;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 26CF76C9890E6AD6D185F385F974E3DC
; ---------------------------------------------------------------------------
; File Name : u:\work\26cf76c9890e6ad6d185f385f974e3dc_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 00001000
; Flags C0000040: Data Readable Writable
; Alignment : default
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write
_text segment para public 'DATA' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
loc_401000: ; DATA XREF: sub_401020+A�o
xor eax, eax
inc eax
mov ecx, [esp+4]
test dword ptr [ecx+4], 6
jz short locret_40101F
mov eax, [esp+8]
mov edx, [esp+10h]
mov [edx], eax
mov eax, 3
locret_40101F: ; CODE XREF: .text:0040100E�j
retn
; =============== S U B R O U T I N E =======================================
sub_401020 proc near ; CODE XREF: sub_40109A+BE�p
; sub_40109A+EC�p
var_14 = dword ptr -14h
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ebx
push esi
push edi
mov eax, [esp+0Ch+arg_0]
push eax
push 0FFFFFFFEh
push offset loc_401000
push large dword ptr fs:0
mov large fs:0, esp
loc_40103D: ; CODE XREF: sub_401020+44�j
; sub_401020+4A�j
mov eax, [esp+1Ch+arg_0]
mov ebx, [eax+8]
mov esi, [eax+0Ch]
cmp esi, 0FFFFFFFFh
jz short loc_40106C
cmp esi, [esp+1Ch+arg_4]
jz short loc_40106C
lea esi, [esi+esi*2]
mov ecx, [ebx+esi*4]
mov ecx, [esp+1Ch+var_14]
mov ecx, [eax+0Ch]
cmp dword ptr [ebx+esi*4+4], 0
jnz short loc_40103D
call dword ptr [ebx+esi*4+8]
jmp short loc_40103D
; ---------------------------------------------------------------------------
loc_40106C: ; CODE XREF: sub_401020+2A�j
; sub_401020+30�j
pop large dword ptr fs:0
add esp, 0Ch
pop edi
pop esi
pop ebx
retn
sub_401020 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40107A proc near ; CODE XREF: sub_40109A+B1�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ebx
push esi
push edi
push ebp
push 0
push 0
push offset loc_401092
push [ebp+arg_0]
call sub_40C694
loc_401092: ; DATA XREF: sub_40107A+B�o
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_40107A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40109A proc near ; DATA XREF: .text:00401229�o
; sub_407F67+A�o
var_14 = dword ptr -14h
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
cld
push ebp
mov ebp, esp
sub esp, 8
push ebx
push esi
push edi
push ebp
mov ebx, [ebp+arg_4]
mov eax, [ebp+arg_0]
mov dword_43B08C, eax
mov dword_43B090, ebx
test dword ptr [eax+4], 6
jnz loc_40117F
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
mov dword_43B090, eax
lea eax, [ebp+var_8]
mov [ebx-4], eax
mov esi, [ebx+0Ch]
mov edi, [ebx+8]
loc_4010DD: ; CODE XREF: sub_40109A+DC�j
cmp esi, 0FFFFFFFFh
jz loc_40118E
lea ecx, [esi+esi*2]
cmp dword ptr [edi+ecx*4+4], 0
jz short loc_40116D
push esi
push ebp
lea ebp, [ebx+10h]
mov eax, [ebp+var_14]
mov eax, [eax]
mov eax, [eax]
mov dword_43B030, eax
mov edx, [ebp+var_14]
mov eax, [edx]
mov dword_43B034, eax
mov eax, [edx+4]
mov dword_43B038, eax
push esi
push edi
push ecx
mov ecx, 14h
lea edi, dword_43B03C
mov esi, dword_43B034
rep movsd
lea edi, dword_43B03C
mov dword_43B034, edi
pop ecx
pop edi
pop esi
call dword ptr [edi+ecx*4+4]
pop ebp
pop esi
mov ebx, [ebp+arg_4]
or eax, eax
jz short loc_40116D
js short loc_40117B
mov edi, [ebx+8]
push ebx
call sub_40107A
add esp, 4
lea ebp, [ebx+10h]
push esi
push ebx
call sub_401020
add esp, 8
lea ecx, [esi+esi*2]
mov eax, [edi+ecx*4]
mov eax, [ebx+0Ch]
call dword ptr [edi+ecx*4+8]
loc_40116D: ; CODE XREF: sub_40109A+54�j
; sub_40109A+A9�j
mov edi, [ebx+8]
lea ecx, [esi+esi*2]
mov esi, [edi+ecx*4]
jmp loc_4010DD
; ---------------------------------------------------------------------------
loc_40117B: ; CODE XREF: sub_40109A+AB�j
xor eax, eax
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_40117F: ; CODE XREF: sub_40109A+23�j
push ebp
lea ebp, [ebx+10h]
push 0FFFFFFFFh
push ebx
call sub_401020
add esp, 0Ch
loc_40118E: ; CODE XREF: sub_40109A+46�j
push 0
mov dword_43B010, 0Bh
push 0Bh
call sub_40CA24
add esp, 8
or eax, eax
jnz short loc_4011C9
push 0
mov dword_43B010, 8
push 8
call sub_40CA24
add esp, 8
or eax, eax
jnz short loc_4011C9
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_4011C9: ; CODE XREF: sub_40109A+10C�j
; sub_40109A+126�j
cmp eax, 0FFFFFFFFh
jz short loc_4011F8
push eax
push dword_43B010
call sub_40CA24
add esp, 8
push dword_43B010
call sub_40CA0C
add esp, 4
mov eax, 1
loc_4011F0: ; CODE XREF: sub_40109A+E3�j
; sub_40109A+12D�j ...
pop ebp
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_4011F8: ; CODE XREF: sub_40109A+132�j
cmp dword_43B02C, 0
jnz short loc_401208
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
loc_401208: ; CODE XREF: sub_40109A+165�j
mov eax, dword_43B02C
push 0Bh
jmp eax
sub_40109A endp
; ---------------------------------------------------------------------------
pop eax
mov eax, 1
jmp short loc_4011F0
; ---------------------------------------------------------------------------
mov eax, large fs:0
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset dword_43B01C
push offset sub_40109A
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp-18h], esp
push eax
fnstcw word ptr [esp]
or word ptr [esp], 300h
fldcw word ptr [esp]
add esp, 4
push 0
push 0
push offset dword_43B028
push offset dword_43B024
push offset dword_43B020
call sub_40C9AC
push dword_43B028
push dword_43B024
push dword_43B020
mov dword_43B014, esp
call sub_40C434
add esp, 18h
xor ecx, ecx
mov [ebp-4], ecx
push eax
call sub_40C9DC
leave
retn
; ---------------------------------------------------------------------------
mov large fs:0, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40129C proc near ; CODE XREF: sub_408E89+1E�p
; sub_408E89+3A�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43B09C
lea eax, ds:41A870h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4012DC
; ---------------------------------------------------------------------------
loc_4012C2: ; CODE XREF: sub_40129C+42�j
mov eax, dword_43B09C
add eax, edi
lea eax, ds:41A870h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ADh
mov [eax], dl
inc edi
loc_4012DC: ; CODE XREF: sub_40129C+24�j
cmp edi, esi
jl short loc_4012C2
mov [ebp+var_4], 1A7h
mov eax, dword_43B09C
add eax, esi
mov byte ptr ds:dword_41A870[eax], 0
mov edi, dword_43B09C
add dword_43B09C, 2
mov eax, dword_43B09C
lea eax, [eax+esi+2]
mov dword_43B09C, eax
inc dword_43B09C
cmp dword_43B09C, 0DB6h
jle short loc_40132A
and dword_43B09C, 0
loc_40132A: ; CODE XREF: sub_40129C+85�j
lea eax, dword_41A870[edi]
pop edi
pop esi
leave
retn
sub_40129C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401334 proc near ; CODE XREF: sub_408189+111�p
var_14C23 = byte ptr -14C23h
var_14C1E = byte ptr -14C1Eh
var_14C18 = dword ptr -14C18h
var_14C12 = byte ptr -14C12h
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 14C24h
call sub_40C498
push ebx
push esi
push edi
call sub_40C574
lea edi, [ebp+var_14C1E]
lea esi, dword_43B21C
mov ecx, 3
rep movsw
call sub_40C514
push 0
push 0
push 3
push 0
push 0
push 80000000h
push offset dword_40F280
call sub_40C67C
mov [ebp+var_4], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40138A
xor eax, eax
jmp loc_401424
; ---------------------------------------------------------------------------
loc_40138A: ; CODE XREF: sub_401334+4D�j
mov [ebp+var_8], 5F3Bh
mov eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov [ebp+var_8], edx
push 0
lea eax, [ebp+var_14C18]
push eax
push 14C08h
lea eax, [ebp+var_14C12]
push eax
push [ebp+var_4]
call sub_40C688
mov [ebp+var_9], 0B7h
sub [ebp+var_9], 77h
push [ebp+var_4]
call sub_40C55C
mov [ebp+var_A], 22h
sub [ebp+var_A], 6Ch
xor ebx, ebx
loc_4013D2: ; CODE XREF: sub_401334+D9�j
mov eax, 0Dh
sub eax, dword_43B098
push eax
push offset byte_432F00
lea eax, [ebp+ebx+var_14C12]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_4013FF
xor eax, eax
inc eax
jmp short loc_401424
; ---------------------------------------------------------------------------
loc_4013FF: ; CODE XREF: sub_401334+C4�j
call sub_40C538
add ebx, 11h
cmp ebx, [ebp+var_14C18]
jb short loc_4013D2
lea edi, [ebp+var_14C23]
lea esi, word_43B222
mov ecx, 5
rep movsb
xor eax, eax
loc_401424: ; CODE XREF: sub_401334+51�j
; sub_401334+C9�j
pop edi
pop esi
pop ebx
leave
retn
sub_401334 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 2ADh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B234
lea eax, ds:4196E0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401472
; ---------------------------------------------------------------------------
loc_401458: ; CODE XREF: .text:00401474�j
mov eax, dword_43B234
add eax, edi
lea eax, ds:4196E0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ACh
mov [eax], dl
inc edi
loc_401472: ; CODE XREF: .text:00401456�j
cmp edi, esi
jl short loc_401458
mov dword ptr [ebp-8], 194h
mov eax, dword_43B234
add eax, esi
mov byte ptr ds:dword_4196E0[eax], 0
mov edi, dword_43B234
mov eax, edi
add eax, 2
add eax, esi
mov dword_43B234, eax
cmp eax, 0DF0h
jle short loc_4014AC
and dword_43B234, 0
loc_4014AC: ; CODE XREF: .text:004014A3�j
mov dword ptr [ebp-0Ch], 3DCh
lea eax, dword_4196E0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4014BD proc near ; CODE XREF: sub_4062CD+D3�p
; sub_408BE4+E6�p ...
var_14 = byte ptr -14h
var_F = byte ptr -0Fh
var_A = byte ptr -0Ah
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
lea edi, [ebp+var_A]
lea esi, dword_43B238
mov ecx, 5
rep movsb
lea eax, [ebp+var_4]
push eax
push 20019h
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C934
mov ebx, eax
lea edi, [ebp+var_F]
lea esi, byte_43B23D
mov ecx, 5
rep movsb
or ebx, ebx
jz short loc_401506
xor eax, eax
jmp short loc_401549
; ---------------------------------------------------------------------------
loc_401506: ; CODE XREF: sub_4014BD+43�j
lea edi, [ebp+var_14]
lea esi, word_43B242
mov ecx, 5
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C940
mov ebx, eax
mov [ebp+var_5], 0F0h
add [ebp+var_5], 0ABh
push [ebp+var_4]
call sub_40C928
or ebx, ebx
jz short loc_401546
xor eax, eax
jmp short loc_401549
; ---------------------------------------------------------------------------
loc_401546: ; CODE XREF: sub_4014BD+83�j
xor eax, eax
inc eax
loc_401549: ; CODE XREF: sub_4014BD+47�j
; sub_4014BD+87�j
pop edi
pop esi
pop ebx
leave
retn
sub_4014BD endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3B4h
push esi
push dword ptr [ebp+8]
mov eax, dword_43B250
lea eax, ds:433FF0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401597
; ---------------------------------------------------------------------------
loc_40157D: ; CODE XREF: .text:00401599�j
mov eax, dword_43B250
add eax, edi
lea eax, ds:433FF0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0E6h
mov [eax], dl
inc edi
loc_401597: ; CODE XREF: .text:0040157B�j
cmp edi, esi
jl short loc_40157D
mov dword ptr [ebp-8], 153h
mov eax, dword_43B250
add eax, esi
mov byte ptr ds:dword_433FF0[eax], 0
mov edi, dword_43B250
add dword_43B250, 3
mov eax, dword_43B250
lea eax, [eax+esi+6]
mov dword_43B250, eax
cmp eax, 0DFFh
jle short loc_4015DA
and dword_43B250, 0
loc_4015DA: ; CODE XREF: .text:004015D1�j
mov dword ptr [ebp-0Ch], 3D1h
lea eax, dword_433FF0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4015EB proc near ; CODE XREF: sub_405F79+9F�p
; sub_405F79+D8�p ...
var_D = byte ptr -0Dh
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
call sub_40C634
call sub_40C514
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C91C
mov ebx, eax
or ebx, ebx
jz short loc_401628
xor eax, eax
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401628: ; CODE XREF: sub_4015EB+37�j
lea edi, [ebp+var_D]
lea esi, dword_43B254
mov ecx, 5
rep movsb
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_14]
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C94C
mov ebx, eax
push [ebp+var_4]
call sub_40C928
or ebx, ebx
jz short loc_401660
xor eax, eax
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401660: ; CODE XREF: sub_4015EB+6F�j
call sub_40C5A4
cmp [ebp+var_8], 1
jnz short loc_401672
mov eax, 2
jmp short loc_401675
; ---------------------------------------------------------------------------
loc_401672: ; CODE XREF: sub_4015EB+7E�j
xor eax, eax
inc eax
loc_401675: ; CODE XREF: sub_4015EB+3B�j
; sub_4015EB+73�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4015EB endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B264
lea eax, ds:437190h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 5Fh
xor edi, edi
jmp short loc_4016BF
; ---------------------------------------------------------------------------
loc_4016A8: ; CODE XREF: .text:004016C1�j
mov eax, dword_43B264
add eax, edi
lea eax, ds:437190h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Eh
mov [eax], dl
inc edi
loc_4016BF: ; CODE XREF: .text:004016A6�j
cmp edi, esi
jl short loc_4016A8
mov eax, dword_43B264
add eax, esi
mov byte ptr ds:dword_437190[eax], 0
xor edi, edi
mov edi, dword_43B264
mov eax, edi
inc eax
add eax, esi
mov dword_43B264, eax
add dword_43B264, 3
cmp dword_43B264, 0DE6h
jle short loc_4016FE
and dword_43B264, 0
loc_4016FE: ; CODE XREF: .text:004016F5�j
mov dword ptr [ebp-8], 6
lea eax, dword_437190[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40170F proc near ; CODE XREF: sub_405601+166�p
; sub_408BE4+3A�p ...
var_4 = byte ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov [ebp+var_1], 9Fh
add [ebp+var_1], 0CBh
lea edi, [ebp+var_4]
lea esi, dword_43B268
mov ecx, 3
rep movsb
xor ebx, ebx
jmp short loc_40175A
; ---------------------------------------------------------------------------
loc_401732: ; CODE XREF: sub_40170F+4E�j
call sub_40CA18
mov edi, [ebp+arg_0]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [edi+ebx], dl
inc ebx
loc_40175A: ; CODE XREF: sub_40170F+21�j
cmp ebx, [ebp+arg_4]
jl short loc_401732
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_0]
mov byte ptr [edx+eax], 0
mov eax, edx
pop edi
pop esi
pop ebx
leave
retn
sub_40170F endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B274
lea eax, ds:42EBA0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 1Ah
xor edi, edi
jmp short loc_4017B4
; ---------------------------------------------------------------------------
loc_40179D: ; CODE XREF: .text:004017B6�j
mov eax, dword_43B274
add eax, edi
lea eax, ds:42EBA0h[eax]
movsx edx, byte ptr [eax]
xor edx, 48h
mov [eax], dl
inc edi
loc_4017B4: ; CODE XREF: .text:0040179B�j
cmp edi, esi
jl short loc_40179D
mov eax, dword_43B274
add eax, esi
mov byte ptr ds:dword_42EBA0[eax], 0
mov edi, dword_43B274
add dword_43B274, 3
mov eax, dword_43B274
lea eax, [eax+esi+6]
mov dword_43B274, eax
add dword_43B274, 2
cmp dword_43B274, 0DD9h
jle short loc_4017FC
and dword_43B274, 0
loc_4017FC: ; CODE XREF: .text:004017F3�j
lea eax, dword_42EBA0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401806 proc near ; CODE XREF: sub_401334+B7�p
; sub_4053A1+57�p ...
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov [ebp+var_D], 9Fh
add [ebp+var_D], 0CBh
and [ebp+var_C], 0
lea edi, [ebp+var_10]
lea esi, dword_43B278
mov ecx, 3
rep movsb
and [ebp+var_8], 0
jmp short loc_4018AA
; ---------------------------------------------------------------------------
loc_401831: ; CODE XREF: sub_401806+B6�j
call sub_40C634
and [ebp+var_4], 0
call sub_40C598
xor ebx, ebx
jmp short loc_401894
; ---------------------------------------------------------------------------
loc_401843: ; CODE XREF: sub_401806+9F�j
mov [ebp+var_11], 37h
add [ebp+var_11], 1
mov eax, [ebp+var_8]
add eax, ebx
mov edx, [ebp+arg_0]
movsx eax, byte ptr [edx+eax]
mov edx, [ebp+arg_4]
movsx edx, byte ptr [edx+ebx]
cmp eax, edx
jnz short loc_401865
inc [ebp+var_4]
loc_401865: ; CODE XREF: sub_401806+5A�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40186D: ; CODE XREF: sub_401806+6C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40186D
cmp [ebp+var_4], eax
jnz short loc_401893
call sub_40C5A4
inc [ebp+var_C]
call sub_40C574
mov eax, [ebp+arg_8]
cmp [ebp+var_C], eax
jnz short loc_401893
mov eax, [ebp+var_8]
jmp short loc_4018C7
; ---------------------------------------------------------------------------
loc_401893: ; CODE XREF: sub_401806+71�j
; sub_401806+86�j
inc ebx
loc_401894: ; CODE XREF: sub_401806+3B�j
mov eax, [ebp+arg_4]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_40189C: ; CODE XREF: sub_401806+9B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40189C
cmp ebx, eax
jb short loc_401843
inc [ebp+var_8]
loc_4018AA: ; CODE XREF: sub_401806+29�j
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4018B2: ; CODE XREF: sub_401806+B1�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4018B2
cmp [ebp+var_8], eax
jb loc_401831
mov eax, 0FFFFh
loc_4018C7: ; CODE XREF: sub_401806+8B�j
pop edi
pop esi
pop ebx
leave
retn
sub_401806 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B284
lea eax, ds:415600h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-4], 5Fh
xor edi, edi
jmp short loc_401911
; ---------------------------------------------------------------------------
loc_4018FA: ; CODE XREF: .text:00401913�j
mov eax, dword_43B284
add eax, edi
lea eax, ds:415600h[eax]
movsx edx, byte ptr [eax]
xor edx, 0Eh
mov [eax], dl
inc edi
loc_401911: ; CODE XREF: .text:004018F8�j
cmp edi, esi
jl short loc_4018FA
mov eax, dword_43B284
add eax, esi
mov byte ptr ds:dword_415600[eax], 0
xor edi, edi
mov edi, dword_43B284
mov eax, edi
inc eax
add eax, esi
mov dword_43B284, eax
add dword_43B284, 3
cmp dword_43B284, 0DE6h
jle short loc_401950
and dword_43B284, 0
loc_401950: ; CODE XREF: .text:00401947�j
mov dword ptr [ebp-8], 6
lea eax, dword_415600[edi]
pop edi
pop esi
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push ebx
push esi
push edi
call sub_40C508
lea edi, [ebp-7]
lea esi, dword_43B288
mov ecx, 7
rep movsb
mov ebx, [ebp+10h]
jmp short loc_4019A0
; ---------------------------------------------------------------------------
loc_401983: ; CODE XREF: .text:004019A3�j
mov eax, [ebp+8]
movsx eax, byte ptr [eax+ebx]
mov edx, ebx
sub edx, [ebp+10h]
mov ecx, [ebp+0Ch]
movsx edx, byte ptr [ecx+edx]
cmp eax, edx
jz short loc_40199F
xor eax, eax
inc eax
jmp short loc_4019AC
; ---------------------------------------------------------------------------
loc_40199F: ; CODE XREF: .text:00401998�j
inc ebx
loc_4019A0: ; CODE XREF: .text:00401981�j
cmp ebx, [ebp+14h]
jl short loc_401983
call sub_40C538
xor eax, eax
loc_4019AC: ; CODE XREF: .text:0040199D�j
pop edi
pop esi
pop ebx
leave
retn
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B298
lea eax, ds:433000h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4019F0
; ---------------------------------------------------------------------------
loc_4019D6: ; CODE XREF: .text:004019F2�j
mov eax, dword_43B298
add eax, edi
lea eax, ds:433000h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Ah
mov [eax], dl
inc edi
loc_4019F0: ; CODE XREF: .text:004019D4�j
cmp edi, esi
jl short loc_4019D6
mov eax, dword_43B298
add eax, esi
mov byte ptr ds:dword_433000[eax], 0
mov edi, dword_43B298
inc dword_43B298
mov eax, dword_43B298
add eax, 4
add eax, esi
mov dword_43B298, eax
cmp eax, 0DCFh
jle short loc_401A2C
and dword_43B298, 0
loc_401A2C: ; CODE XREF: .text:00401A23�j
lea eax, dword_433000[edi]
pop edi
pop esi
pop ebp
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401A36 proc near ; CODE XREF: sub_405601+4A�p
; sub_4062CD+470�p ...
var_1D = byte ptr -1Dh
var_1C = dword ptr -1Ch
var_15 = dword ptr -15h
var_11 = byte ptr -11h
var_10 = byte ptr -10h
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
lea edi, [ebp+var_9]
lea esi, byte_43B29C
xor ecx, ecx
inc ecx
rep movsb
push 0
push 80h
push 3
push 0
push 3
push 80000000h
push [ebp+arg_0]
call sub_40C67C
mov ebx, eax
call sub_40C508
cmp ebx, 0FFFFFFFFh
jnz short loc_401AA2
mov [ebp+var_1C], 0D77h
mov eax, [ebp+var_1C]
mov edx, eax
add edx, eax
mov [ebp+var_1C], edx
cmp [ebp+arg_4], 0
jz short loc_401A90
mov eax, [ebp+arg_4]
and dword ptr [eax], 0
loc_401A90: ; CODE XREF: sub_401A36+52�j
lea edi, [ebp+var_1D]
lea esi, byte_43B29D
xor ecx, ecx
inc ecx
rep movsb
xor eax, eax
jmp short loc_401B0C
; ---------------------------------------------------------------------------
loc_401AA2: ; CODE XREF: sub_401A36+3B�j
push 0
push ebx
call sub_40C520
mov [ebp+var_4], eax
call sub_40C538
mov eax, [ebp+var_4]
add eax, 10h
push eax
push 40h
call sub_40C64C
mov [ebp+var_8], eax
call sub_40C634
push 0
cmp [ebp+arg_4], 0
jz short loc_401AD8
mov eax, [ebp+arg_4]
mov [ebp+var_1C], eax
jmp short loc_401ADE
; ---------------------------------------------------------------------------
loc_401AD8: ; CODE XREF: sub_401A36+98�j
lea eax, [ebp+var_10]
mov [ebp+var_1C], eax
loc_401ADE: ; CODE XREF: sub_401A36+A0�j
push [ebp+var_1C]
push [ebp+var_4]
push [ebp+var_8]
push ebx
call sub_40C688
lea edi, [ebp+var_11]
lea esi, byte_43B29E
xor ecx, ecx
inc ecx
rep movsb
push ebx
call sub_40C55C
mov eax, dword_43B29F
mov [ebp+var_15], eax
mov eax, [ebp+var_8]
loc_401B0C: ; CODE XREF: sub_401A36+6A�j
pop edi
pop esi
pop ebx
leave
retn
sub_401A36 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 16Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2AC
lea eax, ds:410850h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-8], 17Eh
xor edi, edi
jmp short loc_401B5D
; ---------------------------------------------------------------------------
loc_401B46: ; CODE XREF: .text:00401B5F�j
mov eax, dword_43B2AC
add eax, edi
lea eax, ds:410850h[eax]
movsx edx, byte ptr [eax]
xor edx, 73h
mov [eax], dl
inc edi
loc_401B5D: ; CODE XREF: .text:00401B44�j
cmp edi, esi
jl short loc_401B46
mov eax, dword_43B2AC
add eax, esi
mov byte ptr ds:dword_410850[eax], 0
mov edi, dword_43B2AC
mov eax, edi
add eax, 3
add eax, esi
mov dword_43B2AC, eax
cmp eax, 0DBBh
jle short loc_401B90
and dword_43B2AC, 0
loc_401B90: ; CODE XREF: .text:00401B87�j
lea eax, dword_410850[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401B9A proc near ; CODE XREF: sub_405601+66A�p
; sub_409847+D36�p
var_A = byte ptr -0Ah
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C538
mov [ebp+var_2], 4231h
inc [ebp+var_2]
mov ebx, [ebp+arg_4]
jmp short loc_401C0E
; ---------------------------------------------------------------------------
loc_401BB7: ; CODE XREF: sub_401B9A+7B�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0Dh
jnz short loc_401C0D
lea edi, [ebp+var_A]
lea esi, dword_43B2B0
mov ecx, 7
rep movsb
mov eax, [ebp+arg_4]
mov edx, ebx
sub edx, eax
push edx
mov edx, [ebp+arg_0]
add edx, eax
push edx
push [ebp+arg_8]
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_3], 0DEh
movzx eax, [ebp+var_3]
imul eax, 6325h
mov [ebp+var_3], al
mov eax, ebx
sub eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
mov byte ptr [edx+eax], 0
mov eax, ebx
add eax, 2
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C0D: ; CODE XREF: sub_401B9A+24�j
inc ebx
loc_401C0E: ; CODE XREF: sub_401B9A+1B�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401BB7
cmp [ebp+arg_4], 0
jz short loc_401C43
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jnz short loc_401C43
mov eax, ebx
dec eax
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 0Ah
jnz short loc_401C43
call sub_40C634
mov eax, [ebp+arg_8]
mov byte ptr [eax], 0
mov eax, [ebp+arg_4]
inc eax
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C43: ; CODE XREF: sub_401B9A+81�j
; sub_401B9A+8A�j ...
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
call sub_40C73C
mov ebx, eax
or ebx, ebx
jz short loc_401C7C
call sub_40C5A4
mov eax, [ebp+arg_0]
add eax, [ebp+arg_4]
push eax
push [ebp+arg_8]
call sub_40C4B8
mov word ptr [ebp-4], 33AEh
sub word ptr [ebp-4], 32B9h
mov eax, [ebp+arg_4]
add eax, ebx
jmp short loc_401C7E
; ---------------------------------------------------------------------------
loc_401C7C: ; CODE XREF: sub_401B9A+B9�j
xor eax, eax
loc_401C7E: ; CODE XREF: sub_401B9A+71�j
; sub_401B9A+A7�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401B9A endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_43B2C0
lea eax, ds:436120h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_401CC3
; ---------------------------------------------------------------------------
loc_401CA9: ; CODE XREF: .text:00401CC5�j
mov eax, dword_43B2C0
add eax, edi
lea eax, ds:436120h[eax]
movsx edx, byte ptr [eax]
xor edx, 0A7h
mov [eax], dl
inc edi
loc_401CC3: ; CODE XREF: .text:00401CA7�j
cmp edi, esi
jl short loc_401CA9
mov eax, dword_43B2C0
add eax, esi
mov byte ptr ds:dword_436120[eax], 0
xor edi, edi
mov edi, dword_43B2C0
mov eax, edi
add eax, 3
add eax, esi
mov dword_43B2C0, eax
inc dword_43B2C0
cmp dword_43B2C0, 0DC7h
jle short loc_401D03
and dword_43B2C0, 0
loc_401D03: ; CODE XREF: .text:00401CFA�j
mov dword ptr [ebp-4], 347h
lea eax, dword_436120[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401D14 proc near ; CODE XREF: sub_4028A6+5D�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_B = byte ptr -0Bh
var_4 = word ptr -4
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
mov [ebp+var_1], 60h
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
inc dword_43B228
mov [ebp+var_4], 1DB7h
movzx eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_4], ax
mov ebx, [ebp+arg_0]
and ds:dword_40E00C, 0
and ds:dword_41DA70, 0
and ds:dword_41DA88, 0
and ds:dword_40F268, 0
mov ds:dword_41A860, 4
mov ds:dword_413F84, 4
loc_401D7B: ; CODE XREF: sub_401D14+154�j
; sub_401D14+175�j ...
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_413F80, al
movzx eax, ds:byte_413F80
or eax, eax
jl loc_40200C
cmp eax, 0FFh
jg loc_40200C
jmp dword_43B2D4[eax*4]
; ---------------------------------------------------------------------------
lea edi, [ebp+var_1C+3]
lea esi, dword_43B2C4
movsd
movsd
or byte ptr ds:dword_41DA70, 40h
lea edi, [ebp+var_1C+2]
lea esi, byte_43B2CC
xor ecx, ecx
inc ecx
rep movsb
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
xor eax, eax
cmp byte ptr [ebx], 20h
setnz al
dec eax
and eax, 4
inc eax
mov [ebp+var_20], eax
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
or byte ptr ds:dword_41DA70, 40h
test byte ptr [ebx], 38h
jnz loc_40200C
call sub_40C598
test ds:byte_413F80, 1
jz short loc_401E1A
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
loc_401E1A: ; CODE XREF: sub_401D14+F4�j
inc ds:dword_41DA88
jmp loc_40200C
; ---------------------------------------------------------------------------
inc ds:dword_41DA88
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
test byte ptr ds:dword_41DA70, 10h
jz short loc_401E46
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E46: ; CODE XREF: sub_401D14+129�j
mov [ebp+var_11], 7Dh
movzx eax, [ebp+var_11]
imul eax, 46DCh
mov [ebp+var_11], al
or byte ptr ds:dword_41DA70, 10h
mov al, ds:byte_413F80
mov ds:byte_40F274, al
jmp loc_401D7B
; ---------------------------------------------------------------------------
test byte ptr ds:dword_41DA70, 4
jz short loc_401E7D
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E7D: ; CODE XREF: sub_401D14+160�j
call sub_40C5A4
or byte ptr ds:dword_41DA70, 4
jmp loc_401D7B
; ---------------------------------------------------------------------------
test byte ptr ds:dword_41DA70, 8
jz short loc_401E9E
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401E9E: ; CODE XREF: sub_401D14+181�j
call sub_40C538
or byte ptr ds:dword_41DA70, 8
mov al, ds:byte_413F80
mov ds:byte_41EB80, al
jmp loc_401D7B
; ---------------------------------------------------------------------------
test byte ptr ds:dword_41DA70, 1
jz short loc_401EC9
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401EC9: ; CODE XREF: sub_401D14+1AC�j
call sub_40C598
or byte ptr ds:dword_41DA70, 1
mov ds:dword_41A860, 2
jmp loc_401D7B
; ---------------------------------------------------------------------------
test byte ptr ds:dword_41DA70, 2
jz short loc_401EF4
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_401EF4: ; CODE XREF: sub_401D14+1D7�j
or byte ptr ds:dword_41DA70, 2
mov ds:dword_413F84, 2
jmp loc_401D7B
; ---------------------------------------------------------------------------
inc dword_43B228
inc ds:dword_41DA88
or byte ptr ds:dword_41DA70, 40h
jmp loc_40200C
; ---------------------------------------------------------------------------
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
or byte ptr ds:dword_41DA70, 40h
jmp loc_40200C
; ---------------------------------------------------------------------------
mov eax, ds:dword_41A860
add eax, 2
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
mov eax, ds:dword_413F84
add ds:dword_40F268, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
add ds:dword_41DA88, 2
jmp loc_40200C
; ---------------------------------------------------------------------------
add ds:dword_41DA88, 3
jmp loc_40200C
; ---------------------------------------------------------------------------
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
or byte ptr ds:dword_41DA70, 20h
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42EB90, al
movzx eax, ds:byte_42EB90
or eax, eax
jl short loc_402005
cmp eax, 0Bh
jg short loc_401FB9
jmp dword_43B6D4[eax*4]
; ---------------------------------------------------------------------------
loc_401FB9: ; CODE XREF: sub_401D14+29C�j
cmp eax, 80h
jl short loc_402005
cmp eax, 0CFh
jg short loc_402005
jmp dword_43B504[eax*4]
; ---------------------------------------------------------------------------
call sub_40C514
or byte ptr ds:dword_41DA70, 40h
call sub_40C514
jmp short loc_40200C
; ---------------------------------------------------------------------------
inc dword_43B228
jmp short loc_40200C
; ---------------------------------------------------------------------------
mov eax, ds:dword_41A860
add ds:dword_41DA88, eax
jmp short loc_40200C
; ---------------------------------------------------------------------------
inc ds:dword_41DA88
or byte ptr ds:dword_41DA70, 40h
jmp short loc_40200C
; ---------------------------------------------------------------------------
loc_402005: ; CODE XREF: sub_401D14+297�j
; sub_401D14+2AA�j ...
xor eax, eax
jmp loc_402199
; ---------------------------------------------------------------------------
loc_40200C: ; CODE XREF: sub_401D14+7A�j
; sub_401D14+85�j ...
inc dword_43B228
test byte ptr ds:dword_41DA70, 40h
jz loc_40211A
call sub_40C538
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_42FCFC, al
call sub_40C598
movzx eax, ds:byte_42FCFC
and eax, 0C0h
mov [ebp+var_11], al
movzx eax, ds:byte_42FCFC
and eax, 7
mov [ebp+var_12], al
movzx eax, [ebp+var_11]
cmp eax, 0C0h
jz loc_40211A
mov [ebp+var_13], 0A5h
movzx eax, [ebp+var_13]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_13], al
cmp [ebp+var_11], 40h
jnz short loc_40207B
inc ds:dword_40F268
loc_40207B: ; CODE XREF: sub_401D14+35F�j
call sub_40C514
movzx eax, [ebp+var_11]
cmp eax, 80h
jnz short loc_402096
mov eax, ds:dword_413F84
add ds:dword_40F268, eax
loc_402096: ; CODE XREF: sub_401D14+375�j
mov [ebp+var_18], 4587h
mov eax, [ebp+var_18]
mov edx, eax
add edx, eax
mov [ebp+var_18], edx
cmp ds:dword_413F84, 2
jnz short loc_4020CA
call sub_40C508
cmp [ebp+var_11], 0
jnz short loc_40211A
cmp [ebp+var_12], 6
jnz short loc_40211A
add ds:dword_40F268, 2
jmp short loc_40211A
; ---------------------------------------------------------------------------
loc_4020CA: ; CODE XREF: sub_401D14+39A�j
call sub_40C514
cmp [ebp+var_12], 4
jnz short loc_402102
mov [ebp+var_1C], 2A45h
inc [ebp+var_1C]
or byte ptr ds:dword_41DA70, 80h
call sub_40C514
mov eax, ebx
inc ebx
mov al, [eax]
mov ds:byte_41A85C, al
movzx eax, ds:byte_41A85C
and eax, 7
mov [ebp+var_12], al
loc_402102: ; CODE XREF: sub_401D14+3BF�j
cmp [ebp+var_12], 5
jnz short loc_402115
cmp [ebp+var_11], 0
jnz short loc_402115
add ds:dword_40F268, 4
loc_402115: ; CODE XREF: sub_401D14+3F2�j
; sub_401D14+3F8�j
call sub_40C5A4
loc_40211A: ; CODE XREF: sub_401D14+305�j
; sub_401D14+344�j ...
and ds:dword_40F26C, 0
jmp short loc_40213B
; ---------------------------------------------------------------------------
loc_402123: ; CODE XREF: sub_401D14+432�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F26C
mov al, [eax]
mov ds:byte_413F78[edx], al
inc ds:dword_40F26C
loc_40213B: ; CODE XREF: sub_401D14+40D�j
mov eax, ds:dword_40F268
cmp ds:dword_40F26C, eax
jb short loc_402123
lea edi, [ebp+var_B]
lea esi, byte_43B2CD
mov ecx, 7
rep movsb
and ds:dword_40F26C, 0
jmp short loc_402179
; ---------------------------------------------------------------------------
loc_402161: ; CODE XREF: sub_401D14+470�j
mov eax, ebx
inc ebx
mov edx, ds:dword_40F26C
mov al, [eax]
mov ds:byte_439330[edx], al
inc ds:dword_40F26C
loc_402179: ; CODE XREF: sub_401D14+44B�j
mov eax, ds:dword_41DA88
cmp ds:dword_40F26C, eax
jb short loc_402161
inc dword_43B228
mov eax, ebx
sub eax, [ebp+arg_0]
mov ds:dword_40E00C, eax
xor eax, eax
inc eax
loc_402199: ; CODE XREF: sub_401D14+12D�j
; sub_401D14+164�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_401D14 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 1F7h
push esi
push dword ptr [ebp+8]
mov eax, dword_43BF3C
lea eax, ds:417640h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4021E7
; ---------------------------------------------------------------------------
loc_4021CD: ; CODE XREF: .text:004021E9�j
mov eax, dword_43BF3C
add eax, edi
lea eax, ds:417640h[eax]
movsx edx, byte ptr [eax]
xor edx, 88h
mov [eax], dl
inc edi
loc_4021E7: ; CODE XREF: .text:004021CB�j
cmp edi, esi
jl short loc_4021CD
mov dword ptr [ebp-8], 182h
mov eax, dword_43BF3C
add eax, esi
mov byte ptr ds:dword_417640[eax], 0
xor edi, edi
mov edi, dword_43BF3C
add dword_43BF3C, 3
mov eax, dword_43BF3C
inc eax
add eax, esi
mov dword_43BF3C, eax
cmp eax, 0E06h
jle short loc_40222B
and dword_43BF3C, 0
loc_40222B: ; CODE XREF: .text:00402222�j
mov dword ptr [ebp-0Ch], 1D5h
lea eax, dword_417640[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40223C proc near ; CODE XREF: sub_402A4D+1E�p
var_A = byte ptr -0Ah
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
call sub_40C634
push offset dword_43BE3C
call sub_40C550
mov ebx, eax
lea edi, [ebp+var_A]
lea esi, word_43BFFA
movsd
movsd
push offset dword_43BF40
push ebx
call sub_40C568
mov ds:dword_42FCF4, eax
call sub_40C634
push offset byte_43BF59
push ebx
call sub_40C568
mov ds:dword_41C954, eax
call sub_40C538
push offset word_43BF76
push ebx
call sub_40C568
mov ds:dword_41A868, eax
mov [ebp+var_2], 2FA0h
sub [ebp+var_2], 63DAh
push offset dword_43BF88
push ebx
call sub_40C568
mov ds:dword_41DA80, eax
push offset byte_43BFA3
push ebx
call sub_40C568
mov ds:dword_42FCF0, eax
pop edi
pop esi
pop ebx
leave
retn
sub_40223C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4022CC proc near ; CODE XREF: sub_402A4D+16A�p
var_88 = byte ptr -88h
var_81 = byte ptr -81h
var_79 = dword ptr -79h
var_75 = byte ptr -75h
var_6D = byte ptr -6Dh
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = byte ptr -60h
var_58 = byte ptr -58h
var_57 = byte ptr -57h
var_56 = word ptr -56h
var_53 = byte ptr -53h
var_52 = word ptr -52h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 88h
push ebx
push esi
push edi
mov [ebp+var_53], 0B5h
movzx eax, [ebp+var_53]
imul eax, 5810h
mov [ebp+var_53], al
lea edi, [ebp+var_6D]
lea esi, word_43C002
mov ecx, 5
rep movsb
push offset dword_43BFCC
lea eax, [ebp+var_60]
push eax
call ds:dword_42FCF4
lea edi, [ebp+var_75]
lea esi, byte_43C007
movsd
movsd
mov [ebp+var_18], 18h
and [ebp+var_14], 0
lea eax, [ebp+var_60]
mov [ebp+var_10], eax
call sub_40C514
mov [ebp+var_C], 40h
mov eax, dword_43C00F
mov [ebp+var_79], eax
and [ebp+var_8], 0
call sub_40C508
and [ebp+var_4], 0
mov [ebp+var_56], 58E2h
inc [ebp+var_56]
and [ebp+var_30], 0
mov [ebp+var_52], 721Bh
movzx eax, [ebp+var_52]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52], ax
and [ebp+var_2C], 0
lea edi, [ebp+var_81]
lea esi, byte_43C013
mov ecx, 2
rep movsd
mov [ebp+var_28], 1
mov [ebp+var_57], 71h
sub [ebp+var_57], 0F4h
mov [ebp+var_24], 1
lea eax, byte_43BFBF
mov [ebp+var_20], eax
mov [ebp+var_50], 2
call sub_40C634
mov [ebp+var_4C], 1
call sub_40C514
and [ebp+var_48], 0
mov [ebp+var_58], 74h
add [ebp+var_58], 1
lea edi, [ebp+var_44]
lea esi, [ebp+var_30]
mov ecx, 5
rep movsd
call sub_40C574
lea eax, [ebp+var_18]
push eax
push 60000h
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A868
mov ebx, 762Dh
inc ebx
lea eax, [ebp+var_88]
push eax
push 0
lea eax, [ebp+var_64]
push eax
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C958
call sub_40C5A4
lea eax, [ebp+var_68]
push eax
push [ebp+var_64]
lea eax, [ebp+var_50]
push eax
mov eax, 0Bh
sub eax, dword_43BF38
push eax
call sub_40C970
call sub_40C514
push 0
push [ebp+var_68]
push 0
push 0
push 4
push 6
push [ebp+var_1C]
call sub_40C964
push [ebp+var_1C]
call sub_40C55C
lea eax, [ebp+var_18]
push eax
push [ebp+var_50]
lea eax, [ebp+var_1C]
push eax
call ds:dword_41A868
mov eax, [ebp+var_1C]
pop edi
pop esi
pop ebx
leave
retn
sub_4022CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402465 proc near ; CODE XREF: sub_402A4D+265�p
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 14h
call sub_40C508
mov eax, [ebp+arg_4]
mov [ebp+var_C], eax
mov eax, [ebp+arg_8]
mov [ebp+var_4], eax
and [ebp+var_8], 0
call sub_40C598
mov eax, [ebp+var_C]
xor edx, edx
mov [ebp+var_10], edx
mov [ebp+var_14], eax
call sub_40C514
push 4
push 0
push 1
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_14]
push eax
push [ebp+var_4]
push 0
lea eax, [ebp+var_8]
push eax
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41DA80
call sub_40C508
mov eax, [ebp+var_8]
leave
retn
sub_402465 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4024C1 proc near ; CODE XREF: sub_402A4D+36A�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
call sub_40C598
push [ebp+arg_0]
push 0FFFFFFFFh
call ds:dword_41C954
call sub_40C508
pop ebp
retn
sub_4024C1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 8Bh
push esi
push dword ptr [ebp+8]
mov eax, dword_43C024
lea eax, ds:412DE0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_402520
; ---------------------------------------------------------------------------
loc_402509: ; CODE XREF: .text:00402522�j
mov eax, dword_43C024
add eax, edi
lea eax, ds:412DE0h[eax]
movsx edx, byte ptr [eax]
xor edx, 42h
mov [eax], dl
inc edi
loc_402520: ; CODE XREF: .text:00402507�j
cmp edi, esi
jl short loc_402509
mov dword ptr [ebp-8], 15Eh
mov eax, dword_43C024
add eax, esi
mov byte ptr ds:dword_412DE0[eax], 0
xor edi, edi
mov edi, dword_43C024
mov eax, edi
add eax, 5
add eax, esi
mov dword_43C024, eax
add dword_43C024, 2
cmp dword_43C024, 0DF6h
jle short loc_402568
and dword_43C024, 0
loc_402568: ; CODE XREF: .text:0040255F�j
lea eax, dword_412DE0[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402572 proc near ; CODE XREF: sub_4028A6+19A�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_E = word ptr -0Eh
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_4], 6A0Dh
mov eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov [ebp+var_4], edx
xor ebx, ebx
loc_40258E: ; CODE XREF: sub_402572+329�j
mov [ebp+var_8], 0A92h
movzx eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_8], ax
mov eax, [ebp+arg_0]
movzx edx, byte ptr [eax+ebx]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+1]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+2]
cmp edx, 0FFh
jnz short loc_4025E8
movzx edx, byte ptr [ebx+eax+3]
cmp edx, 0FFh
jnz short loc_4025E8
movzx eax, byte ptr [ebx+eax+4]
cmp eax, 0FFh
jz loc_4028A1
loc_4025E8: ; CODE XREF: sub_402572+3D�j
; sub_402572+4A�j ...
