup(0) dword_435A48 dd 2 dup(0) dword_435A50 dd 4 dup(0) dword_435A60 dd 2 dup(0) dword_435A68 dd 2 dup(0) dword_435A70 dd 2 dup(0) dword_435A78 dd 3 dup(0) dword_435A84 dd 3 dup(0) dword_435A90 dd 4 dup(0) dword_435AA0 dd 2 dup(0) dword_435AA8 dd 5 dup(0) dword_435ABC dd 2 dup(0) dword_435AC4 dd 2 dup(0) dword_435ACC dd 2 dup(0) dword_435AD4 dd 4 dup(0) dword_435AE4 dd 2 dup(0) dword_435AEC dd 3 dup(0) dword_435AF8 dd 2 dup(0) dword_435B00 dd 3 dup(0) dword_435B0C dd 3 dup(0) dword_435B18 dd 4 dup(0) dword_435B28 dd 2 dup(0) dword_435B30 dd 3 dup(0) dword_435B3C dd 3 dup(0) dword_435B48 dd 4 dup(0) dword_435B58 dd 2 dup(0) dword_435B60 dd 2 dup(0) dword_435B68 dd 2 dup(0) dword_435B70 dd 3 dup(0) dword_435B7C dd 2 dup(0) dword_435B84 dd 3 dup(0) dword_435B90 dd 2 dup(0) dword_435B98 dd 3 dup(0) dword_435BA4 dd 2 dup(0) dword_435BAC dd 5 dup(0) dword_435BC0 dd 4 dup(0) dword_435BD0 dd 4 dup(0) dword_435BE0 dd 4 dup(0) dword_435BF0 dd 4 dup(0) dword_435C00 dd 3 dup(0) dword_435C0C dd 4 dup(0) dword_435C1C dd 3 dup(0) dword_435C28 dd 4 dup(0) dword_435C38 dd 3 dup(0) dword_435C44 dd 4 dup(0) dword_435C54 dd 2 dup(0) dword_435C5C dd 3 dup(0) dword_435C68 dd 0Dh dup(0) dword_435C9C dd 2 dup(0) ; sub_415050+46�o
dword_435CA4 dd 2 dup(0) dword_435CAC dd 4 dup(0) dword_435CBC dd 2 dup(0) dword_435CC4 dd 2 dup(0) dword_435CCC dd 4 dup(0) dword_435CDC dd 4 dup(0) dword_435CEC dd 3 dup(0) dword_435CF8 dd 3 dup(0) dword_435D04 dd 2 dup(0) dword_435D0C dd 4 dup(0) dword_435D1C dd 2 dup(0) dword_435D24 dd 4 dup(0) dword_435D34 dd 2 dup(0) dword_435D3C dd 3 dup(0) dword_435D48 dd 2 dup(0) dword_435D50 dd 3 dup(0) dword_435D5C dd 2 dup(0) dword_435D64 dd 3 dup(0) dword_435D70 dd 2 dup(0) dword_435D78 dd 3 dup(0) dword_435D84 dd 2 dup(0) dword_435D8C dd 3 dup(0) dword_435D98 dd 2 dup(0) dword_435DA0 dd 3 dup(0) dword_435DAC dd 3 dup(0) dword_435DB8 dd 4 dup(0) dword_435DC8 dd 2 dup(0) dword_435DD0 dd 2 dup(0) dword_435DD8 dd 2 dup(0) dword_435DE0 dd 3 dup(0) dword_435DEC dd 3 dup(0) dword_435DF8 dd 4 dup(0) dword_435E08 dd 0Eh dup(0) dword_435E40 dd 0Ch dup(0) dword_435E70 dd 3 dup(0) dword_435E7C dd 2 dup(0) dword_435E84 dd 2 dup(0) dword_435E8C dd 2 dup(0) dword_435E94 dd 3 dup(0) dword_435EA0 dd 3 dup(0) dword_435EAC dd 4 dup(0) dword_435EBC dd 2 dup(0) dword_435EC4 dd 3 dup(0) dword_435ED0 dd 2 dup(0) dword_435ED8 dd 3 dup(0) dword_435EE4 dd 2 dup(0) dword_435EEC dd 3 dup(0) dword_435EF8 dd 4 dup(0) dword_435F08 dd 2 dup(0) dword_435F10 dd 3 dup(0) dword_435F1C dd 4 dup(0) dword_435F2C dd 2 dup(0) dword_435F34 dd 4 dup(0) dword_435F44 dd 4 dup(0) dword_435F54 dd 2 dup(0) dword_435F5C dd 3 dup(0) dword_435F68 dd 3 dup(0) dword_435F74 dd 4 dup(0) dword_435F84 dd 3 dup(0) dword_435F90 dd 5 dup(0) dword_435FA4 dd 3 dup(0) dword_435FB0 dd 4 dup(0) dword_435FC0 dd 3 dup(0) dword_435FCC dd 3 dup(0) dword_435FD8 dd 4 dup(0) dword_435FE8 dd 3 dup(0) dword_435FF4 dd 3 dup(0) dword_436000 dd 4 dup(0) dword_436010 dd 3 dup(0) dword_43601C dd 3 dup(0) dword_436028 dd 4 dup(0) dword_436038 dd 3 dup(0) dword_436044 dd 3 dup(0) dword_436050 dd 3 dup(0) dword_43605C dd 4 dup(0) dword_43606C dd 4 dup(0) dword_43607C dd 5 dup(0) dword_436090 dd 3 dup(0) dword_43609C dd 3 dup(0) dword_4360A8 dd 2 dup(0) dword_4360B0 dd 3 dup(0) dword_4360BC dd 4 dup(0) dword_4360CC dd 4 dup(0) dword_4360DC dd 5 dup(0) dword_4360F0 dd 4 dup(0) dword_436100 dd 2 dup(0) ; sub_40CE55+1089�o ...