mov [ebp+var_A], 143Ah
movzx eax, [ebp+var_A]
imul eax, 5B68h
mov [ebp+var_A], ax
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
mov edx, [ebp+arg_0]
mov dl, [edx+ebx]
mov [eax+ebx], dl
call sub_40C514
mov [ebp+var_5], 0
loc_402618: ; CODE XREF: sub_402572+1B2�j
mov eax, [ebp+arg_0]
movzx edx, [ebp+var_5]
imul edx, 0Ch
movzx edx, byte_43C0B4[edx]
movzx ecx, byte ptr [eax+ebx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
dec ecx
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
sub ecx, 2
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov ecx, ebx
sub ecx, 3
movzx ecx, byte ptr [eax+ecx]
cmp ecx, edx
jnz loc_40270A
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jnz loc_40270A
mov [ebp+var_C], 184h
movzx eax, [ebp+var_C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_C], ax
movzx eax, [ebp+var_5]
imul eax, 0Ch
push dword_43C0BC[eax]
call sub_40C550
movzx edi, [ebp+var_5]
imul edi, 0Ch
push dword_43C0B8[edi]
push eax
call sub_40C568
mov [ebp+var_18], eax
or eax, 0FFFFFFFFh
mov edx, [ebp+arg_4]
mov ecx, [ebp+arg_8]
lea edx, [edx+ecx+5]
add edx, ebx
sub edx, 4
sub eax, edx
add eax, [ebp+var_18]
sub eax, 4
mov [ebp+var_1C], eax
mov [ebp+var_E], 1041h
sub [ebp+var_E], 73D6h
mov eax, [ebp+arg_4]
mov edx, ecx
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp+var_1C]
mov ds:1[eax], edx
mov [ebp+var_14], 4B75h
add [ebp+var_14], 37C2h
jmp short loc_402729
; ---------------------------------------------------------------------------
loc_40270A: ; CODE XREF: sub_402572+BE�j
; sub_402572+CD�j ...
movzx eax, [ebp+var_5]
imul eax, 0Ch
cmp dword_43C0B8[eax], 0
jz short loc_402729
call sub_40C538
add [ebp+var_5], 1
jmp loc_402618
; ---------------------------------------------------------------------------
loc_402729: ; CODE XREF: sub_402572+196�j
; sub_402572+1A7�j
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 4
jnz short loc_402798
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 4
jnz short loc_402798
mov edx, ebx
sub edx, 4
movzx edx, byte ptr [eax+edx]
cmp dl, 68h
jz short loc_402772
cmp edx, 0BEh
jz short loc_402772
mov edx, ebx
sub edx, 5
cmp byte ptr [eax+edx], 24h
jnz short loc_402798
loc_402772: ; CODE XREF: sub_402572+1EB�j
; sub_402572+1F3�j
mov [ebp+var_C], 53AEh
inc [ebp+var_C]
mov eax, [ebp+arg_4]
add eax, [ebp+arg_8]
lea edx, [eax+ebx+5]
sub edx, 4
add eax, 7
mov ds:1[edx], eax
call sub_40C508
loc_402798: ; CODE XREF: sub_402572+1BE�j
; sub_402572+1C7�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 2
jnz loc_40282C
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 2
jnz short loc_40282C
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp eax, 0E8h
jz short loc_4027DB
cmp eax, 0E9h
jnz short loc_40282C
loc_4027DB: ; CODE XREF: sub_402572+260�j
lea edi, [ebp+var_18+3]
lea esi, dword_43C120
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
or edx, 0FFFFFFFFh
mov ecx, [ebp+arg_8]
lea ecx, [eax+ecx+5]
add ecx, ebx
sub ecx, 4
sub edx, ecx
add edx, eax
mov eax, edx
sub eax, 4
mov [ebp-10h], eax
call sub_40C634
mov eax, [ebp+arg_4]
mov edx, [ebp+arg_8]
lea eax, [eax+edx+5]
add eax, ebx
sub eax, 4
mov edx, [ebp-10h]
mov ds:1[eax], edx
call sub_40C514
loc_40282C: ; CODE XREF: sub_402572+22D�j
; sub_402572+23A�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 1
jnz short loc_402894
mov edx, ebx
dec edx
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 2
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 3
cmp byte ptr [eax+edx], 1
jnz short loc_402894
mov edx, ebx
sub edx, 4
movzx eax, byte ptr [eax+edx]
cmp al, 3Dh
jz short loc_40286F
cmp eax, 0FEh
jz short loc_40286F
cmp eax, 0FFh
jnz short loc_402894
loc_40286F: ; CODE XREF: sub_402572+2ED�j
; sub_402572+2F4�j
call sub_40C598
call sub_40C508
mov edi, [ebp+arg_4]
mov esi, [ebp+arg_8]
lea edi, [edi+esi+5]
add edi, ebx
sub edi, 4
mov ds:1[edi], eax
call sub_40C634
loc_402894: ; CODE XREF: sub_402572+2C1�j
; sub_402572+2CA�j ...
inc ebx
cmp ebx, 400h
jb loc_40258E
loc_4028A1: ; CODE XREF: sub_402572+70�j
pop edi
pop esi
pop ebx
leave
retn
sub_402572 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4028A6 proc near ; CODE XREF: sub_402A4D+813�p
var_24 = dword ptr -24h
var_1E = dword ptr -1Eh
var_1A = word ptr -1Ah
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
call sub_40C514
mov esi, [ebp+arg_0]
jmp short loc_4028DA
; ---------------------------------------------------------------------------
loc_4028B9: ; CODE XREF: sub_4028A6+3E�j
call sub_40C538
xor edi, edi
jmp short loc_4028C9
; ---------------------------------------------------------------------------
loc_4028C2: ; CODE XREF: sub_4028A6+29�j
cmp byte ptr [esi+edi], 0
jnz short loc_4028D1
inc edi
loc_4028C9: ; CODE XREF: sub_4028A6+1A�j
cmp edi, 3E8h
jbe short loc_4028C2
loc_4028D1: ; CODE XREF: sub_4028A6+20�j
cmp edi, 3E8h
jnb short loc_4028EB
inc esi
loc_4028DA: ; CODE XREF: sub_4028A6+11�j
mov eax, [ebp+arg_4]
sub eax, 3E8h
cmp esi, eax
jbe short loc_4028B9
jmp loc_402A48
; ---------------------------------------------------------------------------
loc_4028EB: ; CODE XREF: sub_4028A6+31�j
add esi, 0Ah
movzx edx, [ebp+arg_8]
shl edx, 2
mov edi, ds:dword_40F380[edx]
xor ebx, ebx
loc_4028FE: ; CODE XREF: sub_4028A6+105�j
mov eax, edi
add eax, ebx
push eax
call sub_401D14
pop ecx
call sub_40C5A4
movzx eax, byte ptr [edi+ebx]
cmp eax, 0E8h
jz short loc_402945
cmp eax, 0E9h
jz short loc_402945
call sub_40C514
and [ebp+var_4], 0
jmp short loc_402939
; ---------------------------------------------------------------------------
loc_40292B: ; CODE XREF: sub_4028A6+9B�j
mov eax, ebx
add eax, [ebp+var_4]
mov dl, [edi+eax]
mov [esi+eax], dl
inc [ebp+var_4]
loc_402939: ; CODE XREF: sub_4028A6+83�j
mov eax, ds:dword_40E00C
cmp [ebp+var_4], eax
jb short loc_40292B
jmp short loc_4029A2
; ---------------------------------------------------------------------------
loc_402945: ; CODE XREF: sub_4028A6+71�j
; sub_4028A6+78�j
mov eax, dword_43C125
mov [ebp+var_1E], eax
mov al, [edi+ebx]
mov [esi+ebx], al
call sub_40C634
lea eax, [edi+ebx+1]
mov eax, [eax]
mov [ebp+var_8], eax
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
mov [ebp+var_14], eax
mov [ebp+var_18], 7962h
mov eax, 3CA4h
mul [ebp+var_18]
mov [ebp+var_24], eax
mov [ebp+var_18], eax
lea eax, [esi+ebx+1]
mov edx, [ebp+var_14]
mov [eax], edx
mov [ebp+var_1A], 2D36h
movzx eax, [ebp+var_1A]
imul eax, 49AAh
mov [ebp+var_1A], ax
loc_4029A2: ; CODE XREF: sub_4028A6+9D�j
add ebx, ds:dword_40E00C
cmp ebx, 5
jb loc_4028FE
call sub_40C634
or eax, 0FFFFFFFFh
mov edx, esi
add edx, ebx
sub eax, edx
mov edx, edi
add edx, ebx
add eax, edx
sub eax, 4
mov [ebp+var_8], eax
mov [ebp+var_9], 16h
movzx eax, [ebp+var_9]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_9], al
mov byte ptr [ebx+esi], 0E9h
mov [ebp+var_A], 55h
movzx eax, [ebp+var_A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_A], al
lea eax, [esi+ebx+1]
mov edx, [ebp+var_8]
mov [eax], edx
or eax, 0FFFFFFFFh
sub eax, edi
lea edx, [esi+ebx+5]
add eax, edx
sub eax, 4
mov [ebp+var_8], eax
mov [ebp+var_10], 2E4Bh
sub [ebp+var_10], 0F4Bh
mov byte ptr [edi], 0E9h
call sub_40C598
mov eax, [ebp+var_8]
mov ds:1[edi], eax
call sub_40C634
push ebx
push esi
movzx edx, [ebp+arg_8]
shl edx, 4
push dword_43BE8C[edx]
call sub_402572
add esp, 0Ch
loc_402A48: ; CODE XREF: sub_4028A6+40�j
pop edi
pop esi
pop ebx
leave
retn
sub_4028A6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402A4D proc near ; CODE XREF: sub_40A766+534�p
var_2578 = dword ptr -2578h
var_2573 = byte ptr -2573h
var_2572 = word ptr -2572h
var_2570 = dword ptr -2570h
var_21AA = byte ptr -21AAh
var_21A4 = word ptr -21A4h
var_21A2 = word ptr -21A2h
var_21A0 = dword ptr -21A0h
var_219C = byte ptr -219Ch
var_219B = word ptr -219Bh
var_2199 = byte ptr -2199h
var_2196 = word ptr -2196h
var_2193 = byte ptr -2193h
var_2192 = byte ptr -2192h
var_218A = word ptr -218Ah
var_2188 = byte ptr -2188h
var_2184 = dword ptr -2184h
var_2180 = dword ptr -2180h
var_217C = dword ptr -217Ch
var_2178 = dword ptr -2178h
var_2174 = word ptr -2174h
var_2172 = word ptr -2172h
var_2170 = dword ptr -2170h
var_216C = dword ptr -216Ch
var_2068 = dword ptr -2068h
var_2062 = word ptr -2062h
var_2060 = dword ptr -2060h
var_205C = dword ptr -205Ch
var_2056 = byte ptr -2056h
var_2055 = byte ptr -2055h
var_2054 = dword ptr -2054h
var_2050 = dword ptr -2050h
var_204C = dword ptr -204Ch
var_2044 = dword ptr -2044h
var_2034 = dword ptr -2034h
var_2030 = dword ptr -2030h
var_202C = dword ptr -202Ch
var_2025 = byte ptr -2025h
var_2024 = dword ptr -2024h
var_2020 = dword ptr -2020h
var_101C = dword ptr -101Ch
var_1015 = byte ptr -1015h
var_1014 = dword ptr -1014h
var_1010 = dword ptr -1010h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
mov eax, 2578h
call sub_40C498
push ebx
push esi
push edi
mov [ebp+var_2056], 8Bh
sub [ebp+var_2056], 0C3h
call sub_40223C
mov [ebp+var_2054], 7F03h
mov eax, [ebp+var_2054]
mov edx, eax
add edx, eax
mov [ebp+var_2054], edx
mov [ebp+var_2025], 0
call sub_40C5A4
cmp eax, 80000000h
jnb short loc_402AA4
mov [ebp+var_2025], 1
loc_402AA4: ; CODE XREF: sub_402A4D+4E�j
call sub_40C634
mov [ebp+var_1015], 0
loc_402AB0: ; CODE XREF: sub_402A4D+10A�j
cmp [ebp+var_2025], 0
jnz short loc_402ACD
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BE90[edi], 1
jz short loc_402AEA
loc_402ACD: ; CODE XREF: sub_402A4D+6A�j
cmp [ebp+var_2025], 0
jz short loc_402AEC
movzx edi, [ebp+var_1015]
shl edi, 4
cmp byte_43BE90[edi], 2
jnz short loc_402AEC
loc_402AEA: ; CODE XREF: sub_402A4D+7E�j
jmp short loc_402B3E
; ---------------------------------------------------------------------------
loc_402AEC: ; CODE XREF: sub_402A4D+87�j
; sub_402A4D+9B�j
call sub_40C574
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push dword_43BE88[esi]
call sub_40C640
mov ds:dword_414090[edi*4], eax
movzx edi, [ebp+var_1015]
mov esi, edi
shl esi, 4
push dword_43BE84[esi]
shl edi, 2
push ds:dword_414090[edi]
call sub_40C568
mov ds:dword_40F380[edi], eax
call sub_40C598
loc_402B3E: ; CODE XREF: sub_402A4D:loc_402AEA�j
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp dword_43BE84[edi], 0
jnz loc_402AB0
mov ax, word_43C129
mov [ebp+var_2062], ax
mov [ebp+var_1015], 0
loc_402B71: ; CODE XREF: sub_402A4D+88F�j
movzx edi, [ebp+var_1015]
shl edi, 2
cmp ds:dword_40F380[edi], 0
jz loc_4032C3
call sub_40C574
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_414090[edi]
mov [ebp+var_2034], edi
cmp [ebp+var_2025], 0
jz loc_402E88
call sub_40C598
call sub_4022CC
mov [ebp+var_2030], eax
lea edi, [ebp+var_2192]
lea esi, byte_43C12B
movsd
movsd
mov edi, [ebp+var_2034]
shr edi, 16h
shl edi, 16h
mov [ebp+var_8], edi
mov eax, edi
add eax, 400000h
mov [ebp+var_1014], eax
xor ebx, ebx
jmp short loc_402C47
; ---------------------------------------------------------------------------
loc_402BF0: ; CODE XREF: sub_402A4D+203�j
mov [ebp+var_2193], 73h
movzx eax, [ebp+var_2193]
imul eax, 227Fh
mov [ebp+var_2193], al
mov eax, dword_43C020
add eax, 0FF5h
push eax
push [ebp+var_8]
call sub_40C61C
mov [ebp+var_4], eax
mov ax, word_43C133
mov [ebp+var_2196+1], ax
xor [ebp+var_4], 1
shl [ebp+var_4], 2
mov edi, [ebp+var_4]
mov [ebp+ebx*4+var_1010], edi
inc ebx
add [ebp+var_8], 1000h
loc_402C47: ; CODE XREF: sub_402A4D+1A1�j
mov eax, [ebp+var_1014]
cmp [ebp+var_8], eax
jbe short loc_402BF0
lea eax, [ebp+var_2188]
push eax
call sub_40C5F8
mov [ebp+var_218A], 5761h
movzx eax, [ebp+var_218A]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_218A], ax
and [ebp+var_101C], 0
jmp loc_402DD4
; ---------------------------------------------------------------------------
loc_402C87: ; CODE XREF: sub_402A4D+398�j
mov [ebp+var_2199], 6Fh
movzx eax, [ebp+var_2199]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2199], al
push 0FFFFh
push [ebp+var_101C]
push [ebp+var_2030]
call sub_402465
add esp, 0Ch
mov [ebp+var_C], eax
or eax, eax
jnz short loc_402CE0
mov [ebp+var_219C], 0D9h
movzx eax, [ebp+var_219C]
imul eax, 3A66h
mov [ebp+var_219C], al
jmp loc_402DCA
; ---------------------------------------------------------------------------
loc_402CE0: ; CODE XREF: sub_402A4D+272�j
and dword ptr [ebp-2198h], 0
loc_402CE7: ; CODE XREF: sub_402A4D+871�j
mov eax, [ebp-2198h]
mov [ebp+var_8], eax
jmp loc_402DA7
; ---------------------------------------------------------------------------
loc_402CF5: ; CODE XREF: sub_402A4D+361�j
mov [ebp+var_21A0], 1E00h
inc [ebp+var_21A0]
xor ebx, ebx
loc_402D07: ; CODE XREF: sub_402A4D+30E�j
lea edi, [ebp+var_21AA]
lea esi, byte_43C135
movsd
movsd
mov edi, [ebp+var_8]
shr edi, 2
shl edi, 2
add edi, [ebp+var_C]
mov edi, [edi+ebx*4]
mov [ebp+var_4], edi
and [ebp+var_4], 4
mov edi, [ebp+ebx*4+var_1010]
cmp [ebp+var_4], edi
jnz short loc_402D5D
mov [ebp+var_21A2], 71BCh
movzx eax, [ebp+var_21A2]
imul eax, 70FFh
mov [ebp+var_21A2], ax
inc ebx
cmp ebx, 400h
jb short loc_402D07
loc_402D5D: ; CODE XREF: sub_402A4D+2E8�j
cmp ebx, 3FFh
jb short loc_402DA0
mov byte ptr [ebp+var_21A2+1], 38h
add byte ptr [ebp+var_21A2+1], 7Bh
mov eax, [ebp+var_8]
add eax, 1000h
mov [ebp-2198h], eax
mov [ebp+var_21A4], 6CA4h
movzx eax, [ebp+var_21A4]
imul eax, 732Ch
mov [ebp+var_21A4], ax
jmp short loc_402E00
; ---------------------------------------------------------------------------
loc_402DA0: ; CODE XREF: sub_402A4D+316�j
add [ebp+var_8], 1000h
loc_402DA7: ; CODE XREF: sub_402A4D+2A3�j
cmp [ebp+var_8], 0F000h
jbe loc_402CF5
push [ebp+var_C]
call sub_4024C1
pop ecx
mov ax, word_43C13D
mov [ebp+var_219B], ax
loc_402DCA: ; CODE XREF: sub_402A4D+28E�j
add [ebp+var_101C], 10000h
loc_402DD4: ; CODE XREF: sub_402A4D+235�j
mov eax, [ebp+var_2180]
sub eax, 0FFFFh
cmp [ebp+var_101C], eax
jbe loc_402C87
push [ebp+var_2030]
call sub_40C55C
call sub_40C598
jmp loc_4032C3
; ---------------------------------------------------------------------------
loc_402E00: ; CODE XREF: sub_402A4D+351�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F380[edi]
mov [ebp+var_1014], edi
and [ebp+var_1014], 0
loc_402E1E: ; CODE XREF: sub_402A4D+439�j
mov [ebp+var_2193], 0E0h
movzx eax, [ebp+var_2193]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2193], al
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov esi, [esi+edi]
mov [ebp+edi+var_2020], esi
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
add edi, esi
or byte ptr [edi], 2
call sub_40C538
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_402E1E
loc_402E88: ; CODE XREF: sub_402A4D+15F�j
call sub_40C538
cmp [ebp+var_2025], 0
jnz loc_402F51
mov word ptr [ebp+var_2170+2], 1C0Eh
inc word ptr [ebp+var_2170+2]
push offset byte_43BE2F
call sub_40C550
mov [ebp+var_216C], eax
mov word ptr [ebp+var_2170], 33AAh
add word ptr [ebp+var_2170], 0B06h
mov edx, eax
add edx, ds:3Ch[eax]
mov [ebp+var_2178], edx
call sub_40C5A4
mov eax, [ebp+var_216C]
mov edx, [ebp+var_2178]
add edx, 78h
add eax, [edx]
mov [ebp+var_217C], eax
mov [ebp+var_2172], 7D9h
add [ebp+var_2172], 4B85h
mov eax, [ebp+var_216C]
mov edx, [ebp+var_217C]
add edx, 1Ch
add eax, [edx]
mov [ebp+var_2180], eax
mov eax, [ebp+var_216C]
mov edx, [ebp+var_2180]
add eax, [edx]
mov [ebp+var_2184], eax
mov [ebp+var_2174], 3604h
add [ebp+var_2174], 2981h
mov [ebp+var_2068], eax
call sub_40C634
loc_402F51: ; CODE XREF: sub_402A4D+447�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
call sub_40C6A0
call sub_40C634
mov eax, [ebp+var_2034]
mov [ebp+var_202C], eax
mov [ebp+var_2055], 50h
movzx eax, [ebp+var_2055]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2055], al
loc_402F8A: ; CODE XREF: sub_402A4D+57D�j
; sub_402A4D+5BC�j
push 1Ch
lea eax, [ebp+var_2050]
push eax
push [ebp+var_202C]
call sub_40C700
call sub_40C514
mov eax, [ebp+var_2034]
cmp [ebp+var_204C], eax
jnz short loc_40300E
mov eax, [ebp+var_2044]
mov [ebp+var_205C], eax
add [ebp+var_202C], eax
cmp [ebp+var_2025], 0
jnz short loc_402F8A
mov word ptr [ebp+var_216C+2], 25A3h
sub word ptr [ebp+var_216C+2], 1506h
push 20060000h
push 0
mov edi, [ebp+var_205C]
shr edi, 0Ch
push edi
mov edi, [ebp+var_2050]
shr edi, 0Ch
push edi
push 1000Dh
call [ebp+var_2068]
call sub_40C634
jmp loc_402F8A
; ---------------------------------------------------------------------------
loc_40300E: ; CODE XREF: sub_402A4D+562�j
movzx edi, [ebp+var_1015]
shl edi, 2
mov esi, [ebp+var_202C]
sub esi, [ebp+var_2034]
mov ds:dword_4119B0[edi], esi
call sub_40C598
movzx edi, [ebp+var_1015]
shl edi, 2
mov edi, ds:dword_40F380[edi]
mov [ebp+var_1014], edi
mov eax, dword_43C020
add eax, 0FF5h
push eax
push edi
call sub_40C628
mov [ebp+var_2060], eax
or eax, eax
jnz loc_40326D
call sub_40C5A4
cmp [ebp+arg_0], 0
jz loc_40324C
call sub_40C538
mov eax, [ebp+var_1014]
movzx eax, byte ptr [eax]
cmp eax, 0E9h
jz short loc_4030C4
mov [ebp+var_2572], 1FFh
movzx eax, [ebp+var_2572]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2572], ax
cmp [ebp+arg_0], 1
jnz loc_40324C
mov [ebp+var_2573], 0FEh
add [ebp+var_2573], 32h
jmp loc_40326D
; ---------------------------------------------------------------------------
loc_4030C4: ; CODE XREF: sub_402A4D+63B�j
mov eax, [ebp+var_1014]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov [ebp+var_2170], 5AC5h
add [ebp+var_2170], 6A76h
mov byte ptr [ebp+var_216C+3], 0
loc_4030F9: ; CODE XREF: sub_402A4D+751�j
sub [ebp+var_2024], 5
mov eax, [ebp+var_2024]
mov [ebp+var_4], eax
loc_403109: ; CODE XREF: sub_402A4D+6F5�j
mov eax, [ebp+var_4]
mov edx, eax
dec edx
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 2
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 3
cmp byte ptr [edx], 0
jnz short loc_40313A
mov edx, eax
sub edx, 4
cmp byte ptr [edx], 0
jnz short loc_40313A
sub eax, 5
cmp byte ptr [eax], 0
jz short loc_403144
loc_40313A: ; CODE XREF: sub_402A4D+6C5�j
; sub_402A4D+6CF�j ...
call sub_40C598
dec [ebp+var_4]
jmp short loc_403109
; ---------------------------------------------------------------------------
loc_403144: ; CODE XREF: sub_402A4D+6EB�j
movzx edi, byte ptr [ebp+var_216C+3]
shl edi, 2
mov esi, [ebp+var_4]
mov [ebp+edi+var_2570], esi
add byte ptr [ebp+var_216C+3], 1
movzx eax, byte ptr [esi]
cmp eax, 0E9h
jnz short loc_4031A3
lea edi, [ebp+var_2573]
lea esi, byte_43C13F
mov ecx, 3
rep movsb
mov eax, [ebp+var_4]
mov edx, ds:1[eax]
sub edx, 0FFFFFFFFh
lea eax, [edx+eax+4]
mov [ebp+var_2024], eax
mov eax, dword_43C142
mov [ebp+var_2578+1], eax
jmp loc_4030F9
; ---------------------------------------------------------------------------
loc_4031A3: ; CODE XREF: sub_402A4D+71A�j
mov ebx, [ebp+var_4]
jmp short loc_4031CB
; ---------------------------------------------------------------------------
loc_4031A8: ; CODE XREF: sub_402A4D+784�j
lea edi, [ebp+var_2578+1]
lea esi, word_43C146
mov ecx, 7
rep movsb
mov eax, [ebp+var_1014]
add eax, ebx
sub eax, [ebp+var_4]
mov dl, [ebx]
mov [eax], dl
inc ebx
loc_4031CB: ; CODE XREF: sub_402A4D+759�j
cmp ebx, [ebp+var_2024]
jb short loc_4031A8
loc_4031D3: ; CODE XREF: sub_402A4D+7ED�j
sub byte ptr [ebp+var_216C+3], 1
movzx edi, byte ptr [ebp+var_216C+3]
shl edi, 2
mov ebx, [ebp+edi+var_2570]
loc_4031EB: ; CODE XREF: sub_402A4D+7E2�j
mov byte ptr [ebx], 0
cmp byte ptr ds:1[ebx], 0
jnz short loc_403220
cmp byte ptr ds:2[ebx], 0
jnz short loc_403220
cmp byte ptr ds:3[ebx], 0
jnz short loc_403220
cmp byte ptr ds:4[ebx], 0
jnz short loc_403220
cmp byte ptr ds:5[ebx], 0
jz short loc_403231
loc_403220: ; CODE XREF: sub_402A4D+7A9�j
; sub_402A4D+7B3�j ...
mov byte ptr [ebp+var_2172+1], 14h
sub byte ptr [ebp+var_2172+1], 0Eh
inc ebx
jmp short loc_4031EB
; ---------------------------------------------------------------------------
loc_403231: ; CODE XREF: sub_402A4D+7D1�j
movzx eax, byte ptr [ebp+var_216C+3]
or eax, eax
jg short loc_4031D3
call sub_40C538
cmp [ebp+arg_0], 1
jz short loc_40326D
call sub_40C5A4
loc_40324C: ; CODE XREF: sub_402A4D+622�j
; sub_402A4D+65E�j
movzx eax, [ebp+var_1015]
push eax
push [ebp+var_202C]
push [ebp+var_2034]
call sub_4028A6
add esp, 0Ch
call sub_40C538
loc_40326D: ; CODE XREF: sub_402A4D+613�j
; sub_402A4D+672�j ...
cmp [ebp+var_2025], 0
jz short loc_4032C3
mov eax, dword_43C14D
mov [ebp+var_216C], eax
and [ebp+var_1014], 0
loc_403288: ; CODE XREF: sub_402A4D+86A�j
mov edi, [ebp+var_1014]
shl edi, 2
mov esi, [ebp+var_8]
shr esi, 2
shl esi, 2
add esi, [ebp+var_C]
mov edx, [ebp+edi+var_2020]
mov [esi+edi], edx
inc [ebp+var_1014]
cmp [ebp+var_1014], 400h
jb short loc_403288
call sub_40C574
jmp loc_402CE7
; ---------------------------------------------------------------------------
loc_4032C3: ; CODE XREF: sub_402A4D+136�j
; sub_402A4D+3AE�j ...
add [ebp+var_1015], 1
movzx edi, [ebp+var_1015]
shl edi, 4
cmp dword_43BE84[edi], 0
jnz loc_402B71
pop edi
pop esi
pop ebx
leave
retn
sub_402A4D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032E7 proc near ; CODE XREF: sub_403449+50�p
; sub_4034D8+46�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_43C15C
lea eax, ds:41C960h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 314h
xor edi, edi
jmp short loc_40332D
; ---------------------------------------------------------------------------
loc_403316: ; CODE XREF: sub_4032E7+48�j
mov eax, dword_43C15C
add eax, edi
lea eax, ds:41C960h[eax]
movsx edx, byte ptr [eax]
xor edx, 2Ah
mov [eax], dl
inc edi
loc_40332D: ; CODE XREF: sub_4032E7+2D�j
cmp edi, esi
jl short loc_403316
mov [ebp+var_8], 1B1h
mov eax, dword_43C15C
add eax, esi
mov byte ptr ds:dword_41C960[eax], 0
xor edi, edi
mov edi, dword_43C15C
add dword_43C15C, 3
mov eax, dword_43C15C
lea eax, [eax+esi+1]
mov dword_43C15C, eax
cmp eax, 0DC8h
jle short loc_403372
and dword_43C15C, 0
loc_403372: ; CODE XREF: sub_4032E7+82�j
mov [ebp+var_C], 2D9h
lea eax, dword_41C960[edi]
pop edi
pop esi
leave
retn
sub_4032E7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403383 proc near ; CODE XREF: sub_403449+31�p
; sub_4034D8+35�p
var_F = byte ptr -0Fh
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_6 = word ptr -6
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
lea edi, [ebp+var_B]
lea esi, dword_43C160
mov ecx, 5
rep movsb
call sub_40C538
mov ecx, ebx
or eax, 0FFFFFFFFh
loc_4033A9: ; CODE XREF: sub_403383+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4033A9
mov edi, eax
mov [ebp+var_6], di
call sub_40C538
mov ax, [ebp+var_6]
mov [ebp+var_2], ax
jmp short loc_4033FA
; ---------------------------------------------------------------------------
loc_4033C5: ; CODE XREF: sub_403383+7D�j
movzx eax, [ebp+var_2]
cmp byte ptr [ebx+eax], 5Ch
jnz short loc_4033F6
lea edi, [ebp+var_F]
lea esi, byte_43C165
mov ecx, 3
rep movsb
inc [ebp+var_2]
mov [ebp+var_C], 8Dh
movzx eax, [ebp+var_C]
imul eax, 3989h
mov [ebp+var_C], al
jmp short loc_403402
; ---------------------------------------------------------------------------
loc_4033F6: ; CODE XREF: sub_403383+4A�j
dec [ebp+var_2]
loc_4033FA: ; CODE XREF: sub_403383+40�j
movzx eax, [ebp+var_2]
or eax, eax
jg short loc_4033C5
loc_403402: ; CODE XREF: sub_403383+71�j
mov ax, [ebp+var_2]
cmp ax, [ebp+var_6]
jnb short loc_40343F
mov [ebp+var_4], 0
jmp short loc_40342D
; ---------------------------------------------------------------------------
loc_403414: ; CODE XREF: sub_403383+BA�j
movzx eax, [ebp+var_4]
mov edx, [ebp+arg_4]
movzx ecx, [ebp+var_2]
mov esi, eax
add esi, ecx
mov cl, [ebx+esi]
mov [edx+eax], cl
inc [ebp+var_4]
loc_40342D: ; CODE XREF: sub_403383+8F�j
movzx eax, [ebp+var_4]
movzx edx, [ebp+var_6]
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jle short loc_403414
loc_40343F: ; CODE XREF: sub_403383+87�j
call sub_40C508
pop edi
pop esi
pop ebx
leave
retn
sub_403383 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403449 proc near ; CODE XREF: sub_403AA3+AC�p
; sub_403C5F+286�p ...
var_10F = byte ptr -10Fh
var_10A = dword ptr -10Ah
var_106 = byte ptr -106h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push ebx
push esi
push edi
call sub_40C5A4
mov eax, dword_43C168
mov [ebp+var_10A], eax
mov ebx, 63Dh
sub ebx, 6B35h
lea eax, [ebp+var_106]
push eax
push [ebp+arg_0]
call sub_403383
lea edi, [ebp+var_10F]
lea esi, dword_43C16C
mov ecx, 5
rep movsb
push 2
push offset word_446666
call sub_4032E7
push eax
lea edi, [ebp+var_106]
push edi
call sub_40CA54
add esp, 18h
call sub_40C5A4
lea eax, [ebp+var_106]
push eax
call sub_40C5D4
mov [ebp+var_2], 4353h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
pop edi
pop esi
pop ebx
leave
retn
sub_403449 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4034D8 proc near ; CODE XREF: sub_409847+2F3�p
; sub_409847+387�p ...
var_10D = byte ptr -10Dh
var_10A = word ptr -10Ah
var_108 = word ptr -108h
var_105 = byte ptr -105h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 110h
push esi
push edi
mov [ebp+var_1], 0C0h
sub [ebp+var_1], 0C7h
lea edi, [ebp+var_10D]
lea esi, byte_43C171
mov ecx, 3
rep movsb
call sub_40C574
lea eax, [ebp+var_105]
push eax
push [ebp+arg_0]
call sub_403383
call sub_40C598
push 2
push offset word_446666
call sub_4032E7
push eax
lea edi, [ebp+var_105]
push edi
call sub_40CA54
add esp, 18h
mov [ebp+var_108], 1D40h
add [ebp+var_108], 6FD4h
loc_403545: ; CODE XREF: sub_4034D8+9E�j
lea eax, [ebp+var_105]
push eax
call sub_40C5EC
mov edi, eax
mov [ebp+var_10A], di
cmp [ebp+var_10A], 0
jz short loc_403578
movzx eax, [ebp+var_10A]
push eax
call sub_40C5E0
call sub_40C598
jmp short loc_403545
; ---------------------------------------------------------------------------
loc_403578: ; CODE XREF: sub_4034D8+8A�j
pop edi
pop esi
leave
retn
sub_4034D8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40357C proc near ; CODE XREF: sub_403610+A1�p
; sub_4036F2+37�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 1D8h
push esi
push [ebp+arg_0]
mov eax, dword_43C17C
lea eax, ds:40E110h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4035C1
; ---------------------------------------------------------------------------
loc_4035AA: ; CODE XREF: sub_40357C+47�j
mov eax, dword_43C17C
add eax, edi
lea eax, ds:40E110h[eax]
movsx edx, byte ptr [eax]
xor edx, 4Eh
mov [eax], dl
inc edi
loc_4035C1: ; CODE XREF: sub_40357C+2C�j
cmp edi, esi
jl short loc_4035AA
mov [ebp+var_8], 1C3h
mov eax, dword_43C17C
add eax, esi
mov byte ptr ds:dword_40E110[eax], 0
mov edi, dword_43C17C
mov eax, edi
add eax, 2
add eax, esi
mov dword_43C17C, eax
inc dword_43C17C
cmp dword_43C17C, 0E02h
jle short loc_403606
and dword_43C17C, 0
loc_403606: ; CODE XREF: sub_40357C+81�j
lea eax, dword_40E110[edi]
pop edi
pop esi
leave
retn
sub_40357C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403610 proc near ; CODE XREF: sub_4036F2+44�p
var_3A = word ptr -3Ah
var_38 = word ptr -38h
var_35 = byte ptr -35h
var_3 = byte ptr -3
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 3Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_4]
mov [ebp+var_38], 579Dh
add [ebp+var_38], 917h
mov ax, word_43C180
mov [ebp+var_3A], ax
mov esi, 2C6Bh
mov eax, esi
add eax, esi
mov esi, eax
mov eax, 0Dh
sub eax, dword_43C178
push eax
lea eax, [ebp+var_35]
push eax
push [ebp+arg_0]
call sub_40C9A0
add esp, 0Ch
call sub_40C514
lea ecx, [ebp+var_35]
or eax, 0FFFFFFFFh
loc_403663: ; CODE XREF: sub_403610+58�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_403663
mov ebx, eax
mov [ebp+var_2], bl
call sub_40C538
mov [ebp+var_1], 0
jmp short loc_403690
; ---------------------------------------------------------------------------
loc_40367A: ; CODE XREF: sub_403610+8A�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
sub edx, eax
dec edx
mov al, [ebp+eax+var_35]
mov [edi+edx], al
add [ebp+var_1], 1
loc_403690: ; CODE XREF: sub_403610+68�j
movzx eax, [ebp+var_1]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_40367A
movzx eax, [ebp+var_2]
mov byte ptr [edi+eax], 0
mov [ebp+var_3], 0
jmp short loc_4036C4
; ---------------------------------------------------------------------------
loc_4036AA: ; CODE XREF: sub_403610+C5�j
push 1
push offset byte_446664
call sub_40357C
push eax
push edi
call sub_40CA54
add esp, 10h
add [ebp+var_3], 1
loc_4036C4: ; CODE XREF: sub_403610+98�j
movzx eax, [ebp+var_3]
mov edx, 20h
movzx ecx, [ebp+var_2]
sub edx, ecx
cmp eax, edx
jl short loc_4036AA
call sub_40C5A4
push [ebp+arg_8]
push edi
call sub_40CA54
add esp, 8
call sub_40C538
pop edi
pop esi
pop ebx
leave
retn
sub_403610 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4036F2 proc near ; CODE XREF: sub_40A766+671�p
var_35 = byte ptr -35h
var_34 = byte ptr -34h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 38h
push ebx
push esi
push edi
call sub_40C634
lea edi, [ebp+var_35]
lea esi, word_43C182
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_2], 891h
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
push 1
push offset word_446662
call sub_40357C
push eax
lea edi, [ebp+var_34]
push edi
push [ebp+arg_0]
call sub_403610
add esp, 14h
call sub_40C508
lea eax, [ebp+var_34]
push eax
call sub_40C5D4
mov ebx, 3324h
sub ebx, 3885h
pop edi
pop esi
pop ebx
leave
retn
sub_4036F2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40375C proc near ; CODE XREF: sub_4037EF+47�p
; .text:004038C7�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 6Ch
push esi
push [ebp+arg_0]
mov eax, dword_43C18C
lea eax, ds:40F780h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4037A1
; ---------------------------------------------------------------------------
loc_40378A: ; CODE XREF: sub_40375C+47�j
mov eax, dword_43C18C
add eax, edi
lea eax, ds:40F780h[eax]
movsx edx, byte ptr [eax]
xor edx, 7
mov [eax], dl
inc edi
loc_4037A1: ; CODE XREF: sub_40375C+2C�j
cmp edi, esi
jl short loc_40378A
mov eax, dword_43C18C
add eax, esi
mov byte ptr ds:dword_40F780[eax], 0
xor edi, edi
mov edi, dword_43C18C
inc dword_43C18C
mov eax, dword_43C18C
lea eax, [eax+esi+6]
mov dword_43C18C, eax
cmp eax, 0DE8h
jle short loc_4037DE
and dword_43C18C, 0
loc_4037DE: ; CODE XREF: sub_40375C+79�j
mov [ebp+var_8], 0FFh
lea eax, dword_40F780[edi]
pop edi
pop esi
leave
retn
sub_40375C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4037EF proc near ; CODE XREF: sub_40A766+719�p
; sub_40A766+74F�p
var_10A = word ptr -10Ah
var_108 = byte ptr -108h
var_105 = byte ptr -105h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 10Ch
push ebx
push esi
push edi
call sub_40C514
lea edi, [ebp+var_108]
lea esi, byte_43C190
mov ecx, 3
rep movsb
push [ebp+arg_0]
lea eax, [ebp+var_104]
push eax
call sub_40CA30
mov ax, word_43C193
mov [ebp+var_10A], ax
push 1
push offset byte_446660
call sub_40375C
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
mov ebx, 20A5h
sub ebx, 7EDBh
push [ebp+arg_4]
lea eax, [ebp+var_104]
push eax
call sub_40CA54
add esp, 20h
call sub_40C508
lea eax, [ebp+var_104]
push eax
call sub_40C5D4
mov [ebp+var_105], 4Eh
add [ebp+var_105], 55h
pop edi
pop esi
pop ebx
leave
retn
sub_4037EF endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10Ch
push esi
push edi
call sub_40C574
lea edi, [ebp-10Bh]
lea esi, byte_43C195
mov ecx, 5
rep movsb
call sub_40C598
push dword ptr [ebp+8]
lea eax, [ebp-104h]
push eax
call sub_40CA30
push 1
push offset byte_446660
call sub_40375C
push eax
lea edi, [ebp-104h]
push edi
call sub_40CA54
call sub_40C634
push dword ptr [ebp+0Ch]
lea eax, [ebp-104h]
push eax
call sub_40CA54
add esp, 20h
call sub_40C5A4
loc_4038F5: ; CODE XREF: .text:00403930�j
lea eax, [ebp-104h]
push eax
call sub_40C5EC
mov edi, eax
mov [ebp-106h], di
call sub_40C514
cmp word ptr [ebp-106h], 0
jz short loc_403932
call sub_40C508
movzx eax, word ptr [ebp-106h]
push eax
call sub_40C5E0
call sub_40C514
jmp short loc_4038F5
; ---------------------------------------------------------------------------
loc_403932: ; CODE XREF: .text:00403917�j
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403936 proc near ; CODE XREF: sub_4039D6+8B�p
; sub_403AA3+73�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 20Eh
push esi
push [ebp+arg_0]
mov eax, dword_43C1A4
lea eax, ds:41DA90h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_8], 331h
xor edi, edi
jmp short loc_403985
; ---------------------------------------------------------------------------
loc_40396B: ; CODE XREF: sub_403936+51�j
mov eax, dword_43C1A4
add eax, edi
lea eax, ds:41DA90h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Fh
mov [eax], dl
inc edi
loc_403985: ; CODE XREF: sub_403936+33�j
cmp edi, esi
jl short loc_40396B
mov eax, dword_43C1A4
add eax, esi
mov byte ptr ds:dword_41DA90[eax], 0
mov edi, dword_43C1A4
inc dword_43C1A4
mov eax, dword_43C1A4
lea eax, [eax+esi+6]
mov dword_43C1A4, eax
add dword_43C1A4, 2
cmp dword_43C1A4, 0DFDh
jle short loc_4039CC
and dword_43C1A4, 0
loc_4039CC: ; CODE XREF: sub_403936+8D�j
lea eax, dword_41DA90[edi]
pop edi
pop esi
leave
retn
sub_403936 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039D6 proc near ; CODE XREF: sub_403AA3+49�p
; sub_403C5F+155�p ...
var_1013 = byte ptr -1013h
var_100B = byte ptr -100Bh
var_1008 = dword ptr -1008h
var_1003 = byte ptr -1003h
var_1000 = byte ptr -1000h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 1014h
call sub_40C498
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C508
lea edi, [ebp+var_100B]
lea esi, word_4411CA
mov ecx, 3
rep movsb
push 0FFFh
lea eax, [ebp+var_1003]
push eax
call sub_40C580
mov [ebp+var_1000], 0
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_4]
push eax
lea eax, [ebp+var_1008]
push eax
push 0FFFh
lea eax, [ebp+var_1003]
push eax
lea eax, [ebp+var_1003]
push eax
call sub_40C5BC
lea edi, [ebp+var_1013]
lea esi, byte_4411CD
movsd
movsd
push 4
push offset byte_44665B
call sub_403936
push [ebp+var_1008]
push eax
push ebx
call sub_40CA30
add esp, 14h
and [ebp+var_4], 0
loc_403A7A: ; CODE XREF: sub_4039D6+C1�j
mov eax, [ebp+var_4]
mov al, [ebx+eax]
cmp al, 41h
jge short loc_403A90
cmp al, 30h
jle short loc_403A90
mov eax, [ebp+var_4]
add eax, ebx
add byte ptr [eax], 11h
loc_403A90: ; CODE XREF: sub_4039D6+AC�j
; sub_4039D6+B0�j
inc [ebp+var_4]
cmp [ebp+var_4], 8
jb short loc_403A7A
call sub_40C5A4
pop edi
pop esi
pop ebx
leave
retn
sub_4039D6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403AA3 proc near ; CODE XREF: sub_40A766+7E8�p
var_290 = dword ptr -290h
var_28A = byte ptr -28Ah
var_283 = byte ptr -283h
var_280 = byte ptr -280h
var_27C = dword ptr -27Ch
var_278 = byte ptr -278h
var_275 = byte ptr -275h
var_26F = byte ptr -26Fh
var_16B = byte ptr -16Bh
var_107 = byte ptr -107h
var_106 = word ptr -106h
var_104 = word ptr -104h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
sub esp, 290h
push ebx
push esi
push edi
call sub_40C508
lea edi, [ebp+var_275]
lea esi, byte_4411D5
mov ecx, 3
rep movsw
mov [ebp+var_104], 63FCh
movzx eax, [ebp+var_104]
imul eax, 3246h
mov [ebp+var_104], ax
lea eax, [ebp+var_16B]
push eax
call sub_4039D6
lea edi, [ebp+var_278]
lea esi, byte_4411DB
mov ecx, 3
rep movsb
mov eax, dword_4411DE
mov [ebp+var_27C], eax
push 9
push offset byte_446651
call sub_403936
lea edi, [ebp+var_16B]
push edi
push offset dword_432E00
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
mov ebx, 3DFBh
mov eax, 1040h
mul ebx
mov [ebp+var_290], eax
mov ebx, eax
lea eax, [ebp+var_FF]
push eax
call sub_403449
mov [ebp+var_102], 0F5Dh
movzx eax, [ebp+var_102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_102], ax
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_FF]
push eax
call sub_40C67C
mov ebx, eax
mov [ebp+var_106], 10FCh
add [ebp+var_106], 4EDCh
push 0
lea eax, [ebp+var_280]
push eax
push 3621h
push offset byte_43DBA9
push ebx
call sub_40C730
push ebx
call sub_40C55C
mov ebx, 0CDFh
add ebx, 10D0h
lea edi, [ebp+var_283]
lea esi, word_4411E2
mov ecx, 3
rep movsb
push 104h
lea eax, [ebp+var_26F]
push eax
push 0
call sub_40C544
push 1
push offset byte_44664F
call sub_403936
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
lea edi, [ebp+var_28A]
lea esi, byte_4411E5
mov ecx, 7
rep movsb
lea eax, [ebp+var_26F]
push eax
lea eax, [ebp+var_FF]
push eax
call sub_40CA54
add esp, 38h
push 0
lea eax, [ebp+var_FF]
push eax
call sub_40C724
mov [ebp+var_107], 0F3h
movzx eax, [ebp+var_107]
imul eax, 6754h
mov [ebp+var_107], al
pop edi
pop esi
pop ebx
leave
retn
sub_403AA3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C5F proc near ; CODE XREF: sub_40A766+2E7�p
var_328 = dword ptr -328h
var_324 = dword ptr -324h
var_320 = dword ptr -320h
var_31C = dword ptr -31Ch
var_318 = dword ptr -318h
var_314 = dword ptr -314h
var_310 = dword ptr -310h
var_30C = dword ptr -30Ch
var_308 = dword ptr -308h
var_304 = dword ptr -304h
var_2FF = byte ptr -2FFh
var_2FC = byte ptr -2FCh
var_2F5 = byte ptr -2F5h
var_2F4 = byte ptr -2F4h
var_2F1 = byte ptr -2F1h
var_2E9 = byte ptr -2E9h
var_2E3 = byte ptr -2E3h
var_2DE = byte ptr -2DEh
var_27A = word ptr -27Ah
var_278 = dword ptr -278h
var_271 = byte ptr -271h
var_270 = dword ptr -270h
var_26C = word ptr -26Ch
var_26A = byte ptr -26Ah
var_269 = byte ptr -269h
var_205 = byte ptr -205h
var_101 = byte ptr -101h
var_FB = byte ptr -0FBh
var_FA = byte ptr -0FAh
var_F9 = byte ptr -0F9h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 328h
push ebx
push esi
push edi
call sub_40C634
lea edi, [ebp+var_2E3]
lea esi, dword_4411EC
mov ecx, 5
rep movsb
mov [ebp+var_26A], 0C4h
movzx eax, [ebp+var_26A]
imul eax, 0CACh
mov [ebp+var_26A], al
push 26h
push offset dword_446628
call sub_403936
mov [ebp+var_304], eax
call sub_40CA18
mov [ebp+var_308], eax
call sub_40CA18
mov [ebp+var_30C], eax
call sub_40CA18
mov [ebp+var_310], eax
call sub_40CA18
mov [ebp+var_314], eax
call sub_40CA18
mov [ebp+var_318], eax
call sub_40CA18
mov [ebp+var_31C], eax
call sub_40CA18
mov [ebp+var_320], eax
call sub_40CA18
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_320]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_31C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_318]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_314]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_310]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_30C]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_308]
mov eax, edi
mov ecx, 0FFFFh
cdq
idiv ecx
push edx
mov edi, [ebp+var_304]
push edi
lea edi, [ebp+var_269]
push edi
call sub_40CA30
call sub_40C5A4
lea edi, [ebp+var_2E9]
lea esi, byte_4411F1
mov ecx, 3
rep movsw
lea eax, [ebp+var_2DE]
push eax
call sub_4039D6
add esp, 34h
mov ebx, 3F4Bh
sub ebx, 721Bh
lea edi, [ebp+var_2F1]
lea esi, byte_4411F7
mov ecx, 2
rep movsd
call sub_40CA18
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_101], dl
lea edi, [ebp+var_2F4]
lea esi, byte_4411FF
mov ecx, 3
rep movsb
mov [ebp+var_1], 1
jmp short loc_403E4A
; ---------------------------------------------------------------------------
loc_403E1A: ; CODE XREF: sub_403C5F+1F0�j
call sub_40CA18
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_101], dl
add [ebp+var_1], 1
loc_403E4A: ; CODE XREF: sub_403C5F+1B9�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_403E1A
mov [ebp+var_26C], 789Fh
movzx eax, [ebp+var_26C]
imul eax, 7E80h
mov [ebp+var_26C], ax
mov [ebp+var_F9], 0
call sub_40CA18
mov edx, eax
test dl, 1
jnz short loc_403EA8
call sub_40C574
mov [ebp+var_FB], 33h
mov [ebp+var_324], 1F1Ah
add [ebp+var_324], 4A03h
mov [ebp+var_FA], 32h
loc_403EA8: ; CODE XREF: sub_403C5F+220�j
push 9
push offset word_44661E
call sub_403936
lea edi, [ebp+var_101]
push edi
push offset dword_432E00
push eax
lea edi, [ebp+var_205]
push edi
call sub_40CA30
lea edi, [ebp+var_2F5]
lea esi, byte_441202
xor ecx, ecx
inc ecx
rep movsb
lea eax, [ebp+var_205]
push eax
call sub_403449
call sub_40C514
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_205]
push eax
call sub_40C67C
mov ebx, eax
mov [ebp+var_270], 1D0Fh
inc [ebp+var_270]
push [ebp+arg_0]
mov eax, offset byte_43D04F
push eax
call sub_40CA30
push 0
lea eax, [ebp+var_2FC]
push eax
push 1A01h
push offset dword_43C1A8
push ebx
call sub_40C730
lea edi, [ebp+var_2FF]
lea esi, byte_441203
mov ecx, 3
rep movsb
push ebx
call sub_40C55C
call sub_40C634
push 17h
push offset word_446606
call sub_403936
lea edi, [ebp+var_269]
push edi
push eax
lea edi, [ebp+var_101]
push edi
call sub_40CA30
mov [ebp+var_271], 81h
add [ebp+var_271], 1
lea eax, [ebp+var_205]
push eax
push offset byte_446605
lea eax, [ebp+var_101]
push eax
push 80000000h
call sub_40404B
mov [ebp+var_278], 2820h
mov eax, 260Ch
mul [ebp+var_278]
mov [ebp+var_324], eax
mov [ebp+var_278], eax
push 0Eh
push offset word_4465F6
call sub_403936
mov [ebp+var_328], eax
push 9
push offset dword_4465EC
call sub_403936
push eax
mov edi, [ebp+var_328]
push edi
lea edi, [ebp+var_101]
push edi
push 80000000h
call sub_40404B
call sub_40C598
push 45h
push offset word_4465A6
call sub_403936
lea edi, [ebp+var_269]
push edi
lea edi, [ebp+var_2DE]
push edi
push eax
push 80000002h
call sub_40404B
add esp, 80h
mov [ebp+var_27A], 2967h
sub [ebp+var_27A], 716Eh
pop edi
pop esi
pop ebx
leave
retn
sub_403C5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40404B proc near ; CODE XREF: sub_403C5F+348�p
; sub_403C5F+3A0�p ...
var_1C = dword ptr -1Ch
var_17 = byte ptr -17h
var_F = byte ptr -0Fh
var_C = dword ptr -0Ch
var_6 = word ptr -6
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov [ebp+var_6], 396Fh
sub [ebp+var_6], 2933h
inc dword_43B228
lea edi, [ebp+var_F]
lea esi, word_441206
mov ecx, 3
rep movsb
lea edi, [ebp+var_17]
lea esi, byte_441209
movsd
movsd
and [ebp+var_4], 0
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_4]
push eax
push 0
push 0F003Fh
push 0
push 0
push 0
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C91C
call sub_40C5A4
mov eax, [ebp+arg_C]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_4040B2: ; CODE XREF: sub_40404B+6C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4040B2
mov [ebp+var_C], eax
call sub_40C634
push [ebp+var_C]
push [ebp+arg_C]
push 1
push 0
push [ebp+arg_8]
push [ebp+var_4]
call sub_40C94C
call sub_40C574
push [ebp+var_4]
call sub_40C928
mov ebx, 4DD8h
mov eax, 4D1Ah
mul ebx
mov [ebp+var_1C], eax
mov eax, [ebp+var_1C]
mov ebx, eax
pop edi
pop esi
pop ebx
leave
retn
sub_40404B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040FC proc near ; CODE XREF: sub_404194+FE�p
; sub_404194+11E�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_44121C
lea eax, ds:411DB0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_40413C
; ---------------------------------------------------------------------------
loc_404122: ; CODE XREF: sub_4040FC+42�j
mov eax, dword_44121C
add eax, edi
lea eax, ds:411DB0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0ADh
mov [eax], dl
inc edi
loc_40413C: ; CODE XREF: sub_4040FC+24�j
cmp edi, esi
jl short loc_404122
mov [ebp+var_4], 1A7h
mov eax, dword_44121C
add eax, esi
mov byte ptr ds:dword_411DB0[eax], 0
mov edi, dword_44121C
add dword_44121C, 2
mov eax, dword_44121C
lea eax, [eax+esi+2]
mov dword_44121C, eax
inc dword_44121C
cmp dword_44121C, 0DB6h
jle short loc_40418A
and dword_44121C, 0
loc_40418A: ; CODE XREF: sub_4040FC+85�j
lea eax, dword_411DB0[edi]
pop edi
pop esi
leave
retn
sub_4040FC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404194 proc near ; CODE XREF: sub_40A766+33D�p
var_14BA = byte ptr -14BAh
var_14B3 = byte ptr -14B3h
var_14B2 = byte ptr -14B2h
var_14AC = byte ptr -14ACh
var_14A7 = byte ptr -14A7h
var_14A4 = byte ptr -14A4h
var_149C = byte ptr -149Ch
var_1499 = byte ptr -1499h
var_1496 = byte ptr -1496h
var_1397 = byte ptr -1397h
var_1396 = byte ptr -1396h
var_1395 = byte ptr -1395h
var_1394 = dword ptr -1394h
var_1384 = dword ptr -1384h
var_1300 = byte ptr -1300h
var_1201 = byte ptr -1201h
var_1102 = word ptr -1102h
var_10FF = byte ptr -10FFh
var_10FE = byte ptr -10FEh
var_FF = byte ptr -0FFh
push ebp
mov ebp, esp
mov eax, 14BCh
call sub_40C498
push ebx
push esi
push edi
mov [ebp+var_10FF], 5Ah
movzx eax, [ebp+var_10FF]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_10FF], al
lea edi, [ebp+var_1499]
lea esi, byte_441220
mov ecx, 3
rep movsb
lea edi, [ebp+var_149C]
lea esi, byte_441223
mov ecx, 3
rep movsb
push 0FFh
lea eax, [ebp+var_1300]
push eax
push 0
call sub_40C544
mov ebx, 2910h
inc ebx
mov [ebp+var_1394], 94h
mov [ebp+var_1102], 6834h
movzx eax, [ebp+var_1102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1102], ax
lea eax, [ebp+var_1394]
push eax
call sub_40C5B0
mov [ebp+var_1395], 0B9h
add [ebp+var_1395], 1
lea edi, [ebp+var_14A4]
lea esi, word_441226
movsd
movsd
cmp [ebp+var_1384], 2
jnz loc_4042E9
mov [ebp+var_14B3], 0DCh
add [ebp+var_14B3], 90h
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C580
lea edi, [ebp+var_14BA]
lea esi, word_44122E
mov ecx, 7
rep movsb
push 0Fh
push offset word_446596
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1201]
push edi
call sub_40CA30
push 0Ah
push offset byte_44658B
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1496]
push edi
call sub_40CA30
push 8
push offset word_446582
call sub_4040FC
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
add esp, 38h
jmp short loc_404365
; ---------------------------------------------------------------------------
loc_4042E9: ; CODE XREF: sub_404194+BF�j
call sub_40C574
push 0FFh
lea eax, [ebp+var_FF]
push eax
call sub_40C5C8
call sub_40C598
push 0Fh
push offset word_446572
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1201]
push edi
call sub_40CA30
call sub_40C5A4
push 0Eh
push offset byte_446563
call sub_4040FC
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_1496]
push edi
call sub_40CA30
push 0Ch
push offset word_446556
call sub_4040FC
push eax
lea edi, [ebp+var_FF]
push edi
call sub_40CA54
add esp, 38h
loc_404365: ; CODE XREF: sub_404194+153�j
lea eax, [ebp+var_1496]
push eax
call sub_40C760
call sub_40C598
lea edi, [ebp+var_14A7]
lea esi, byte_441235
mov ecx, 3
rep movsb
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_1201]
push eax
call sub_40C67C
mov ebx, eax
lea edi, [ebp+var_14B2]
lea esi, dword_441238
mov ecx, 3
rep movsw
push 39h
push offset dword_44651C
call sub_4040FC
lea edi, [ebp+var_1201]
push edi
lea edi, [ebp+var_1300]
push edi
lea edi, [ebp+var_1300]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CA30
add esp, 1Ch
call sub_40C514
lea ecx, [ebp+var_10FE]
or eax, 0FFFFFFFFh
loc_4043FC: ; CODE XREF: sub_404194+26D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4043FC
push 0
lea esi, [ebp+var_14AC]
push esi
push eax
lea edi, [ebp+var_10FE]
push edi
push ebx
call sub_40C730
push ebx
call sub_40C55C
mov ebx, 5F3Bh
mov eax, ebx
add eax, ebx
mov ebx, eax
push 8
push offset byte_446513
call sub_4040FC
add esp, 8
lea edi, [ebp+var_1201]
push edi
lea edi, [ebp+var_FF]
push edi
push eax
lea edi, [ebp+var_10FE]
push edi
call sub_40CA30
add esp, 10h
mov [ebp+var_1396], 0B7h
sub [ebp+var_1396], 77h
push 0
lea eax, [ebp+var_10FE]
push eax
call sub_40C724
mov [ebp+var_1397], 22h
sub [ebp+var_1397], 6Ch
pop edi
pop esi
pop ebx
leave
retn
sub_404194 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 20Eh
push esi
push dword ptr [ebp+8]
mov eax, dword_441248
lea eax, ds:42FD00h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov dword ptr [ebp-8], 331h
xor edi, edi
jmp short loc_4044D6
; ---------------------------------------------------------------------------
loc_4044BC: ; CODE XREF: .text:004044D8�j
mov eax, dword_441248
add eax, edi
lea eax, ds:42FD00h[eax]
movsx edx, byte ptr [eax]
xor edx, 8Fh
mov [eax], dl
inc edi
loc_4044D6: ; CODE XREF: .text:004044BA�j
cmp edi, esi
jl short loc_4044BC
mov eax, dword_441248
add eax, esi
mov byte ptr ds:dword_42FD00[eax], 0
mov edi, dword_441248
inc dword_441248
mov eax, dword_441248
lea eax, [eax+esi+6]
mov dword_441248, eax
add dword_441248, 2
cmp dword_441248, 0DFDh
jle short loc_40451D
and dword_441248, 0
loc_40451D: ; CODE XREF: .text:00404514�j
lea eax, dword_42FD00[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404527 proc near ; CODE XREF: sub_4062CD+21B�p
; sub_408BE4+13D�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
call sub_40C508
cmp dword_44124C, 0
jz short loc_40456A
mov [ebp+var_C], 30A1h
inc [ebp+var_C]
call sub_40C514
push eax
call sub_40C838
mov [ebp+var_10], eax
call sub_40C598
mov eax, dword_44124C
cmp [ebp+var_10], eax
jnz short loc_40459E
xor eax, eax
inc eax
jmp short loc_4045B2
; ---------------------------------------------------------------------------
loc_40456A: ; CODE XREF: sub_404527+15�j
push 0
push 0C7h
push 0
push 0
push 0
push offset dword_446508
call sub_40C820
mov dword_44124C, eax
lea edi, [ebp+var_8]
lea esi, dword_441250
movsd
movsd
cmp dword_44124C, 0
jnz short loc_40459E
xor eax, eax
jmp short loc_4045B2
; ---------------------------------------------------------------------------
loc_40459E: ; CODE XREF: sub_404527+3C�j
; sub_404527+71�j
push dword_44124C
call sub_40C82C
mov ebx, eax
call sub_40C5A4
mov eax, ebx
loc_4045B2: ; CODE XREF: sub_404527+41�j
; sub_404527+75�j
pop edi
pop esi
pop ebx
leave
retn
sub_404527 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045B7 proc near ; CODE XREF: sub_4062CD+2A2�p
; sub_408BE4+18F�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
call sub_40C508
mov eax, [ebp+arg_0]
lea edx, dword_446508
mov [eax+8], edx
mov [ebp+var_2], 294Bh
movzx eax, [ebp+var_2]
imul eax, 2277h
mov [ebp+var_2], ax
leave
retn
sub_4045B7 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4045E2 proc near ; CODE XREF: sub_404663+53�p
; sub_404663+97�p ...
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441260
lea eax, ds:416690h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 249h
xor edi, edi
jmp short loc_404626
; ---------------------------------------------------------------------------
loc_40460F: ; CODE XREF: sub_4045E2+46�j
mov eax, dword_441260
add eax, edi
lea eax, ds:416690h[eax]
movsx edx, byte ptr [eax]
xor edx, 6Ch
mov [eax], dl
inc edi
loc_404626: ; CODE XREF: sub_4045E2+2B�j
cmp edi, esi
jl short loc_40460F
mov eax, dword_441260
add eax, esi
mov byte ptr ds:dword_416690[eax], 0
mov edi, dword_441260
mov eax, edi
add eax, 6
add eax, esi
mov dword_441260, eax
cmp eax, 0DACh
jle short loc_404659
and dword_441260, 0
loc_404659: ; CODE XREF: sub_4045E2+6E�j
lea eax, dword_416690[edi]
pop edi
pop esi
leave
retn
sub_4045E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404663 proc near ; CODE XREF: sub_405601+6DB�p
; sub_405601+784�p ...
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10A = byte ptr -10Ah
var_109 = dword ptr -109h
var_105 = byte ptr -105h
var_103 = byte ptr -103h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 11Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
call sub_40C634
push [ebp+arg_4]
push ebx
call sub_40CA54
add esp, 8
call sub_40C574
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_40476E
call sub_40C538
mov [ebp+var_FF], 0
call sub_40C634
push 3
push offset dword_446504
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
lea edi, [ebp+var_10A]
lea esi, dword_441264
mov ecx, 7
rep movsb
mov [ebp+var_103], 0
jmp short loc_40473C
; ---------------------------------------------------------------------------
loc_4046E1: ; CODE XREF: sub_404663+E1�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404735
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_110], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_110]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404735: ; CODE XREF: sub_404663+8E�j
add [ebp+var_103], 1
loc_40473C: ; CODE XREF: sub_404663+7C�j
mov al, [ebp+var_103]
cmp al, 0Ah
jb short loc_4046E1
call sub_40C508
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
push 3
push offset byte_4464FB
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 18h
loc_40476E: ; CODE XREF: sub_404663+35�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404855
mov eax, dword_44126B
mov [ebp+var_109], eax
push 10h
push offset word_4464EA
call sub_4045E2
mov [ebp+var_110], eax
call sub_40CA18
mov [ebp+var_114], eax
call sub_40CA18
mov [ebp+var_118], eax
call sub_40CA18
mov [ebp+var_11C], eax
call sub_40CA18
mov ecx, 0EA60h
cdq
idiv ecx
push edx
mov edi, [ebp+var_11C]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_118]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_114]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_110]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
mov word ptr [ebp-104h], 6A38h
add word ptr [ebp-104h], 2C92h
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
add esp, 28h
mov [ebp+var_105], 0BDh
add [ebp+var_105], 1
loc_404855: ; CODE XREF: sub_404663+11B�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404905
mov eax, dword_44126F
mov [ebp+var_109+3], eax
push 0Ah
push offset byte_4464DF
call sub_4045E2
mov [ebp-10Ch], eax
call sub_40CA18
mov [ebp+var_110], eax
call sub_40CA18
mov [ebp+var_114], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_114]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_110]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp-10Ch]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
call sub_40C5A4
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
add esp, 24h
loc_404905: ; CODE XREF: sub_404663+202�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_40492D
push 2
push offset byte_4464DC
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_40492D: ; CODE XREF: sub_404663+2B2�j
mov [ebp+var_102], 140Ah
movzx eax, [ebp+var_102]
imul eax, 5B3Bh
mov [ebp+var_102], ax
pop edi
pop esi
pop ebx
leave
retn
sub_404663 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40494F proc near ; CODE XREF: sub_405601+19F�p
; sub_405601+1BD�p ...
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_123 = byte ptr -123h
var_122 = dword ptr -122h
var_11E = word ptr -11Eh
var_11B = byte ptr -11Bh
var_11A = word ptr -11Ah
var_118 = byte ptr -118h
var_113 = byte ptr -113h
var_10E = word ptr -10Eh
var_10C = byte ptr -10Ch
var_106 = byte ptr -106h
var_105 = byte ptr -105h
var_104 = word ptr -104h
var_102 = word ptr -102h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 138h
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov [ebp+var_104], 30D1h
movzx eax, [ebp+var_104]
imul eax, 4FD6h
mov [ebp+var_104], ax
push [ebp+arg_4]
push ebx
call sub_40CA54
add esp, 8
mov [ebp+var_105], 34h
sub [ebp+var_105], 75h
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404B75
mov eax, dword_441273
mov [ebp+var_122], eax
mov [ebp+var_FF], 0
mov [ebp+var_11E], 6E30h
movzx eax, [ebp+var_11E]
imul eax, 1271h
mov [ebp+var_11E], ax
push 5
push offset word_4464D6
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
mov [ebp+var_11B], 0
jmp loc_404B3F
; ---------------------------------------------------------------------------
loc_4049FC: ; CODE XREF: sub_40494F+1F8�j
mov byte ptr [ebp+var_12C+3], 28h
sub byte ptr [ebp+var_12C+3], 0A9h
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404A5E
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_130], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_130]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404A5E: ; CODE XREF: sub_40494F+CB�j
mov [ebp+var_128], 1B00h
mov eax, [ebp+var_128]
mov edx, eax
add edx, eax
mov [ebp+var_128], edx
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404ACC
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_134], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_134]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404ACC: ; CODE XREF: sub_40494F+139�j
call sub_40C514
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 7
jge short loc_404B25
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_138], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_138]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404B25: ; CODE XREF: sub_40494F+192�j
lea edi, [ebp+var_12C]
lea esi, byte_441277
mov ecx, 3
rep movsb
add [ebp+var_11B], 1
loc_404B3F: ; CODE XREF: sub_40494F+A8�j
mov al, [ebp+var_11B]
cmp al, 0Ah
jb loc_4049FC
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
call sub_40C538
push 4
push offset byte_4464D1
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 18h
loc_404B75: ; CODE XREF: sub_40494F+56�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge loc_404CFD
call sub_40C574
mov [ebp+var_FF], 0
call sub_40C574
mov [ebp+var_11B], 0
jmp loc_404CD1
; ---------------------------------------------------------------------------
loc_404BA8: ; CODE XREF: sub_40494F+38A�j
call sub_40C538
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C01
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_12C], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_12C]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404C01: ; CODE XREF: sub_40494F+26E�j
mov eax, dword_44127A
mov [ebp+var_128+1], eax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 4
jge short loc_404C60
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_130], eax
call sub_40CA18
mov ecx, 1Ah
cdq
idiv ecx
mov edi, edx
add edi, 41h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_130]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404C60: ; CODE XREF: sub_40494F+2CD�j
lea edi, [ebp+var_128]
lea esi, byte_44127E
xor ecx, ecx
inc ecx
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 3
jge short loc_404CC5
push 4
push offset byte_4464FF
call sub_4045E2
mov [ebp+var_134], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 30h
push edi
lea edi, [ebp+var_FF]
push edi
mov edi, [ebp+var_134]
push edi
lea edi, [ebp+var_FF]
push edi
call sub_40CA30
add esp, 18h
loc_404CC5: ; CODE XREF: sub_40494F+332�j
call sub_40C508
add [ebp+var_11B], 1
loc_404CD1: ; CODE XREF: sub_40494F+254�j
mov al, [ebp+var_11B]
cmp al, 32h
jb loc_404BA8
lea eax, [ebp+var_FF]
push eax
push ebx
call sub_40CA54
add esp, 8
lea edi, [ebp+var_123]
lea esi, byte_44127F
movsd
movsd
loc_404CFD: ; CODE XREF: sub_40494F+236�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D25
push 4
push offset dword_4464CC
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404D25: ; CODE XREF: sub_40494F+3BE�j
call sub_40C598
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D52
push 3
push offset dword_4464C8
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404D52: ; CODE XREF: sub_40494F+3EB�j
mov [ebp+var_106], 0D0h
movzx eax, [ebp+var_106]
imul eax, 7F98h
mov [ebp+var_106], al
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404D94
push 3
push offset dword_4464C4
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404D94: ; CODE XREF: sub_40494F+42D�j
lea edi, [ebp+var_10C]
lea esi, byte_441287
mov ecx, 3
rep movsw
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DD0
push 3
push offset dword_4464C0
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404DD0: ; CODE XREF: sub_40494F+469�j
call sub_40C574
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404DFD
push 4
push offset byte_4464BB
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404DFD: ; CODE XREF: sub_40494F+496�j
mov [ebp+var_102], 342h
movzx eax, [ebp+var_102]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_102], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E42
push 4
push offset word_4464B6
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404E42: ; CODE XREF: sub_40494F+4DB�j
mov ax, word_44128D
mov [ebp+var_10E], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404E77
push 4
push offset byte_4464B1
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404E77: ; CODE XREF: sub_40494F+510�j
lea edi, [ebp+var_113]
lea esi, byte_44128F
mov ecx, 5
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EB2
push 7
push offset byte_4464A9
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404EB2: ; CODE XREF: sub_40494F+54B�j
lea edi, [ebp+var_118]
lea esi, dword_441294
mov ecx, 5
rep movsb
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404EED
push 8
push offset dword_4464A0
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404EED: ; CODE XREF: sub_40494F+586�j
mov ax, word_441299
mov [ebp+var_11A], ax
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F22
push 9
push offset word_446496
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404F22: ; CODE XREF: sub_40494F+5BB�j
call sub_40CA18
mov ecx, 0Ah
cdq
idiv ecx
cmp edx, 5
jge short loc_404F4A
push 2
push offset byte_4464DC
call sub_4045E2
push eax
push ebx
call sub_40CA54
add esp, 10h
loc_404F4A: ; CODE XREF: sub_40494F+5E3�j
pop edi
pop esi
pop ebx
leave
retn
sub_40494F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F4F proc near ; CODE XREF: sub_404FEF+64�p
; sub_404FEF+A6�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 138h
push esi
push [ebp+arg_0]
mov eax, dword_4412A4
lea eax, ds:435040h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_404F94
; ---------------------------------------------------------------------------
loc_404F7D: ; CODE XREF: sub_404F4F+47�j
mov eax, dword_4412A4
add eax, edi
lea eax, ds:435040h[eax]
movsx edx, byte ptr [eax]
xor edx, 31h
mov [eax], dl
inc edi
loc_404F94: ; CODE XREF: sub_404F4F+2C�j
cmp edi, esi
jl short loc_404F7D
mov eax, dword_4412A4
add eax, esi
mov byte ptr ds:dword_435040[eax], 0
xor edi, edi
mov edi, dword_4412A4
inc dword_4412A4
mov eax, dword_4412A4
add eax, 3
add eax, esi
mov dword_4412A4, eax
add dword_4412A4, 2
cmp dword_4412A4, 0DCBh
jle short loc_404FDE
and dword_4412A4, 0
loc_404FDE: ; CODE XREF: sub_404F4F+86�j
mov [ebp+var_8], 199h
lea eax, dword_435040[edi]
pop edi
pop esi
leave
retn
sub_404F4F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FEF proc near ; CODE XREF: sub_40518F+A5�p
var_2C = dword ptr -2Ch
var_25 = byte ptr -25h
var_24 = dword ptr -24h
var_1F = word ptr -1Fh
var_1D = dword ptr -1Dh
var_19 = byte ptr -19h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
lea edi, [ebp+var_19]
lea esi, dword_4412A8
mov ecx, 5
rep movsb
call sub_40C508
xor ebx, ebx
inc ebx
push [ebp+arg_0]
call sub_40C97C
mov [ebp+var_14], eax
mov eax, dword_4412AD
mov [ebp+var_1D], eax
push [ebp+arg_0]
call sub_40C994
movzx edi, byte ptr [eax]
mov [ebp+var_10], edi
call sub_40C514
mov eax, 0Ch
mul [ebp+var_10]
mov [ebp+var_24], eax
add eax, 1Ch
mov [ebp+var_C], eax
call sub_40C634
push 6
push offset byte_44648F
call sub_404F4F
push ebx
push eax
push [ebp+arg_4]
call sub_40C868
add esp, 14h
mov [ebp+var_C], eax
mov ax, word_4412B1
mov [ebp+var_1F], ax
mov eax, [ebp+var_C]
add eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+var_14]
cmp byte ptr [eax], 0
jnz short loc_405089
cmp byte ptr [eax+1], 0
jz short loc_4050E7
loc_405089: ; CODE XREF: sub_404FEF+92�j
call sub_40C574
push 20h
push offset word_44646E
call sub_404F4F
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx esi, si
push esi
movzx esi, byte ptr [edi+4]
movzx esi, si
push esi
movzx esi, byte ptr [edi+3]
movzx esi, si
push esi
movzx esi, byte ptr [edi+2]
movzx esi, si
push esi
movzx esi, byte ptr [edi+1]
movzx esi, si
push esi
movzx edi, byte ptr [edi]
movzx edi, di
push edi
push eax
push [ebp+var_8]
call sub_40C868
add esp, 28h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
jmp short loc_405139
; ---------------------------------------------------------------------------
loc_4050E7: ; CODE XREF: sub_404FEF+98�j
call sub_40C508
push 3
push offset word_44646A
call sub_404F4F
mov edi, [ebp+var_14]
movzx esi, byte ptr [edi+5]
movzx edx, byte ptr [edi+4]
shl edx, 8
add esi, edx
movzx edx, byte ptr [edi+3]
shl edx, 10h
add esi, edx
movzx edi, byte ptr [edi+2]
shl edi, 18h
add esi, edi
push esi
push eax
push [ebp+var_8]
call sub_40C868
add esp, 14h
mov ebx, eax
call sub_40C634
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
loc_405139: ; CODE XREF: sub_404FEF+F6�j
and [ebp+var_4], 0
jmp short loc_405182
; ---------------------------------------------------------------------------
loc_40513F: ; CODE XREF: sub_404FEF+199�j
mov [ebp+var_25], 81h
add [ebp+var_25], 0F0h
push 4
push offset byte_446465
call sub_404F4F
mov [ebp+var_2C], eax
push [ebp+var_4]
push [ebp+arg_0]
call sub_40C988
push dword ptr [eax]
mov edi, [ebp+var_2C]
push edi
push [ebp+var_8]
call sub_40C868
add esp, 14h
mov ebx, eax
add [ebp+var_C], ebx
mov eax, ebx
add eax, [ebp+var_8]
mov [ebp+var_8], eax
inc [ebp+var_4]
loc_405182: ; CODE XREF: sub_404FEF+14E�j
mov eax, [ebp+var_10]
cmp [ebp+var_4], eax
jb short loc_40513F
pop edi
pop esi
pop ebx
leave
retn
sub_404FEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40518F proc near ; CODE XREF: sub_405F79+218�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_11 = byte ptr -11h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
call sub_40C514
call sub_40C508
mov [ebp+var_10], eax
call sub_40C508
push [ebp+var_10]
push 0
push 1F0FFFh
call sub_40C670
mov ebx, eax
lea eax, [ebp+var_4]
push eax
push 0F00FFh
push ebx
call sub_40C904
mov [ebp+var_8], 2A34h
add [ebp+var_8], 17B3h
push ebx
call sub_40C55C
lea edi, [ebp+var_11]
lea esi, byte_4412B3
xor ecx, ecx
inc ecx
rep movsb
mov eax, dword_4412A0
add eax, 3FF5h
push eax
push 40h
call sub_40C64C
mov ebx, eax
mov [ebp+var_C], 2D3Bh
mov eax, 2E30h
mul [ebp+var_C]
mov [ebp+var_1C], eax
mov [ebp+var_C], eax
lea eax, [ebp+var_18]
push eax
mov eax, dword_44129C
add eax, 4000h
push eax
push ebx
push 1
push [ebp+var_4]
call sub_40C910
push [ebp+arg_0]
push dword ptr [ebx]
call sub_404FEF
add esp, 8
call sub_40C508
push ebx
call sub_40C658
push [ebp+var_4]
call sub_40C55C
pop edi
pop esi
pop ebx
leave
retn
sub_40518F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405254 proc near ; CODE XREF: sub_4053A1+3E�p
; sub_4053A1+AD�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 2
push esi
push [ebp+arg_0]
mov eax, dword_4412BC
lea eax, ds:418710h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_40529A
; ---------------------------------------------------------------------------
loc_405283: ; CODE XREF: sub_405254+48�j
mov eax, dword_4412BC
add eax, edi
lea eax, ds:418710h[eax]
movsx edx, byte ptr [eax]
xor edx, 2Ch
mov [eax], dl
inc edi
loc_40529A: ; CODE XREF: sub_405254+2D�j
cmp edi, esi
jl short loc_405283
mov [ebp+var_8], 1BFh
mov eax, dword_4412BC
add eax, esi
mov byte ptr ds:dword_418710[eax], 0
mov edi, dword_4412BC
mov eax, edi
lea eax, [eax+esi+1]
mov dword_4412BC, eax
inc dword_4412BC
cmp dword_4412BC, 0E06h
jle short loc_4052DE
and dword_4412BC, 0
loc_4052DE: ; CODE XREF: sub_405254+81�j
mov [ebp+var_C], 0B4h
lea eax, dword_418710[edi]
pop edi
pop esi
leave
retn
sub_405254 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4052EF proc near ; CODE XREF: sub_4062CD+4E4�p
; sub_4062CD+501�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
var_4 = word ptr -4
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 10h
push esi
push edi
mov [ebp+var_2], 665Dh
movzx eax, [ebp+var_2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_2], ax
call sub_40C538
push 0
push 80h
push 4
push 0
push 0
push 0C0000000h
push [ebp+arg_0]
call sub_40C67C
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_405335
xor eax, eax
jmp short loc_40539D
; ---------------------------------------------------------------------------
loc_405335: ; CODE XREF: sub_4052EF+40�j
mov esi, 5B97h
mov eax, 24A5h
mul esi
mov [ebp+var_C], eax
mov esi, eax
push 2
push 0
push 0
push edi
call sub_40C6AC
mov esi, 113Bh
mov eax, esi
add eax, esi
mov esi, eax
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
push [ebp+arg_4]
push edi
call sub_40C730
mov esi, 27C4h
mov eax, 6888h
mul esi
mov [ebp+var_10], eax
mov esi, eax
push edi
call sub_40C55C
mov [ebp+var_4], 3676h
movzx eax, [ebp+var_4]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_4], ax
xor eax, eax
inc eax
loc_40539D: ; CODE XREF: sub_4052EF+44�j
pop edi
pop esi
leave
retn
sub_4052EF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4053A1 proc near ; CODE XREF: sub_4062CD+440�p
var_2F52 = word ptr -2F52h
var_2F50 = byte ptr -2F50h
var_2F48 = word ptr -2F48h
var_2F46 = word ptr -2F46h
var_2F43 = byte ptr -2F43h
var_1F44 = dword ptr -1F44h