dword_436108 dd 5 dup(0) dword_43611C dd 4 dup(0) dword_43612C dd 5 dup(0) dword_436140 dd 2 dup(0) dword_436148 dd 4 dup(0) dword_436158 dd 2 dup(0) dword_436160 dd 3 dup(0) dword_43616C dd 2 dup(0) dword_436174 dd 3 dup(0) dword_436180 dd 2 dup(0) dword_436188 dd 3 dup(0) dword_436194 dd 2 dup(0) dword_43619C dd 3 dup(0) dword_4361A8 dd 2 dup(0) dword_4361B0 dd 3 dup(0) dword_4361BC dd 0 dword_4361C0 dd 0 dword_4361C4 dd 2 dup(0) dword_4361CC dd 2 dup(0) dword_4361D4 dd 3 dup(0) dword_4361E0 dd 2 dup(0) dword_4361E8 dd 2 dup(0) dword_4361F0 dd 0 dword_4361F4 dd 0 dword_4361F8 dd 2 dup(0) dword_436200 dd 0 dword_436204 dd 2 dup(0) dword_43620C dd 11h dup(0) dword_436250 dd 11h dup(0) dword_436294 dd 12h dup(0) dword_4362DC dd 0Dh dup(0) dword_436310 dd 2 dup(0) dword_436318 dd 15h dup(0) dword_43636C dd 13h dup(0) ; sub_40CE55+4733�o
dword_4363B8 dd 6 dup(0) dword_4363D0 dd 2 dup(0) dword_4363D8 dd 7 dup(0) dword_4363F4 dd 7 dup(0) dword_436410 dd 3 dup(0) dword_43641C dd 10h dup(0) dword_43645C dd 2 dup(0) dword_436464 dd 2 dup(0) dword_43646C dd 0 ; sub_40CE55+B41�o ...
dword_436470 dd 2 dup(0) ; sub_412D4C+F�o
dword_436478 dd 2 dup(0) ; sub_412D4C+16�o
dword_436480 dd 0Dh dup(0) dword_4364B4 dd 0Dh dup(0) dword_4364E8 dd 0 dword_4364EC dd 2 dup(0) ; sub_40CE55+5EC�o
dword_4364F4 dd 2 dup(0) dword_4364FC dd 2 dup(0) dword_436504 dd 4 dup(0) ; sub_40CE55+610�o
dword_436514 dd 0Dh dup(0) ; sub_40CE55+5A5D�o ...
dword_436548 dd 2 dup(0) dword_436550 dd 3 dup(0) ; sub_40CE55+4AEB�o ...
dword_43655C dd 0 dword_436560 dd 0 dword_436564 dd 4 dup(0) ; sub_40CE55+3B4�o ...
dword_436574 dd 3 dup(0) dword_436580 dd 2 dup(0) dword_436588 dd 0 ; sub_40CE55:loc_40D9EE�o
dword_43658C dd 13h dup(0) dword_4365D8 dd 7 dup(0) dword_4365F4 dd 5 dup(0) dword_436608 dd 5 dup(0) dword_43661C dd 3 dup(0) dword_436628 dd 0 ; sub_4131CB+50�r ...
dword_43662C dd 0 ; sub_4131CB+82�r ...
dword_436630 dd 0 dd 2Fh dup(0)
dword_4366F0 dd 0Eh dup(0) dword_436728 dd 0Fh dup(0) dword_436764 dd 0Ch dup(0) dword_436794 dd 9 dup(0) dword_4367B8 dd 8 dup(0) dword_4367D8 dd 9 dup(0) dword_4367FC dd 17h dup(0) dword_436858 dd 0Bh dup(0) dword_436884 dd 17h dup(0) dword_4368E0 dd 0Ah dup(0) dword_436908 dd 8 dup(0) dword_436928 dd 11h dup(0) dword_43696C dd 16h dup(0) dword_4369C4 dd 0Ah dup(0) dword_4369EC dd 0Ch dup(0) dword_436A1C dd 14h dup(0) dword_436A6C dd 17h dup(0) dword_436AC8 dd 0Ch dup(0) dword_436AF8 dd 6 dup(0) dword_436B10 dd 15h dup(0) dword_436B64 dd 0Bh dup(0) dword_436B90 dd 0Dh dup(0) dword_436BC4 dd 6 dup(0) dword_436BDC dd 0Bh dup(0) dword_436C08 dd 0Ah dup(0) dword_436C30 dd 3 dup(0) dword_436C3C dd 3 dup(0) dword_436C48 dd 3 dup(0) dword_436C54 dd 3 dup(0) dword_436C60 dd 3 dup(0) dword_436C6C dd 3 dup(0) dword_436C78 dd 3 dup(0) dword_436C84 dd 3 dup(0) dword_436C90 dd 3 dup(0) dword_436C9C dd 0Ch dup(0) dword_436CCC dd 0Eh dup(0) dword_436D04 dd 0Ch dup(0) dword_436D34 dd 10h dup(0) dword_436D74 dd 6 dup(0) dword_436D8C dd 0 dword_436D90 dd 0 dword_436D94 dd 0Fh dup(0) dword_436DD0 dd 0Eh dup(0) dword_436E08 dd 0Fh dup(0) dword_436E44 dd 10h dup(0) dword_436E84 dd 0Dh dup(0) dword_436EB8 dd 0Eh dup(0) dword_436EF0 dd 5 dup(0) dword_436F04 dd 5 dup(0) dword_436F18 dd 5 dup(0) dword_436F2C dd 5 dup(0) dword_436F40 dd 5 dup(0) dword_436F54 dd 5 dup(0) dword_436F68 dd 4 dup(0) dword_436F78 dd 4 dup(0) dword_436F88 dd 6 dup(0) dword_436FA0 