var_1F40 = byte ptr -1F40h
var_1F3C = dword ptr -1F3Ch
var_1F38 = dword ptr -1F38h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 2F54h
call sub_40C498
push ebx
push esi
push edi
call sub_40C5A4
lea edi, [ebp+var_2F50]
lea esi, dword_4412C4
movsd
movsd
push [ebp+arg_0]
lea eax, [ebp+var_2F43]
push eax
call sub_40C4B8
call sub_40C5A4
push 1
push offset byte_446463
call sub_405254
mov edi, 0Fh
sub edi, dword_4412B8
push edi
push eax
lea edi, [ebp+var_2F43]
push edi
call sub_401806
add esp, 14h
mov edi, eax
mov [ebp+var_2F48], di
mov [ebp+var_2F46], 4FF8h
add [ebp+var_2F46], 611Eh
movzx eax, [ebp+var_2F48]
cmp eax, 0FFFFh
jz short loc_405438
movzx eax, [ebp+var_2F48]
mov [ebp+eax+var_2F43], 0
loc_405438: ; CODE XREF: sub_4053A1+86�j
mov [ebp+var_1F44], 1F40h
call sub_40C574
push 3
push offset byte_44645F
call sub_405254
add esp, 8
lea edi, [ebp+var_1F44]
push edi
lea edi, [ebp+var_1F40]
push edi
push eax
call sub_40BA18
mov ebx, eax
or eax, eax
jz loc_405522
call sub_40C598
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C9C4
add esp, 8
or eax, eax
jnz short loc_4054AF
call sub_40C598
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C4B8
call sub_40C538
xor eax, eax
inc eax
jmp short loc_405522
; ---------------------------------------------------------------------------
loc_4054AF: ; CODE XREF: sub_4053A1+EF�j
; sub_4053A1:loc_40551E�j
call sub_40C574
mov [ebp+var_1F44], 1F40h
call sub_40C508
lea eax, [ebp+var_1F44]
push eax
lea eax, [ebp+var_1F40]
push eax
push ebx
call sub_40BA24
or eax, eax
jz short loc_405520
call sub_40C514
lea eax, [ebp+var_2F43]
push eax
push [ebp+var_1F3C]
call sub_40C9C4
add esp, 8
or eax, eax
jnz short loc_40551E
mov ax, word_4412CC
mov [ebp+var_2F52], ax
push [ebp+var_1F38]
push [ebp+arg_4]
call sub_40C4B8
call sub_40C598
xor eax, eax
inc eax
jmp short loc_405522
; ---------------------------------------------------------------------------
loc_40551E: ; CODE XREF: sub_4053A1+156�j
jmp short loc_4054AF
; ---------------------------------------------------------------------------
loc_405520: ; CODE XREF: sub_4053A1+138�j
xor eax, eax
loc_405522: ; CODE XREF: sub_4053A1+CD�j
; sub_4053A1+10C�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_4053A1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405527 proc near ; CODE XREF: sub_405601+5D8�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
lea edi, [ebp+var_14]
lea esi, word_4412CE
mov ecx, 7
rep movsb
push [ebp+arg_0]
call sub_40C73C
mov [ebp+var_8], eax
mov [ebp+var_D], 0Dh
add [ebp+var_D], 1
mov edi, eax
shl edi, 1
add edi, 8
push edi
push 40h
call sub_40C64C
mov [ebp+var_C], eax
xor ebx, ebx
jmp short loc_405585
; ---------------------------------------------------------------------------
loc_405569: ; CODE XREF: sub_405527+61�j
mov eax, [ebp+arg_0]
movzx eax, byte ptr [eax+ebx]
xor eax, 71h
or eax, eax
jz short loc_405584
mov eax, ebx
add eax, [ebp+arg_0]
movzx edx, byte ptr [eax]
xor edx, 71h
mov [eax], dl
loc_405584: ; CODE XREF: sub_405527+4E�j
inc ebx
loc_405585: ; CODE XREF: sub_405527+40�j
cmp ebx, [ebp+var_8]
jb short loc_405569
mov [ebp+var_2], 0
jmp short loc_4055EB
; ---------------------------------------------------------------------------
loc_405592: ; CODE XREF: sub_405527+CB�j
push 6
push offset dword_446458
call sub_405254
mov [ebp+var_18], eax
movzx edi, [ebp+var_2]
mov esi, [ebp+arg_0]
movzx edi, byte ptr [esi+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_1C], edx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_C]
push edi
mov esi, [ebp+var_18]
push esi
push edi
call sub_40CA30
add esp, 1Ch
inc [ebp+var_2]
loc_4055EB: ; CODE XREF: sub_405527+69�j
movzx eax, [ebp+var_2]
cmp eax, [ebp+var_8]
jb short loc_405592
call sub_40C514
mov eax, [ebp+var_C]
pop edi
pop esi
pop ebx
leave
retn
sub_405527 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405601 proc near ; CODE XREF: sub_4062CD+176�p
var_300B4 = dword ptr -300B4h
var_300B0 = dword ptr -300B0h
var_300AC = dword ptr -300ACh
var_300A7 = byte ptr -300A7h
var_300A4 = dword ptr -300A4h
var_300A0 = dword ptr -300A0h
var_3009A = word ptr -3009Ah
var_30098 = dword ptr -30098h
var_30094 = dword ptr -30094h
var_30090 = dword ptr -30090h
var_3008C = dword ptr -3008Ch
var_30088 = dword ptr -30088h
var_30084 = dword ptr -30084h
var_30080 = word ptr -30080h
var_3007B = byte ptr -3007Bh
var_30073 = byte ptr -30073h
var_30072 = byte ptr -30072h
var_3006A = byte ptr -3006Ah
var_30063 = byte ptr -30063h
var_3005E = dword ptr -3005Eh
var_3005A = byte ptr -3005Ah
var_30053 = word ptr -30053h
var_30050 = word ptr -30050h
var_3004D = byte ptr -3004Dh
var_3004C = word ptr -3004Ch
var_3004A = byte ptr -3004Ah
var_30040 = byte ptr -30040h
var_30036 = word ptr -30036h
var_30034 = dword ptr -30034h
var_30030 = dword ptr -30030h
var_3002C = dword ptr -3002Ch
var_30025 = byte ptr -30025h
var_30024 = dword ptr -30024h
var_3001D = byte ptr -3001Dh
var_3001C = dword ptr -3001Ch
var_30018 = dword ptr -30018h
var_30014 = dword ptr -30014h
var_30010 = dword ptr -30010h
var_3000C = byte ptr -3000Ch
var_2000C = dword ptr -2000Ch
var_20008 = dword ptr -20008h
var_20003 = byte ptr -20003h
var_10004 = dword ptr -10004h
var_10000 = byte ptr -10000h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
mov eax, 300B4h
call sub_40C498
push ebx
push esi
push edi
mov ax, word_4412D5
mov [ebp+var_30050+1], ax
and [ebp+var_30024], 0
mov [ebp+var_30025], 97h
add [ebp+var_30025], 1
and [ebp+var_2000C], 0
and [ebp+var_30014], 0
lea eax, [ebp+var_10004]
push eax
push [ebp+arg_4]
call sub_401A36
add esp, 8
mov ebx, eax
mov eax, [ebp+var_10004]
or eax, eax
jz short loc_405668
or ebx, ebx
jz short loc_405668
cmp [ebp+arg_14], eax
jb short loc_4056A5
loc_405668: ; CODE XREF: sub_405601+5C�j
; sub_405601+60�j
mov [ebp+var_30080], 6D59h
movzx eax, [ebp+var_30080]
imul eax, 0CC8h
mov [ebp+var_30080], ax
push ebx
call sub_40C658
mov [ebp+var_30084], 2194h
inc [ebp+var_30084]
mov [ebp+var_30024], 1
loc_4056A5: ; CODE XREF: sub_405601+65�j
push [ebp+arg_C]
call sub_40C73C
mov [ebp+var_30084], eax
mov eax, 64h
mul [ebp+var_10004]
mov [ebp+var_30088], eax
mov edi, [ebp+var_30084]
imul edi, [ebp+var_30084], 32h
mov esi, [ebp+var_30088]
lea edi, [esi+edi+1000h]
push edi
push 40h
call sub_40C64C
mov [ebp+var_20008], eax
mov [ebp+var_30030], 1459h
sub [ebp+var_30030], 3900h
mov ax, word_4412D7
mov [ebp-30051h], ax
mov ax, word_4412D9
mov [ebp+var_30053], ax
push [ebp+arg_0]
push 104h
call sub_40C58C
mov [ebp+var_30034], 6721h
add [ebp+var_30034], 7499h
mov eax, [ebp+arg_0]
mov [ebp+var_3008C], eax
mov ecx, eax
or eax, 0FFFFFFFFh
loc_405749: ; CODE XREF: sub_405601+14D�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405749
mov edi, eax
mov esi, 10h
sub esi, dword_4412B4
push esi
mov esi, [ebp+var_3008C]
add esi, edi
push esi
call sub_40170F
add esp, 8
push 4
push offset byte_446453
call sub_405254
add esp, 8
push eax
push [ebp+arg_0]
call sub_40CA54
add esp, 8
push 6
push offset dword_44644C
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
push 6
push offset byte_446445
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
mov [ebp+var_30036], 4962h
sub [ebp+var_30036], 55C0h
push 13h
push offset byte_446431
call sub_405254
add esp, 8
push [ebp+arg_1C]
push offset word_446422
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 10h
lea edi, [ebp+var_3005A]
lea esi, byte_4412DB
mov ecx, 7
rep movsb
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
mov eax, dword_4412E2
mov [ebp+var_3005E], eax
push 7
push offset word_44641A
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C538
push 6
push offset byte_446413
call sub_405254
add esp, 8
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C508
lea edi, [ebp+var_30063]
lea esi, word_4412E6
mov ecx, 5
rep movsb
push 5
push offset byte_44640D
call sub_405254
add esp, 8
mov [ebp+var_30090], eax
call sub_40CA18
mov ecx, 3E8h
cdq
idiv ecx
push edx
mov edi, [ebp+var_30090]
push [ebp+var_30090]
lea edi, [ebp+var_30040]
push edi
call sub_40CA30
add esp, 0Ch
push 2Ah
push offset word_4463E2
call sub_405254
add esp, 8
lea edi, [ebp+var_30040]
push edi
push [ebp+arg_8]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 10h
call sub_40C508
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C598
push 2Dh
push offset dword_4463B4
call sub_405254
add esp, 8
mov [ebp+var_30094], eax
call sub_40CA18
mov ecx, 9
cdq
idiv ecx
mov edi, edx
add edi, 14h
push edi
mov edi, [ebp+var_30094]
push [ebp+var_30094]
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 0Ch
mov [ebp+var_30018], 64D8h
mov eax, [ebp+var_30018]
mov edx, eax
add edx, eax
mov [ebp+var_30018], edx
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C574
cmp [ebp+var_30024], 0
jnz loc_405C81
cmp [ebp+arg_18], 0
jz loc_405B0E
mov ax, word_4412EB
mov [ebp+var_3009A], ax
and [ebp+var_30098], 0
jmp loc_405AF1
; ---------------------------------------------------------------------------
loc_4059B8: ; CODE XREF: sub_405601+4FC�j
lea edi, [ebp+var_300A7]
lea esi, byte_4412ED
mov ecx, 3
rep movsb
mov [ebp+var_10000], 0
mov [ebp+var_300A4], 4DFDh
mov eax, 5Dh
mul [ebp+var_300A4]
mov [ebp+var_300AC], eax
mov [ebp+var_300A4], eax
and [ebp+var_300A0], 0
jmp loc_405A93
; ---------------------------------------------------------------------------
loc_4059FF: ; CODE XREF: sub_405601+49C�j
call sub_40C508
mov eax, [ebp+var_30098]
add eax, [ebp+var_300A0]
cmp eax, [ebp+var_10004]
jnb loc_405AA3
push 6
push offset dword_446458
call sub_405254
mov [ebp+var_300B0], eax
mov edi, [ebp+var_30098]
add edi, [ebp+var_300A0]
movzx edi, byte ptr [ebx+edi]
mov eax, edi
mov ecx, 1Ah
cdq
idiv ecx
mov esi, edx
add esi, 61h
push esi
mov eax, edi
mov ecx, 1Ah
mov edx, 4EC4EC4Fh
mul edx
shr edx, 3
mov [ebp+var_300B4], edx
mov edi, edx
add edi, 61h
push edi
lea edi, [ebp+var_10000]
push edi
mov edi, [ebp+var_300B0]
push edi
lea edi, [ebp+var_10000]
push edi
call sub_40CA30
add esp, 1Ch
call sub_40C598
inc [ebp+var_300A0]
loc_405A93: ; CODE XREF: sub_405601+3F9�j
cmp [ebp+var_300A0], 80h
jb loc_4059FF
loc_405AA3: ; CODE XREF: sub_405601+415�j
push 30h
push offset byte_446383
call sub_405254
push [ebp+var_2000C]
push [ebp+arg_10]
lea edi, [ebp+var_10000]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 24h
add [ebp+var_30098], 80h
inc [ebp+var_2000C]
loc_405AF1: ; CODE XREF: sub_405601+3B2�j
mov eax, [ebp+var_10004]
cmp [ebp+var_30098], eax
jb loc_4059B8
mov [ebp+var_30014], eax
jmp loc_405C81
; ---------------------------------------------------------------------------
loc_405B0E: ; CODE XREF: sub_405601+398�j
mov word ptr [ebp+var_30098+2], 0E7h
sub word ptr [ebp+var_30098+2], 3C4h
mov eax, [ebp+arg_14]
mov [ebp+var_10004], eax
jmp loc_405C5D
; ---------------------------------------------------------------------------
loc_405B2E: ; CODE XREF: sub_405601+67A�j
call sub_40C598
cmp [ebp+var_10000], 0
jz loc_405C5D
mov byte ptr [ebp+var_30098+1], 8Bh
movzx eax, byte ptr [ebp+var_30098+1]
imul eax, 0C29h
mov byte ptr [ebp+var_30098+1], al
mov eax, [ebp+arg_14]
add eax, 0C800h
cmp [ebp+var_10004], eax
jnb loc_405C81
mov eax, [ebp+var_10004]
mov [ebp+var_30014], eax
push 3
push offset byte_44637F
call sub_405254
push [ebp+arg_C]
push eax
lea edi, [ebp+var_3000C]
push edi
call sub_40CA30
add esp, 14h
lea ecx, [ebp+var_3000C]
or eax, 0FFFFFFFFh
loc_405BA2: ; CODE XREF: sub_405601+5A6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_405BA2
mov edi, eax
mov [ebp+var_3009A], di
lea eax, [ebp+var_10000]
push eax
movzx eax, [ebp+var_3009A]
lea eax, [ebp+eax+var_3000C]
push eax
call sub_40C4B8
call sub_40C634
lea eax, [ebp+var_3000C]
push eax
call sub_405527
add esp, 4
mov [ebp+var_30010], eax
call sub_40C5A4
push 30h
push offset byte_446383
call sub_405254
add esp, 8
push [ebp+var_2000C]
push [ebp+arg_10]
push [ebp+var_30010]
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
add esp, 14h
call sub_40C508
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_40494F
add esp, 8
call sub_40C574
push [ebp+var_30010]
call sub_40C658
lea edi, [ebp+var_300A4+3]
lea esi, dword_4412F0
mov ecx, 7
rep movsb
inc [ebp+var_2000C]
loc_405C5D: ; CODE XREF: sub_405601+528�j
; sub_405601+539�j
lea eax, [ebp+var_10000]
push eax
push [ebp+var_10004]
push ebx
call sub_401B9A
add esp, 0Ch
mov [ebp+var_10004], eax
or eax, eax
jnz loc_405B2E
loc_405C81: ; CODE XREF: sub_405601+38E�j
; sub_405601+508�j ...
push 1Eh
push offset dword_446360
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
lea edi, [ebp+var_3006A]
lea esi, byte_4412F7
mov ecx, 7
rep movsb
push 7
push offset dword_446358
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
call sub_40C574
push 8
push offset byte_44634F
call sub_405254
push eax
push [ebp+var_20008]
call sub_404663
call sub_40C514
lea edi, [ebp+var_30072]
lea esi, word_4412FE
movsd
movsd
push 6
push offset dword_446348
call sub_405254
mov [ebp+var_30098], eax
call sub_40CA18
mov [ebp-3009Ch], eax
call sub_40CA18
mov ecx, 63h
cdq
idiv ecx
push edx
mov edi, [ebp-3009Ch]
mov eax, edi
mov ecx, 14h
cdq
idiv ecx
mov edi, edx
add edi, 61h
push edi
mov edi, [ebp+var_30098]
push edi
lea edi, [ebp+var_3004A]
push edi
call sub_40CA30
push 0Eh
push offset byte_446339
call sub_405254
lea edi, [ebp+var_3004A]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
mov [ebp+var_3004C], 7B91h
inc [ebp+var_3004C]
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
mov [ebp+var_3001C], 5751h
mov eax, [ebp+var_3001C]
mov edx, eax
add edx, eax
mov [ebp+var_3001C], edx
push 15h
push offset byte_446323
call sub_405254
lea edi, [ebp+var_30040]
push edi
push eax
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
mov [ebp+var_3004D], 60h
movzx eax, [ebp+var_3004D]
imul eax, 170Ah
mov [ebp+var_3004D], al
push 1
push offset byte_446321
call sub_405254
push eax
push [ebp+var_20008]
call sub_404663
lea edi, [ebp+var_30073]
lea esi, byte_441306
xor ecx, ecx
inc ecx
rep movsb
push 16h
push offset word_44630A
call sub_405254
mov [ebp+var_300A0], eax
call sub_40CA18
mov ecx, 3E8h
cdq
idiv ecx
mov edi, edx
add edi, 2710h
push edi
lea edi, [ebp+var_3004A]
push edi
mov edi, [ebp+var_300A0]
push edi
lea edi, [ebp+var_20003]
push edi
call sub_40CA30
call sub_40C538
lea eax, [ebp+var_20003]
push eax
push [ebp+var_20008]
call sub_404663
call sub_40C598
push 9
push offset dword_446300
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
push 7
push offset dword_4462F8
call sub_405254
push eax
push [ebp+var_20008]
call sub_40494F
lea edi, [ebp+var_3007B]
lea esi, byte_441307
mov ecx, 2
rep movsd
push 7
push offset dword_4462F0
call sub_405254
push eax
push [ebp+var_20008]
call sub_40CA54
call sub_40C538
push [ebp+arg_0]
call sub_403449
add esp, 0E4h
push 0
push 0
push 2
push 0
push 0
push 40000000h
push [ebp+arg_0]
call sub_40C67C
mov [ebp+var_3002C], eax
mov [ebp+var_3001D], 0DCh
movzx eax, [ebp+var_3001D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3001D], al
push [ebp+var_20008]
call sub_40C73C
push 0
lea edi, [ebp+var_2000C]
push edi
push eax
push [ebp+var_20008]
push [ebp+var_3002C]
call sub_40C730
push [ebp+var_3002C]
call sub_40C55C
push [ebp+var_20008]
call sub_40C658
cmp [ebp+var_30024], 0
jnz short loc_405F69
push ebx
call sub_40C658
jmp short loc_405F6E
; ---------------------------------------------------------------------------
loc_405F69: ; CODE XREF: sub_405601+95E�j
or eax, 0FFFFFFFFh
jmp short loc_405F74
; ---------------------------------------------------------------------------
loc_405F6E: ; CODE XREF: sub_405601+966�j
mov eax, [ebp+var_30014]
loc_405F74: ; CODE XREF: sub_405601+96B�j
pop edi
pop esi
pop ebx
leave
retn
sub_405601 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405F79 proc near ; CODE XREF: sub_4062CD:loc_4063F9�p
var_2125 = byte ptr -2125h
var_211E = byte ptr -211Eh
var_111F = byte ptr -111Fh
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_116 = byte ptr -116h
var_115 = byte ptr -115h
var_10E = dword ptr -10Eh
var_109 = byte ptr -109h
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
push ebp
mov ebp, esp
mov eax, 2128h
call sub_40C498
push esi
push edi
call sub_40C538
mov eax, dword_44130F
mov [ebp+var_10E+1], eax
lea edi, [ebp+var_115]
lea esi, byte_441313
movsd
movsd
and [ebp+var_108], 0
mov [ebp+var_101], 0
jmp loc_4060E5
; ---------------------------------------------------------------------------
loc_405FB9: ; CODE XREF: sub_405F79+174�j
mov [ebp+var_116], 0ABh
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], al
push 44h
push offset byte_4462AB
call sub_405254
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CA30
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015EB
mov [ebp+var_118], 3316h
inc [ebp+var_118]
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015EB
call sub_40C598
push 4Dh
push offset dword_446258
call sub_405254
movzx edi, [ebp+var_101]
push edi
push eax
lea edi, [ebp+var_100]
push edi
call sub_40CA30
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000002h
call sub_4015EB
call sub_40C5A4
push 4
push offset word_4462A6
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
lea edi, [ebp+var_100]
push edi
push 80000001h
call sub_4015EB
add esp, 0A8h
call sub_40C634
add [ebp+var_101], 1
loc_4060E5: ; CODE XREF: sub_405F79+3B�j
mov al, [ebp+var_101]
cmp al, 5
jb loc_405FB9
call sub_40C5A4
cmp eax, 80000000h
jb short loc_406172
mov [ebp+var_11C], 3E8Eh
sub [ebp+var_11C], 398Ch
push 4Ch
push offset byte_44620B
call sub_405254
mov [ebp+var_120], eax
push 10h
push offset word_4461FA
call sub_405254
mov [ebp+var_124], eax
push 3
push offset word_4461F6
call sub_405254
push 1
mov edi, 12h
sub edi, dword_4412B8
push edi
push eax
mov edi, [ebp+var_124]
push edi
mov edi, [ebp+var_120]
push edi
push 80000003h
call sub_4015EB
add esp, 30h
jmp loc_406222
; ---------------------------------------------------------------------------
loc_406172: ; CODE XREF: sub_405F79+184�j
call sub_40C598
lea edi, [ebp+var_2125]
lea esi, byte_44131B
mov ecx, 7
rep movsb
lea eax, [ebp+var_111F]
push eax
call sub_40518F
call sub_40C634
push 59h
push offset dword_44619C
call sub_405254
lea edi, [ebp+var_111F]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
call sub_40CA30
mov [ebp+var_116], 0D3h
movzx eax, [ebp+var_116]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_116], al
and [ebp+var_120], 0
push 0Ch
push offset byte_44618F
call sub_405254
push 4
push 4
lea edi, [ebp+var_120]
push edi
push eax
lea edi, [ebp+var_211E]
push edi
push 80000003h
call sub_4015EB
add esp, 38h
mov [ebp+var_11C], 6405h
mov eax, [ebp+var_11C]
mov edx, eax
add edx, eax
mov [ebp+var_11C], edx
loc_406222: ; CODE XREF: sub_405F79+1F4�j
push 3Bh
push offset byte_446153
call sub_405254
mov [ebp+var_11C], eax
push 11h
push offset byte_446141
call sub_405254
push 4
push 4
lea edi, [ebp+var_108]
push edi
push eax
mov edi, [ebp+var_11C]
push edi
push 80000001h
call sub_4015EB
call sub_40C634
push 33h
push offset byte_44610D
call sub_405254
push 1
push 0
push offset byte_446605
push offset byte_446605
push eax
push 80000001h
call sub_4015EB
mov [ebp+var_109], 0A7h
movzx eax, [ebp+var_109]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_109], al
push 3Bh
push offset byte_4460D1
call sub_405254
push 1
push 0
push offset byte_446605
push offset byte_446605
push eax
push 80000001h
call sub_4015EB
add esp, 68h
pop edi
pop esi
leave
retn
sub_405F79 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4062CD proc near ; CODE XREF: sub_409847+2C6�p
; sub_409847+5E3�p ...
var_3B8 = dword ptr -3B8h
var_3B1 = byte ptr -3B1h
var_3B0 = dword ptr -3B0h
var_3AB = byte ptr -3ABh
var_2A7 = byte ptr -2A7h
var_2A2 = byte ptr -2A2h
var_29F = byte ptr -29Fh
var_29D = byte ptr -29Dh
var_29C = dword ptr -29Ch
var_298 = dword ptr -298h
var_294 = byte ptr -294h
var_290 = byte ptr -290h
var_28D = byte ptr -28Dh
var_285 = byte ptr -285h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = word ptr -270h
var_26E = word ptr -26Eh
var_26C = word ptr -26Ch
var_269 = byte ptr -269h
var_268 = dword ptr -268h
var_264 = word ptr -264h
var_261 = byte ptr -261h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_250 = byte ptr -250h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
arg_18 = dword ptr 20h
arg_1C = dword ptr 24h
push ebp
mov ebp, esp
sub esp, 3B8h
push ebx
push esi
push edi
mov [ebp+var_261], 59h
add [ebp+var_261], 14h
and [ebp+var_14C], 0
mov [ebp+var_264], 798Fh
sub [ebp+var_264], 30E0h
xor ebx, ebx
lea edi, [ebp+var_285]
lea esi, word_441322
mov ecx, 5
rep movsb
push offset dword_4412C0
call sub_40C610
mov [ebp+var_274], eax
lea edi, [ebp+var_28D]
lea esi, byte_441327
movsd
movsd
push 10h
push 0
lea eax, [ebp+var_260]
push eax
call sub_40CA00
lea edi, [ebp+var_290]
lea esi, byte_44132F
mov ecx, 3
rep movsb
mov [ebp+var_278], 104h
push 21h
push offset byte_4460AF
call sub_405254
mov [ebp+var_298], eax
push 4
push offset word_4460AA
call sub_405254
lea edi, [ebp+var_294]
push edi
lea edi, [ebp+var_278]
push edi
lea edi, [ebp+var_250]
push edi
push eax
mov edi, [ebp+var_298]
push edi
push 80000002h
call sub_4014BD
add esp, 34h
mov [ebp+var_27C], eax
mov [ebp+var_268], 1431h
sub [ebp+var_268], 2BF6h
or eax, eax
jnz short loc_4063F9
mov [ebp+var_29C], 2D07h
inc [ebp+var_29C]
push [ebp+arg_0]
call sub_40C658
lea edi, [ebp+var_2A2]
lea esi, word_441332
mov ecx, 3
rep movsw
xor eax, eax
jmp loc_40689D
; ---------------------------------------------------------------------------
loc_4063F9: ; CODE XREF: sub_4062CD+F7�j
call sub_405F79
mov [ebp+var_269], 2
add [ebp+var_269], 0BCh
push 104h
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_250]
push eax
call sub_40C4F0
push [ebp+var_274]
push [ebp+arg_18]
push [ebp+arg_14]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_250]
push eax
call sub_405601
add esp, 20h
mov [ebp+var_14C], eax
cmp [ebp+arg_1C], 0
jz short loc_40646F
cmp eax, 0FFFFFFFFh
jz short loc_406469
mov eax, [ebp+arg_1C]
mov edx, [ebp+var_14C]
mov [eax], edx
jmp short loc_40646F
; ---------------------------------------------------------------------------
loc_406469: ; CODE XREF: sub_4062CD+18D�j
mov eax, [ebp+arg_1C]
and dword ptr [eax], 0
loc_40646F: ; CODE XREF: sub_4062CD+188�j
; sub_4062CD+19A�j
cmp [ebp+var_14C], 0
jnz short loc_4064B7
lea edi, [ebp+var_29D]
lea esi, byte_441338
mov ecx, 3
rep movsb
push [ebp+arg_0]
call sub_40C658
mov word ptr [ebp+var_29C+2], 3601h
movzx eax, word ptr [ebp+var_29C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_29C+2], ax
xor eax, eax
jmp loc_40689D
; ---------------------------------------------------------------------------
loc_4064B7: ; CODE XREF: sub_4062CD+1A9�j
push 0Eh
push offset byte_44609B
call sub_405254
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
lea eax, [ebp+var_250]
push eax
lea eax, [ebp+var_104]
push eax
call sub_40CA54
call sub_40C538
call sub_404527
mov [ebp+var_280], eax
call sub_40C538
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
mov [ebp+var_26C], 597Ch
movzx eax, [ebp+var_26C]
imul eax, 641Bh
mov [ebp+var_26C], ax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
add esp, 30h
call sub_40C508
mov [ebp+var_148], 44h
call sub_40C634
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
cmp [ebp+var_280], 0
jz short loc_406577
lea eax, [ebp+var_148]
push eax
call sub_4045B7
pop ecx
jmp short loc_406580
; ---------------------------------------------------------------------------
loc_406577: ; CODE XREF: sub_4062CD+299�j
mov [ebp+var_118], 0
loc_406580: ; CODE XREF: sub_4062CD+2A8�j
lea eax, [ebp+var_260]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_104]
push eax
push 0
call sub_40C70C
or eax, eax
jz loc_406823
call sub_40C634
push [ebp+var_25C]
call sub_40C55C
push 22h
push offset dword_446078
call sub_405254
push [ebp+var_274]
push offset word_446422
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA30
add esp, 18h
call sub_40C538
mov byte ptr [ebp+var_29C+3], 0
jmp short loc_406651
; ---------------------------------------------------------------------------
loc_4065F5: ; CODE XREF: sub_4062CD+38C�j
lea edi, [ebp+var_29F]
lea esi, byte_44133B
mov ecx, 3
rep movsw
push 7
push offset dword_446070
call sub_405254
add esp, 8
lea edi, [ebp+var_104]
push edi
push eax
call sub_40C784
mov ebx, eax
call sub_40C538
or ebx, ebx
jnz short loc_40665B
call sub_40C508
mov eax, dword_4412B4
add eax, 3E0h
push eax
call sub_40C6D0
call sub_40C5A4
add byte ptr [ebp+var_29C+3], 1
loc_406651: ; CODE XREF: sub_4062CD+326�j
mov al, byte ptr [ebp+var_29C+3]
cmp al, 0Ah
jb short loc_4065F5
loc_40665B: ; CODE XREF: sub_4062CD+361�j
or ebx, ebx
jz loc_40680C
mov word ptr [ebp+var_29C], 7B09h
sub word ptr [ebp+var_29C], 714Fh
push 0F000h
call sub_40C6D0
mov [ebp+var_29D], 5Bh
add [ebp+var_29D], 5Ah
push 104h
lea eax, [ebp+var_104]
push eax
push ebx
call sub_40C76C
mov eax, 0Fh
sub eax, dword_4412B8
push eax
push offset byte_446065
lea eax, [ebp+var_104]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz loc_4067FE
call sub_40C514
lea edi, [ebp+var_2A7]
lea esi, byte_441341
mov ecx, 3
rep movsb
mov dword ptr [ebp-2A4h], 4145h
mov eax, 6B7Ch
mul dword ptr [ebp-2A4h]
mov [ebp+var_3B0], eax
mov [ebp-2A4h], eax
lea eax, [ebp+var_3AB]
push eax
push [ebp+arg_4]
call sub_4053A1
add esp, 8
or eax, eax
jz loc_4067ED
call sub_40C598
push 0
push [ebp+arg_8]
lea eax, [ebp+var_3AB]
push eax
call sub_40C604
lea eax, [ebp+var_14C]
push eax
push [ebp+arg_8]
call sub_401A36
mov [ebp+var_3B8], eax
call sub_40C634
push [ebp+arg_8]
call sub_40C760
mov [ebp+var_3B1], 31h
movzx eax, [ebp+var_3B1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_3B1], al
push offset word_44605A
call sub_40C73C
push eax
push offset word_44605A
push [ebp+var_3B8]
call sub_40CA6C
add esp, 14h
or eax, eax
jnz short loc_4067BB
push offset word_44605A
call sub_40C73C
mov edi, [ebp+var_14C]
sub edi, 3Ah
push edi
mov edi, eax
add edi, [ebp+var_3B8]
push edi
push [ebp+arg_8]
call sub_4052EF
add esp, 0Ch
jmp short loc_4067D6
; ---------------------------------------------------------------------------
loc_4067BB: ; CODE XREF: sub_4062CD+4C2�j
mov eax, [ebp+var_14C]
sub eax, 40h
push eax
push [ebp+var_3B8]
push [ebp+arg_8]
call sub_4052EF
add esp, 0Ch
loc_4067D6: ; CODE XREF: sub_4062CD+4EC�j
push [ebp+var_3B8]
call sub_40C658
mov [ebp+var_14C], 2
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_4067ED: ; CODE XREF: sub_4062CD+44A�j
call sub_40C634
mov [ebp+var_14C], 1
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_4067FE: ; CODE XREF: sub_4062CD+3F7�j
call sub_40C5A4
and [ebp+var_14C], 0
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_40680C: ; CODE XREF: sub_4062CD+390�j
mov byte ptr [ebp+var_29C+2], 95h
sub byte ptr [ebp+var_29C+2], 0Bh
and [ebp+var_14C], 0
jmp short loc_406844
; ---------------------------------------------------------------------------
loc_406823: ; CODE XREF: sub_4062CD+2DD�j
mov byte ptr [ebp+var_29C+3], 1Dh
movzx eax, byte ptr [ebp+var_29C+3]
mov edx, eax
add edx, eax
mov eax, edx
mov byte ptr [ebp+var_29C+3], al
and [ebp+var_14C], 0
loc_406844: ; CODE XREF: sub_4062CD+51E�j
; sub_4062CD+52F�j ...
lea eax, [ebp+var_250]
push eax
call sub_40C760
call sub_40C634
push [ebp+arg_0]
call sub_40C658
mov [ebp+var_26E], 769Dh
inc [ebp+var_26E]
push 0
push [ebp+var_260]
call sub_40C6DC
mov [ebp+var_270], 6036h
sub [ebp+var_270], 528Eh
push [ebp+var_260]
call sub_40C55C
mov eax, [ebp+var_14C]
loc_40689D: ; CODE XREF: sub_4062CD+127�j
; sub_4062CD+1E5�j
pop edi
pop esi
pop ebx
leave
retn
sub_4062CD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4068A2 proc near ; CODE XREF: sub_406A9A+CB�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 315h
push esi
push [ebp+arg_0]
mov eax, dword_44134C
lea eax, ds:41B8A0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_4068E9
; ---------------------------------------------------------------------------
loc_4068CF: ; CODE XREF: sub_4068A2+49�j
mov eax, dword_44134C
add eax, edi
lea eax, ds:41B8A0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0CAh
mov [eax], dl
inc edi
loc_4068E9: ; CODE XREF: sub_4068A2+2B�j
cmp edi, esi
jl short loc_4068CF
mov eax, dword_44134C
add eax, esi
mov byte ptr ds:dword_41B8A0[eax], 0
mov edi, dword_44134C
inc dword_44134C
mov eax, dword_44134C
lea eax, [eax+esi+1]
mov dword_44134C, eax
cmp eax, 0DD3h
jle short loc_406924
and dword_44134C, 0
loc_406924: ; CODE XREF: sub_4068A2+79�j
lea eax, dword_41B8A0[edi]
pop edi
pop esi
leave
retn
sub_4068A2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40692E proc near ; CODE XREF: sub_406E2B+1A4�p
; sub_406E2B+555�p ...
var_C = dword ptr -0Ch
var_5 = dword ptr -5
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_4]
mov [ebp+var_1], 0A8h
add [ebp+var_1], 0B3h
push [ebp+arg_0]
call sub_40C748
mov edi, eax
mov eax, dword_44135C
mov [ebp+var_5], eax
push 0
push 0
push 1FFFh
push ebx
push edi
push [ebp+arg_0]
push 0
push 0
call sub_40C718
mov esi, 6089h
mov eax, 2984h
mul esi
mov [ebp+var_C], eax
mov esi, eax
mov byte ptr [ebx+edi], 0
mov eax, edi
pop edi
pop esi
pop ebx
leave
retn
sub_40692E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406987 proc near ; CODE XREF: sub_4069E2+AB�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, [ebp+arg_0]
mov [ebp+var_2], 40BBh
inc [ebp+var_2]
cmp dword_441354, 0
jz short loc_4069AF
mov eax, dword_441354
push eax
mov ebx, [eax]
call dword ptr [ebx+8]
loc_4069AF: ; CODE XREF: sub_406987+1B�j
mov edi, 2480h
sub edi, 4C20h
mov eax, [esi+4]
push dword ptr [esi+4]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_40C514
mov eax, [esi]
push dword ptr [esi]
mov ebx, [eax]
call dword ptr [ebx+8]
call sub_40BA54
call sub_40C508
pop edi
pop esi
pop ebx
leave
retn
sub_406987 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4069E2 proc near ; CODE XREF: sub_406E2B+57�p
var_11 = byte ptr -11h
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 14h
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_40C634
mov [ebp+var_1], 0C1h
sub [ebp+var_1], 0FBh
and dword ptr [edi], 0
and dword ptr [edi+4], 0
push 0
call sub_40BA48
call sub_40C538
lea eax, [ebp+var_11]
push eax
push offset dword_44600C
call sub_40BA3C
mov esi, eax
call sub_40C574
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C5A4
push edi
push offset dword_446BF4
push 4
push 0
lea eax, [ebp+var_11]
push eax
call sub_40BA30
mov esi, eax
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C5A4
mov eax, edi
add eax, 4
push eax
push offset dword_446BE4
mov eax, [edi]
push dword ptr [edi]
mov ebx, [eax]
call dword ptr ds:0[ebx]
mov esi, eax
call sub_40C514
xor ebx, ebx
cmp esi, ebx
setl bl
or ebx, ebx
jnz short loc_406A8C
call sub_40C514
xor eax, eax
inc eax
jmp short loc_406A95
; ---------------------------------------------------------------------------
loc_406A8C: ; CODE XREF: sub_4069E2+4A�j
; sub_4069E2+6F�j ...
push edi
call sub_406987
pop ecx
xor eax, eax
loc_406A95: ; CODE XREF: sub_4069E2+A8�j
pop edi
pop esi
pop ebx
leave
retn
sub_4069E2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406A9A proc near ; CODE XREF: sub_406E2B+AC�p
var_10054 = dword ptr -10054h
var_10050 = dword ptr -10050h
var_1004C = dword ptr -1004Ch
var_10047 = byte ptr -10047h
var_1003F = byte ptr -1003Fh
var_10039 = byte ptr -10039h
var_10032 = byte ptr -10032h
var_10031 = byte ptr -10031h
var_1002C = dword ptr -1002Ch
var_10028 = byte ptr -10028h
var_29 = byte ptr -29h
var_28 = word ptr -28h
var_20 = dword ptr -20h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_8 = word ptr -8
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 10054h
call sub_40C498
push ebx
push esi
push edi
call sub_40C574
cmp dword_441358, 0FFFFh
jz short loc_406AC2
and dword_441350, 0
loc_406AC2: ; CODE XREF: sub_406A9A+1F�j
mov [ebp+var_5], 0EDh
movzx eax, [ebp+var_5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5], al
mov eax, dword_441350
cmp [ebp+arg_4], eax
jz loc_406D83
lea edi, [ebp+var_10031]
lea esi, dword_441360
mov ecx, 5
rep movsb
mov eax, [ebp+arg_4]
mov dword_441350, eax
cmp dword_441354, 0
jz short loc_406B36
call sub_40C574
mov eax, dword_441354
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_1004C], 90Dh
mov eax, [ebp+var_1004C]
mov edx, eax
add edx, eax
mov [ebp+var_1004C], edx
and dword_441354, 0
loc_406B36: ; CODE XREF: sub_406A9A+69�j
push 0FFFFh
lea eax, [ebp+var_10028]
push eax
push [ebp+arg_4]
call sub_40C76C
mov [ebp+var_8], 77DCh
movzx eax, [ebp+var_8]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_8], ax
push 1Bh
push offset dword_445FF0
call sub_4068A2
mov edi, 0Dh
sub edi, dword_441348
push edi
push eax
lea edi, [ebp+var_10028]
push edi
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jnz short loc_406BD3
mov word ptr [ebp+var_1004C], 18AFh
movzx eax, word ptr [ebp+var_1004C]
imul eax, 1C81h
mov word ptr [ebp+var_1004C], ax
and dword_441354, 0
mov word ptr [ebp+var_1004C+2], 985h
movzx eax, word ptr [ebp+var_1004C+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_1004C+2], ax
jmp loc_406D83
; ---------------------------------------------------------------------------
loc_406BD3: ; CODE XREF: sub_406A9A+F1�j
lea eax, [ebp+var_C]
push eax
mov eax, [ebp+arg_0]
mov eax, [eax+4]
push eax
mov edi, [eax]
call dword ptr [edi+1Ch]
mov ebx, eax
mov [ebp+var_D], 1Eh
add [ebp+var_D], 1
cmp [ebp+var_C], 0
jz loc_406D83
mov [ebp+var_14], 6CC8h
mov eax, 4A3Dh
mul [ebp+var_14]
mov [ebp+var_1004C], eax
mov [ebp+var_14], eax
or ebx, ebx
jnz loc_406D83
and [ebp+var_4], 0
cmp dword_441358, 0FFFFh
jz short loc_406C6D
call sub_40C538
inc dword_441358
mov eax, [ebp+var_C]
cmp dword_441358, eax
jbe short loc_406C44
and dword_441358, 0
loc_406C44: ; CODE XREF: sub_406A9A+1A1�j
mov [ebp+var_10050], 5B8Fh
mov eax, 1268h
mul [ebp+var_10050]
mov [ebp+var_10054], eax
mov [ebp+var_10050], eax
mov eax, dword_441358
mov [ebp+var_4], eax
loc_406C6D: ; CODE XREF: sub_406A9A+18B�j
; sub_406A9A+2DC�j
push 0
call sub_40C9B8
pop ecx
call sub_40C634
mov [ebp+var_28], 2
mov eax, [ebp+var_4]
mov [ebp+var_20], eax
mov dword_441358, eax
lea eax, [ebp+var_18]
push eax
lea esi, [ebp+var_28]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+arg_0]
mov edi, [edi+4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz loc_406D4B
lea edi, [ebp+var_10032]
lea esi, byte_441365
xor ecx, ecx
inc ecx
rep movsb
push offset dword_441354
push offset dword_446C04
mov eax, [ebp+var_18]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C508
or ebx, ebx
jnz short loc_406D4B
call sub_40C598
lea eax, [ebp+var_1002C]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+94h]
mov ebx, eax
lea edi, [ebp+var_10039]
lea esi, word_441366
mov ecx, 7
rep movsb
or ebx, ebx
jnz short loc_406D4B
mov [ebp+var_29], 28h
sub [ebp+var_29], 8Ch
mov dword_441358, 0FFFFh
mov eax, [ebp+arg_4]
cmp [ebp+var_1002C], eax
jz short loc_406D83
lea edi, [ebp+var_1003F]
lea esi, byte_44136D
mov ecx, 3
rep movsw
loc_406D4B: ; CODE XREF: sub_406A9A+214�j
; sub_406A9A+24B�j ...
cmp dword_441354, 0
jz short loc_406D5F
mov eax, dword_441354
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_406D5F: ; CODE XREF: sub_406A9A+2B8�j
lea edi, [ebp+var_10047]
lea esi, byte_441373
movsd
movsd
inc [ebp+var_4]
mov eax, [ebp+var_C]
cmp [ebp+var_4], eax
jb loc_406C6D
and dword_441354, 0
loc_406D83: ; CODE XREF: sub_406A9A+41�j
; sub_406A9A+134�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_406A9A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406D88 proc near ; CODE XREF: sub_406E2B+5E6�p
; sub_406E2B+62A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441384
lea eax, ds:430CF0h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 27Ah
xor edi, edi
jmp short loc_406DD0
; ---------------------------------------------------------------------------
loc_406DB6: ; CODE XREF: sub_406D88+4A�j
mov eax, dword_441384
add eax, edi
lea eax, ds:430CF0h[eax]
movsx edx, byte ptr [eax]
xor edx, 0EDh
mov [eax], dl
inc edi
loc_406DD0: ; CODE XREF: sub_406D88+2C�j
cmp edi, esi
jl short loc_406DB6
mov [ebp+var_8], 200h
mov eax, dword_441384
add eax, esi
mov byte ptr ds:dword_430CF0[eax], 0
xor edi, edi
mov edi, dword_441384
inc dword_441384
mov eax, dword_441384
add eax, 6
add eax, esi
mov dword_441384, eax
add dword_441384, 3
cmp dword_441384, 0E0Fh
jle short loc_406E21
and dword_441384, 0
loc_406E21: ; CODE XREF: sub_406D88+90�j
lea eax, dword_430CF0[edi]
pop edi
pop esi
leave
retn
sub_406D88 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_406E2B proc near ; CODE XREF: sub_407F67+56�p
var_63822 = byte ptr -63822h
var_6381C = dword ptr -6381Ch
var_63816 = byte ptr -63816h
var_62818 = dword ptr -62818h
var_62813 = byte ptr -62813h
var_6280E = byte ptr -6280Eh
var_6280D = byte ptr -6280Dh
var_6280C = dword ptr -6280Ch
var_62808 = word ptr -62808h
var_62800 = dword ptr -62800h
var_627F8 = word ptr -627F8h
var_627F0 = dword ptr -627F0h
var_627E8 = dword ptr -627E8h
var_627E4 = dword ptr -627E4h
var_627E0 = word ptr -627E0h
var_627DD = byte ptr -627DDh
var_627DA = byte ptr -627DAh
var_627D3 = byte ptr -627D3h
var_627CC = word ptr -627CCh
var_627CA = word ptr -627CAh
var_627C8 = dword ptr -627C8h
var_627C4 = byte ptr -627C4h
var_627C3 = byte ptr -627C3h
var_627C2 = word ptr -627C2h
var_627C0 = byte ptr -627C0h
var_627BF = byte ptr -627BFh
var_626C0 = dword ptr -626C0h
var_626BC = dword ptr -626BCh
var_626B8 = word ptr -626B8h
var_626B0 = dword ptr -626B0h
var_626A4 = dword ptr -626A4h
var_626A0 = dword ptr -626A0h
var_6269C = dword ptr -6269Ch
var_62698 = dword ptr -62698h
var_62694 = dword ptr -62694h
var_62690 = dword ptr -62690h
var_6268C = dword ptr -6268Ch
var_62687 = byte ptr -62687h
var_62682 = word ptr -62682h
var_6267F = byte ptr -6267Fh
var_526B8 = byte ptr -526B8h
var_526B0 = dword ptr -526B0h
var_526AA = byte ptr -526AAh
var_526A9 = byte ptr -526A9h
var_526A8 = byte ptr -526A8h
var_526A0 = dword ptr -526A0h
var_52696 = byte ptr -52696h
var_52690 = word ptr -52690h
var_52688 = dword ptr -52688h
var_52684 = dword ptr -52684h
var_52680 = dword ptr -52680h
var_5267A = byte ptr -5267Ah
var_52674 = byte ptr -52674h
var_5266F = byte ptr -5266Fh
var_52669 = byte ptr -52669h
var_52668 = byte ptr -52668h
var_52667 = byte ptr -52667h
var_52666 = byte ptr -52666h
var_52663 = word ptr -52663h
var_52661 = byte ptr -52661h
var_5265A = word ptr -5265Ah
var_52658 = dword ptr -52658h
var_52652 = word ptr -52652h
var_5264F = byte ptr -5264Fh
var_52649 = byte ptr -52649h
var_52644 = dword ptr -52644h
var_52640 = dword ptr -52640h
var_5263C = dword ptr -5263Ch
var_52638 = byte ptr -52638h
var_52630 = dword ptr -52630h
var_5262B = byte ptr -5262Bh
var_5262A = word ptr -5262Ah
var_52628 = dword ptr -52628h
var_52622 = word ptr -52622h
var_52620 = dword ptr -52620h
var_5261C = dword ptr -5261Ch
var_52618 = word ptr -52618h
var_52616 = word ptr -52616h
var_52614 = dword ptr -52614h
var_5260F = byte ptr -5260Fh
var_5260E = word ptr -5260Eh
var_5260C = dword ptr -5260Ch
var_52606 = word ptr -52606h
var_52604 = dword ptr -52604h
var_525FE = word ptr -525FEh
var_525FC = dword ptr -525FCh
var_525F8 = dword ptr -525F8h
var_525F4 = dword ptr -525F4h
var_525EE = word ptr -525EEh
var_525EC = dword ptr -525ECh
var_525E8 = dword ptr -525E8h
var_525E4 = dword ptr -525E4h
var_525DF = byte ptr -525DFh
var_524E0 = byte ptr -524E0h
var_524D8 = dword ptr -524D8h
var_524CC = dword ptr -524CCh
var_524C8 = byte ptr -524C8h
var_39E28 = byte ptr -39E28h
var_21788 = word ptr -21788h
var_21786 = word ptr -21786h
var_21784 = dword ptr -21784h
var_2177D = byte ptr -2177Dh
var_1177E = word ptr -1177Eh
var_1177C = word ptr -1177Ch
var_10FAC = dword ptr -10FACh
var_10FA8 = dword ptr -10FA8h
var_10FA4 = dword ptr -10FA4h
var_10001 = byte ptr -10001h
var_2 = word ptr -2
push ebp
mov ebp, esp
mov eax, 63824h
call sub_40C498
push ebx
push esi
push edi
call sub_40C5A4
push offset dword_445FE4
call sub_40BA0C
mov [ebp+var_10FA8], eax
mov eax, dword_441394
mov [ebp+var_52644], eax
push offset dword_445FD8
call sub_40BA0C
mov [ebp+var_10FAC], eax
mov [ebp+var_52616], 569Bh
inc [ebp+var_52616]
lea eax, [ebp+var_52638]
push eax
call sub_4069E2
pop ecx
or eax, eax
jz loc_407F62
call sub_40C574
loc_406E95: ; CODE XREF: sub_406E2B+CF�j
; sub_406E2B+F4�j ...
push 0
call sub_40C9B8
mov [ebp+var_52618], 0C8Fh
inc [ebp+var_52618]
call sub_40C7B4
mov [ebp+var_5261C], eax
lea edi, [ebp+var_52649]
lea esi, dword_441398
mov ecx, 5
rep movsb
push [ebp+var_5261C]
lea eax, [ebp+var_52638]
push eax
call sub_406A9A
add esp, 0Ch
lea edi, [ebp+var_5264F]
lea esi, byte_44139D
mov ecx, 3
rep movsw
cmp dword_441354, 0
jz short loc_406E95
mov ax, word_4413A3
mov [ebp+var_52652+1], ax
lea eax, [ebp+var_525F4]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+48h]
mov ebx, eax
or ebx, ebx
jnz loc_406E95
mov [ebp+var_52620], 6F23h
mov eax, 38F1h
mul [ebp+var_52620]
mov [ebp+var_52680], eax
mov [ebp+var_52620], eax
lea eax, [ebp+var_525F8]
push eax
push offset dword_446BA4
mov eax, [ebp+var_525F4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
mov [ebp+var_525FC], 2AEFh
mov eax, [ebp+var_525FC]
mov edx, eax
add edx, eax
mov [ebp+var_525FC], edx
or ebx, ebx
jnz loc_407F44
lea eax, [ebp+var_5263C]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+78h]
mov ebx, eax
call sub_40C634
or ebx, ebx
jnz loc_407F0E
mov [ebp+var_52622], 0A61h
movzx eax, [ebp+var_52622]
imul eax, 47C9h
mov [ebp+var_52622], ax
push offset byte_41EB90
push [ebp+var_5263C]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_52658], edi
call sub_40C598
mov eax, [ebp+var_5261C]
mov ds:dword_42EB94, eax
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
or ebx, ebx
jnz loc_407F0E
cmp [ebp+var_525FE], 0
jz short loc_407028
mov ax, word_4413A5
mov [ebp+var_5265A], ax
jmp loc_407F0E
; ---------------------------------------------------------------------------
loc_407028: ; CODE XREF: sub_406E2B+1E9�j
lea edi, [ebp+var_52661]
lea esi, byte_4413A7
mov ecx, 7
rep movsb
mov ax, word_4413AE
mov [ebp+var_52663], ax
lea edi, [ebp+var_52666]
lea esi, byte_4413B0
mov ecx, 3
rep movsb
mov [ebp+var_10001], 0
mov [ebp+var_2], 0
lea eax, [ebp+var_52604]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+5Ch]
mov ebx, eax
lea edi, [ebp+var_52667]
lea esi, byte_4413B3
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jnz loc_407F0E
lea eax, [ebp+var_52640]
push eax
mov eax, [ebp+var_52604]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
call sub_40C5A4
or ebx, ebx
jnz loc_407EF4
mov [ebp+var_52606], 281Eh
movzx eax, [ebp+var_52606]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_52606], ax
or [ebp+var_524CC], 0FFFFFFFFh
loc_4070DC: ; CODE XREF: sub_406E2B+B65�j
and [ebp+var_5260C], 0
and [ebp+var_52614], 0
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407133
call sub_40C538
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_525F8]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
mov [ebp+var_52684], 638Dh
add [ebp+var_52684], 5FB7h
or ebx, ebx
jnz loc_407979
call sub_40C514
jmp loc_40724E
; ---------------------------------------------------------------------------
loc_407133: ; CODE XREF: sub_406E2B+2C6�j
lea edi, [ebp+var_52696]
lea esi, dword_4413B4
mov ecx, 3
rep movsw
mov [ebp+var_52690], 17h
mov eax, [ebp+var_524CC]
mov [ebp+var_52688], eax
lea eax, [ebp+var_526A8]
push eax
lea eax, [ebp+var_52690]
push eax
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+1Ch]
lea eax, [ebp+var_5260C]
push eax
push offset dword_446BD4
mov eax, [ebp+var_526A0]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C598
or ebx, ebx
jnz loc_407979
call sub_40C508
lea eax, [ebp+var_52614]
push eax
mov eax, [ebp+var_5260C]
push eax
mov edi, [eax]
call dword ptr [edi+0D0h]
mov ebx, eax
or ebx, ebx
jz short loc_4071E9
call sub_40C634
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
lea edi, [ebp+var_526AA]
lea esi, byte_4413BA
xor ecx, ecx
inc ecx
rep movsb
jmp loc_407979
; ---------------------------------------------------------------------------
loc_4071E9: ; CODE XREF: sub_406E2B+395�j
lea eax, [ebp+var_525E4]
push eax
mov eax, [ebp+var_52614]
push eax
mov edi, [eax]
call dword ptr [edi+38h]
mov ebx, eax
lea edi, [ebp+var_526A9]
lea esi, byte_4413BB
xor ecx, ecx
inc ecx
rep movsb
or ebx, ebx
jz short loc_40724E
lea edi, [ebp+var_526B8]
lea esi, dword_4413BC
movsd
movsd
mov eax, [ebp+var_52614]
push eax
mov esi, [eax]
call dword ptr [esi+8]
mov [ebp+var_526B0], 97Dh
inc [ebp+var_526B0]
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_407979
; ---------------------------------------------------------------------------
loc_40724E: ; CODE XREF: sub_406E2B+303�j
; sub_406E2B+3E6�j
lea eax, [ebp+var_525EC]
push eax
mov eax, [ebp+var_525E4]
push eax
mov edi, [eax]
call dword ptr [edi+24h]
mov ebx, eax
or ebx, ebx
jnz loc_407E8E
and [ebp+var_21784], 0
jmp loc_407967
; ---------------------------------------------------------------------------
loc_407277: ; CODE XREF: sub_406E2B+B48�j
mov [ebp+var_627C0], 0B8h
add [ebp+var_627C0], 1
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4
mov [ebp+var_626B8], 2
mov eax, [ebp+var_21784]
mov [ebp+var_626B0], eax
lea eax, [ebp+var_626A4]
push eax
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_626B8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_525E4]
push edi
mov edi, [edi]
call dword ptr [edi+2Ch]
mov ebx, eax
mov ax, word_4413C4
mov [ebp+var_627CC], ax
or ebx, ebx
jnz loc_407961
call sub_40C508
and [ebp+var_626BC], 0
lea eax, [ebp+var_626BC]
push eax
push offset dword_446BB4
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
call sub_40C634
or ebx, ebx
jnz loc_407683
call sub_40C634
lea eax, [ebp+var_626C0]
push eax
mov eax, [ebp+var_626BC]
push eax
mov edi, [eax]
call dword ptr [edi+0F0h]
mov ebx, eax
mov [ebp+var_627C2], 7A7Ch
movzx eax, [ebp+var_627C2]
imul eax, 2CBEh
mov [ebp+var_627C2], ax
or ebx, ebx
jnz loc_407683
call sub_40C634
lea eax, [ebp+var_62687]
push eax
push [ebp+var_626C0]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6269C], edi
lea edi, [ebp+var_627D3]
lea esi, word_4413C6
mov ecx, 7
rep movsb
and [ebp+var_52684], 0
jmp short loc_4073D6
; ---------------------------------------------------------------------------
loc_4073AD: ; CODE XREF: sub_406E2B+5B7�j
mov eax, [ebp+var_52684]
mov al, [ebp+eax+var_62687]
cmp al, 0Dh
jz short loc_4073C2
cmp al, 0Ah
jnz short loc_4073D0
loc_4073C2: ; CODE XREF: sub_406E2B+591�j
mov eax, [ebp+var_52684]
mov [ebp+eax+var_62687], 0
loc_4073D0: ; CODE XREF: sub_406E2B+595�j
inc [ebp+var_52684]
loc_4073D6: ; CODE XREF: sub_406E2B+580�j
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb short loc_4073AD
cmp [ebp+var_524CC], 0FFFFFFFFh
jnz short loc_407441
mov [ebp+var_627E0], 1CC7h
movzx eax, [ebp+var_627E0]
imul eax, 5DEDh
mov [ebp+var_627E0], ax
push 11h
push offset byte_445FC5
call sub_406D88
push [ebp+var_21784]
push eax
lea edi, [ebp+var_627BF]
push edi
call sub_40CA30
lea eax, [ebp+var_627BF]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 1Ch
jmp short loc_4074AB
; ---------------------------------------------------------------------------
loc_407441: ; CODE XREF: sub_406E2B+5C0�j
mov ax, word_4413CD
mov word ptr [ebp+var_627E4], ax
push 13h
push offset byte_445FB1
call sub_406D88
push [ebp+var_21784]
push [ebp+var_524CC]
push eax
lea edi, [ebp+var_627BF]
push edi
call sub_40CA30
mov [ebp+var_627E0], 4C50h
add [ebp+var_627E0], 6D23h
lea eax, [ebp+var_627BF]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 20h
mov word ptr [ebp+var_627E4+2], 322Ah
inc word ptr [ebp+var_627E4+2]
loc_4074AB: ; CODE XREF: sub_406E2B+614�j
and [ebp+var_52684], 0
loc_4074B2: ; CODE XREF: sub_406E2B+76B�j
mov eax, [ebp+var_52684]
lea ecx, [ebp+eax+var_62687]
or eax, 0FFFFFFFFh
loc_4074C2: ; CODE XREF: sub_406E2B+69C�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4074C2
mov [ebp+var_62690], eax
mov [ebp+var_627C3], 84h
add [ebp+var_627C3], 1
mov eax, [ebp+var_62690]
cmp eax, 0
jz short loc_4074EF
cmp eax, 0C8h
jbe short loc_4074F4
loc_4074EF: ; CODE XREF: sub_406E2B+6BB�j
jmp loc_40757D
; ---------------------------------------------------------------------------
loc_4074F4: ; CODE XREF: sub_406E2B+6C2�j
lea edi, [ebp+var_627DA]
lea esi, byte_4413CF
mov ecx, 7
rep movsb
cmp [ebp+var_62690], 1
jnz short loc_407520
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_62687], 20h
jz short loc_40757D
loc_407520: ; CODE XREF: sub_406E2B+6E3�j
call sub_40C598
push 1
push offset byte_445FAF
call sub_406D88
push eax
lea edi, [ebp+var_10001]
push edi
call sub_40CA54
mov [ebp+var_627C4], 0A6h
add [ebp+var_627C4], 0B3h
mov eax, [ebp+var_52684]
lea eax, [ebp+eax+var_62687]
push eax
lea eax, [ebp+var_10001]
push eax
call sub_40CA54
add esp, 18h
mov [ebp+var_627C8], 61DCh
sub [ebp+var_627C8], 2883h
loc_40757D: ; CODE XREF: sub_406E2B:loc_4074EF�j
; sub_406E2B+6F3�j
mov eax, [ebp+var_62690]
inc eax
add [ebp+var_52684], eax
mov eax, [ebp+var_6269C]
cmp [ebp+var_52684], eax
jb loc_4074B2
and [ebp+var_62698], 0
lea ecx, [ebp+var_10001]
or eax, 0FFFFFFFFh
loc_4075AC: ; CODE XREF: sub_406E2B+786�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4075AC
mov [ebp+var_62690], eax
call sub_40C634
mov [ebp+var_52684], 0
jmp loc_407663
; ---------------------------------------------------------------------------
loc_4075CD: ; CODE XREF: sub_406E2B+844�j
lea edi, [ebp+var_627E4+1]
lea esi, word_4413D6
mov ecx, 3
rep movsw
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jz short loc_4075F8
and [ebp+var_6268C], 0
loc_4075F8: ; CODE XREF: sub_406E2B+7C4�j
call sub_40C508
cmp [ebp+var_6268C], 0
jnz short loc_407630
call sub_40C5A4
mov eax, [ebp+var_62698]
mov edx, [ebp+var_52684]
mov dl, [ebp+edx+var_10001]
mov [ebp+eax+var_10001], dl
call sub_40C508
inc [ebp+var_62698]
loc_407630: ; CODE XREF: sub_406E2B+7D9�j
mov eax, [ebp+var_52684]
cmp [ebp+eax+var_10001], 20h
jnz short loc_40764A
mov [ebp+var_6268C], 1
loc_40764A: ; CODE XREF: sub_406E2B+813�j
lea edi, [ebp+var_627E8]
lea esi, dword_4413DC
mov ecx, 5
rep movsb
inc [ebp+var_52684]
loc_407663: ; CODE XREF: sub_406E2B+79D�j
mov eax, [ebp+var_62690]
cmp [ebp+var_52684], eax
jb loc_4075CD
mov eax, [ebp+var_62698]
mov [ebp+eax+var_10001], 0
loc_407683: ; CODE XREF: sub_406E2B+4FB�j
; sub_406E2B+53D�j
and [ebp+var_62694], 0
lea eax, [ebp+var_62694]
push eax
push offset dword_446BC4
mov eax, [ebp+var_626A4]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_407947
call sub_40C598
lea eax, [ebp+var_626A0]
push eax
mov eax, [ebp+var_62694]
push eax
mov edi, [eax]
call dword ptr [edi+6Ch]
mov ebx, eax
call sub_40C508
or ebx, ebx
jnz loc_40792D
lea edi, [ebp+var_627DD]
lea esi, byte_4413E1
mov ecx, 3
rep movsb
and [ebp+var_52688], 0
jmp loc_407909
; ---------------------------------------------------------------------------
loc_4076F6: ; CODE XREF: sub_406E2B+AEA�j
call sub_40C514
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4
mov [ebp+var_627F8], 2
mov eax, [ebp+var_52688]
mov [ebp+var_627F0], eax
lea eax, [ebp+var_627E8]
push eax
lea esi, [ebp+var_627F8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
lea esi, [ebp+var_627F8]
sub esp, 10h
mov edi, esp
mov ecx, 4
rep movsd
mov edi, [ebp+var_62694]
push edi
mov edi, [edi]
call dword ptr [edi+74h]
mov ebx, eax
or ebx, ebx
jnz loc_407903
mov [ebp+var_6280D], 0Fh
add [ebp+var_6280D], 1
and [ebp+var_627E4], 0
lea eax, [ebp+var_627E4]
push eax
push offset dword_446BB4
mov eax, [ebp+var_627E8]
push eax
mov edi, [eax]
call dword ptr ds:0[edi]
mov ebx, eax
or ebx, ebx
jnz loc_4078C6
lea edi, [ebp+var_62813]
lea esi, dword_4413E4
mov ecx, 5
rep movsb
cmp [ebp+var_627E4], 0
jz loc_4078C6
mov [ebp+var_6280E], 85h
add [ebp+var_6280E], 1
lea eax, [ebp+var_62808]
push eax
push 0
push [ebp+var_10FA8]
mov eax, [ebp+var_627E4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
mov eax, dword_4413E9
mov [ebp+var_62818+1], eax
or ebx, ebx
jnz loc_4078C6
call sub_40C514
cmp [ebp+var_62808], 8
jnz loc_4078C6
call sub_40C514
movzx edi, [ebp+var_2]
mov esi, [ebp+var_627E4]
mov [ebp+edi*4+var_10FA4], esi
movzx edi, [ebp+var_2]
mov esi, [ebp+var_52688]
mov [ebp+edi*2+var_1177C], si
lea eax, [ebp+var_62808]
push eax
push 0
push [ebp+var_10FAC]
mov eax, [ebp+var_627E4]
push eax
mov edi, [eax]
call dword ptr [edi+20h]
mov ebx, eax
or ebx, ebx
jnz short loc_4078C2
call sub_40C538
lea edi, [ebp+var_63822]
lea esi, byte_4413ED
mov ecx, 3
rep movsw
call sub_40C598
lea eax, [ebp+var_63816]
push eax
push [ebp+var_62800]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp+var_6381C], edi
call sub_40C538
cmp [ebp+var_63816], 0
jz short loc_4078BD
cmp edi, 64h
jnb short loc_4078BD
lea eax, [ebp+var_63816]
push eax
movzx eax, [ebp+var_2]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
call sub_40C4B8
loc_4078BD: ; CODE XREF: sub_406E2B+A70�j
; sub_406E2B+A75�j
call sub_40C634
loc_4078C2: ; CODE XREF: sub_406E2B+A26�j
inc [ebp+var_2]
loc_4078C6: ; CODE XREF: sub_406E2B+968�j
; sub_406E2B+988�j ...
cmp [ebp+var_627E4], 0
jz short $+2
call sub_40C514
cmp [ebp+var_627E8], 0
jz short loc_4078E9
mov eax, [ebp+var_627E8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_4078E9: ; CODE XREF: sub_406E2B+AB0�j
mov [ebp+var_6280C], 6832h
mov eax, [ebp+var_6280C]
mov edx, eax
add edx, eax
mov [ebp+var_6280C], edx
loc_407903: ; CODE XREF: sub_406E2B+92D�j
inc [ebp+var_52688]
loc_407909: ; CODE XREF: sub_406E2B+8C6�j
mov eax, [ebp+var_626A0]
cmp [ebp+var_52688], eax
jb loc_4076F6
jmp short loc_407961
; ---------------------------------------------------------------------------
mov [ebp+var_627CA], 3C6Eh
inc [ebp+var_627CA]
loc_40792D: ; CODE XREF: sub_406E2B+8A6�j
cmp [ebp+var_62694], 0
jz short loc_407942
mov eax, [ebp+var_62694]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407942: ; CODE XREF: sub_406E2B+B09�j
call sub_40C634
loc_407947: ; CODE XREF: sub_406E2B+87F�j
cmp [ebp+var_626A4], 0
jz short loc_40795C
mov eax, [ebp+var_626A4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_40795C: ; CODE XREF: sub_406E2B+B23�j
call sub_40C514
loc_407961: ; CODE XREF: sub_406E2B+4C4�j
; sub_406E2B+AF0�j
inc [ebp+var_21784]
loc_407967: ; CODE XREF: sub_406E2B+447�j
mov eax, [ebp+var_525EC]
cmp [ebp+var_21784], eax
jb loc_407277
loc_407979: ; CODE XREF: sub_406E2B+2F8�j
; sub_406E2B+370�j ...
call sub_40C508
inc [ebp+var_524CC]
mov eax, [ebp+var_52640]
cmp [ebp+var_524CC], eax
jl loc_4070DC
lea edi, [ebp+var_52668]
lea esi, byte_4413F3
xor ecx, ecx
inc ecx
rep movsb
loc_4079A7: ; CODE XREF: sub_406E2B+CB6�j
push 0
call sub_40C9B8
pop ecx
call sub_40C5A4
mov [ebp+var_21786], 0
jmp loc_407A91
; ---------------------------------------------------------------------------
loc_4079C2: ; CODE XREF: sub_406E2B+C73�j
call sub_40C538
lea eax, [ebp+var_524E0]
push eax
push 0
push [ebp+var_10FA8]
movzx edi, [ebp+var_21786]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+20h]
mov ebx, eax
lea edi, [ebp+var_62690+1]
lea esi, dword_4413F4
mov ecx, 7
rep movsb
or ebx, ebx
jnz loc_407A8A
lea edi, [ebp+var_62698+2]
lea esi, byte_4413FB
mov ecx, 7
rep movsb
lea eax, [ebp+var_6267F]
push eax
push [ebp+var_524D8]
call sub_40692E
add esp, 8
mov edi, eax
inc edi
mov [ebp-62688h], edi
call sub_40C574
cmp [ebp+var_6267F], 0
jz short loc_407A8A
mov [ebp+var_62682], 4C04h
movzx eax, [ebp+var_62682]
imul eax, 0D94h
mov [ebp+var_62682], ax
cmp dword ptr [ebp-62688h], 64h
jnb short loc_407A8A
lea eax, [ebp+var_6267F]
push eax
movzx eax, [ebp+var_21786]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
call sub_40C4B8
loc_407A8A: ; CODE XREF: sub_406E2B+BD6�j
; sub_406E2B+C19�j ...
inc [ebp+var_21786]
loc_407A91: ; CODE XREF: sub_406E2B+B92�j
movzx eax, [ebp+var_21786]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_4079C2
lea eax, [ebp+var_525FE]
push eax
mov eax, dword_441354
push eax
mov edi, [eax]
call dword ptr [edi+7Ch]
mov ebx, eax
mov [ebp+var_52628], 0AD1h
add [ebp+var_52628], 0D59h
or ebx, ebx
jnz loc_407F0E
call sub_40C574
cmp [ebp+var_525FE], 0
jz loc_4079A7
lea edi, [ebp+var_52669]
lea esi, byte_441402
xor ecx, ecx
inc ecx
rep movsb
mov [ebp+var_2177D], 0
push offset byte_41EB90
lea eax, [ebp+var_2177D]
push eax
call sub_40C4B8
mov [ebp+var_5260E], 164Dh
movzx eax, [ebp+var_5260E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5260E], ax
mov [ebp+var_525E8], 1
mov [ebp+var_1177E], 0
jmp loc_407C46
; ---------------------------------------------------------------------------
loc_407B45: ; CODE XREF: sub_406E2B+E28�j
mov word ptr [ebp+var_52684+2], 712h
movzx eax, word ptr [ebp+var_52684+2]
imul eax, 568Ah
mov word ptr [ebp+var_52684+2], ax
movzx eax, [ebp+var_1177E]
imul eax, 64h
cmp [ebp+eax+var_524C8], 0
jz loc_407C3F
mov ax, word_441403
mov word ptr [ebp+var_52688+2], ax
and [ebp+var_525E8], 0
push 4
push offset word_445FAA
call sub_406D88
movzx edi, [ebp+var_1177E]
push edi
push eax
lea edi, [ebp+var_525DF]
push edi
call sub_40CA30
mov eax, dword_441405
mov [ebp-5268Ah], eax
lea eax, [ebp+var_525DF]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
mov word ptr [ebp+var_52684], 0F32h
inc word ptr [ebp+var_52684]
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_39E28]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
call sub_40C598
push 1
push offset byte_445FA8
call sub_406D88
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CA54
movzx eax, [ebp+var_1177E]
imul eax, 64h
lea eax, [ebp+eax+var_524C8]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
add esp, 3Ch
call sub_40C538
loc_407C3F: ; CODE XREF: sub_406E2B+D49�j
inc [ebp+var_1177E]
loc_407C46: ; CODE XREF: sub_406E2B+D15�j
movzx eax, [ebp+var_1177E]
movzx edx, [ebp+var_2]
cmp eax, edx
jl loc_407B45
cmp [ebp+var_525E8], 0
jnz loc_407E8E
call sub_40C634
push 1
push offset word_445FA6
call sub_406D88
push eax
lea edi, [ebp+var_2177D]
push edi
call sub_40CA54
call sub_40C634
lea eax, [ebp+var_10001]
push eax
lea eax, [ebp+var_2177D]
push eax
call sub_40CA54
add esp, 18h
cmp ds:byte_41EB90, 68h
jnz short loc_407CC3
cmp ds:byte_41EB91, 74h
jnz short loc_407CC3
cmp ds:byte_41EB92, 74h
jnz short loc_407CC3
cmp ds:byte_41EB93, 70h
jz short loc_407CC8
loc_407CC3: ; CODE XREF: sub_406E2B+E7B�j
; sub_406E2B+E84�j ...
jmp loc_407E43
; ---------------------------------------------------------------------------
loc_407CC8: ; CODE XREF: sub_406E2B+E96�j
lea edi, [ebp+var_5266F]
lea esi, byte_441409
mov ecx, 3
rep movsw
push 8
push offset byte_445F9D
call sub_406D88
mov edi, 11h
sub edi, dword_441380
push edi
push eax
push offset byte_41EB90
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz short loc_407D3A
push 0Eh
push offset word_445F8E
call sub_406D88
mov edi, 11h
sub edi, dword_441380
push edi
push eax
push offset byte_41EB90
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz loc_407E43
loc_407D3A: ; CODE XREF: sub_406E2B+EDC�j
mov [ebp+var_5262A], 0E36h
movzx eax, [ebp+var_5262A]
imul eax, 5F1Ah
mov [ebp+var_5262A], ax
mov [ebp+var_525EE], 0
loc_407D60: ; CODE XREF: sub_406E2B+FE4�j
mov eax, 11h
sub eax, dword_441380
push eax
movzx eax, [ebp+var_525EE]
lea eax, ds:44138Ch[eax]
push eax
push offset byte_41EB90
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_407DBC
call sub_40C574
push 1
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F270
mov [ebp+var_52684], 5D23h
sub [ebp+var_52684], 3A68h
jmp loc_407E43
; ---------------------------------------------------------------------------
loc_407DBC: ; CODE XREF: sub_406E2B+F62�j
movzx eax, [ebp+var_525EE]
mov [ebp+var_52684], eax
lea ecx, ds:44138Ch[eax]
or eax, 0FFFFFFFFh
loc_407DD3: ; CODE XREF: sub_406E2B+FAD�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_407DD3
mov esi, [ebp+var_52684]
add esi, eax
mov edi, esi
mov [ebp+var_525EE], di
mov [ebp+var_5262B], 0EFh
add [ebp+var_5262B], 52h
inc [ebp+var_525EE]
movzx eax, [ebp+var_525EE]
cmp byte_44138C[eax], 0
jnz loc_407D60
call sub_40C5A4
push 0
lea eax, [ebp+var_2177D]
push eax
call ds:dword_40F270
mov [ebp+var_5260F], 20h
movzx eax, [ebp+var_5260F]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5260F], al
loc_407E43: ; CODE XREF: sub_406E2B:loc_407CC3�j
; sub_406E2B+F09�j ...
mov [ebp+var_21788], 0
jmp short loc_407E7A
; ---------------------------------------------------------------------------
loc_407E4E: ; CODE XREF: sub_406E2B+105C�j
movzx edi, [ebp+var_21788]
cmp [ebp+edi*4+var_10FA4], 0
jz short loc_407E73
movzx edi, [ebp+var_21788]
mov edi, [ebp+edi*4+var_10FA4]
push edi
mov edi, [edi]
call dword ptr [edi+8]
loc_407E73: ; CODE XREF: sub_406E2B+1032�j
inc [ebp+var_21788]
loc_407E7A: ; CODE XREF: sub_406E2B+1021�j
movzx eax, [ebp+var_21788]
movzx edx, [ebp+var_2]
cmp eax, edx
jl short loc_407E4E
call sub_40C574
loc_407E8E: ; CODE XREF: sub_406E2B+43A�j
; sub_406E2B+E35�j
cmp [ebp+var_525E4], 0
jz short loc_407EA3
mov eax, [ebp+var_525E4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EA3: ; CODE XREF: sub_406E2B+106A�j
lea edi, [ebp+var_52674]
lea esi, byte_44140F
mov ecx, 5
rep movsb
cmp [ebp+var_52614], 0
jz short loc_407ECB
mov eax, [ebp+var_52614]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407ECB: ; CODE XREF: sub_406E2B+1092�j
lea edi, [ebp+var_5267A]
lea esi, dword_441414
mov ecx, 3
rep movsw
cmp [ebp+var_5260C], 0
jz short loc_407EF4
mov eax, [ebp+var_5260C]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407EF4: ; CODE XREF: sub_406E2B+287�j
; sub_406E2B+10BB�j
cmp [ebp+var_52604], 0
jz short loc_407F09
mov eax, [ebp+var_52604]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F09: ; CODE XREF: sub_406E2B+10D0�j
call sub_40C538
loc_407F0E: ; CODE XREF: sub_406E2B+176�j
; sub_406E2B+1DB�j ...
cmp [ebp+var_525F8], 0
jz short loc_407F23
mov eax, [ebp+var_525F8]
push eax
mov esi, [eax]
call dword ptr [esi+8]
loc_407F23: ; CODE XREF: sub_406E2B+10EA�j
mov [ebp+var_52630], 52EFh
mov eax, 3A5Eh
mul [ebp+var_52630]
mov [ebp+var_52688], eax
mov [ebp+var_52630], eax
loc_407F44: ; CODE XREF: sub_406E2B+155�j
cmp [ebp+var_525F4], 0
jz loc_406E95
mov eax, [ebp+var_525F4]
push eax
mov esi, [eax]
call dword ptr [esi+8]
jmp loc_406E95
; ---------------------------------------------------------------------------
loc_407F62: ; CODE XREF: sub_406E2B+5F�j
pop edi
pop esi
pop ebx
leave
retn
sub_406E2B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F67 proc near ; DATA XREF: sub_40801C+2F�o
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0FFFFFFFFh
push offset word_44141A
push offset sub_40109A
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 10h
push ebx
push esi
push edi
mov [ebp+var_18], esp
call sub_40C5A4
mov [ebp+var_4], 0
call sub_40C538
loc_407F9E: ; CODE XREF: sub_407F67+7A�j
; sub_407F67+9A�j
call sub_40C634
mov edi, dword_44137C
add edi, 1F3h
push edi
call sub_40C9B8
add esp, 4
call sub_40C5A4
call sub_406E2B
mov [ebp+var_1C], 6E5Bh
mov eax, 6540h
mul [ebp+var_1C]
mov [ebp+var_20], eax
mov edi, [ebp+var_20]
mov [ebp+var_1C], edi
cmp dword_441388, 0
jnz short loc_407F9E
jmp short loc_40800A
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
jmp short loc_40800A
; ---------------------------------------------------------------------------
mov [ebp+var_1C], 1
mov eax, [ebp+var_1C]
retn
; ---------------------------------------------------------------------------
mov esp, [ebp+var_18]
call sub_40C5A4
jmp short loc_407F9E
; ---------------------------------------------------------------------------
mov [ebp+var_4], 0FFFFFFFFh
loc_40800A: ; CODE XREF: sub_407F67+7C�j
; sub_407F67+85�j
pop edi
pop esi
pop ebx
xchg eax, ecx
mov eax, [ebp+var_10]
mov large fs:0, eax
xchg eax, ecx
leave
retn 4
sub_407F67 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40801C proc near ; CODE XREF: sub_40A766+7F2�p
var_9 = byte ptr -9
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
lea edi, [ebp+var_9]
lea esi, word_441426
mov ecx, 7
rep movsb
mov eax, [ebp+arg_0]
mov ds:dword_40F270, eax
call sub_40C598
push offset dword_441388
push 0
push 0
push offset sub_407F67
push 0
push 0
call sub_40C754
mov ebx, eax
mov [ebp+var_1], 0EEh
movzx eax, [ebp+var_1]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1], al
push ebx
call sub_40C55C
mov [ebp+var_2], 5
sub [ebp+var_2], 0F2h
pop edi
pop esi
pop ebx
leave
retn
sub_40801C endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push edi
mov edi, 5B3h
inc edi
cmp dword_441354, 0
jnz short loc_408097
xor eax, eax
jmp short loc_4080DD
; ---------------------------------------------------------------------------
loc_408097: ; CODE XREF: .text:00408091�j
mov byte ptr [ebp-1], 16h
add byte ptr [ebp-1], 1
mov eax, ds:dword_42EB94
cmp [ebp+8], eax
jz short loc_4080AD
xor eax, eax
jmp short loc_4080DD
; ---------------------------------------------------------------------------
loc_4080AD: ; CODE XREF: .text:004080A7�j
call sub_40C574
lea ecx, byte_41EB90
or eax, 0FFFFFFFFh
loc_4080BB: ; CODE XREF: .text:004080C0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_4080BB
mov edi, eax
add edi, 1
push edi
push offset byte_41EB90
push dword ptr [ebp+0Ch]
call sub_40C9F4
add esp, 0Ch
mov eax, 1
loc_4080DD: ; CODE XREF: .text:00408095�j
; .text:004080AB�j
pop edi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4080E0 proc near ; CODE XREF: sub_408189+21F�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 0Ch
push esi
push edi
mov esi, [ebp+arg_4]
push esi
push [ebp+arg_0]
mov eax, dword_441438
lea eax, ds:414490h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
mov [ebp+var_4], 7
xor edi, edi
jmp short loc_408126
; ---------------------------------------------------------------------------
loc_40810F: ; CODE XREF: sub_4080E0+48�j
mov eax, dword_441438
add eax, edi
lea eax, ds:414490h[eax]
movsx edx, byte ptr [eax]
xor edx, 9
mov [eax], dl
inc edi
loc_408126: ; CODE XREF: sub_4080E0+2D�j
cmp edi, esi
jl short loc_40810F
mov [ebp+var_8], 1ADh
mov eax, dword_441438
add eax, esi
mov byte ptr ds:dword_414490[eax], 0
xor edi, edi
mov edi, dword_441438
add dword_441438, 2
mov eax, dword_441438
add eax, 5
add eax, esi
mov dword_441438, eax
add dword_441438, 2
cmp dword_441438, 0DECh
jle short loc_408178
and dword_441438, 0
loc_408178: ; CODE XREF: sub_4080E0+8F�j
mov [ebp+var_C], 187h
lea eax, dword_414490[edi]
pop edi
pop esi
leave
retn
sub_4080E0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408189 proc near ; DATA XREF: sub_40A766+7ED�o
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_D = byte ptr -0Dh
var_C = dword ptr -0Ch
var_5 = byte ptr -5
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 24h
push ebx
push esi
push edi
call sub_40C508
xor ebx, ebx
mov [ebp+var_4], ebx
mov [ebp+var_C], ebx
loc_40819F: ; CODE XREF: sub_408189+140�j
; sub_408189+14B�j ...