dd 6 dup(0) dword_436FB8 dd 5 dup(0) dword_436FCC dd 4 dup(0) dword_436FDC dd 5 dup(0) dword_436FF0 dd 4 dup(0) dword_437000 dd 5 dup(0) dword_437014 dd 2 dup(0) dword_43701C dd 2 dup(0) dword_437024 dd 3 dup(0) dword_437030 dd 5 dup(0) dword_437044 dd 4 dup(0) dword_437054 dd 3 dup(0) dword_437060 dd 6 dup(0) dword_437078 dd 10h dup(0) dword_4370B8 dd 2 dup(0) dword_4370C0 dd 0Eh dup(0) dword_4370F8 dd 9 dup(0) dword_43711C dd 8 dup(0) dword_43713C dd 9 dup(0) dword_437160 dd 5 dup(0) dword_437174 dd 8 dup(0) dword_437194 dd 7 dup(0) dword_4371B0 dd 17h dup(0) dword_43720C dd 7 dup(0) dword_437228 dd 9 dup(0) dword_43724C dd 14h dup(0) dword_43729C dd 0Dh dup(0) dword_4372D0 dd 7 dup(0) dword_4372EC dd 9 dup(0) dword_437310 dd 9 dup(0) dword_437334 dd 6 dup(0) dword_43734C dd 6 dup(0) dword_437364 dd 4 dup(0) dword_437374 dd 5 dup(0) dword_437388 dd 0Ah dup(0) dword_4373B0 dd 6 dup(0) dword_4373C8 dd 5 dup(0) dword_4373DC dd 0Fh dup(0) dword_437418 dd 0Fh dup(0) dword_437454 dd 3 dup(0) dword_437460 dd 5 dup(0) ; sub_413DD2+19E�o
dword_437474 dd 0Eh dup(0) dword_4374AC dd 0Fh dup(0) dword_4374E8 dd 11h dup(0) dword_43752C dd 0 dword_437530 dd 0 dd 14h dup(0)
dword_437584 dd 2 dup(0) ; .nsp0:004141F2�o ...
byte_43758C db 0 ; DATA XREF: .nsp0:00414195�o
; .nsp0:004141A2�r
align 10h
dword_437590 dd 0 ; sub_414433+39�o
dword_437594 dd 2 dup(0) dword_43759C dd 0 dword_4375A0 dd 2 dup(0) dword_4375A8 dd 0 ; sub_414390+57�o
dword_4375AC dd 0Fh dup(0) dword_4375E8 dd 10h dup(0) dword_437628 dd 4 dup(0) ; sub_4149DE+17A�o
dword_437638 dd 4 dup(0) dword_437648 dd 8 dup(0) dword_437668 dd 11h dup(0) ; sub_4149DE+2D8�o
dword_4376AC dd 0Fh dup(0) dword_4376E8 dd 10h dup(0) dword_437728 dd 0Eh dup(0) dword_437760 dd 10h dup(0) dword_4377A0 dd 0Eh dup(0) dword_4377D8 dd 11h dup(0) ; sub_4149DE:loc_414B0C�o
dword_43781C dd 14h dup(0) dword_43786C dd 12h dup(0) dword_4378B4 dd 14h dup(0) dword_437904 dd 5 dup(0) ; sub_4149DE+ED�o
dword_437918 dd 11h dup(0) ; sub_4149DE+91�o
dword_43795C dd 0Ch dup(0) dword_43798C dd 0Eh dup(0) dword_4379C4 dd 3 dup(0) ; sub_4149DE+54�o
word_4379D0 dw 0 ; DATA XREF: sub_4146BA+38�r
align 4
dword_4379D4 dd 0Eh dup(0) dword_437A0C dd 2 dup(0) dword_437A14 dd 0 dword_437A18 dd 0Fh dup(0) ; sub_4149DE:loc_414C4B�o
dword_437A54 dd 0Dh dup(0) ; sub_4149DE+266�o
dword_437A88 dd 14h dup(0) dword_437AD8 dd 12h dup(0) dword_437B20 dd 14h dup(0) dword_437B70 dd 0Ch dup(0) dword_437BA0 dd 0Eh dup(0) word_437BD8 dw 0 ; DATA XREF: sub_4149DE+38�r
align 4
dword_437BDC dd 3 dup(0) db 2 dup(0)
word_437BEA dw 0 ; DATA XREF: sub_414E8C+CC�w
db 3 dup(0)
byte_437BEF db 0 ; DATA XREF: sub_414E8C+D3�w
dd 0
dword_437BF4 dd 3 dup(0) db 0
byte_437C01 db 0 ; DATA XREF: sub_414E8C+AA�w
align 4
db 0
byte_437C05 db 0 ; DATA XREF: sub_414E8C+B0�w
align 4
dd 0
dword_437C0C dd 19h dup(0) dword_437C70 dd 0 align 10h
dword_437C80 dd 0 db 0
byte_437C85 db 3 dup(0) ; DATA XREF: sub_414D15+9B�o
db 0
dword_437C89 dd 0 align 10h
db 0
dword_437C91 dd 0 byte_437C95 db 3 dup(0) ; DATA XREF: sub_414D15+C2�o
dd 0
db 3 dup(0)
dword_437C9F dd 0 align 4
dd 0Bh dup(0)
dword_437CD0 dd 4 dup(0) dword_437CE0 dd 6 dup(0) dword_437CF8 dd 0Ah dup(0) dword_437D20 dd 0 align 10h
dword_437D30 dd 0 dd 2 dup(0)
dword_437D3C dd 0 dd 2 dup(0)
dword_437D48 dd 0 dword_437D4C dd 5 dup(0) ; sub_41643E+2�o
dword_437D60 dd 0 dword_437D64 dd 0 ; sub_41CF19+46�r ...