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ah
jnz loc_4082B3
mov [ebp+var_D], 8Fh
add [ebp+var_D], 1
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jz short loc_4081C9
cmp byte ptr [ebx+eax+14h], 20h
jnz loc_4082B3
loc_4081C9: ; CODE XREF: sub_408189+33�j
call sub_40C634
mov eax, [ebp+arg_0]
mov al, [ebx+eax+1]
cmp al, 34h
jz short loc_4081E1
cmp al, 35h
jnz loc_4082B3
loc_4081E1: ; CODE XREF: sub_408189+4E�j
mov eax, [ebp+arg_0]
cmp byte ptr [ebx+eax+11h], 20h
jnz short loc_4081F4
mov [ebp+var_4], 10h
jmp short loc_4081FB
; ---------------------------------------------------------------------------
loc_4081F4: ; CODE XREF: sub_408189+60�j
mov [ebp+var_4], 13h
loc_4081FB: ; CODE XREF: sub_408189+69�j
mov [ebp+var_5], 0
xor esi, esi
jmp loc_408286
; ---------------------------------------------------------------------------
loc_408206: ; CODE XREF: sub_408189+100�j
call sub_40C538
cmp [ebp+var_4], 13h
jnz short loc_40824E
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
cmp byte ptr [edx+eax], 2Dh
jnz short loc_40824E
mov edi, 5
mov edx, esi
inc edx
mov [ebp+var_1C], edx
mov [ebp+var_14], edi
mov eax, edx
mov [ebp+var_18], eax
mov ecx, edi
xor edx, edx
div ecx
mov [ebp+var_20], eax
mov eax, edi
mov edi, [ebp+var_20]
mul [ebp+var_20]
mov [ebp+var_24], eax
mov edi, [ebp+var_1C]
mov edx, eax
cmp edx, edi
jz short loc_408285
loc_40824E: ; CODE XREF: sub_408189+86�j
; sub_408189+93�j
call sub_40C634
lea eax, [ebx+esi+1]
mov edx, [ebp+arg_0]
mov al, [edx+eax]
cmp al, 30h
jl short loc_408265
cmp al, 39h
jle short loc_408267
loc_408265: ; CODE XREF: sub_408189+D6�j
jmp short loc_4082B3
; ---------------------------------------------------------------------------
loc_408267: ; CODE XREF: sub_408189+DA�j
call sub_40C5A4
movzx eax, [ebp+var_5]
lea edx, [ebx+esi+1]
mov ecx, [ebp+arg_0]
mov dl, [ecx+edx]
mov ds:byte_432F00[eax], dl
add [ebp+var_5], 1
loc_408285: ; CODE XREF: sub_408189+C3�j
inc esi
loc_408286: ; CODE XREF: sub_408189+78�j
cmp esi, [ebp+var_4]
jb loc_408206
mov eax, [ebp+var_4]
mov ds:byte_432F00[eax], 0
call sub_401334
or eax, eax
jz short loc_4082AA
call sub_40C514
jmp short loc_4082B3
; ---------------------------------------------------------------------------
loc_4082AA: ; CODE XREF: sub_408189+118�j
mov [ebp+var_C], 1
jmp short loc_40830A
; ---------------------------------------------------------------------------
loc_4082B3: ; CODE XREF: sub_408189+1D�j
; sub_408189+3A�j ...
inc ebx
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 0
jz short loc_408306
call sub_40C634
mov eax, [ebp+arg_0]
cmp byte ptr [eax+ebx], 3Ch
jnz loc_40819F
cmp byte ptr [ebx+eax+1], 46h
jnz loc_40819F
cmp byte ptr [ebx+eax+2], 4Fh
jnz loc_40819F
cmp byte ptr [ebx+eax+3], 52h
jnz loc_40819F
cmp byte ptr [ebx+eax+4], 4Dh
jnz loc_40819F
cmp byte ptr [ebx+eax+5], 5Fh
jnz loc_40819F
loc_408306: ; CODE XREF: sub_408189+132�j
and [ebp+var_C], 0
loc_40830A: ; CODE XREF: sub_408189+128�j
cmp [ebp+var_C], 0
jz short loc_40831F
mov eax, ds:dword_42EB94
mov dword_43B214, eax
jmp loc_4083E0
; ---------------------------------------------------------------------------
loc_40831F: ; CODE XREF: sub_408189+185�j
mov word ptr [ebp+var_18], 69C0h
movzx eax, word ptr [ebp+var_18]
imul eax, 3F8Fh
mov word ptr [ebp+var_18], ax
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40E010
call sub_40C67C
mov [ebp+var_14], eax
call sub_40C508
push 2
push 0
push 0
push [ebp+var_14]
call sub_40C6AC
mov byte ptr [ebp+var_1C+3], 2Ah
add byte ptr [ebp+var_1C+3], 1
mov eax, [ebp+arg_0]
mov ecx, eax
or eax, 0FFFFFFFFh
loc_408372: ; CODE XREF: sub_408189+1EE�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408372
mov edi, eax
push 0
lea edx, [ebp+var_20]
push edx
push edi
push [ebp+arg_0]
push [ebp+var_14]
call sub_40C730
mov word ptr [ebp+var_18+2], 73F4h
movzx eax, word ptr [ebp+var_18+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_18+2], ax
push 2
push offset byte_445F8B
call sub_4080E0
add esp, 8
push 0
lea edi, [ebp+var_20]
push edi
mov edi, 0Dh
sub edi, dword_441434
push edi
push eax
push [ebp+var_14]
call sub_40C730
call sub_40C514
push [ebp+var_14]
call sub_40C55C
mov byte ptr [ebp+var_1C+2], 24h
add byte ptr [ebp+var_1C+2], 36h
loc_4083E0: ; CODE XREF: sub_408189+191�j
pop edi
pop esi
pop ebx
leave
retn
sub_408189 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4083E5 proc near ; CODE XREF: sub_40847D+7F�p
; sub_4085D0+E8�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push eax
push esi
push edi
mov esi, [ebp+arg_4]
mov [ebp+var_4], 34Dh
push esi
push [ebp+arg_0]
mov eax, dword_445448
lea eax, ds:40D000h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_40842D
; ---------------------------------------------------------------------------
loc_408413: ; CODE XREF: sub_4083E5+4A�j
mov eax, dword_445448
add eax, edi
lea eax, ds:40D000h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C8h
mov [eax], dl
inc edi
loc_40842D: ; CODE XREF: sub_4083E5+2C�j
cmp edi, esi
jl short loc_408413
mov eax, dword_445448
add eax, esi
mov byte ptr ds:dword_40D000[eax], 0
mov edi, dword_445448
mov eax, edi
add eax, 2
add eax, esi
mov dword_445448, eax
add dword_445448, 2
cmp dword_445448, 0E0Bh
jle short loc_40846C
and dword_445448, 0
loc_40846C: ; CODE XREF: sub_4083E5+7E�j
mov [ebp+var_8], 16Bh
lea eax, dword_40D000[edi]
pop edi
pop esi
leave
retn
sub_4083E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40847D proc near ; CODE XREF: sub_4085D0+A4�p
var_239 = byte ptr -239h
var_238 = dword ptr -238h
var_232 = word ptr -232h
var_230 = byte ptr -230h
var_228 = byte ptr -228h
var_220 = byte ptr -220h
var_218 = byte ptr -218h
var_213 = byte ptr -213h
var_10E = word ptr -10Eh
var_10C = word ptr -10Ch
var_10A = word ptr -10Ah
var_107 = byte ptr -107h
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 23Ch
push ebx
push esi
push edi
mov [ebp+var_2], 149Fh
sub [ebp+var_2], 654Ch
lea edi, [ebp+var_218]
lea esi, dword_44544C
mov ecx, 5
rep movsb
mov [ebp+var_10A], 1680h
sub [ebp+var_10A], 13D8h
push 104h
lea eax, [ebp+var_213]
push eax
call sub_40C580
mov [ebp+var_10C], 696Dh
sub [ebp+var_10C], 0DF2h
lea eax, [ebp+var_213]
push eax
lea eax, [ebp+var_107]
push eax
call sub_40C4B8
call sub_40C598
push 0Dh
push offset byte_445F7D
call sub_4083E5
push eax
lea edi, [ebp+var_107]
push edi
call sub_40CA54
add esp, 10h
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_107]
push eax
call sub_40C67C
mov ebx, eax
mov [ebp+var_10E], 5E47h
sub [ebp+var_10E], 6CA2h
cmp ebx, 0FFFFFFFFh
jz loc_4085CB
mov [ebp+var_232], 5F48h
movzx eax, [ebp+var_232]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_232], ax
lea eax, [ebp+var_230]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
push ebx
call sub_40C52C
mov [ebp+var_238], 1E63h
sub [ebp+var_238], 38B1h
lea eax, [ebp+var_230]
push eax
lea eax, [ebp+var_228]
push eax
lea eax, [ebp+var_220]
push eax
push [ebp+arg_0]
call sub_40C6B8
mov [ebp+var_239], 0Dh
add [ebp+var_239], 54h
push ebx
call sub_40C55C
call sub_40C598
loc_4085CB: ; CODE XREF: sub_40847D+C6�j
pop edi
pop esi
pop ebx
leave
retn
sub_40847D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4085D0 proc near ; CODE XREF: sub_40A766+A0�p
var_225 = dword ptr -225h
var_221 = byte ptr -221h
var_220 = byte ptr -220h
var_21B = word ptr -21Bh
var_219 = byte ptr -219h
var_115 = byte ptr -115h
var_109 = byte ptr -109h
var_108 = byte ptr -108h
var_107 = byte ptr -107h
var_106 = word ptr -106h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 228h
push ebx
push esi
push edi
call sub_40C574
call sub_40C5A4
cmp eax, 80000000h
jnb loc_408730
mov [ebp+var_106], 53DAh
inc [ebp+var_106]
lea edi, [ebp+var_115]
lea esi, byte_445451
mov ecx, 3
rep movsd
mov ax, word_44545D
mov [ebp+var_21B], ax
push 0
push 0
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_115]
push eax
call sub_40C67C
mov ebx, eax
mov [ebp+var_107], 56h
add [ebp+var_107], 1
push 0
lea eax, [ebp+var_220]
push eax
push 4001h
push offset dword_44143C
push ebx
call sub_40C730
mov [ebp+var_108], 0F0h
sub [ebp+var_108], 6
push ebx
call sub_40847D
call sub_40C508
push ebx
call sub_40C55C
lea edi, [ebp+var_221]
lea esi, byte_44545F
xor ecx, ecx
inc ecx
rep movsb
push 104h
lea eax, [ebp+var_104]
push eax
call sub_40C580
mov eax, dword_445460
mov [ebp+var_225], eax
push 0Ah
push offset word_445F72
call sub_4083E5
lea edi, [ebp+var_104]
push edi
push eax
lea edi, [ebp+var_219]
push edi
call sub_40CA30
call sub_40C634
push 1Dh
push offset dword_445F54
call sub_4083E5
push eax
lea edi, [ebp+var_104]
push edi
call sub_40CA54
add esp, 28h
call sub_40C508
lea eax, [ebp+var_219]
push eax
call sub_40C760
mov [ebp+var_109], 0C1h
movzx eax, [ebp+var_109]
imul eax, 2ED3h
mov [ebp+var_109], al
push 0
lea eax, [ebp+var_104]
push eax
call sub_40C724
call sub_40C598
loc_408730: ; CODE XREF: sub_4085D0+1B�j
pop edi
pop esi
pop ebx
leave
retn
sub_4085D0 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_4454EC
lea eax, ds:431D10h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408775
; ---------------------------------------------------------------------------
loc_40875B: ; CODE XREF: .text:00408777�j
mov eax, dword_4454EC
add eax, edi
lea eax, ds:431D10h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C3h
mov [eax], dl
inc edi
loc_408775: ; CODE XREF: .text:00408759�j
cmp edi, esi
jl short loc_40875B
mov eax, dword_4454EC
add eax, esi
mov byte ptr ds:dword_431D10[eax], 0
mov edi, dword_4454EC
add dword_4454EC, 3
mov eax, dword_4454EC
add eax, 5
add eax, esi
mov dword_4454EC, eax
cmp eax, 0E02h
jle short loc_4087B2
and dword_4454EC, 0
loc_4087B2: ; CODE XREF: .text:004087A9�j
mov dword ptr [ebp-4], 2B6h
lea eax, dword_431D10[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087C3 proc near ; CODE XREF: sub_4088D5+4A�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
mov [ebp+var_1], 0A2h
add [ebp+var_1], 1
push 4
push 1000h
push [ebp+arg_0]
push 0
call sub_40C6E8
jmp short loc_4087EE
; ---------------------------------------------------------------------------
mov edi, 369Ah
mov eax, edi
add eax, edi
mov edi, eax
loc_4087EE: ; CODE XREF: sub_4087C3+1E�j
pop edi
leave
retn
sub_4087C3 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4087F1 proc near ; CODE XREF: sub_4088D5+E6�p
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
mov ax, word_4454F0
mov [ebp+var_2], ax
push 8000h
push 0
push [ebp+arg_0]
call sub_40C6F4
jmp short locret_408815
; ---------------------------------------------------------------------------
call sub_40C514
locret_408815: ; CODE XREF: sub_4087F1+1D�j
leave
retn
sub_4087F1 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
push esi
push dword ptr [ebp+8]
mov eax, dword_4454FC
lea eax, ds:439340h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408857
; ---------------------------------------------------------------------------
loc_40883D: ; CODE XREF: .text:00408859�j
mov eax, dword_4454FC
add eax, edi
lea eax, ds:439340h[eax]
movsx edx, byte ptr [eax]
xor edx, 0C3h
mov [eax], dl
inc edi
loc_408857: ; CODE XREF: .text:0040883B�j
cmp edi, esi
jl short loc_40883D
mov eax, dword_4454FC
add eax, esi
mov byte ptr ds:dword_439340[eax], 0
mov edi, dword_4454FC
add dword_4454FC, 3
mov eax, dword_4454FC
add eax, 5
add eax, esi
mov dword_4454FC, eax
cmp eax, 0E02h
jle short loc_408894
and dword_4454FC, 0
loc_408894: ; CODE XREF: .text:0040888B�j
mov dword ptr [ebp-4], 2B6h
lea eax, dword_439340[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088A5 proc near ; CODE XREF: sub_4088D5+100�p
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
push edi
mov [ebp+var_1], 0A2h
add [ebp+var_1], 1
push offset dword_4454A4
push offset dword_445464
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40BA60
mov edi, 369Ah
mov eax, edi
add eax, edi
mov edi, eax
pop edi
leave
retn
sub_4088A5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4088D5 proc near ; CODE XREF: sub_409847+4BC�p
var_6A = word ptr -6Ah
var_68 = dword ptr -68h
var_64 = byte ptr -64h
var_61 = byte ptr -61h
var_5E = word ptr -5Eh
var_5C = byte ptr -5Ch
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 6Ch
push ebx
push esi
push edi
mov ebx, [ebp+arg_0]
mov ax, word_445500
mov [ebp+var_5E], ax
lea edi, [ebp+var_61]
lea esi, word_445502
mov ecx, 3
rep movsb
lea edi, [ebp+var_64]
lea esi, byte_445505
mov ecx, 3
rep movsb
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408916
add eax, 3Fh
loc_408916: ; CODE XREF: sub_4088D5+3C�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
call sub_4087C3
pop ecx
mov [ebp+var_18], eax
call sub_40C634
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_408938
add eax, 3Fh
loc_408938: ; CODE XREF: sub_4088D5+5E�j
sar eax, 6
mov edi, eax
shl edi, 6
push edi
push [ebp+var_18]
call sub_40C6A0
call sub_40C514
push [ebp+arg_4]
push ebx
push [ebp+var_18]
call sub_40C9F4
add esp, 0Ch
mov eax, dword_445508
mov [ebp+var_68], eax
lea eax, [ebp+var_14]
push eax
call sub_40BB9E
call sub_40C598
mov ebx, [ebp+var_18]
and [ebp+var_4], 0
jmp short loc_4089A5
; ---------------------------------------------------------------------------
loc_40897C: ; CODE XREF: sub_4088D5+E1�j
call sub_40C508
push ebx
lea eax, [ebp+var_14]
push eax
call sub_40BBC5
mov [ebp+var_6A], 3E0Fh
movzx eax, [ebp+var_6A]
imul eax, 4D56h
mov [ebp+var_6A], ax
add ebx, 40h
inc [ebp+var_4]
loc_4089A5: ; CODE XREF: sub_4088D5+A5�j
mov eax, [ebp+arg_4]
add eax, 40h
jge short loc_4089B0
add eax, 3Fh
loc_4089B0: ; CODE XREF: sub_4088D5+D6�j
sar eax, 6
cmp [ebp+var_4], eax
jl short loc_40897C
push [ebp+var_18]
call sub_4087F1
mov [ebp+var_1C], 5CDFh
add [ebp+var_1C], 4710h
lea eax, [ebp+var_5C]
push eax
push [ebp+arg_8]
call sub_4088A5
mov eax, dword_4454F4
add eax, 0Eh
push eax
lea eax, [ebp+var_14]
push eax
lea eax, [ebp+var_5C]
push eax
call sub_40C9E8
add esp, 18h
or eax, eax
jz short loc_4089FC
xor eax, eax
inc eax
jmp short loc_408A03
; ---------------------------------------------------------------------------
loc_4089FC: ; CODE XREF: sub_4088D5+120�j
call sub_40C5A4
xor eax, eax
loc_408A03: ; CODE XREF: sub_4088D5+125�j
pop edi
pop esi
pop ebx
leave
retn
sub_4088D5 endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ecx
push esi
push edi
mov esi, [ebp+0Ch]
mov dword ptr [ebp-4], 3D4h
push esi
push dword ptr [ebp+8]
mov eax, dword_445514
lea eax, ds:438220h[eax]
push eax
call sub_40C9F4
add esp, 0Ch
xor edi, edi
jmp short loc_408A4C
; ---------------------------------------------------------------------------
loc_408A35: ; CODE XREF: .text:00408A4E�j
mov eax, dword_445514
add eax, edi
lea eax, ds:438220h[eax]
movsx edx, byte ptr [eax]
xor edx, 25h
mov [eax], dl
inc edi
loc_408A4C: ; CODE XREF: .text:00408A33�j
cmp edi, esi
jl short loc_408A35
mov eax, dword_445514
add eax, esi
mov byte ptr ds:dword_438220[eax], 0
mov edi, dword_445514
mov eax, edi
add eax, 4
add eax, esi
mov dword_445514, eax
add dword_445514, 3
cmp dword_445514, 0DCBh
jle short loc_408A8B
and dword_445514, 0
loc_408A8B: ; CODE XREF: .text:00408A82�j
lea eax, dword_438220[edi]
pop edi
pop esi
leave
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408A95 proc near ; CODE XREF: sub_409847+40F�p
; sub_409847+434�p
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_1F = byte ptr -1Fh
var_17 = byte ptr -17h
var_16 = word ptr -16h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 2Ch
push ebx
push esi
push edi
mov [ebp+var_16], 6062h
movzx eax, [ebp+var_16]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_16], ax
call sub_40C634
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_14], eax
mov [ebp+var_4], eax
mov eax, [ebp+arg_4]
mov [ebp+var_8], eax
mov eax, [ebp+arg_8]
add eax, [ebp+var_8]
mov [ebp+var_C], eax
mov ebx, [ebp+arg_0]
jmp loc_408BB9
; ---------------------------------------------------------------------------
loc_408AD9: ; CODE XREF: sub_408A95+12F�j
call sub_40C634
movsx edi, byte ptr [ebx]
shl edi, 2
mov edi, dword_445518[edi]
mov [ebp+var_4], edi
cmp edi, 0FFFFFFFFh
jz loc_408BB8
lea edi, [ebp+var_1F]
lea esi, dword_445918
movsd
movsd
mov eax, [ebp+var_10]
or eax, eax
jl loc_408BB2
cmp eax, 3
jg loc_408BB2
jmp dword_445924[eax*4]
; ---------------------------------------------------------------------------
mov eax, dword_445920
mov [ebp+var_2C], eax
inc [ebp+var_10]
call sub_40C598
jmp loc_408BB2
; ---------------------------------------------------------------------------
mov edi, [ebp+var_14]
shl edi, 2
mov esi, [ebp+var_4]
and esi, 30h
sar esi, 4
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
mov [ebp+var_28], 6A69h
mov eax, [ebp+var_28]
mov edx, eax
add edx, eax
mov [ebp+var_28], edx
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BB2
; ---------------------------------------------------------------------------
mov edi, [ebp+var_14]
and edi, 0Fh
shl edi, 4
mov esi, [ebp+var_4]
and esi, 3Ch
sar esi, 2
or edi, esi
mov edx, edi
mov [ebp+var_17], dl
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
inc [ebp+var_10]
jmp short loc_408BB2
; ---------------------------------------------------------------------------
mov edi, [ebp+var_14]
and edi, 3
shl edi, 6
or edi, [ebp+var_4]
mov edx, edi
mov [ebp+var_17], dl
mov eax, [ebp+var_8]
inc [ebp+var_8]
mov dl, [ebp+var_17]
mov [eax], dl
and [ebp+var_10], 0
loc_408BB2: ; CODE XREF: sub_408A95+72�j
; sub_408A95+7B�j ...
mov eax, [ebp+var_4]
mov [ebp+var_14], eax
loc_408BB8: ; CODE XREF: sub_408A95+5C�j
inc ebx
loc_408BB9: ; CODE XREF: sub_408A95+3F�j
cmp byte ptr [ebx], 0
jz short loc_408BCA
mov eax, [ebp+var_C]
cmp [ebp+var_8], eax
jb loc_408AD9
loc_408BCA: ; CODE XREF: sub_408A95+127�j
cmp byte ptr [ebx], 0
jnz short loc_408BDC
call sub_40C538
mov eax, [ebp+var_8]
sub eax, [ebp+arg_4]
jmp short loc_408BDF
; ---------------------------------------------------------------------------
loc_408BDC: ; CODE XREF: sub_408A95+138�j
or eax, 0FFFFFFFFh
loc_408BDF: ; CODE XREF: sub_408A95+145�j
pop edi
pop esi
pop ebx
leave
retn
sub_408A95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408BE4 proc near ; CODE XREF: sub_409847:loc_40A5BF�p
var_370 = byte ptr -370h
var_36C = byte ptr -36Ch
var_368 = dword ptr -368h
var_364 = dword ptr -364h
var_360 = byte ptr -360h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_24C = byte ptr -24Ch
var_148 = dword ptr -148h
var_11C = dword ptr -11Ch
var_118 = word ptr -118h
var_104 = byte ptr -104h
push ebp
mov ebp, esp
sub esp, 370h
push ebx
push esi
push edi
lea eax, [ebp+var_104]
push eax
push 104h
call sub_40C58C
lea ecx, [ebp+var_104]
or eax, 0FFFFFFFFh
loc_408C0A: ; CODE XREF: sub_408BE4+2B�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408C0A
mov esi, eax
push 8
lea ebx, [ebp+var_104]
add ebx, esi
push ebx
call sub_40170F
add esp, 8
push offset byte_445F4F
lea eax, [ebp+var_104]
push eax
call sub_40CA54
add esp, 8
push 0
push 80h
push 2
push 0
push 0
push 40000000h
lea eax, [ebp+var_104]
push eax
call sub_40C67C
mov edi, eax
cmp edi, 0FFFFFFFFh
jz loc_408DEA
push 2
push 0
push 0
push edi
call sub_40C6AC
lea ecx, dword_445934
or eax, 0FFFFFFFFh
loc_408C78: ; CODE XREF: sub_408BE4+99�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_408C78
mov esi, eax
push 0
lea ebx, [ebp+var_36C]
push ebx
push esi
push offset dword_445934
push edi
call sub_40C730
push edi
call sub_40C55C
mov [ebp+var_364], 104h
lea eax, [ebp+var_370]
push eax
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_360]
push eax
push offset dword_445F28
push offset byte_445F2D
push 80000002h
call sub_4014BD
add esp, 18h
mov [ebp+var_368], eax
cmp [ebp+var_368], 0
jz loc_408DEA
push 104h
lea eax, [ebp+var_24C]
push eax
lea eax, [ebp+var_360]
push eax
call sub_40C4F0
push offset byte_445F19
lea eax, [ebp+var_24C]
push eax
call sub_40CA54
lea eax, [ebp+var_104]
push eax
lea eax, [ebp+var_24C]
push eax
call sub_40CA54
call sub_404527
mov edi, eax
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
push 44h
push 0
lea eax, [ebp+var_148]
push eax
call sub_40CA00
add esp, 28h
mov [ebp+var_148], 44h
mov [ebp+var_11C], 1
mov [ebp+var_118], 1
or edi, edi
jz short loc_408D7B
lea eax, [ebp+var_148]
push eax
call sub_4045B7
pop ecx
jmp short loc_408D84
; ---------------------------------------------------------------------------
loc_408D7B: ; CODE XREF: sub_408BE4+186�j
mov [ebp+var_118], 0
loc_408D84: ; CODE XREF: sub_408BE4+195�j
lea eax, [ebp+var_25C]
push eax
lea eax, [ebp+var_148]
push eax
push 0
push 0
push 20h
push 0
push 0
push 0
lea eax, [ebp+var_24C]
push eax
push 0
call sub_40C70C
or eax, eax
jz short loc_408DDE
push [ebp+var_258]
call sub_40C55C
push 0EA60h
call sub_40C9B8
pop ecx
push 0
push [ebp+var_25C]
call sub_40C6DC
push [ebp+var_25C]
call sub_40C55C
loc_408DDE: ; CODE XREF: sub_408BE4+1CA�j
lea eax, [ebp+var_104]
push eax
call sub_40C760
loc_408DEA: ; CODE XREF: sub_408BE4+79�j
; sub_408BE4+FB�j
pop edi
pop esi
pop ebx
leave
retn
sub_408BE4 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408DEF proc near ; CODE XREF: sub_408E89+27�p
; sub_408E89+41�p ...
var_1008 = dword ptr -1008h
var_1004 = dword ptr -1004h
var_1000 = byte ptr -1000h
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, 1008h
call sub_40C498
push esi
push edi
call sub_40C598
push 5
push [ebp+arg_0]
call sub_40C790
mov edi, eax
mov esi, 60E9h
mov eax, 7C4Ah
mul esi
mov [ebp+var_1008], eax
mov esi, eax
loc_408E23: ; CODE XREF: sub_408DEF+94�j
or edi, edi
jnz short loc_408E2B
xor eax, eax
jmp short loc_408E85
; ---------------------------------------------------------------------------
loc_408E2B: ; CODE XREF: sub_408DEF+36�j
push 0FFFh
lea eax, [ebp+var_1000]
push eax
push edi
call sub_40C79C
mov [ebp+var_1], 27h
add [ebp+var_1], 1
mov eax, 0Dh
sub eax, dword_43B098
push eax
push [ebp+arg_4]
lea eax, [ebp+var_1000]
push eax
call sub_401806
add esp, 0Ch
cmp eax, 0FFFFh
jz short loc_408E6E
mov eax, edi
jmp short loc_408E85
; ---------------------------------------------------------------------------
loc_408E6E: ; CODE XREF: sub_408DEF+79�j
mov eax, dword_445ACB
mov [ebp+var_1004], eax
push 2
push edi
call sub_40C790
mov edi, eax
jmp short loc_408E23
; ---------------------------------------------------------------------------
loc_408E85: ; CODE XREF: sub_408DEF+3A�j
; sub_408DEF+7D�j
pop edi
pop esi
leave
retn
sub_408DEF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_408E89 proc near ; CODE XREF: sub_40B143+1F3�p
var_174 = dword ptr -174h
var_16F = byte ptr -16Fh
var_169 = byte ptr -169h
var_168 = dword ptr -168h
var_163 = byte ptr -163h
var_162 = byte ptr -162h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_152 = word ptr -152h
var_150 = byte ptr -150h
var_148 = byte ptr -148h
var_140 = word ptr -140h
var_13E = byte ptr -13Eh
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_129 = byte ptr -129h
var_128 = dword ptr -128h
var_122 = word ptr -122h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_112 = dword ptr -112h
var_10E = dword ptr -10Eh
var_10A = dword ptr -10Ah
var_106 = dword ptr -106h
var_102 = byte ptr -102h
var_3 = byte ptr -3
var_2 = word ptr -2
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 174h
push ebx
push esi
push edi
mov eax, dword_445ACF
mov [ebp+var_138], eax
push 9
push offset byte_445F0F
call sub_40129C
push eax
push [ebp+arg_0]
call sub_408DEF
mov ebx, eax
call sub_40C538
push 8
push offset word_445F06
call sub_40129C
push eax
push ebx
call sub_408DEF
mov ds:dword_41C950, eax
call sub_40C598
push 0
push ds:dword_41C950
call sub_40C880
call sub_40C538
lea eax, [ebp+var_112]
push eax
push ebx
call sub_40C778
push 0
push ds:dword_41DA84
push 0
push ebx
mov eax, [ebp+var_106]
sub eax, [ebp+var_10E]
push eax
mov eax, [ebp+var_10A]
sub eax, [ebp+var_112]
push eax
push 0
push 0
push 50800000h
push offset byte_446605
push offset byte_445EFD
push 200h
call sub_40C88C
mov ds:dword_41EB84, eax
call sub_40C598
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_158], eax
push 19h
push offset dword_445EDC
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 30h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43B098
add edi, 8
push edi
mov edi, dword_43B094
add edi, 12h
push edi
push 50800000h
push eax
mov edi, [ebp+var_158]
push edi
push 0
call sub_40C88C
mov ds:dword_41C94C, eax
call sub_40C514
push 6
push offset word_445EF6
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, [ebp+var_10A]
sub edi, [ebp+var_112]
sub edi, 64h
push edi
mov edi, dword_43B098
add edi, 45h
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800009h
push offset byte_446605
push eax
push 0
call sub_40C88C
mov ds:dword_42FCF8, eax
call sub_40C514
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 2BCh
push 0
push 0
mov eax, 14h
sub eax, dword_43B098
push eax
mov eax, dword_43B094
add eax, 12h
push eax
call sub_40C8F8
mov [ebp+var_134], eax
call sub_40C634
push 1
push [ebp+var_134]
push 30h
push ds:dword_41C94C
call sub_40C85C
call sub_40C5A4
push 8
push offset byte_445ED3
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, dword_43B094
add edi, 30h
push edi
mov edi, dword_43B098
add edi, 2Eh
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800003h
push offset byte_446605
push eax
push 0
call sub_40C88C
mov ds:dword_431D04, eax
call sub_40C508
push 8
push offset byte_445ED3
call sub_40129C
add esp, 48h
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B098
add edi, 120h
push edi
mov edi, dword_43B098
add edi, 30h
push edi
mov edi, dword_43B098
add edi, 2Eh
push edi
mov edi, dword_43B098
add edi, 46h
push edi
push 50800003h
push offset byte_446605
push eax
push 0
call sub_40C88C
mov ds:dword_41DA7C, eax
call sub_40C598
mov [ebp+var_2], 1
jmp loc_409219
; ---------------------------------------------------------------------------
loc_409155: ; CODE XREF: sub_408E89+397�j
call sub_40C508
lea edi, [ebp+var_169]
lea esi, byte_445AD3
mov ecx, 3
rep movsw
lea edi, [ebp+var_16F]
lea esi, byte_445AD9
mov ecx, 3
rep movsw
push 4
push offset word_445ECE
call sub_40129C
movzx edi, [ebp+var_2]
push edi
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA30
lea eax, [ebp+var_162]
push eax
push 0
push 143h
push ds:dword_431D04
call sub_40C85C
push 6
push offset byte_445EC7
call sub_40129C
movzx edi, [ebp+var_2]
add edi, 4
push edi
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA30
add esp, 28h
call sub_40C538
lea eax, [ebp+var_162]
push eax
push 0
push 143h
push ds:dword_41DA7C
call sub_40C85C
mov [ebp+var_163], 0E9h
movzx eax, [ebp+var_163]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_163], al
inc [ebp+var_2]
loc_409219: ; CODE XREF: sub_408E89+2C7�j
movzx eax, [ebp+var_2]
cmp eax, 0Dh
jl loc_409155
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_15C], eax
push 10h
push offset word_445EB6
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 4
push edi
mov edi, dword_43B098
add edi, 5Bh
push edi
mov edi, dword_43B098
add edi, 62h
push edi
mov edi, dword_43B098
add edi, 0B7h
push edi
push 50000000h
push eax
mov edi, [ebp+var_15C]
push edi
push 0
call sub_40C88C
mov ds:dword_413F70, eax
mov [ebp+var_118], 5002h
add [ebp+var_118], 127Fh
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_160], eax
push 0Fh
push offset word_445EA6
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B098
add edi, 4Bh
push edi
mov edi, dword_43B098
add edi, 85h
push edi
mov edi, dword_43B094
add edi, 0C1h
push edi
push 50000000h
push eax
mov edi, [ebp+var_160]
push edi
push 0
call sub_40C88C
mov ds:dword_431CFC, eax
push 6
push offset word_445EF6
call sub_40129C
mov [ebp-164h], eax
push 0Ch
push offset byte_445E99
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 54h
push edi
mov edi, dword_43B098
add edi, 0ADh
push edi
mov edi, dword_43B098
add edi, 0B7h
push edi
push 50000000h
push eax
mov edi, [ebp-164h]
push edi
push 0
call sub_40C88C
mov ds:dword_433FE4, eax
push 6
push offset word_445EF6
call sub_40129C
mov [ebp+var_168], eax
push 4Ah
push offset word_445E4E
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 1E2h
push edi
mov edi, dword_43B098
add edi, 0DAh
push edi
mov edi, dword_43B098
add edi, 12h
push edi
push 50000000h
push eax
mov edi, [ebp+var_168]
push edi
push 0
call sub_40C88C
mov ds:dword_431D00, eax
call sub_40C538
push 6
push offset word_445EF6
call sub_40129C
mov [ebp-16Ch], eax
push 26h
push offset byte_445E27
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B094
add edi, 0Eh
push edi
mov edi, dword_43B094
add edi, 0FBh
push edi
mov edi, dword_43B098
add edi, 0F3h
push edi
mov edi, dword_43B094
add edi, 1Ch
push edi
push 50000000h
push eax
mov edi, [ebp-16Ch]
push edi
push 0
call sub_40C88C
mov ds:dword_439328, eax
call sub_40C538
lea edi, [ebp+var_13E]
lea esi, byte_445ADF
mov ecx, 3
rep movsw
push offset byte_432F00
lea eax, [ebp+var_102]
push eax
call sub_40CA30
add esp, 58h
call sub_40C5A4
mov [ebp+var_3], 4
jmp short loc_4094CD
; ---------------------------------------------------------------------------
loc_4094BD: ; CODE XREF: sub_408E89+649�j
movzx eax, [ebp+var_3]
mov [ebp+eax+var_102], 78h
add [ebp+var_3], 1
loc_4094CD: ; CODE XREF: sub_408E89+632�j
mov al, [ebp+var_3]
cmp al, 0Ch
jb short loc_4094BD
mov [ebp+var_11C], 78Fh
add [ebp+var_11C], 2437h
push 4
push offset word_445E22
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B094
add edi, 16h
push edi
mov edi, dword_43B098
mov esi, edi
add esi, 76h
push esi
add edi, 8
push edi
push edi
push 50800800h
lea edi, [ebp+var_102]
push edi
push eax
push 200h
call sub_40C88C
mov ds:dword_410848, eax
call sub_40C5A4
push 4
push offset word_445E22
call sub_40129C
push 0
push ds:dword_41DA84
push 0
push ds:dword_42FCF8
mov edi, dword_43B094
add edi, 16h
push edi
mov edi, dword_43B094
add edi, 44h
push edi
mov edi, dword_43B098
add edi, 53h
push edi
mov edi, dword_43B098
add edi, 8
push edi
push 50800000h
push offset byte_446605
push eax
push 200h
call sub_40C88C
mov ds:dword_41DA74, eax
call sub_40C598
push 0
push 78h
push 0CCh
push ds:dword_41DA74
call sub_40C85C
push 6
push offset byte_445E1B
call sub_40129C
mov [ebp-170h], eax
push 16h
push offset dword_445E04
call sub_40129C
add esp, 20h
push 0
push ds:dword_41DA84
push 0
push ds:dword_41EB84
mov edi, dword_43B098
add edi, 0Bh
push edi
mov edi, dword_43B098
add edi, 8Fh
push edi
mov edi, dword_43B098
add edi, 134h
push edi
mov edi, dword_43B098
add edi, 12h
push edi
push 50800000h
push eax
mov edi, [ebp-170h]
push edi
push 0
call sub_40C88C
mov ds:dword_433FE8, eax
call sub_40C574
push 0
push 2
push 0
push 0
push 5
push 1
push 0
push 0
push 0
push 190h
push 0
push 0
mov eax, dword_43B094
add eax, 4
push eax
mov eax, dword_43B098
add eax, 4
push eax
call sub_40C8F8
mov ebx, eax
push 1
push ebx
push 30h
push ds:dword_431D04
call sub_40C85C
mov ax, word_445AE5
mov [ebp+var_140], ax
push 1
push ebx
push 30h
push ds:dword_41DA7C
call sub_40C85C
call sub_40C508
push 1
push ebx
push 30h
push ds:dword_410848
call sub_40C85C
push 1
push ebx
push 30h
push ds:dword_41DA74
call sub_40C85C
push 1
push ebx
push 30h
push ds:dword_431CFC
call sub_40C85C
lea edi, [ebp+var_148]
lea esi, byte_445AE7
movsd
movsd
push 1
push ebx
push 30h
push ds:dword_413F70
call sub_40C85C
mov [ebp+var_120], 1931h
add [ebp+var_120], 340Ch
push 1
push ebx
push 30h
push ds:dword_433FE4
call sub_40C85C
lea edi, [ebp+var_150]
lea esi, byte_445AEF
mov ecx, 2
rep movsd
push 1
push ebx
push 30h
push ds:dword_433FE8
call sub_40C85C
push 0FFFFFFFCh
push ds:dword_431D04
call sub_40C808
mov ds:dword_41EA7C, eax
call sub_40C598
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_431D04
call sub_40C814
mov [ebp+var_122], 0B3Bh
add [ebp+var_122], 6718h
push 0FFFFFFFCh
push ds:dword_41DA7C
call sub_40C808
mov ds:dword_41DA78, eax
mov ebx, 90Dh
mov eax, ebx
add eax, ebx
mov ebx, eax
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_41DA7C
call sub_40C814
mov [ebp+var_128], 5EE2h
mov eax, 7823h
mul [ebp+var_128]
mov [ebp+var_174], eax
mov [ebp+var_128], eax
push 0FFFFFFFCh
push ds:dword_410848
call sub_40C808
mov ds:dword_40E008, eax
mov [ebp+var_129], 0B8h
add [ebp+var_129], 0CCh
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_410848
call sub_40C814
call sub_40C634
push 0FFFFFFFCh
push ds:dword_41DA74
call sub_40C808
mov ds:dword_413F6C, eax
mov [ebp+var_130], 5F75h
inc [ebp+var_130]
push offset sub_40B01B
push 0FFFFFFFCh
push ds:dword_41DA74
call sub_40C814
call sub_40C5A4
push ds:dword_431D04
call sub_40C7A8
mov ax, word_445AF7
mov [ebp+var_152], ax
pop edi
pop esi
pop ebx
leave
retn
sub_408E89 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_409847 proc near ; DATA XREF: sub_40A766+80D�o
var_55FD = byte ptr -55FDh
var_55FC = dword ptr -55FCh
var_55F7 = byte ptr -55F7h
var_55F4 = word ptr -55F4h
var_55F1 = byte ptr -55F1h
var_55F0 = dword ptr -55F0h
var_55EA = byte ptr -55EAh
var_474C = dword ptr -474Ch
var_4746 = dword ptr -4746h
var_4742 = byte ptr -4742h
var_473F = byte ptr -473Fh
var_4737 = byte ptr -4737h
var_4736 = byte ptr -4736h
var_472F = byte ptr -472Fh
var_4727 = byte ptr -4727h
var_4720 = dword ptr -4720h
var_471C = word ptr -471Ch
var_4719 = byte ptr -4719h
var_4718 = word ptr -4718h
var_4716 = word ptr -4716h
var_4714 = dword ptr -4714h
var_470F = byte ptr -470Fh
var_470E = word ptr -470Eh
var_470B = byte ptr -470Bh
var_470A = word ptr -470Ah
var_4707 = byte ptr -4707h
var_4608 = byte ptr -4608h
var_4604 = dword ptr -4604h
var_4600 = dword ptr -4600h
var_45FC = dword ptr -45FCh
var_45F5 = byte ptr -45F5h
var_45F4 = dword ptr -45F4h
var_45EF = byte ptr -45EFh
var_45EB = byte ptr -45EBh
var_35FD = byte ptr -35FDh
var_35FA = word ptr -35FAh
var_35F8 = dword ptr -35F8h
var_35F4 = word ptr -35F4h
var_35F2 = word ptr -35F2h
var_35F0 = dword ptr -35F0h
var_35EC = dword ptr -35ECh
var_35E5 = byte ptr -35E5h
var_35E0 = word ptr -35E0h
var_35DE = byte ptr -35DEh
var_35D8 = byte ptr -35D8h
var_35D3 = byte ptr -35D3h
var_25D4 = byte ptr -25D4h
var_25CF = byte ptr -25CFh
var_15E4 = dword ptr -15E4h
var_15E0 = dword ptr -15E0h
var_15DC = dword ptr -15DCh
var_15D8 = dword ptr -15D8h
var_15D4 = dword ptr -15D4h
var_15D0 = dword ptr -15D0h
var_117A = byte ptr -117Ah
var_1174 = byte ptr -1174h
var_116C = byte ptr -116Ch
var_1167 = byte ptr -1167h
var_1160 = byte ptr -1160h
var_1159 = byte ptr -1159h
var_1153 = byte ptr -1153h
var_114C = dword ptr -114Ch
var_1148 = word ptr -1148h
var_1146 = byte ptr -1146h
var_113F = byte ptr -113Fh
var_1138 = word ptr -1138h
var_1136 = byte ptr -1136h
var_1133 = byte ptr -1133h
var_1034 = dword ptr -1034h
var_102D = byte ptr -102Dh
var_102C = dword ptr -102Ch
var_1028 = word ptr -1028h
var_1026 = word ptr -1026h
var_1024 = word ptr -1024h
var_1022 = word ptr -1022h
var_1020 = word ptr -1020h
var_101D = byte ptr -101Dh
var_101C = word ptr -101Ch
var_1019 = byte ptr -1019h
var_1018 = dword ptr -1018h
var_1014 = dword ptr -1014h
var_100F = byte ptr -100Fh
var_F0B = byte ptr -0F0Bh
var_E0C = dword ptr -0E0Ch
var_E08 = byte ptr -0E08h
var_608 = dword ptr -608h
var_604 = dword ptr -604h
var_600 = byte ptr -600h
var_200 = byte ptr -200h
var_1FD = byte ptr -1FDh
var_1FB = byte ptr -1FBh
var_1A8 = byte ptr -1A8h
var_1A7 = byte ptr -1A7h
push ebp
mov ebp, esp
mov eax, 5600h
call sub_40C498
push ebx
push esi
push edi
lea edi, [ebp+var_1136]
lea esi, byte_445AF9
mov ecx, 3
rep movsb
mov ax, word_445AFC
mov [ebp+var_1138], ax
lea edi, [ebp+var_113F]
lea esi, word_445AFE
mov ecx, 7
rep movsb
lea edi, [ebp+var_1146]
lea esi, byte_445B05
mov ecx, 7
rep movsb
mov ax, word_445B0C
mov [ebp+var_1148], ax
mov eax, dword_445B0E
mov [ebp+var_114C], eax
call sub_40C598
push eax
call sub_40CA3C
pop ecx
mov [ebp+var_1020], 5EBBh
movzx eax, [ebp+var_1020]
imul eax, 4F0Ch
mov [ebp+var_1020], ax
loc_4098DE: ; CODE XREF: sub_409847+EB1�j
lea edi, [ebp+var_1153]
lea esi, word_445B12
mov ecx, 7
rep movsb
mov eax, 14h
sub eax, dword_43B098
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_40170F
mov [ebp+var_1022], 7892h
add [ebp+var_1022], 627Dh
push 9
push offset word_445DFA
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset dword_432E00
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
mov [ebp+var_1019], 0CDh
movzx eax, [ebp+var_1019]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_1019], al
lea eax, [ebp+var_600]
push eax
call sub_403449
call sub_40C508
lea edi, [ebp+var_1159]
lea esi, byte_445B19
mov ecx, 3
rep movsw
push 9
push offset dword_445DF0
call sub_40129C
mov edi, dword_43B0B4
push dword_43B0BC[edi*4]
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA30
call sub_40C508
push 1
push offset word_445DEE
call sub_40129C
mov edi, 0Dh
sub edi, dword_43B098
push edi
push eax
mov edi, dword_43B0B4
push dword_43B0BC[edi*4]
call sub_401806
add esp, 4Ch
cmp eax, 0FFFFh
jnz short loc_4099FB
push 0Ah
push offset byte_445DE3
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA54
add esp, 10h
loc_4099FB: ; CODE XREF: sub_409847+196�j
mov [ebp+var_1024], 318Dh
add [ebp+var_1024], 466Ah
and [ebp+var_1018], 0
mov [ebp+var_1034], 4
call sub_40C574
push 1Ah
push offset dword_445DC8
call sub_40129C
mov [ebp+var_15D0], eax
push 3
push offset dword_445DC4
call sub_40129C
lea edi, [ebp+var_1160]
push edi
lea edi, [ebp+var_1034]
push edi
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15D0]
push edi
push 80000001h
call sub_4014BD
lea edi, [ebp+var_1167]
lea esi, byte_445B1F
mov ecx, 7
rep movsb
lea edi, [ebp+var_116C]
lea esi, word_445B26
mov ecx, 5
rep movsb
push 7
push offset dword_445DBC
call sub_40129C
push [ebp+var_1018]
push eax
lea edi, [ebp+var_1133]
push edi
call sub_40CA30
mov [ebp+var_1026], 7CB6h
sub [ebp+var_1026], 556Ch
lea eax, [ebp+var_1133]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40CA54
lea edi, [ebp+var_1174]
lea esi, byte_445B2B
movsd
movsd
push 1
push offset word_445DBA
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset byte_445EFD
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push 0
call sub_4062CD
add esp, 6Ch
mov ebx, eax
call sub_40C574
or ebx, ebx
jnz short loc_409B4A
lea edi, [ebp+var_15D8]
lea esi, byte_445B33
mov ecx, 2
rep movsd
lea eax, [ebp+var_600]
push eax
call sub_4034D8
pop ecx
call sub_40C5A4
jmp loc_40A5BF
; ---------------------------------------------------------------------------
loc_409B4A: ; CODE XREF: sub_409847+2D7�j
and [ebp+var_1018], 0
push 1Ah
push offset dword_445DC8
call sub_40129C
mov [ebp+var_15D4], eax
push 3
push offset dword_445DC4
call sub_40129C
push 4
push 4
lea edi, [ebp+var_1018]
push edi
push eax
mov edi, [ebp+var_15D4]
push edi
push 80000001h
call sub_4015EB
mov [ebp+var_1028], 5BFEh
inc [ebp+var_1028]
push 0
lea eax, [ebp+var_600]
push eax
call sub_401A36
add esp, 30h
mov [ebp+var_E0C], eax
or eax, eax
jz loc_40A5BF
lea eax, [ebp+var_600]
push eax
call sub_40C760
lea eax, [ebp+var_600]
push eax
call sub_4034D8
pop ecx
call sub_40C574
and [ebp+var_608], 0
jmp loc_40A56A
; ---------------------------------------------------------------------------
loc_409BE5: ; CODE XREF: sub_409847+D46�j
call sub_40C5A4
cmp [ebp+var_200], 0
jz loc_40A56A
call sub_40C5A4
lea ecx, [ebp+var_200]
or eax, 0FFFFFFFFh
loc_409C05: ; CODE XREF: sub_409847+3C3�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409C05
cmp eax, 5Ch
jb loc_40A56A
lea edi, [ebp+var_35D8]
lea esi, byte_445B3B
mov ecx, 5
rep movsb
mov [ebp+var_1A8], 0
lea edi, [ebp+var_35DE]
lea esi, dword_445B40
mov ecx, 3
rep movsw
push 0FFFh
lea eax, [ebp+var_25D4]
push eax
lea eax, [ebp+var_1A7]
push eax
call sub_408A95
mov ax, word_445B46
mov [ebp+var_35E0], ax
push 0FFFh
lea eax, [ebp+var_35D3]
push eax
lea eax, [ebp+var_200]
push eax
call sub_408A95
add esp, 18h
lea edi, [ebp+var_35E5]
lea esi, dword_445B48
mov ecx, 5
rep movsb
mov byte ptr [ebp+var_15D8+2], 0
call sub_40C598
mov byte ptr [ebp+var_15D8+3], 0
jmp short loc_409CC9
; ---------------------------------------------------------------------------
loc_409CAB: ; CODE XREF: sub_409847+49B�j
movzx eax, byte ptr [ebp+var_15D8+3]
lea edx, [ebp+eax+var_25D4]
movsx ecx, byte ptr [edx]
sub ecx, eax
mov eax, ecx
mov [edx], al
add byte ptr [ebp+var_15D8+3], 1
loc_409CC9: ; CODE XREF: sub_409847+462�j
lea ecx, [ebp+var_25D4]
or eax, 0FFFFFFFFh
loc_409CD2: ; CODE XREF: sub_409847+490�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409CD2
movzx esi, byte ptr [ebp+var_15D8+3]
cmp esi, eax
jb short loc_409CAB
lea ecx, [ebp+var_25D4]
or eax, 0FFFFFFFFh
loc_409CED: ; CODE XREF: sub_409847+4AB�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_409CED
lea esi, [ebp+var_35D3]
push esi
push eax
lea edi, [ebp+var_25D4]
push edi
call sub_4088D5
add esp, 0Ch
mov [ebp+var_35EC], eax
call sub_40C514
push 5
push offset dword_445DB4
call sub_40129C
add esp, 8
mov edi, 3
sub edi, dword_43B094
push edi
push eax
lea edi, [ebp+var_25D4]
push edi
call sub_401806
add esp, 0Ch
cmp eax, 0
jnz loc_40A21B
call sub_40C5A4
lea edi, [ebp+var_4727]
lea esi, byte_445B4D
mov ecx, 7
rep movsb
mov [ebp+var_470A], 2351h
inc [ebp+var_470A]
lea eax, [ebp+var_25CF]
push eax
lea eax, [ebp+var_45EF]
push eax
call sub_40C4B8
lea edi, [ebp+var_472F]
lea esi, dword_445B54
mov ecx, 8
rep movsb
mov [ebp+var_35F0], 0
mov [ebp+var_45F4], 4
mov [ebp+var_470B], 2Bh
movzx eax, [ebp+var_470B]
imul eax, 40A3h
mov [ebp+var_470B], al
lea eax, [ebp+var_4608]
push eax
lea eax, [ebp+var_45F4]
push eax
lea eax, [ebp+var_35F0]
push eax
push offset dword_43B200
push offset byte_43B1DF
push 80000001h
call sub_4014BD
add esp, 18h
call sub_40C598
push 1
push offset word_445DBA
call sub_40129C
add esp, 8
lea edi, [ebp+var_604]
push edi
push 0
push 0
push eax
push offset byte_445EFD
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45EF]
push edi
push offset dword_41EA80
call sub_4062CD
add esp, 20h
mov ebx, eax
call sub_40C508
cmp ebx, 0
jnz short loc_409E64
call sub_40C598
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 4
mov [ebp+var_474C], 3A1Ch
inc [ebp+var_474C]
jmp short loc_409EB1
; ---------------------------------------------------------------------------
loc_409E64: ; CODE XREF: sub_409847+5F5�j
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset dword_43B200
push offset byte_43B1DF
push 80000001h
call sub_4015EB
mov [ebp+var_45F5], 10h
movzx eax, [ebp+var_45F5]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_45F5], al
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 1Ch
call sub_40C508
loc_409EB1: ; CODE XREF: sub_409847+61B�j
and [ebp+var_35F0], 0
mov [ebp+var_45F4], 4
lea edi, [ebp+var_4736]
lea esi, dword_445B5C
mov ecx, 7
rep movsb
lea eax, [ebp+var_4608]
push eax
lea eax, [ebp+var_45F4]
push eax
lea eax, [ebp+var_35F0]
push eax
push offset dword_43B208
push offset byte_43B1DF
push 80000001h
call sub_4014BD
add esp, 18h
lea edi, [ebp+var_4737]
lea esi, byte_445B63
xor ecx, ecx
inc ecx
rep movsb
push 0
push 0
push 4
push 0
push 0
push 80000000h
push offset dword_40E010
call sub_40C67C
mov [ebp+var_4600], eax
call sub_40C598
push 0
push [ebp+var_4600]
call sub_40C520
mov [ebp+var_4720], eax
mov [ebp+var_470E], 791Eh
sub [ebp+var_470E], 1754h
push [ebp+var_4600]
call sub_40C55C
call sub_40C508
mov eax, [ebp+var_4720]
cmp [ebp+var_35F0], eax
jb short loc_409F83
call sub_40C5A4
jmp loc_40A0AB
; ---------------------------------------------------------------------------
loc_409F83: ; CODE XREF: sub_409847+730�j
lea edi, [ebp+var_473F]
lea esi, dword_445B64
movsd
movsd
mov eax, 14h
sub eax, dword_43B098
push eax
lea eax, [ebp+var_4707]
push eax
call sub_40170F
call sub_40C634
push 9
push offset word_445DAA
call sub_40129C
lea edi, [ebp+var_4707]
push edi
push offset dword_432E00
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
mov [ebp+var_470F], 51h
movzx eax, [ebp+var_470F]
imul eax, 7CFBh
mov [ebp+var_470F], al
lea eax, [ebp+var_600]
push eax
call sub_403449
push 1
push offset word_445DBA
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35F0]
push eax
push offset byte_445EFD
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_45EF]
push edi
push offset dword_40E010
call sub_4062CD
mov ebx, eax
lea edi, [ebp+var_4742]
lea esi, byte_445B6C
mov ecx, 3
rep movsb
lea eax, [ebp+var_600]
push eax
call sub_40C760
mov [ebp+var_4714], 7F66h
inc [ebp+var_4714]
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 50h
call sub_40C634
or ebx, ebx
jz short loc_40A0AB
call sub_40C634
cmp [ebp+var_604], 0
jz short loc_40A0AB
push 4
push 4
lea eax, [ebp+var_604]
push eax
push offset dword_43B208
push offset byte_43B1DF
push 80000001h
call sub_4015EB
add esp, 18h
loc_40A0AB: ; CODE XREF: sub_409847+737�j
; sub_409847+832�j ...