dword_437D68 dd 0 ; sub_417D4C+457�r
dword_437D6C dd 0 dword_437D70 dd 0 ; sub_4159D4:loc_415A35�r ...
dd 82h dup(0)
dword_437F7C dd 0 ; sub_4159D4:loc_415A20�r ...
byte_437F80 db 0 ; DATA XREF: sub_419F18:loc_419F58�r
; .nsp0:00419F76�r ...
align 4
dd 2 dup(0)
dword_437F8C dd 0 ; sub_4174DF+4D�r
dword_437F90 dd 0 dword_437F94 dd 0 dd 34h dup(0)
dbl_438068 dq 0.0 ; DATA XREF: sub_41999C+B7�r
; sub_41999C:loc_419A83�r ...
dd 2 dup(0)
dbl_438078 dq 0.0 ; DATA XREF: sub_41999C+92�r
; sub_41999C:loc_419A5B�r ...
dd 4 dup(0)
tbyte_438090 dt 0.0 ; DATA XREF: sub_419E49+D�r
; sub_419E49+1F�r
align 4
tbyte_43809C dt 0.0 ; DATA XREF: sub_419E49+31�r
align 4
dword_4380A8 dd 0 ; sub_417D4C+3AA�r
dword_4380AC dd 0 ; sub_417D4C+3E2�r
dword_4380B0 dd 0 ; sub_41AD3D+430�r
dword_4380B4 dd 0 ; sub_417D4C+3CB�r
dword_4380B8 dd 0 dword_4380BC dd 0 dd 5 dup(0)
dword_4380D4 dd 0 dword_4380D8 dd 2 dup(0) dword_4380E0 dd 2 dup(0) byte_4380E8 db 0 ; DATA XREF: sub_41BFC0+E1�r
align 10h
dword_4380F0 dd 0 dword_4380F4 dd 0 align 10h
dword_438100 dd 0 dd 37h dup(0)
dword_4381E0 dd 0 ; sub_41C5D7+C�o
dword_4381E4 dd 0 dd 58h dup(0)
dword_438348 dd 0 ; sub_41C77F+A�r ...
dd 1Dh dup(0)
dword_4383C0 dd 0 dword_4383C4 dd 0 dword_4383C8 dd 0 dword_4383CC dd 0 ; sub_41C63E+8F�w ...
dword_4383D0 dd 2 dup(0) ; sub_41B8B0:loc_41B931�o
dword_4383D8 dd 0 ; sub_41CF19+28�r
dword_4383DC dd 0 ; sub_41CF19+12D�r
dd 22h dup(0)
dword_438468 dd 4 dup(0) ; .nsp0:0041D12B�o
dword_438478 dd 4 dup(0) dword_438488 dd 8 dup(0) ; sub_4187B6+12�o
dword_4384A8 dd 0Ch dup(0) ; sub_4187B6:loc_4187D4�o
dword_4384D8 dd 84h dup(0) dword_4386E8 dd 0 ; sub_419651+46�r ...
align 10h
dword_4386F0 dd 6 dup(0) dword_438708 dd 6 dup(0) dword_438720 dd 0 dword_438724 dd 0 dword_438728 dd 0 dd 36h dup(0)
dword_438804 dd 0 dd 0E4h dup(0)
byte_438B98 db 0 ; DATA XREF: sub_401447+1D3�w
; sub_401447+2D2�o
align 2
word_438B9A dw 0 ; DATA XREF: sub_401447+1E3�w
word_438B9C dw 0 ; DATA XREF: sub_401447+1E9�w
word_438B9E dw 0 ; DATA XREF: sub_401447+1F0�w
byte_438BA0 db 0 ; DATA XREF: sub_401447+1F7�w
byte_438BA1 db 0 ; DATA XREF: sub_401447+1FE�w
word_438BA2 dw 0 ; DATA XREF: sub_401447+204�w
dword_438BA4 dd 0 ; sub_401447+250�w
dword_438BA8 dd 0 byte_438BAC db 0 ; DATA XREF: sub_401447+26A�w
byte_438BAD db 0 ; DATA XREF: sub_401447+27D�w
word_438BAE dw 0 ; DATA XREF: sub_401447+295�w
word_438BB0 dw 0 ; DATA XREF: sub_401447+2A4�w
word_438BB2 dw 0 ; DATA XREF: sub_401447+29C�w
dword_438BB4 dd 101h dup(0) dword_438FB8 dd 0 byte_438FBC db 0 ; DATA XREF: sub_402FDD+36�r
; sub_4030C0+37�r ...
align 10h
dword_438FC0 dd 0 ; sub_4036EB+30�r ...
dd 2 dup(0)
dword_438FCC dd 2 dup(0) dword_438FD4 dd 0 ; sub_40CE55+5B71�o ...
dword_438FD8 dd 0 ; sub_405A0C+51�r ...
dword_438FDC dd 0 ; .nsp0:0040494C�r ...
dd 2 dup(0)
dword_438FE8 dd 0 ; sub_407652+92�w ...
dword_438FEC dd 0 ; sub_40799F+D9�w ...
dd 256h dup(0)
dword_439948 dd 6 dup(0) ; sub_40778B+138�o ...
dword_439960 dd 0 ; sub_407276+102�o
dword_439964 dd 41h dup(0) dword_439A68 dd 41h dup(0) dword_439B6C dd 0 ; sub_407276+114�r
dword_439B70 dd 0 dword_439B74 dd 0 ; sub_407276+CF�r
dword_439B78 dd 20h dup(0) ; sub_407276+BA�o
dword_439BF8 dd 0 dword_439BFC dd 0 ; sub_407276+C7�w
dword_439C00 dd 0 align 8
dword_439C08 dd 0 ; sub_407276+32E�o
dword_439C0C dd 0A2h dup(0) dword_439E94 dd 41h dup(0) dword_439F98 dd 0 ; sub_407276+2E1�r
align 10h
dword_439FA0 dd 0 ; sub_407276+340�r
dword_439FA4 dd 0 dword_439FA8 dd 0 dword_439FAC dd 0 dd 0
dword_439FB4 dd 0 dword_439FB8 dd 0 ; sub_407276+221�o
dword_439FBC dd 41h dup(0) dword_43A0C0 dd 41h dup(0) dword_43A1C4 dd 0 ; sub_407276+233�r
dword_43A1C8 dd 0 dword_43A1CC dd 0 dword_43A1D0 dd 20h dup(0) ; sub_407276+1D9�o
dword_43A250 dd 0 dword_43A254 dd 0 ; sub_407276+1E6�w
dword_43A258 dd 0 align 10h
dword_43A260 dd 0 ; sub_4089F2+4CD�r
dword_43A264 dd 0 ; sub_413DD2+F5�r
dword_43A268 dd 0 ; sub_4089F2+862�r ...
dword_43A26C dd 0 ; sub_4089F2+A18�r ...
dword_43A270 dd 0 ; sub_4089F2+9E8�r ...
dword_43A274 dd 0 ; sub_4089F2+4BD�r
dword_43A278 dd 0 ; sub_4021FB+109�r ...
dword_43A27C dd 0 ; sub_4089F2+A10�r ...
dword_43A280 dd 0 ; sub_4089F2+3A9�r ...
dword_43A284 dd 0 ; sub_40AAD1+11E�r
dword_43A288 dd 0 ; sub_4089F2+3B1�r ...
dword_43A28C dd 0 ; sub_4133C0+AD�r
dword_43A290 dd 0 ; sub_4084D3+7D�r ...
dword_43A294 dd 0 ; sub_4089F2+D2�r ...
dword_43A298 dd 0 ; sub_4089F2+9DB�r ...
dword_43A29C dd 0 ; sub_4089F2+3C9�r ...
dword_43A2A0 dd 0 ; sub_4089F2+88E�r ...
dword_43A2A4 dd 0 ; sub_4089F2+2A5�w ...
dword_43A2A8 dd 0 ; sub_4089F2+886�r ...
dword_43A2AC dd 0 dword_43A2B0 dd 0 ; sub_4089F2+896�r ...
dword_43A2B4 dd 0 ; sub_4089F2+52F�w ...
dword_43A2B8 dd 0 ; sub_4089F2+CA�r ...
dword_43A2BC dd 0 ; sub_40A217+11A�r
dword_43A2C0 dd 0 ; sub_4089F2+A6D�r ...
dword_43A2C4 dd 0 ; sub_4089F2+F2�r
dword_43A2C8 dd 0 ; sub_4089F2+4B5�r
dword_43A2CC dd 0 ; sub_4089F2+5D8�w ...
dword_43A2D0 dd 0 ; sub_4089F2+A08�r
dword_43A2D4 dd 0 ; sub_4089F2+5CB�w ...
dword_43A2D8 dd 0 ; sub_4089F2+B21�w
dword_43A2DC dd 0 ; sub_4089F2+84F�r ...
dword_43A2E0 dd 0 ; sub_409DF3+15�r
dword_43A2E4 dd 0 ; sub_4089F2+9F0�r ...
dword_43A2E8 dd 0 ; sub_4089F2+3B9�r ...
dword_43A2EC dd 0 ; sub_4089F2+3C1�r ...
dword_43A2F0 dd 0 ; sub_4089F2+C5D�r
dword_43A2F4 dd 0 dword_43A2F8 dd 0 ; sub_4018CA:loc_401B70�r ...
dword_43A2FC dd 0 dword_43A300 dd 0 ; sub_4089F2+A20�r ...
dword_43A304 dd 0 ; sub_4089F2+2DE�r ...
dword_43A308 dd 0 ; sub_4089F2+DA�r ...
dword_43A30C dd 0 ; sub_4089F2+B75�r ...
dword_43A310 dd 0 ; sub_4018CA+2F�r ...
dword_43A314 dd 0 ; sub_4089F2+872�r ...
dword_43A318 dd 0 ; sub_4089F2+9F8�r
dword_43A31C dd 0 ; sub_404F08+8C�r ...
dword_43A320 dd 0 ; sub_4021FB+63�r ...
dword_43A324 dd 0 ; sub_4089F2+910�r ...
dword_43A328 dd 0 dword_43A32C dd 0 ; sub_401447+3C�r ...
dword_43A330 dd 0 ; sub_4089F2+855�r
dword_43A334 dd 0 ; sub_4021FB+78�r ...
dword_43A338 dd 0 ; sub_4089F2+1C2�r
dword_43A33C dd 0 ; sub_4089F2+786�r ...
dword_43A340 dd 0 ; sub_4036EB+5E�r ...
dword_43A344 dd 0 ; sub_4089F2+549�w ...
dword_43A348 dd 0 ; sub_4089F2:loc_4092CD�w ...
dword_43A34C dd 0 ; sub_4089F2+2C6�r ...
dword_43A350 dd 0 ; sub_4089F2+681�w ...