push 0
push 80h
push 3
push 0
push 0
push 80000000h
push offset dword_413F90
call sub_40C67C
mov [ebp+var_4604], eax
mov [ebp+var_45FC], 7514h
mov eax, [ebp+var_45FC]
mov edx, eax
add edx, eax
mov [ebp+var_45FC], edx
cmp [ebp+var_4604], 0FFFFFFFFh
jz loc_40A5BF
mov eax, dword_445B6F
mov [ebp+var_4746], eax
push [ebp+var_4604]
call sub_40C55C
mov [ebp+var_4716], 0DEAh
movzx eax, [ebp+var_4716]
imul eax, 4C28h
mov [ebp+var_4716], ax
lea eax, [ebp+var_45EF]
push eax
lea eax, [ebp+var_E08]
push eax
call sub_40CA30
mov [ebp+var_4718], 7CFCh
movzx eax, [ebp+var_4718]
imul eax, 2F59h
mov [ebp+var_4718], ax
push 6
push offset byte_445DA3
call sub_40129C
push eax
lea edi, [ebp+var_E08]
push edi
call sub_40CA54
call sub_40C574
lea eax, [ebp+var_600]
push eax
call sub_403449
push 1
push offset word_445DBA
call sub_40129C
lea edi, [ebp+var_604]
push edi
push 0
push [ebp+var_35F0]
push eax
push offset byte_445EFD
lea edi, [ebp+var_600]
push edi
lea edi, [ebp+var_E08]
push edi
push offset dword_413F90
call sub_4062CD
mov ebx, eax
mov [ebp+var_4719], 18h
movzx eax, [ebp+var_4719]
imul eax, 4B74h
mov [ebp+var_4719], al
lea eax, [ebp+var_600]
push eax
call sub_40C760
mov [ebp+var_471C], 0F12h
sub [ebp+var_471C], 161h
lea eax, [ebp+var_600]
push eax
call sub_4034D8
add esp, 48h
or ebx, ebx
jz short loc_40A21B
call sub_40C508
push offset dword_413F90
call sub_40C760
call sub_40C598
loc_40A21B: ; CODE XREF: sub_409847+4FD�j
; sub_409847+9BE�j
cmp [ebp+var_200], 3Ah
jnz loc_40A3F3
cmp [ebp+var_1FD], 3Ah
jnz loc_40A3F3
mov [ebp+var_35F2], 77A0h
inc [ebp+var_35F2]
call sub_40C598
mov [ebp+var_1FD], 0
push 5
push offset byte_445D9D
call sub_40129C
lea edi, [ebp+var_35F0]
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_40CA48
add esp, 14h
mov [ebp+var_35F4], 28B3h
movzx eax, [ebp+var_35F4]
imul eax, 66EEh
mov [ebp+var_35F4], ax
cmp [ebp+var_35F0], 0
jz short loc_40A2C3
call sub_40CA18
mov edx, 621B97C3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
inc edi
cmp edi, [ebp+var_35F0]
ja loc_40A56A
loc_40A2C3: ; CODE XREF: sub_409847+A51�j
call sub_40C508
cmp ds:dword_418680, 2
jnz short loc_40A325
call sub_40C538
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C580
push 0Ah
push offset byte_44658B
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40CA30
push 8
push offset word_446582
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA54
add esp, 24h
jmp short loc_40A3A2
; ---------------------------------------------------------------------------
loc_40A325: ; CODE XREF: sub_409847+A88�j
mov eax, dword_445B73
mov [ebp+var_35F8], eax
push 400h
lea eax, [ebp+var_600]
push eax
call sub_40C5C8
mov ax, word_445B77
mov [ebp+var_35FA], ax
push 0Eh
push offset byte_446563
call sub_40129C
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_100F]
push edi
call sub_40CA30
lea edi, [ebp+var_35FD]
lea esi, byte_445B79
mov ecx, 3
rep movsb
push 0Ch
push offset word_446556
call sub_40129C
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA54
add esp, 24h
call sub_40C514
loc_40A3A2: ; CODE XREF: sub_409847+ADC�j
lea eax, [ebp+var_100F]
push eax
call sub_40C760
call sub_40C514
push 8
push offset byte_446513
call sub_40129C
lea edi, [ebp+var_200]
add edi, 4
push edi
lea edi, [ebp+var_600]
push edi
push eax
lea edi, [ebp+var_600]
push edi
call sub_40CA30
add esp, 18h
push 0
lea eax, [ebp+var_600]
push eax
call sub_40C724
call sub_40C514
loc_40A3F3: ; CODE XREF: sub_409847+9DB�j
; sub_409847+9E8�j
push 5
push offset byte_445D97
call sub_40129C
mov edi, 0Dh
sub edi, dword_43B098
push edi
push eax
lea edi, [ebp+var_200]
push edi
call sub_401806
add esp, 14h
or eax, eax
jnz loc_40A56A
call sub_40C5A4
lea edi, [ebp+var_55F7]
lea esi, byte_445B7C
mov ecx, 3
rep movsb
mov eax, dword_43B094
add eax, 5
push eax
lea eax, [ebp+var_F0B]
push eax
call sub_40170F
mov [ebp+var_55F1], 33h
add [ebp+var_55F1], 1
push 9
push offset word_445DFA
call sub_40129C
lea edi, [ebp+var_F0B]
push edi
push offset dword_432E00
push eax
lea edi, [ebp+var_45EB]
push edi
call sub_40CA30
lea eax, [ebp+var_1FB]
push eax
lea eax, [ebp+var_55EA]
push eax
call sub_40C4B8
mov [ebp+var_55F0], 4C44h
mov eax, [ebp+var_55F0]
mov edx, eax
add edx, eax
mov [ebp+var_55F0], edx
push 3
push offset byte_445D93
call sub_40129C
mov [ebp+var_55FC], eax
push 1
push offset word_445DBA
call sub_40129C
push 0
push 0
push 0
push eax
mov edi, [ebp+var_55FC]
push edi
lea edi, [ebp+var_45EB]
push edi
lea edi, [ebp+var_55EA]
push edi
push 0
call sub_4062CD
add esp, 50h
mov ebx, eax
mov [ebp+var_55F4], 2AB6h
sub [ebp+var_55F4], 2B3Ah
cmp ebx, 2
jnz short loc_40A56A
mov [ebp+var_55FD], 0D1h
add [ebp+var_55FD], 1
push 0
lea eax, [ebp+var_45EB]
push eax
call sub_40C724
push 6
push offset dword_445D8C
call sub_40129C
mov edi, 3
sub edi, dword_43B094
push edi
push eax
lea edi, [ebp+var_55EA]
push edi
call sub_401806
add esp, 14h
cmp eax, 0FFFFh
jz short loc_40A56A
mov eax, 0Dh
sub eax, dword_43B098
push eax
call sub_40C9DC
pop ecx
loc_40A56A: ; CODE XREF: sub_409847+399�j
; sub_409847+3AA�j ...
lea eax, [ebp+var_200]
push eax
push [ebp+var_608]
push [ebp+var_E0C]
call sub_401B9A
add esp, 0Ch
mov [ebp+var_608], eax
or eax, eax
jnz loc_409BE5
push [ebp+var_E0C]
call sub_40C658
mov [ebp+var_102C], 5DFBh
mov eax, 658Bh
mul [ebp+var_102C]
mov [ebp+var_15D8], eax
mov [ebp+var_102C], eax
loc_40A5BF: ; CODE XREF: sub_409847+2FE�j
; sub_409847+36E�j ...
call sub_408BE4
call sub_40C598
fld dbl_445D84
fimul dword_43B0B4
mov edi, eax
call sub_40C410
xchg eax, edi
push edi
call sub_40C9D0
mov edi, dword_43B0B8
sub edi, eax
inc edi
mov [ebp+var_1014], edi
mov [ebp+var_101C], 19AEh
movzx eax, [ebp+var_101C]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_101C], ax
mov eax, edi
mov [ebp+var_15DC], eax
push eax
call sub_40C9D0
add esp, 8
mov edi, [ebp+var_15DC]
add edi, eax
mov [ebp+var_1014], edi
mov [ebp+var_102D], 45h
sub [ebp+var_102D], 1Ch
mov eax, edi
mov edi, dword_43B0B8
sub edi, dword_43B0B4
mov ecx, edi
inc ecx
xor edx, edx
div ecx
mov [ebp+var_15E0], eax
mov [ebp+var_1014], eax
mov [ebp+var_101D], 0DFh
movzx eax, [ebp+var_101D]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_101D], al
call sub_40CA18
mov [ebp+var_15E4], eax
mov eax, dword_43B0B4
mov edx, 66666667h
push ecx
mov ecx, eax
imul edx
sar edx, 1
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
lea edi, [eax+eax*4]
mov esi, [ebp+var_1014]
mov edx, [ebp+var_15E4]
mov eax, esi
imul eax, [ebp+var_15E4]
mov ecx, 0Ah
cdq
idiv ecx
lea edi, [edi+edx+5]
mov dword_43B0B4, edi
lea edi, [ebp+var_117A]
lea esi, byte_445B7F
mov ecx, 3
rep movsw
mov eax, dword_43B0B8
cmp dword_43B0B4, eax
jbe short loc_40A6ED
and dword_43B0B4, 0
loc_40A6ED: ; CODE XREF: sub_409847+E9D�j
push 30D40h
call sub_40C9B8
pop ecx
jmp loc_4098DE
sub_409847 endp
; ---------------------------------------------------------------------------
pop edi
pop esi
pop ebx
leave
retn 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A704 proc near ; CODE XREF: sub_40A766+11�p
var_C = word ptr -0Ch
var_A = word ptr -0Ah
var_8 = dword ptr -8
var_1 = byte ptr -1
push ebp
mov ebp, esp
sub esp, 0Ch
push edi
mov ax, word_445B85
mov [ebp+var_A], ax
mov [ebp+var_1], 47h
sub [ebp+var_1], 66h
push offset dword_43B0A0
push 0
push 1F0001h
call sub_40C664
mov [ebp+var_8], eax
or eax, eax
jz short loc_40A763
call sub_40C598
push [ebp+var_8]
call sub_40C55C
call sub_40C514
mov eax, 3
sub eax, dword_43B094
push eax
call sub_40C9DC
pop ecx
mov ax, word_445B87
mov [ebp+var_C], ax
loc_40A763: ; CODE XREF: sub_40A704+2F�j
pop edi
leave
retn
sub_40A704 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40A766 proc near ; CODE XREF: sub_40C434+5C�p
var_7F1 = byte ptr -7F1h
var_7EB = byte ptr -7EBh
var_7E9 = byte ptr -7E9h
var_7E8 = dword ptr -7E8h
var_7E2 = word ptr -7E2h
var_7DD = byte ptr -7DDh
var_7DC = dword ptr -7DCh
var_7D7 = byte ptr -7D7h
var_7D0 = byte ptr -7D0h
var_7CC = byte ptr -7CCh
var_7C7 = byte ptr -7C7h
var_7C2 = byte ptr -7C2h
var_7BA = byte ptr -7BAh
var_7B4 = byte ptr -7B4h
var_7B3 = byte ptr -7B3h
var_7AB = dword ptr -7ABh
var_7A7 = dword ptr -7A7h
var_7A3 = byte ptr -7A3h
var_79C = byte ptr -79Ch
var_794 = byte ptr -794h
var_78D = byte ptr -78Dh
var_788 = dword ptr -788h
var_784 = byte ptr -784h
var_783 = byte ptr -783h
var_77E = byte ptr -77Eh
var_67F = byte ptr -67Fh
var_580 = byte ptr -580h
var_47C = dword ptr -47Ch
var_478 = dword ptr -478h
var_474 = byte ptr -474h
var_370 = dword ptr -370h
var_36C = dword ptr -36Ch
var_366 = word ptr -366h
var_364 = dword ptr -364h
var_360 = dword ptr -360h
var_35C = byte ptr -35Ch
var_2F8 = byte ptr -2F8h
var_294 = dword ptr -294h
var_28D = byte ptr -28Dh
var_28C = word ptr -28Ch
var_289 = byte ptr -289h
var_288 = dword ptr -288h
var_281 = byte ptr -281h
var_280 = dword ptr -280h
var_27C = dword ptr -27Ch
var_278 = dword ptr -278h
var_272 = word ptr -272h
var_270 = word ptr -270h
var_26E = byte ptr -26Eh
var_16A = word ptr -16Ah
var_168 = dword ptr -168h
var_163 = byte ptr -163h
var_162 = byte ptr -162h
var_5E = word ptr -5Eh
var_5C = dword ptr -5Ch
var_55 = dword ptr -55h
var_51 = dword ptr -51h
var_4D = dword ptr -4Dh
var_49 = dword ptr -49h
var_45 = dword ptr -45h
var_41 = dword ptr -41h
var_3D = dword ptr -3Dh
var_39 = dword ptr -39h
var_35 = dword ptr -35h
var_31 = dword ptr -31h
var_2D = byte ptr -2Dh
var_27 = byte ptr -27h
var_26 = byte ptr -26h
var_25 = byte ptr -25h
var_1D = byte ptr -1Dh
var_1 = byte ptr -1
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 7F4h
push ebx
push esi
push edi
call sub_40C634
call sub_40A704
call sub_40C538
lea edi, [ebp+var_783]
lea esi, byte_445B89
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_162]
push eax
call sub_40C580
mov [ebp+var_163], 2Ch
movzx eax, [ebp+var_163]
imul eax, 45FBh
mov [ebp+var_163], al
push 13h
push offset dword_445D70
call sub_40129C
push eax
lea edi, [ebp+var_162]
push edi
call sub_40CA54
add esp, 10h
call sub_40C538
push 0
push 0
push 3
push 0
push 0
push 80000001h
lea eax, [ebp+var_162]
push eax
call sub_40C67C
mov [ebp+var_370], eax
cmp eax, 0FFFFFFFFh
jnz short loc_40A80D
call sub_4085D0
jmp short loc_40A818
; ---------------------------------------------------------------------------
loc_40A80D: ; CODE XREF: sub_40A766+9E�j
push [ebp+var_370]
call sub_40C55C
loc_40A818: ; CODE XREF: sub_40A766+A5�j
lea edi, [ebp+var_784]
lea esi, byte_445B8E
xor ecx, ecx
inc ecx
rep movsb
push 9
push offset word_445D66
call sub_40129C
push eax
call sub_40C5D4
call sub_40C5A4
mov eax, [ebp+arg_0]
mov ds:dword_41DA84, eax
mov ds:dword_418670, 94h
push offset dword_418670
call sub_40C5B0
mov eax, dword_445B8F
mov [ebp+var_788], eax
push 0FFh
push offset dword_432E00
call sub_40C580
mov [ebp+var_168], 5BB4h
mov eax, 7833h
mul [ebp+var_168]
mov [ebp+var_7DC], eax
mov [ebp+var_168], eax
call sub_40C598
push eax
call sub_40CA3C
mov [ebp+var_16A], 5032h
add [ebp+var_16A], 7611h
lea edi, [ebp+var_78D]
lea esi, byte_445B93
mov ecx, 5
rep movsb
push 104h
lea eax, [ebp+var_474]
push eax
push [ebp+arg_0]
call sub_40C544
call sub_40C514
and [ebp+var_5C], 0
mov [ebp+var_478], 4
mov ebx, 4C9Bh
mov eax, ebx
add eax, ebx
mov ebx, eax
lea eax, [ebp+var_794]
push eax
lea eax, [ebp+var_478]
push eax
lea eax, [ebp+var_5C]
push eax
push offset byte_445EFD
push offset byte_43B1DF
push 80000001h
call sub_4014BD
add esp, 24h
mov [ebp+var_47C], eax
or eax, eax
jz short loc_40A95C
mov [ebp+var_7DD], 57h
add [ebp+var_7DD], 1
cmp [ebp+var_5C], 1Ch
jbe short loc_40A952
mov eax, 0Dh
sub eax, dword_43B098
push eax
call sub_40C9DC
pop ecx
loc_40A952: ; CODE XREF: sub_40A766+1D8�j
cmp [ebp+var_5C], 1Ch
jz loc_40AAD6
loc_40A95C: ; CODE XREF: sub_40A766+1C4�j
lea edi, [ebp+var_79C]
lea esi, dword_445B98
movsd
movsd
lea edi, [ebp+var_7A3]
lea esi, dword_445BA0
mov ecx, 7
rep movsb
call sub_40CA18
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov edi, eax
add edi, 41h
mov edx, edi
mov [ebp+var_2D], dl
mov [ebp+var_1], 1
jmp short loc_40A9D4
; ---------------------------------------------------------------------------
loc_40A9A7: ; CODE XREF: sub_40A766+273�j
call sub_40CA18
movzx edi, [ebp+var_1]
mov edx, 10624DD3h
push ecx
mov ecx, eax
imul edx
sar edx, 7
sar ecx, 1Fh
sub edx, ecx
mov eax, edx
pop ecx
mov esi, eax
add esi, 61h
mov edx, esi
mov [ebp+edi+var_2D], dl
add [ebp+var_1], 1
loc_40A9D4: ; CODE XREF: sub_40A766+23F�j
mov al, [ebp+var_1]
cmp al, 8
jbe short loc_40A9A7
mov [ebp+var_25], 0
call sub_40CA18
mov edx, eax
test dl, 1
jnz short loc_40AA0D
mov [ebp+var_7DD], 0A4h
movzx eax, [ebp+var_7DD]
imul eax, 6B38h
mov [ebp+var_7DD], al
mov [ebp+var_27], 33h
mov [ebp+var_26], 32h
loc_40AA0D: ; CODE XREF: sub_40A766+283�j
push 9
push offset dword_445D5C
call sub_40129C
lea edi, [ebp+var_2D]
push edi
push offset dword_432E00
push eax
lea edi, [ebp+var_26E]
push edi
call sub_40CA30
push 0
lea eax, [ebp+var_26E]
push eax
lea eax, [ebp+var_474]
push eax
call sub_40C604
call sub_40C598
lea eax, [ebp+var_2D]
push eax
call sub_403C5F
mov [ebp+var_270], 193Ah
sub [ebp+var_270], 3E0Ch
mov [ebp+var_5C], 1Ch
push 4
push 4
lea eax, [ebp+var_5C]
push eax
push offset byte_445EFD
push offset byte_43B1DF
push 80000001h
call sub_4015EB
add esp, 34h
push 0
lea eax, [ebp+var_26E]
push eax
call sub_40C724
mov eax, dword_445BA7
mov [ebp+var_7A7], eax
call sub_404194
mov [ebp+var_272], 0CB0h
sub [ebp+var_272], 5CCh
mov eax, 3
sub eax, dword_43B094
push eax
call sub_40C4E4
mov eax, dword_445BAB
mov [ebp+var_7AB], eax
loc_40AAD6: ; CODE XREF: sub_40A766+1F0�j
push 5
push offset word_445D56
call sub_40129C
push offset dword_445D4C
push offset dword_432E00
push eax
push offset dword_41EA80
call sub_40CA30
mov [ebp+var_278], 57BFh
sub [ebp+var_278], 674Fh
push 5
push offset word_445D56
call sub_40129C
push offset word_445D42
push offset dword_432E00
push eax
push offset dword_40F280
call sub_40CA30
mov [ebp+var_27C], 1B3Dh
sub [ebp+var_27C], 108Ah
push 5
push offset word_445D56
call sub_40129C
push offset byte_445D35
push offset dword_432E00
push eax
push offset dword_40E010
call sub_40CA30
mov [ebp+var_280], 4FE3h
add [ebp+var_280], 4ADFh
push 0FFh
push offset dword_413F90
call sub_40C5C8
call sub_40C598
push 9
push offset byte_445D2B
call sub_40129C
push eax
push offset dword_413F90
call sub_40CA54
call sub_40C598
lea eax, byte_445EFD
mov [ebp+var_31], eax
mov [ebp+var_281], 0E4h
movzx eax, [ebp+var_281]
imul eax, 3FBBh
mov [ebp+var_281], al
mov eax, ds:dword_41DA84
mov [ebp+var_45], eax
lea eax, sub_40B143
mov [ebp+var_51], eax
push 7F00h
push 0
call sub_40C7C0
mov [ebp+var_3D], eax
mov [ebp+var_288], 5083h
mov eax, 4FDBh
mul [ebp+var_288]
mov [ebp-7E0h], eax
mov [ebp+var_288], eax
push 7F03h
push 0
call sub_40C7CC
mov [ebp+var_41], eax
call sub_40C538
and [ebp+var_35], 0
push 0
call sub_40C8C8
mov [ebp+var_39], eax
mov [ebp+var_55], 3
and [ebp+var_4D], 0
and [ebp+var_49], 0
lea eax, [ebp+var_55]
push eax
call sub_40C7E4
call sub_40C508
push 0
push ds:dword_41DA84
push 0
push 0
push 0
push 0
push 0
push 0
push 0CA0000h
push offset byte_445EFD
push offset byte_445EFD
push 0
call sub_40C88C
mov ds:dword_41B89C, eax
mov [ebp+var_289], 1Dh
add [ebp+var_289], 1
push offset dword_43B0A0
push 0
push 0
call sub_40C6C4
call sub_40C634
push 2
call sub_402A4D
add esp, 5Ch
call sub_40C634
call sub_40C5A4
cmp eax, 80000000h
jb loc_40AD43
lea edi, [ebp+var_7EB]
lea esi, byte_445BAF
mov ecx, 3
rep movsb
push 0Ch
push offset word_445D1E
call sub_40129C
push eax
call sub_40C550
mov edi, eax
push 16h
push offset byte_445D07
call sub_40129C
add esp, 10h
push eax
push edi
call sub_40C568
mov [ebp+var_7E8], eax
lea edi, [ebp+var_7F1]
lea esi, word_445BB2
mov ecx, 3
rep movsw
call sub_40C508
mov edi, 3
sub edi, dword_43B094
push edi
push eax
call [ebp+var_7E8]
mov [ebp+var_7E2], 1273h
movzx eax, [ebp+var_7E2]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_7E2], ax
loc_40AD43: ; CODE XREF: sub_40A766+54B�j
lea edi, [ebp+var_7B3]
lea esi, dword_445BB8
movsd
movsd
push 104h
lea eax, [ebp+var_580]
push eax
push 0
call sub_40C544
lea eax, [ebp+var_580]
push eax
call sub_403449
lea edi, [ebp+var_7B4]
lea esi, byte_445BC0
xor ecx, ecx
inc ecx
rep movsb
push offset dword_41EA80
call sub_403449
mov [ebp+var_28C], 3040h
inc [ebp+var_28C]
push offset dword_40F280
call sub_403449
mov [ebp+var_28D], 0C8h
sub [ebp+var_28D], 2Ch
push offset dword_40E010
call sub_403449
mov [ebp+var_294], 73D3h
add [ebp+var_294], 7F76h
call sub_40C508
push eax
call sub_4036F2
lea edi, [ebp+var_7BA]
lea esi, byte_445BC1
mov ecx, 3
rep movsw
lea edi, [ebp+var_7C2]
lea esi, byte_445BC7
mov ecx, 2
rep movsd
lea eax, [ebp+var_2F8]
push eax
call sub_4039D6
and [ebp+var_360], 0
mov [ebp+var_364], 64h
call sub_40C508
push 45h
push offset byte_445CC1
call sub_40129C
lea edi, [ebp+var_360]
push edi
lea edi, [ebp+var_364]
push edi
lea edi, [ebp+var_35C]
push edi
lea edi, [ebp+var_2F8]
push edi
push eax
push 80000002h
call sub_4014BD
lea edi, [ebp+var_7C7]
lea esi, byte_445BCF
mov ecx, 5
rep movsb
push 1
push offset byte_445CBF
call sub_40129C
push eax
lea edi, [ebp+var_35C]
push edi
call sub_4037EF
mov [ebp+var_366], 0ABBh
movzx eax, [ebp+var_366]
imul eax, 144Dh
mov [ebp+var_366], ax
push 1
push offset byte_445CBD
call sub_40129C
push eax
lea edi, [ebp+var_2F8]
push edi
call sub_4037EF
lea edi, [ebp+var_7CC]
lea esi, dword_445BD4
mov ecx, 5
rep movsb
push 17h
push offset byte_445CA5
call sub_40129C
lea edi, [ebp+var_35C]
push edi
push eax
lea edi, [ebp+var_77E]
push edi
call sub_40CA30
mov [ebp+var_5E], 3CC6h
movzx eax, [ebp+var_5E]
mov edx, eax
add edx, eax
mov eax, edx
mov [ebp+var_5E], ax
lea eax, [ebp+var_360]
push eax
lea eax, [ebp+var_364]
push eax
lea eax, [ebp+var_67F]
push eax
push 0
lea eax, [ebp+var_77E]
push eax
push 80000000h
call sub_4014BD
mov [ebp+var_36C], 4978h
sub [ebp+var_36C], 4EB6h
lea eax, [ebp+var_67F]
push eax
call sub_403449
call sub_40C538
call sub_403AA3
push offset sub_408189
call sub_40801C
add esp, 8Ch
call sub_40C598
lea eax, [ebp+var_7D0]
push eax
push 0
push 0
push offset sub_409847
push 0
push 0
call sub_40C754
push eax
call sub_40C55C
lea edi, [ebp+var_7D7]
lea esi, byte_445BD9
mov ecx, 7
rep movsb
push 0
mov eax, dword_43B098
mov edx, eax
add edx, 1E8h
push edx
mov edx, 0Dh
sub edx, eax
push edx
push ds:dword_41B89C
call sub_40C7D8
jmp short loc_40B001
; ---------------------------------------------------------------------------
loc_40AFBF: ; CODE XREF: sub_40A766+8AC�j
mov [ebp+var_7E2], 3F2Eh
add [ebp+var_7E2], 0CABh
lea eax, [ebp+var_1D]
push eax
call sub_40C844
mov [ebp+var_7E8], 5962h
inc [ebp+var_7E8]
lea eax, [ebp+var_1D]
push eax
call sub_40C850
mov [ebp+var_7E9], 0B5h
sub [ebp+var_7E9], 2
loc_40B001: ; CODE XREF: sub_40A766+857�j
push 0
push 0
push 0
lea eax, [ebp+var_1D]
push eax
call sub_40C7FC
or eax, eax
jnz short loc_40AFBF
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40A766 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B01B proc near ; DATA XREF: sub_408E89+8BD�o
; sub_408E89+8FE�o ...
var_1C = dword ptr -1Ch
var_15 = byte ptr -15h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_6 = dword ptr -6
var_2 = word ptr -2
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 1Ch
push ebx
push esi
push edi
mov edi, [ebp+arg_0]
call sub_40C634
mov eax, [ebp+arg_4]
cmp eax, 100h
jz short loc_40B049
jmp loc_40B0C2
; ---------------------------------------------------------------------------
mov [ebp+var_10], 2420h
add [ebp+var_10], 3723h
loc_40B049: ; CODE XREF: sub_40B01B+19�j
call sub_40C538
cmp [ebp+arg_8], 9
jnz short loc_40B0C2
cmp edi, ds:dword_410848
jnz short loc_40B067
push ds:dword_431D04
call sub_40C7A8
loc_40B067: ; CODE XREF: sub_40B01B+3F�j
mov [ebp+var_14], 134h
mov eax, 33B6h
mul [ebp+var_14]
mov [ebp+var_1C], eax
mov [ebp+var_14], eax
cmp edi, ds:dword_431D04
jnz short loc_40B08F
push ds:dword_41DA7C
call sub_40C7A8
loc_40B08F: ; CODE XREF: sub_40B01B+67�j
call sub_40C538
cmp edi, ds:dword_41DA7C
jnz short loc_40B0A7
push ds:dword_41DA74
call sub_40C7A8
loc_40B0A7: ; CODE XREF: sub_40B01B+7F�j
mov [ebp+var_15], 71h
add [ebp+var_15], 3Ah
cmp edi, ds:dword_41DA74
jnz short loc_40B0C2
push ds:dword_431D04
call sub_40C7A8
loc_40B0C2: ; CODE XREF: sub_40B01B+1B�j
; sub_40B01B+37�j ...
xor esi, esi
cmp edi, ds:dword_431D04
jnz short loc_40B0D2
mov esi, ds:dword_41EA7C
loc_40B0D2: ; CODE XREF: sub_40B01B+AF�j
mov ebx, 74B5h
inc ebx
cmp edi, ds:dword_41DA7C
jnz short loc_40B0E6
mov esi, ds:dword_41DA78
loc_40B0E6: ; CODE XREF: sub_40B01B+C3�j
mov [ebp+var_2], 354Dh
add [ebp+var_2], 3C6Bh
cmp edi, ds:dword_410848
jnz short loc_40B100
mov esi, ds:dword_40E008
loc_40B100: ; CODE XREF: sub_40B01B+DD�j
mov ebx, 6788h
add ebx, 110Ch
cmp edi, ds:dword_41DA74
jnz short loc_40B119
mov esi, ds:dword_413F6C
loc_40B119: ; CODE XREF: sub_40B01B+F6�j
call sub_40C574
or esi, esi
jz short loc_40B134
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push edi
push esi
call sub_40C8BC
jmp short loc_40B13C
; ---------------------------------------------------------------------------
loc_40B134: ; CODE XREF: sub_40B01B+105�j
mov eax, dword_445BE0
mov [ebp+var_6], eax
loc_40B13C: ; CODE XREF: sub_40B01B+117�j
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B01B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40B143 proc near ; DATA XREF: sub_40A766+46A�o
var_27A = word ptr -27Ah
var_278 = dword ptr -278h
var_274 = dword ptr -274h
var_270 = dword ptr -270h
var_26C = dword ptr -26Ch
var_268 = dword ptr -268h
var_264 = dword ptr -264h
var_260 = dword ptr -260h
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = byte ptr -24Ch
var_248 = byte ptr -248h
var_149 = byte ptr -149h
var_144 = word ptr -144h
var_142 = byte ptr -142h
var_13D = byte ptr -13Dh
var_135 = word ptr -135h
var_133 = byte ptr -133h
var_132 = byte ptr -132h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = word ptr -120h
var_11E = word ptr -11Eh
var_11B = byte ptr -11Bh
var_11A = word ptr -11Ah
var_118 = word ptr -118h
var_115 = byte ptr -115h
var_114 = dword ptr -114h
var_10D = byte ptr -10Dh
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_101 = byte ptr -101h
var_100 = byte ptr -100h
var_FF = byte ptr -0FFh
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 27Ch
push ebx
push esi
push edi
call sub_40C538
mov eax, [ebp+arg_4]
cmp eax, 10h
jz loc_40B36D
jg short loc_40B170
cmp eax, 2
jz loc_40B353
jmp loc_40B9CF
; ---------------------------------------------------------------------------
loc_40B170: ; CODE XREF: sub_40B143+1D�j
cmp eax, 111h
jz loc_40B47A
cmp eax, 113h
jz short loc_40B1B1
cmp eax, 111h
jl loc_40B9CF
cmp eax, 138h
jz loc_40B392
jmp loc_40B9CF
; ---------------------------------------------------------------------------
lea edi, [ebp+var_132]
lea esi, dword_445BE4
mov ecx, 3
rep movsw
loc_40B1B1: ; CODE XREF: sub_40B143+3D�j
lea edi, [ebp+var_133]
lea esi, byte_445BEA
xor ecx, ecx
inc ecx
rep movsb
cmp dword_43B218, 0
jz loc_40B2FA
mov byte ptr [ebp+var_250+3], 0A1h
movzx eax, byte ptr [ebp+var_250+3]
imul eax, 1F49h
mov byte ptr [ebp+var_250+3], al
push 9
push offset byte_445F0F
call sub_40129C
push eax
push dword_43B218
call sub_408DEF
mov [ebp+var_254], eax
push 8
push offset word_445F06
call sub_40129C
push eax
push [ebp+var_254]
call sub_408DEF
add esp, 20h
mov [ebp+var_258], eax
call sub_40C514
lea eax, [ebp+var_268]
push eax
push [ebp+var_258]
call sub_40C778
or eax, eax
jz loc_40B2FA
lea eax, [ebp+var_278]
push eax
push ds:dword_41EB84
call sub_40C778
or eax, eax
jz loc_40B2FA
mov byte ptr [ebp+var_250+2], 38h
add byte ptr [ebp+var_250+2], 25h
mov eax, [ebp+var_260]
sub eax, [ebp+var_268]
sub eax, 4
mov edx, [ebp+var_270]
sub edx, [ebp+var_278]
cmp eax, edx
jnz short loc_40B2AD
mov eax, [ebp+var_25C]
sub eax, [ebp+var_264]
sub eax, 4
mov edx, [ebp+var_26C]
sub edx, [ebp+var_274]
cmp eax, edx
jz short loc_40B2FA
loc_40B2AD: ; CODE XREF: sub_40B143+149�j
call sub_40C514
push 1
mov eax, [ebp+var_25C]
sub eax, [ebp+var_264]
push eax
mov eax, [ebp+var_260]
sub eax, [ebp+var_268]
push eax
push 0
push 0
push ds:dword_41EB84
call sub_40C8A4
mov [ebp+var_27A], 2EFFh
movzx eax, [ebp+var_27A]
imul eax, 4AB4h
mov [ebp+var_27A], ax
loc_40B2FA: ; CODE XREF: sub_40B143+86�j
; sub_40B143+FE�j ...