dword_43A354 dd 0 ; sub_4089F2+323�r ...
dword_43A358 dd 0 ; sub_4089F2+3D1�r ...
dword_43A35C dd 0 ; sub_404F08+1C6�r ...
dword_43A360 dd 0 ; sub_4089F2+86A�r ...
dword_43A364 dd 0 ; sub_4089F2+206�w ...
dword_43A368 dd 0 ; sub_4089F2+1D2�r ...
dword_43A36C dd 0 ; sub_4089F2+87A�r ...
dword_43A370 dd 0 ; sub_4089F2+606�w ...
dword_43A374 dd 0 ; sub_4089F2+2BF�w ...
dword_43A378 dd 0 ; sub_401447+AA�r ...
dword_43A37C dd 0 ; sub_4089F2+316�r ...
dword_43A380 dd 0 ; sub_406C3E+1FC�r ...
dword_43A384 dd 0 ; sub_4089F2+490�r
dword_43A388 dd 0 ; sub_4089F2+1DA�r ...
dword_43A38C dd 0 ; sub_4089F2+39C�r ...
dword_43A390 dd 0 dword_43A394 dd 0 ; sub_4010B2+1F9�r ...
dword_43A398 dd 0 ; sub_4010B2+9D�r ...
dword_43A39C dd 0 ; sub_4089F2+C2�r ...
dword_43A3A0 dd 0 ; sub_4089F2+4AD�r
dword_43A3A4 dd 0 ; sub_4089F2+1BA�r ...
dword_43A3A8 dd 0 ; sub_413CA9+72�r
dword_43A3AC dd 0 ; sub_4089F2+78E�r
dword_43A3B0 dd 0 ; sub_4033CB+23B�r ...
dword_43A3B4 dd 0 ; sub_404F08+245�r ...
dword_43A3B8 dd 0 ; sub_4089F2+BA�r ...
dword_43A3BC dd 0 ; sub_4089F2+2CE�r ...
dword_43A3C0 dd 0 ; sub_407BFE+9C�r ...
dword_43A3C4 dd 0 ; sub_405B23+89�r ...
dword_43A3C8 dd 0 dword_43A3CC dd 0 ; sub_40AE4B+205�r ...
dword_43A3D0 dd 0 dword_43A3D4 dd 0 ; sub_4089F2+BB8�w ...
dword_43A3D8 dd 0 ; sub_401447+1A0�r ...
dword_43A3DC dd 0 ; sub_4089F2+49D�r
dword_43A3E0 dd 0 ; sub_4089F2+4C5�r
dword_43A3E4 dd 0 ; sub_4089F2+4A5�r
dword_43A3E8 dd 0 ; sub_4033CB+249�r ...
dword_43A3EC dd 0 ; sub_4089F2+1E2�r ...
dword_43A3F0 dd 0 ; sub_4089F2+A28�r ...
dword_43A3F4 dd 0 ; sub_4089F2+1AD�r ...
dword_43A3F8 dd 0 ; sub_4089F2+E2�r ...
dword_43A3FC dd 0 ; sub_401447+2DA�r ...
dword_43A400 dd 0 ; sub_4089F2+B30�r
dword_43A404 dd 0 ; sub_413D67+55�r
dword_43A408 dd 0 ; sub_4089F2+27E�w ...
dword_43A40C dd 0 dword_43A410 dd 0 ; sub_40A093+CE�r
dword_43A414 dd 0 ; sub_4089F2+AB7�r ...
dword_43A418 dd 0 ; sub_401BD6+55�r ...
dword_43A41C dd 0 ; sub_4089F2+674�w ...
dword_43A420 dd 0 ; sub_4089F2+BC5�w ...
dword_43A424 dd 0 ; sub_406C3E+250�r ...
dword_43A428 dd 0 ; sub_4089F2+A00�r ...
dword_43A42C dd 0 ; sub_407BFE+B3�r ...
dword_43A430 dd 0 ; sub_401447+2F0�r ...
dword_43A434 dd 0 ; sub_405B23+39F�r ...
dword_43A438 dd 0 ; sub_402FDD+C8�r ...
dword_43A43C dd 0 ; sub_4018CA+4F�r ...
dword_43A440 dd 0 ; sub_4089F2+B1B�r
dword_43A444 dd 0 ; sub_4089F2+AD�r ...
dword_43A448 dd 0 ; sub_4089F2+1CA�r
align 10h
dword_43A450 dd 0 ; sub_4089F2+91D�r ...
dword_43A454 dd 0 ; sub_4089F2+EA�r ...
dword_43A458 dd 0 ; sub_4089F2+12B�w ...
dword_43A45C dd 0 ; sub_40967F+1C�r
dword_43A460 dd 0 ; sub_4089F2:loc_408C47�w ...
dword_43A464 dd 0 ; sub_40967F+50�r
dword_43A468 dd 0 ; sub_4089F2:loc_408D21�w ...
dword_43A46C dd 0 ; sub_40967F+84�r
dword_43A470 dd 0 ; sub_40967F:loc_40972F�r
dword_43A474 dd 0 ; sub_40967F+B8�r
dword_43A478 dd 0 ; sub_40967F:loc_409763�r
dword_43A47C dd 0 ; sub_40967F+EC�r
dword_43A480 dd 0 ; sub_4089F2+8D1�w ...
dword_43A484 dd 0 ; sub_40967F+120�r
dword_43A488 dd 0 ; sub_40967F:loc_4097CB�r ...
dword_43A48C dd 0 ; sub_40967F+154�r
dword_43A490 dd 0 ; sub_40967F:loc_4097FF�r ...
dword_43A494 dd 0 ; sub_40967F+188�r
dword_43A498 dd 0 ; sub_40967F:loc_409833�r
dword_43A49C dd 0 ; sub_40967F+1BC�r
dword_43A4A0 dd 0 ; sub_40967F:loc_409867�r
dword_43A4A4 dd 0 ; sub_40967F+1F0�r
dword_43A4A8 dd 0 ; sub_40967F:loc_40989B�r
dword_43A4AC dd 0 ; sub_40967F+224�r
dword_43A4B0 dd 0 ; sub_40967F:loc_4098CF�r
dword_43A4B4 dd 0 ; sub_40967F+258�r
dword_43A4B8 dd 0 ; sub_40967F:loc_409903�r
dword_43A4BC dd 0 ; sub_40967F+28C�r
dword_43A4C0 dd 0 ; sub_40967F:loc_409937�r
dword_43A4C4 dd 0 ; sub_40967F+2C0�r
dword_43A4C8 dd 81h dup(0) dword_43A6CC dd 5 dup(0) dword_43A6E0 dd 0 ; sub_40A6A8+54�r ...
dword_43A6E4 dd 0 ; sub_40A6A8+37�r ...
dword_43A6E8 dd 0 ; sub_40A7FD+83�o
dword_43A6EC dd 0 ; sub_40A7FD+11B�w
dword_43A6F0 dd 0Dh dup(0) ; sub_40A7FD:loc_40A93A�o
dword_43A724 dd 0 ; sub_40A6A8+EC�r ...
dd 0
dword_43A72C dd 0Eh dup(0) dword_43A764 dd 1000h dup(0) ; sub_40B20D�o ...
dword_43E764 dd 0 ; sub_40B20D+E�o ...
dword_43E768 dd 0Eh dup(0) dword_43E7A0 dd 2 dup(0) dword_43E7A8 dd 0 ; sub_40B075+44�r ...
dd 5 dup(0)
dword_43E7C0 dd 0 ; sub_40CE55+BC8�r
dd 2D9h dup(0)
dword_43F328 dd 0 ; sub_40B075+2D�o ...
dd 7Fh dup(0)
dword_43F528 dd 0 ; sub_4150CE+40�w ...
dword_43F52C dd 0 ; sub_40778B:loc_4077D2�r ...
dword_43F530 dd 0 ; sub_414F93+52�w ...
dword_43F534 dd 0 ; sub_405B23+7E�w ...
dword_43F538 dd 0 ; sub_407F6D+53�r ...
dword_43F53C dd 0 ; sub_407276+122�w ...
byte_43F540 db 0 ; DATA XREF: sub_40CB75+91�o
; sub_40CE55+322B�r ...
align 4
dd 0A4B5h dup(0)
dword_468818 dd 0 ; sub_40C682+47�w ...
align 10h
dword_468820 dd 0 dword_468824 dd 20h dup(0) ; sub_40C682+456�o ...
dword_4688A4 dd 10h dup(0) ; sub_40CE55+91D�o
dword_4688E4 dd 24h dup(0) dword_468974 dd 0 ; sub_40C682+46D�w ...
dword_468978 dd 0 dd 3 dup(0)
dword_468988 dd 0 dword_46898C dd 0 ; sub_40CE55+276�r
byte_468990 db 0 ; DATA XREF: sub_40CCDD+28�r
; sub_40CCDD+30�o
align 4
dword_468994 dd 0 dword_468998 dd 0 ; sub_40C682+421�r ...
dword_46899C dd 0 ; sub_40CE55+8C1�r
dword_4689A0 dd 17h dup(0) ; sub_412F10+131�o ...
dword_4689FC dd 7 dup(0) ; sub_413CA9+A5�o
dword_468A18 dd 0 ; sub_4151FA+19�o
dword_468A1C dd 78h dup(0) dword_468BFC dd 0 ; sub_41328A+4D�r ...
dword_468C00 dd 17h dup(0) ; sub_413B75+12D�o
dword_468C5C dd 80h dup(0) ; sub_4131CB+7D�o ...
byte_468E5C db 0 ; DATA XREF: sub_41328A+29�r
; sub_41328A+34�w
align 10h
dword_468E60 dd 80h dup(0) ; sub_4134E1+88�o ...
dword_469060 dd 81h dup(0) ; sub_412DE7+50�o ...
dword_469264 dd 81h dup(0) byte_469468 db 0 ; DATA XREF: sub_414E8C+6A�r
; sub_414E8C+98�w
align 4
dd 2 dup(0)
dword_469474 dd 0 dword_469478 dd 0 ; sub_416AD4+A4�w
align 10h
word_469480 dw 0 ; DATA XREF: sub_416AD4+55�r
; sub_416AD4+9A�o
word_469482 dw 0 ; DATA XREF: sub_416AD4+48�r
db 2 dup(0)
word_469486 dw 0 ; DATA XREF: sub_416AD4+3B�r
word_469488 dw 0 ; DATA XREF: sub_416AD4+2E�r
word_46948A dw 0 ; DATA XREF: sub_416AD4+21�r
align 10h
dword_469490 dd 0 ; sub_416C98+91�w
dword_469494 dd 0 ; sub_416E3E:loc_416EBA�w ...
dword_469498 dd 0 ; sub_4185CB:loc_418665�w ...
dword_46949C dd 0 dword_4694A0 dd 0 dword_4694A4 dd 0 dword_4694A8 dd 0 dword_4694AC dd 0 dword_4694B0 dd 0 ; sub_41C8D3+91�w
dword_4694B4 dd 0 ; sub_40C682+316�r ...
dd 0
dword_4694BC dd 0 dd 3 dup(0)
dword_4694CC dd 0 dd 0
byte_4694D4 db 0 ; DATA XREF: sub_417849+2D�w
; .nsp0:0041D180�r
align 4
dword_4694D8 dd 0 dword_4694DC dd 0 ; sub_417849+8B�w
dword_4694E0 dd 0 ; sub_41C81A:loc_41C82C�r ...
align 8
dword_4694E8 dd 0 dword_4694EC dd 0 dd 0
dword_4694F4 dd 0 ; sub_4174DF:loc_4175DB�r
dword_4694F8 dd 0 dword_4694FC dd 0 ; sub_41A11A+1A�r ...
byte_469500 db 0 ; DATA XREF: sub_41A016+3�r
; sub_41A016+98�r ...
align 4
dword_469504 dd 0 ; sub_41A1F8+21�w ...
byte_469508 db 0 ; DATA XREF: sub_41A1F8+51�w
align 4
dword_46950C dd 0 ; sub_41A7C9+3A�r ...
dword_469510 dd 0 ; sub_41A7C9+43�r ...
dword_469514 dd 0 ; sub_41A595+5�r
dword_469518 dd 0 dword_46951C dd 0 ; sub_41BD71+4C�w ...
dd 2 dup(0)
dword_469528 dd 0 ; sub_417193+9D�r ...
dd 3 dup(0)
dword_469538 dd 0 ; sub_4179F9+BF�r ...
align 10h
dword_469540 dd 0 ; sub_41C159+4�w ...
dword_469544 dd 0 ; sub_41C63E+46�w ...
dword_469548 dd 41h dup(0) dword_46964C dd 0 ; sub_41CB20+23�w ...
dword_469650 dd 0 dword_469654 dd 0 ; sub_418880+154�w ...
dword_469658 dd 0 ; sub_41D1F7:loc_41D261�w
dword_46965C dd 0 word_469660 dw 0 ; DATA XREF: sub_41DDDF+1A�o
; sub_41DDDF+46�r
byte_469662 db 0 ; DATA XREF: sub_41DDDF+39�r
align 4
dword_469664 dd 7 dup(0) dword_469680 dd 0 ; sub_41DDDF+5C�o
dword_469684 dd 0 dword_469688 dd 0 dword_46968C dd 0 dword_469690 dd 0 ; .nsp0:0041DF3A�r ...
dd 33h dup(0)
dword_469760 dd 0 dd 6 dup(0)
byte_46977C db 0 ; DATA XREF: .nsp0:00404EE6�r
; .nsp0:00404EEF�w
align 10h
dword_469780 dd 0 ; sub_4189F0+14�r ...
dd 407h dup(0)
dword_46A7A0 dd 0 ; sub_418749+56�r ...
dd 7 dup(0)
dword_46A7C0 dd 0 ; sub_41B8B0+75�r ...
dword_46A7C4 dd 3Fh dup(0) dword_46A8C0 dd 0 ; sub_41B989+C�r ...
dword_46A8C4 dd 0 ; sub_41BFC0+65�w ...
align 10h
dword_46A8D0 dd 3 dup(0) ; sub_41BFC0+171�o ...
dword_46A8DC dd 0 ; sub_41BFC0+15D�w ...
byte_46A8E0 db 0 ; DATA XREF: sub_41C1FF:loc_41C30B�w
; sub_41C1FF:loc_41C328�w ...
align 4
dd 3Fh dup(0)
byte_46A9E0 db 0 ; DATA XREF: sub_41BFC0+5C�o
; sub_41BFC0+AF�o ...
byte_46A9E1 db 0 ; DATA XREF: sub_417348+5D�r
; sub_41BFC0+A0�w ...
align 4
dd 40h dup(0)
dword_46AAE4 dd 0 ; sub_41BFC0+12B�w ...
dword_46AAE8 dd 0 ; sub_41915C+5�r ...
dword_46AAEC dd 0 ; sub_418B28+259�r ...
dword_46AAF0 dd 0 ; sub_418B28+310�w ...
dword_46AAF4 dd 0 ; sub_418B28+22C�r ...
dword_46AAF8 dd 0 ; sub_418AFD�r ...
dword_46AAFC dd 0 ; sub_418AFD+8�r ...
dword_46AB00 dd 0 ; sub_415E3D+21�r ...
dword_46AB04 dd 0 ; sub_41C7C2+F�r ...
dword_46AB08 dd 0 dword_46AB0C dd 0 ; sub_41C384+11�w ...
dword_46AB10 dd 0 ; sub_4167D3:loc_416815�r ...
dword_46AB14 dd 0 ; sub_4167D3+C�r ...
dd 113Ah dup(0)
_nsp0 ends
; Section 2. (virtual address 0006F000)
; Virtual size : 00019000 ( 102400.)
; Section size in file : 00019000 ( 102400.)
; Offset to raw data for section: 0006F000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_nsp1 segment para public 'CODE' use32
assume cs:_nsp1
;org 46F000h
assume es:nothing, ss:nothing, ds:_nsp0, fs:nothing, gs:nothing
dd 5Eh dup(0)
db 2 dup(0)
public start
start dw 0
dd 63A1h dup(0)
_nsp1 ends
; Section 3. (virtual address 00088000)
; Virtual size : 00000A3B ( 2619.)
; Section size in file : 00000A3B ( 2619.)
; Offset to raw data for section: 00088000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_nsp2 segment para public 'CODE' use32
assume cs:_nsp2
;org 488000h
assume es:nothing, ss:nothing, ds:_nsp0, fs:nothing, gs:nothing
dd 28Eh dup(0)
db 3 dup(0)
_nsp2 ends
; Section 4. (virtual address 00089000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00088C00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 489000h
align 2000h
_idata2 ends
end start