cmp dword_43B214, 0
jz loc_40BA03
lea edi, [ebp+var_254+1]
lea esi, byte_445BEB
mov ecx, 5
rep movsb
mov eax, dword_43B214
mov dword_43B218, eax
call sub_40C598
and dword_43B214, 0
push dword_43B218
call sub_408E89
pop ecx
mov word ptr [ebp+var_250+2], 4C5Ah
add word ptr [ebp+var_250+2], 7318h
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B353: ; CODE XREF: sub_40B143+22�j
mov eax, ds:dword_41B89C
cmp [ebp+arg_0], eax
jnz loc_40BA03
push 0
call sub_40C874
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B36D: ; CODE XREF: sub_40B143+17�j
mov eax, ds:dword_41B89C
cmp [ebp+arg_0], eax
jnz short loc_40B37F
push [ebp+arg_0]
call sub_40C898
loc_40B37F: ; CODE XREF: sub_40B143+232�j
mov [ebp+var_10D], 7Dh
add [ebp+var_10D], 1
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B392: ; CODE XREF: sub_40B143+4F�j
mov eax, [ebp+arg_C]
mov [ebp+var_12C], eax
mov ax, word_445BF0
mov [ebp+var_135], ax
mov eax, [ebp+var_12C]
cmp eax, ds:dword_431CFC
jz short loc_40B3E2
cmp eax, ds:dword_413F70
jz short loc_40B3E2
cmp eax, ds:dword_41A864
jz short loc_40B3E2
cmp eax, ds:dword_433FE4
jz short loc_40B3E2
cmp eax, ds:dword_431D00
jz short loc_40B3E2
cmp eax, ds:dword_439328
jnz loc_40BA03
loc_40B3E2: ; CODE XREF: sub_40B143+271�j
; sub_40B143+279�j ...
call sub_40C5A4
mov eax, [ebp+var_12C]
cmp eax, ds:dword_431D00
jz short loc_40B3FD
cmp eax, ds:dword_439328
jnz short loc_40B40C
loc_40B3FD: ; CODE XREF: sub_40B143+2B0�j
push 1010B0h
push [ebp+arg_8]
call sub_40C8E0
jmp short loc_40B416
; ---------------------------------------------------------------------------
loc_40B40C: ; CODE XREF: sub_40B143+2B8�j
push 0
push [ebp+arg_8]
call sub_40C8E0
loc_40B416: ; CODE XREF: sub_40B143+2C7�j
push 0FFFFFFh
push [ebp+arg_8]
call sub_40C8D4
call sub_40C5A4
and [ebp+var_260], 0
and [ebp+var_25C], 0
lea eax, [ebp+var_260]
push eax
call sub_40C8EC
mov [ebp+var_254], eax
mov word ptr [ebp+var_250+2], 72AAh
movzx eax, word ptr [ebp+var_250+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_250+2], ax
mov eax, [ebp+var_254]
jmp loc_40BA03
; ---------------------------------------------------------------------------
call sub_40C538
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B47A: ; CODE XREF: sub_40B143+32�j
lea edi, [ebp+var_13D]
lea esi, word_445BF2
movsd
movsd
push 2
push offset word_445CA2
call sub_40129C
push offset byte_432F00
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 14h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_431D04
call sub_40C76C
lea edi, [ebp+var_142]
lea esi, word_445BFA
mov ecx, 5
rep movsb
cmp [ebp+var_FF], 0
jnz short loc_40B511
call sub_40C538
push 1Fh
push offset word_445C82
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C7F0
push ds:dword_431D04
call sub_40C7A8
call sub_40C508
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B511: ; CODE XREF: sub_40B143+397�j
push 5
push offset dword_445C7C
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41DA7C
call sub_40C76C
mov [ebp+var_114], 2AEEh
inc [ebp+var_114]
cmp [ebp+var_FF], 0
jnz short loc_40B5C8
call sub_40C508
push 1Eh
push offset byte_445C5D
call sub_40129C
add esp, 8
push 0
push 0
push eax
push 0
call sub_40C7F0
mov word ptr [ebp+var_250+2], 5B80h
movzx eax, word ptr [ebp+var_250+2]
mov edx, eax
add edx, eax
mov eax, edx
mov word ptr [ebp+var_250+2], ax
push ds:dword_41DA7C
call sub_40C7A8
mov [ebp+var_254], 12FAh
inc [ebp+var_254]
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B5C8: ; CODE XREF: sub_40B143+426�j
push 5
push offset byte_445C57
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
call sub_40C574
push 0FFh
lea eax, [ebp+var_FF]
push eax
push ds:dword_41DA74
call sub_40C76C
call sub_40C538
cmp [ebp+var_FF], 0
jz loc_40B758
call sub_40C508
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B62E: ; CODE XREF: sub_40B143+4F0�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B62E
cmp eax, 4
jb loc_40B758
call sub_40C508
mov [ebp+var_101], 0
jmp short loc_40B66E
; ---------------------------------------------------------------------------
loc_40B64C: ; CODE XREF: sub_40B143+544�j
movzx eax, [ebp+var_101]
mov al, [ebp+eax+var_FF]
cmp al, 30h
jl short loc_40B662
cmp al, 39h
jle short loc_40B667
loc_40B662: ; CODE XREF: sub_40B143+519�j
jmp loc_40B758
; ---------------------------------------------------------------------------
loc_40B667: ; CODE XREF: sub_40B143+51D�j
add [ebp+var_101], 1
loc_40B66E: ; CODE XREF: sub_40B143+507�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B677: ; CODE XREF: sub_40B143+539�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B677
movzx esi, [ebp+var_101]
cmp esi, eax
jb short loc_40B64C
mov [ebp+var_108], 6B03h
mov eax, [ebp+var_108]
mov edx, eax
add edx, eax
mov [ebp+var_108], edx
mov [ebp+var_100], 0
jmp loc_40B737
; ---------------------------------------------------------------------------
loc_40B6AF: ; CODE XREF: sub_40B143+60D�j
mov word ptr [ebp+var_250], 0DE0h
inc word ptr [ebp+var_250]
call sub_40C634
mov al, [ebp+var_100]
mov byte ptr [ebp+var_250+3], al
jmp short loc_40B6FB
; ---------------------------------------------------------------------------
loc_40B6D2: ; CODE XREF: sub_40B143+5D1�j
movzx eax, byte ptr [ebp+var_250+3]
movsx eax, [ebp+eax+var_FF]
movzx edx, [ebp+var_100]
movsx edx, [ebp+edx+var_FF]
cmp eax, edx
jnz short loc_40B716
add byte ptr [ebp+var_250+3], 1
loc_40B6FB: ; CODE XREF: sub_40B143+58D�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B704: ; CODE XREF: sub_40B143+5C6�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B704
movzx esi, byte ptr [ebp+var_250+3]
cmp esi, eax
jb short loc_40B6D2
loc_40B716: ; CODE XREF: sub_40B143+5AF�j
call sub_40C508
movzx eax, byte ptr [ebp+var_250+3]
movzx edx, [ebp+var_100]
sub eax, edx
cmp eax, 3
jg short loc_40B758
add [ebp+var_100], 1
loc_40B737: ; CODE XREF: sub_40B143+567�j
lea ecx, [ebp+var_FF]
or eax, 0FFFFFFFFh
loc_40B740: ; CODE XREF: sub_40B143+602�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B740
movzx esi, [ebp+var_100]
cmp esi, eax
jb loc_40B6AF
jmp short loc_40B7BC
; ---------------------------------------------------------------------------
loc_40B758: ; CODE XREF: sub_40B143+4D7�j
; sub_40B143+4F5�j ...
mov eax, dword_43B098
add eax, 7C4h
push eax
call sub_40C9B8
push 35h
push offset byte_445C21
call sub_40129C
mov [ebp+var_250], eax
push 13h
push offset byte_445C0D
call sub_40129C
add esp, 14h
push 0
push eax
mov edi, [ebp+var_250]
push edi
push 0
call sub_40C7F0
call sub_40C598
push ds:dword_41DA74
call sub_40C7A8
mov ax, word_445BFF
mov [ebp+var_144], ax
jmp loc_40BA03
; ---------------------------------------------------------------------------
loc_40B7BC: ; CODE XREF: sub_40B143+613�j
push 5
push offset dword_445C7C
call sub_40129C
lea edi, [ebp+var_FF]
push edi
lea edi, [ebp+var_248]
push edi
push eax
lea edi, [ebp+var_248]
push edi
call sub_40CA30
add esp, 18h
mov [ebp+var_115], 1Ch
sub [ebp+var_115], 1Fh
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_41EA80
call sub_40C67C
mov [ebp+var_128], eax
push 2
push 0
push 0
push eax
call sub_40C6AC
lea ecx, [ebp+var_248]
or eax, 0FFFFFFFFh
loc_40B828: ; CODE XREF: sub_40B143+6EA�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B828
push 0
lea esi, [ebp+var_24C]
push esi
push eax
lea edi, [ebp+var_248]
push edi
push [ebp+var_128]
call sub_40C730
push 2
push offset word_445C0A
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_24C]
push edi
mov edi, 0Eh
sub edi, dword_43B098
push edi
push eax
push [ebp+var_128]
call sub_40C730
mov [ebp+var_10C], 57C0h
mov eax, [ebp+var_10C]
mov edx, eax
add edx, eax
mov [ebp+var_10C], edx
push [ebp+var_128]
call sub_40C55C
mov [ebp+var_118], 2DFCh
sub [ebp+var_118], 4065h
push ds:dword_41EB84
call sub_40C898
lea edi, [ebp+var_149]
lea esi, byte_445C01
mov ecx, 5
rep movsb
push 0
push 0
push 4
push 0
push 0
push 40000000h
push offset dword_40F280
call sub_40C67C
mov [ebp+var_128], eax
call sub_40C5A4
push 2
push 0
push 0
push [ebp+var_128]
call sub_40C6AC
mov [ebp+var_11A], 34D4h
sub [ebp+var_11A], 5BB2h
lea ecx, byte_432F00
or eax, 0FFFFFFFFh
loc_40B920: ; CODE XREF: sub_40B143+7E2�j
inc eax
cmp byte ptr [ecx+eax], 0
jnz short loc_40B920
mov edi, eax
push 0
lea esi, [ebp+var_24C]
push esi
push edi
push offset byte_432F00
push [ebp+var_128]
call sub_40C730
mov [ebp+var_11B], 99h
add [ebp+var_11B], 1
push 1
push offset byte_445C08
call sub_40129C
add esp, 8
push 0
lea edi, [ebp+var_24C]
push edi
mov edi, 3
sub edi, dword_43B094
push edi
push eax
push [ebp+var_128]
call sub_40C730
call sub_40C634
push [ebp+var_128]
call sub_40C55C
mov [ebp+var_11E], 7327h
movzx eax, [ebp+var_11E]
imul eax, 3B23h
mov [ebp+var_11E], ax
push 5
push ds:dword_41C950
call sub_40C880
mov [ebp+var_120], 519Ah
sub [ebp+var_120], 4248h
jmp short loc_40BA03
; ---------------------------------------------------------------------------
loc_40B9CF: ; CODE XREF: sub_40B143+28�j
; sub_40B143+44�j ...
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call sub_40C8B0
jmp short loc_40BA03
; ---------------------------------------------------------------------------
mov [ebp+var_124], 2003h
mov eax, 20Bh
mul [ebp+var_124]
mov [ebp+var_254], eax
mov [ebp+var_124], eax
loc_40BA03: ; CODE XREF: sub_40B143+1BE�j
; sub_40B143+20B�j ...
pop edi
pop esi
pop ebx
leave
retn 10h
sub_40B143 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA0C proc near ; CODE XREF: sub_406E2B+1A�p
; sub_406E2B+35�p
jmp ds:dword_447340
sub_40BA0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA18 proc near ; CODE XREF: sub_4053A1+C4�p
jmp ds:dword_44734C
sub_40BA18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA24 proc near ; CODE XREF: sub_4053A1+131�p
jmp ds:dword_447350
sub_40BA24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA30 proc near ; CODE XREF: sub_4069E2+5F�p
jmp ds:dword_44735C
sub_40BA30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA3C proc near ; CODE XREF: sub_4069E2+35�p
jmp ds:dword_447360
sub_40BA3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA48 proc near ; CODE XREF: sub_4069E2+22�p
jmp ds:dword_447364
sub_40BA48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40BA54 proc near ; CODE XREF: sub_406987+4C�p
jmp ds:dword_447368
sub_40BA54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BA60 proc near ; CODE XREF: sub_4088A5+1D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
pusha
cld
mov edi, [ebp+arg_4]
mov eax, 1
stosd
mov ecx, 0Fh
dec eax
rep stosd
lea edi, dword_446C54
mov esi, [ebp+arg_0]
mov ecx, 10h
rep movsd
mov edi, [ebp+arg_8]
call sub_40BB2B
xor edx, edx
loc_40BA90: ; CODE XREF: sub_40BA60+52�j
push edx
push ebx
mov eax, [ebp+arg_8]
bt [eax], edx
jnb short loc_40BAA2
mov edx, [ebp+arg_4]
call sub_40BABC
loc_40BAA2: ; CODE XREF: sub_40BA60+38�j
lea edx, dword_446C54
call sub_40BABC
pop ebx
pop edx
inc edx
cmp edx, ebx
jbe short loc_40BA90
popa
pop ebp
retn 10h
sub_40BA60 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BABC proc near ; CODE XREF: sub_40BA60+3D�p
; sub_40BA60+48�p
lea edi, dword_446C14
mov ecx, 10h
xor eax, eax
rep stosd
lea edi, dword_446C54
call sub_40BB2B
loc_40BAD6: ; CODE XREF: sub_40BABC+5D�j
lea edi, dword_446C14
mov ecx, 10h
xor eax, eax
loc_40BAE3: ; CODE XREF: sub_40BABC+2C�j
rcl dword ptr [edi], 1
lea edi, [edi+4]
loop loc_40BAE3
call sub_40BB3C
bt dword_446C54, ebx
jnb short loc_40BB18
mov esi, edx
lea edi, dword_446C14
xor eax, eax
mov ecx, 10h
loc_40BB07: ; CODE XREF: sub_40BABC+55�j
mov eax, [esi]
adc [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BB07
call sub_40BB3C
loc_40BB18: ; CODE XREF: sub_40BABC+3A�j
dec ebx
jns short loc_40BAD6
mov edi, edx
lea esi, dword_446C14
mov ecx, 10h
rep movsd
retn
sub_40BABC endp
; =============== S U B R O U T I N E =======================================
sub_40BB2B proc near ; CODE XREF: sub_40BA60+29�p
; sub_40BABC+15�p
mov ebx, 1FFh
loc_40BB30: ; CODE XREF: sub_40BB2B+B�j
bt [edi], ebx
jb short locret_40BB38
dec ebx
jnz short loc_40BB30
locret_40BB38: ; CODE XREF: sub_40BB2B+8�j
retn
sub_40BB2B endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40BB3C proc near ; CODE XREF: sub_40BABC+2E�p
; sub_40BABC+57�p
lea esi, dword_446C14
mov edi, [ebp+14h]
mov ecx, 0Fh
loc_40BB4A: ; CODE XREF: sub_40BB3C+19�j
mov eax, [esi+ecx*4]
cmp eax, [edi+ecx*4]
jb short locret_40BB73
ja short loc_40BB57
dec ecx
jns short loc_40BB4A
loc_40BB57: ; CODE XREF: sub_40BB3C+16�j
mov esi, [ebp+14h]
lea edi, dword_446C14
xor eax, eax
mov ecx, 10h
loc_40BB67: ; CODE XREF: sub_40BB3C+35�j
mov eax, [esi]
sbb [edi], eax
lea esi, [esi+4]
lea edi, [edi+4]
loop loc_40BB67
locret_40BB73: ; CODE XREF: sub_40BB3C+14�j
retn
sub_40BB3C endp
; =============== S U B R O U T I N E =======================================
sub_40BB74 proc near ; CODE XREF: sub_40BBC5+32�p
; sub_40BBC5+50�p ...
mov eax, ebx
and eax, ecx
push ebx
not ebx
and ebx, edx
or eax, ebx
pop ebx
retn
sub_40BB74 endp
; =============== S U B R O U T I N E =======================================
sub_40BB81 proc near ; CODE XREF: sub_40BBC5+219�p
; sub_40BBC5+238�p ...
mov eax, ebx
and eax, edx
push edx
not edx
and edx, ecx
or eax, edx
pop edx
retn
sub_40BB81 endp
; =============== S U B R O U T I N E =======================================
sub_40BB8E proc near ; CODE XREF: sub_40BBC5+420�p
; sub_40BBC5+43F�p ...
mov eax, ebx
xor eax, ecx
xor eax, edx
retn
sub_40BB8E endp
; =============== S U B R O U T I N E =======================================
sub_40BB95 proc near ; CODE XREF: sub_40BBC5+627�p
; sub_40BBC5+645�p ...
mov eax, edx
not eax
or eax, ebx
xor eax, ecx
retn
sub_40BB95 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BB9E proc near ; CODE XREF: sub_4088D5+94�p
arg_0 = dword ptr 8
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov dword ptr [edi], 67452301h
mov dword ptr [edi+4], 0EFCDAB89h
mov dword ptr [edi+8], 98BADCFEh
mov dword ptr [edi+0Ch], 10325476h
popa
pop ebp
retn 4
sub_40BB9E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40BBC5 proc near ; CODE XREF: sub_4088D5+B1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
pusha
mov edi, [ebp+arg_0]
mov esi, [ebp+arg_4]
mov eax, [edi]
mov dword_446C94, eax
mov eax, [edi+4]
mov dword_446C98, eax
mov eax, [edi+8]
mov dword_446C9C, eax
mov eax, [edi+0Ch]
mov dword_446CA0, eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi]
add eax, 0D76AA478h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+4]
add eax, 0E8C7B756h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+8]
add eax, 242070DBh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+0Ch]
add eax, 0C1BDCEEEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+10h]
add eax, 0F57C0FAFh
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A8304613h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+1Ch]
add eax, 0FD469501h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+20h]
add eax, 698098D8h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+24h]
add eax, 8B44F7AFh
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFFF5BB1h
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+2Ch]
add eax, 895CD7BEh
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB74
add eax, [edi]
add eax, [esi+30h]
add eax, 6B901122h
rol eax, 7
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB74
add eax, [edi+0Ch]
add eax, [esi+34h]
add eax, 0FD987193h
rol eax, 0Ch
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB74
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0A679438Eh
rol eax, 11h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB74
add eax, [edi+4]
add eax, [esi+3Ch]
add eax, 49B40821h
rol eax, 16h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+4]
add eax, 0F61E2562h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+18h]
add eax, 0C040B340h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 265E5A51h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi]
add eax, 0E9B6C7AAh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+14h]
add eax, 0D62F105Dh
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+28h]
add eax, 2441453h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 0D8A1E681h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+10h]
add eax, 0E7D3FBC8h
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+24h]
add eax, 21E1CDE6h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+38h]
add eax, 0C33707D6h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0F4D50D87h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+20h]
add eax, 455A14EDh
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB81
add eax, [edi]
add eax, [esi+34h]
add eax, 0A9E3E905h
rol eax, 5
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB81
add eax, [edi+0Ch]
add eax, [esi+8]
add eax, 0FCEFA3F8h
rol eax, 9
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB81
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 676F02D9h
rol eax, 0Eh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB81
add eax, [edi+4]
add eax, [esi+30h]
add eax, 8D2A4C8Ah
rol eax, 14h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+14h]
add eax, 0FFFA3942h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+20h]
add eax, 8771F681h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+2Ch]
add eax, 6D9D6122h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+38h]
add eax, 0FDE5380Ch
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+4]
add eax, 0A4BEEA44h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+10h]
add eax, 4BDECFA9h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+1Ch]
add eax, 0F6BB4B60h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+28h]
add eax, 0BEBFBC70h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+34h]
add eax, 289B7EC6h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi]
add eax, 0EAA127FAh
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+0Ch]
add eax, 0D4EF3085h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+18h]
add eax, 4881D05h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB8E
add eax, [edi]
add eax, [esi+24h]
add eax, 0D9D4D039h
rol eax, 4
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB8E
add eax, [edi+0Ch]
add eax, [esi+30h]
add eax, 0E6DB99E5h
rol eax, 0Bh
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB8E
add eax, [edi+8]
add eax, [esi+3Ch]
add eax, 1FA27CF8h
rol eax, 10h
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB8E
add eax, [edi+4]
add eax, [esi+8]
add eax, 0C4AC5665h
rol eax, 17h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi]
add eax, 0F4292244h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+1Ch]
add eax, 432AFF97h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+38h]
add eax, 0AB9423A7h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+14h]
add eax, 0FC93A039h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+30h]
add eax, 655B59C3h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+0Ch]
add eax, 8F0CCC92h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+28h]
add eax, 0FFEFF47Dh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+4]
add eax, 85845DD1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+20h]
add eax, 6FA87E4Fh
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+3Ch]
add eax, 0FE2CE6E0h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+18h]
add eax, 0A3014314h
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+34h]
add eax, 4E0811A1h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov ebx, [edi+4]
mov ecx, [edi+8]
mov edx, [edi+0Ch]
call sub_40BB95
add eax, [edi]
add eax, [esi+10h]
add eax, 0F7537E82h
rol eax, 6
add eax, [edi+4]
mov [edi], eax
mov ebx, [edi]
mov ecx, [edi+4]
mov edx, [edi+8]
call sub_40BB95
add eax, [edi+0Ch]
add eax, [esi+2Ch]
add eax, 0BD3AF235h
rol eax, 0Ah
add eax, [edi]
mov [edi+0Ch], eax
mov ebx, [edi+0Ch]
mov ecx, [edi]
mov edx, [edi+4]
call sub_40BB95
add eax, [edi+8]
add eax, [esi+8]
add eax, 2AD7D2BBh
rol eax, 0Fh
add eax, [edi+0Ch]
mov [edi+8], eax
mov ebx, [edi+8]
mov ecx, [edi+0Ch]
mov edx, [edi]
call sub_40BB95
add eax, [edi+4]
add eax, [esi+24h]
add eax, 0EB86D391h
rol eax, 15h
add eax, [edi+8]
mov [edi+4], eax
mov eax, dword_446C94
add [edi], eax
mov eax, dword_446C98
add [edi+4], eax
mov eax, dword_446C9C
add [edi+8], eax
mov eax, dword_446CA0
add [edi+0Ch], eax
popa
pop ebp
xor eax, eax
retn 8
sub_40BBC5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C410 proc near ; CODE XREF: sub_409847+D90�p
var_1C = dword ptr -1Ch
var_4 = word ptr -4
var_2 = word ptr -2
push ebp
mov ebp, esp
sub esp, 1Ch
fnstcw [ebp+var_2]
mov ax, [ebp+var_2]
or ah, 0Ch
mov [ebp+var_4], ax
fldcw [ebp+var_4]
fistp [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
fldcw [ebp+var_2]
leave
retn
sub_40C410 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40C434 proc near ; CODE XREF: .text:0040127F�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push edi
call sub_40C4FC
mov edi, eax
cmp byte ptr [edi], 22h
jnz short loc_40C468
push 22h
mov eax, edi
inc eax
push eax
call sub_40CA60
add esp, 8
mov [ebp+var_4], eax
or eax, eax
jz short loc_40C483
mov edi, eax
inc edi
jmp short loc_40C460
; ---------------------------------------------------------------------------
loc_40C45F: ; CODE XREF: sub_40C434+2F�j
inc edi
loc_40C460: ; CODE XREF: sub_40C434+29�j
cmp byte ptr [edi], 20h
jz short loc_40C45F
jmp short loc_40C483
; ---------------------------------------------------------------------------
loc_40C467: ; CODE XREF: sub_40C434+3E�j
inc edi
loc_40C468: ; CODE XREF: sub_40C434+F�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C474
cmp eax, 20h
jnz short loc_40C467
loc_40C474: ; CODE XREF: sub_40C434+39�j
jmp short loc_40C477
; ---------------------------------------------------------------------------
loc_40C476: ; CODE XREF: sub_40C434+4D�j
inc edi
loc_40C477: ; CODE XREF: sub_40C434:loc_40C474�j
movsx eax, byte ptr [edi]
or eax, eax
jz short loc_40C483
cmp eax, 20h
jz short loc_40C476
loc_40C483: ; CODE XREF: sub_40C434+24�j
; sub_40C434+31�j ...
push 0
call sub_40C550
push 1
push edi
push 0
push eax
call sub_40A766
pop edi
leave
retn
sub_40C434 endp
; =============== S U B R O U T I N E =======================================
sub_40C498 proc near ; CODE XREF: sub_401334+8�p
; sub_402A4D+8�p ...
var_FFC = dword ptr -0FFCh
pop ecx
loc_40C499: ; CODE XREF: sub_40C498+14�j
sub esp, 1000h
sub eax, 1000h
test [esp+0FFCh+var_FFC], eax
cmp eax, 1000h
jnb short loc_40C499
sub esp, eax
test [esp+0FFCh+var_FFC], eax
jmp ecx
sub_40C498 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40C4B8 proc near ; CODE XREF: sub_401B9A+CA�p
; sub_4053A1+2D�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
xor eax, eax
mov ecx, 0FFFFFFFFh
xchg edi, edx
repne scasb
neg ecx
lea ecx, [ecx-1]
mov eax, [esp+arg_4]
xchg eax, esi
mov edi, [esp+arg_0]
rep movsb
xchg eax, esi
xchg edx, edi
mov eax, [esp+arg_0]
retn 8
sub_40C4B8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4E4 proc near ; CODE XREF: sub_40A766+360�p
jmp ds:dword_447374
sub_40C4E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4F0 proc near ; CODE XREF: sub_4062CD+152�p
; sub_408BE4+114�p
jmp ds:dword_447378
sub_40C4F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C4FC proc near ; CODE XREF: sub_40C434+5�p
jmp ds:dword_44737C
sub_40C4FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C508 proc near ; CODE XREF: .text:00401969�p
; sub_401A36+33�p ...
jmp ds:dword_447380
sub_40C508 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C514 proc near ; CODE XREF: sub_401334+29�p
; sub_4015EB+E�p ...
jmp ds:dword_447384
sub_40C514 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C520 proc near ; CODE XREF: sub_401A36+6F�p
; sub_409847+6F7�p
jmp ds:dword_447388
sub_40C520 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C52C proc near ; CODE XREF: sub_40847D+FF�p
jmp ds:dword_44738C
sub_40C52C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C538 proc near ; CODE XREF: sub_401334:loc_4013FF�p
; .text:004019A5�p ...
jmp ds:dword_447390
sub_40C538 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C544 proc near ; CODE XREF: sub_403AA3+148�p
; sub_404194+5E�p ...
jmp ds:dword_447394
sub_40C544 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C550 proc near ; CODE XREF: sub_40223C+13�p
; sub_402572+12B�p ...
jmp ds:dword_447398
sub_40C550 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C55C proc near ; CODE XREF: sub_401334+8F�p
; sub_401A36+C6�p ...
jmp ds:dword_44739C
sub_40C55C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C568 proc near ; CODE XREF: sub_40223C+2B�p
; sub_40223C+40�p ...
jmp ds:dword_4473A0
sub_40C568 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C574 proc near ; CODE XREF: sub_401334+10�p
; sub_401806+7B�p ...
jmp ds:dword_4473A4
sub_40C574 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C580 proc near ; CODE XREF: sub_4039D6+37�p
; sub_404194+DF�p ...
jmp ds:dword_4473A8
sub_40C580 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C58C proc near ; CODE XREF: sub_405601+121�p
; sub_408BE4+18�p
jmp ds:dword_4473AC
sub_40C58C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C598 proc near ; CODE XREF: sub_401806+34�p
; sub_401D14+E8�p ...
jmp ds:dword_4473B0
sub_40C598 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5A4 proc near ; CODE XREF: sub_4015EB:loc_401660�p
; sub_401806+73�p ...
jmp ds:dword_4473B4
sub_40C5A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5B0 proc near ; CODE XREF: sub_404194+97�p
; sub_40A766+F1�p
jmp ds:dword_4473B8
sub_40C5B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5BC proc near ; CODE XREF: sub_4039D6+71�p
jmp ds:dword_4473BC
sub_40C5BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5C8 proc near ; CODE XREF: sub_404194+166�p
; sub_409847+AF5�p ...
jmp ds:dword_4473C0
sub_40C5C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5D4 proc near ; CODE XREF: sub_403449+71�p
; sub_4036F2+55�p ...
jmp ds:dword_4473C4
sub_40C5D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5E0 proc near ; CODE XREF: sub_4034D8+94�p
; .text:00403926�p
jmp ds:dword_4473C8
sub_40C5E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5EC proc near ; CODE XREF: sub_4034D8+74�p
; .text:004038FC�p
jmp ds:dword_4473CC
sub_40C5EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C5F8 proc near ; CODE XREF: sub_402A4D+20C�p
jmp ds:dword_4473D0
sub_40C5F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C604 proc near ; CODE XREF: sub_4062CD+461�p
; sub_40A766+2D9�p
jmp ds:dword_4473D4
sub_40C604 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C610 proc near ; CODE XREF: sub_4062CD+4D�p
jmp ds:dword_4473D8
sub_40C610 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C61C proc near ; CODE XREF: sub_402A4D+1CB�p
jmp ds:dword_4473DC
sub_40C61C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C628 proc near ; CODE XREF: sub_402A4D+606�p
jmp ds:dword_4473E0
sub_40C628 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C634 proc near ; CODE XREF: sub_4015EB+9�p
; sub_401806:loc_401831�p ...
jmp ds:dword_4473E4
sub_40C634 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C640 proc near ; CODE XREF: sub_402A4D+B7�p
jmp ds:dword_4473E8
sub_40C640 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C64C proc near ; CODE XREF: sub_401A36+85�p
; sub_40518F+6A�p ...
jmp ds:dword_4473EC
sub_40C64C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C658 proc near ; CODE XREF: sub_40518F+B3�p
; sub_405601+85�p ...
jmp ds:dword_4473F0
sub_40C658 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C664 proc near ; CODE XREF: sub_40A704+25�p
jmp ds:dword_4473F4
sub_40C664 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C670 proc near ; CODE XREF: sub_40518F+25�p
jmp ds:dword_4473F8
sub_40C670 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C67C proc near ; CODE XREF: sub_401334+42�p
; sub_401A36+2C�p ...
jmp ds:dword_4473FC
sub_40C67C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C688 proc near ; CODE XREF: sub_401334+7F�p
; sub_401A36+B2�p
jmp ds:dword_447400
sub_40C688 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C694 proc near ; CODE XREF: sub_40107A+13�p
jmp ds:dword_447404
sub_40C694 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6A0 proc near ; CODE XREF: sub_402A4D+50D�p
; sub_4088D5+6F�p
jmp ds:dword_447408
sub_40C6A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6AC proc near ; CODE XREF: sub_4052EF+5E�p
; sub_408189+1D4�p ...
jmp ds:dword_44740C
sub_40C6AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6B8 proc near ; CODE XREF: sub_40847D+130�p
jmp ds:dword_447410
sub_40C6B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6C4 proc near ; CODE XREF: sub_40A766+528�p
jmp ds:dword_447414
sub_40C6C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6D0 proc near ; CODE XREF: sub_4062CD+373�p
; sub_4062CD+3AD�p
jmp ds:dword_447418
sub_40C6D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6DC proc near ; CODE XREF: sub_4062CD+5A8�p
; sub_408BE4+1EA�p
jmp ds:dword_44741C
sub_40C6DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6E8 proc near ; CODE XREF: sub_4087C3+19�p
jmp ds:dword_447420
sub_40C6E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C6F4 proc near ; CODE XREF: sub_4087F1+18�p
jmp ds:dword_447424
sub_40C6F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C700 proc near ; CODE XREF: sub_402A4D+54C�p
jmp ds:dword_447428
sub_40C700 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C70C proc near ; CODE XREF: sub_4062CD+2D6�p
; sub_408BE4+1C3�p
jmp ds:dword_44742C
sub_40C70C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C718 proc near ; CODE XREF: sub_40692E+38�p
jmp ds:dword_447430
sub_40C718 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C724 proc near ; CODE XREF: sub_403AA3+198�p
; sub_404194+2DB�p ...
jmp ds:dword_447434
sub_40C724 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C730 proc near ; CODE XREF: sub_403AA3+111�p
; sub_403C5F+2DF�p ...
jmp ds:dword_447438
sub_40C730 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C73C proc near ; CODE XREF: sub_401B9A+B0�p
; sub_405527+1C�p ...
jmp ds:dword_44743C
sub_40C73C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C748 proc near ; CODE XREF: sub_40692E+17�p
jmp ds:dword_447440
sub_40C748 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C754 proc near ; CODE XREF: sub_40801C+38�p
; sub_40A766+816�p
jmp ds:dword_447444
sub_40C754 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C760 proc near ; CODE XREF: sub_404194+1D8�p
; sub_4062CD+483�p ...
jmp ds:dword_447448
sub_40C760 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C76C proc near ; CODE XREF: sub_4062CD+3CD�p
; sub_406A9A+AB�p ...
jmp ds:dword_447454
sub_40C76C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C778 proc near ; CODE XREF: sub_408E89+6A�p
; sub_40B143+F7�p ...
jmp ds:dword_447458
sub_40C778 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C784 proc near ; CODE XREF: sub_4062CD+353�p
jmp ds:dword_44745C
sub_40C784 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C790 proc near ; CODE XREF: sub_408DEF+19�p
; sub_408DEF+8D�p
jmp ds:dword_447460
sub_40C790 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C79C proc near ; CODE XREF: sub_408DEF+49�p
jmp ds:dword_447464
sub_40C79C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7A8 proc near ; CODE XREF: sub_408E89+9A7�p
; sub_40B01B+47�p ...
jmp ds:dword_447468
sub_40C7A8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7B4 proc near ; CODE XREF: sub_406E2B+81�p
jmp ds:dword_44746C
sub_40C7B4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7C0 proc near ; CODE XREF: sub_40A766+47A�p
jmp ds:dword_447470
sub_40C7C0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7CC proc near ; CODE XREF: sub_40A766+4AA�p
jmp ds:dword_447474
sub_40C7CC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7D8 proc near ; CODE XREF: sub_40A766+852�p
jmp ds:dword_447478
sub_40C7D8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7E4 proc near ; CODE XREF: sub_40A766+4D8�p
jmp ds:dword_44747C
sub_40C7E4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7F0 proc near ; CODE XREF: sub_40B143+3B4�p
; sub_40B143+443�p ...
jmp ds:dword_447480
sub_40C7F0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C7FC proc near ; CODE XREF: sub_40A766+8A5�p
jmp ds:dword_447484
sub_40C7FC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C808 proc near ; CODE XREF: sub_408E89+8AE�p
; sub_408E89+8E9�p ...
jmp ds:dword_447488
sub_40C808 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C814 proc near ; CODE XREF: sub_408E89+8CA�p
; sub_408E89+90B�p ...
jmp ds:dword_44748C
sub_40C814 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C820 proc near ; CODE XREF: sub_404527+55�p
jmp ds:dword_447490
sub_40C820 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C82C proc near ; CODE XREF: sub_404527+7D�p
jmp ds:dword_447494
sub_40C82C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C838 proc near ; CODE XREF: sub_404527+27�p
jmp ds:dword_447498
sub_40C838 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C844 proc near ; CODE XREF: sub_40A766+86F�p
jmp ds:dword_44749C
sub_40C844 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C850 proc near ; CODE XREF: sub_40A766+888�p
jmp ds:dword_4474A0
sub_40C850 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C85C proc near ; CODE XREF: sub_408E89+1EE�p
; sub_408E89+32B�p ...
jmp ds:dword_4474A4
sub_40C85C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C868 proc near ; CODE XREF: sub_404FEF+6E�p
; sub_404FEF+E1�p ...
jmp ds:dword_4474A8
sub_40C868 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C874 proc near ; CODE XREF: sub_40B143+220�p
jmp ds:dword_4474AC
sub_40C874 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C880 proc near ; CODE XREF: sub_408E89+58�p
; sub_40B143+873�p
jmp ds:dword_4474B0
sub_40C880 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C88C proc near ; CODE XREF: sub_408E89+AC�p
; sub_408E89+126�p ...
jmp ds:dword_4474B4
sub_40C88C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C898 proc near ; CODE XREF: sub_40B143+237�p
; sub_40B143+775�p
jmp ds:dword_4474B8
sub_40C898 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8A4 proc near ; CODE XREF: sub_40B143+195�p
jmp ds:dword_4474BC
sub_40C8A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8B0 proc near ; CODE XREF: sub_40B143+898�p
jmp ds:dword_4474C0
sub_40C8B0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8BC proc near ; CODE XREF: sub_40B01B+112�p
jmp ds:dword_4474C4
sub_40C8BC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8C8 proc near ; CODE XREF: sub_40A766+4BD�p
jmp ds:dword_4474D0
sub_40C8C8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8D4 proc near ; CODE XREF: sub_40B143+2DB�p
jmp ds:dword_4474D4
sub_40C8D4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8E0 proc near ; CODE XREF: sub_40B143+2C2�p
; sub_40B143+2CE�p
jmp ds:dword_4474D8
sub_40C8E0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8EC proc near ; CODE XREF: sub_40B143+2FA�p
jmp ds:dword_4474DC
sub_40C8EC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C8F8 proc near ; CODE XREF: sub_408E89+1CE�p
; sub_408E89+7D8�p
jmp ds:dword_4474E0
sub_40C8F8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C904 proc near ; CODE XREF: sub_40518F+36�p
jmp ds:dword_4474EC
sub_40C904 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C910 proc near ; CODE XREF: sub_40518F+9B�p
jmp ds:dword_4474F0
sub_40C910 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C91C proc near ; CODE XREF: sub_4015EB+2E�p
; sub_40404B+55�p
jmp ds:dword_4474F4
sub_40C91C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C928 proc near ; CODE XREF: sub_4014BD+7C�p
; sub_4015EB+68�p ...
jmp ds:dword_4474F8
sub_40C928 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C934 proc near ; CODE XREF: sub_4014BD+2A�p
jmp ds:dword_4474FC
sub_40C934 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C940 proc near ; CODE XREF: sub_4014BD+6A�p
jmp ds:dword_447500
sub_40C940 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C94C proc near ; CODE XREF: sub_4015EB+5E�p
; sub_40404B+86�p
jmp ds:dword_447504
sub_40C94C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C958 proc near ; CODE XREF: sub_4022CC+138�p
jmp ds:dword_447508
sub_40C958 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C964 proc near ; CODE XREF: sub_4022CC+173�p
jmp ds:dword_44750C
sub_40C964 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C970 proc near ; CODE XREF: sub_4022CC+159�p
jmp ds:dword_447510
sub_40C970 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C97C proc near ; CODE XREF: sub_404FEF+24�p
jmp ds:dword_447514
sub_40C97C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C988 proc near ; CODE XREF: sub_404FEF+16D�p
jmp ds:dword_447518
sub_40C988 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C994 proc near ; CODE XREF: sub_404FEF+37�p
jmp ds:dword_44751C
sub_40C994 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9A0 proc near ; CODE XREF: sub_403610+40�p
jmp ds:dword_447528
sub_40C9A0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9AC proc near ; CODE XREF: .text:00401262�p
jmp ds:dword_44752C
sub_40C9AC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9B8 proc near ; CODE XREF: sub_406A9A+1D5�p
; sub_406E2B+6C�p ...
jmp ds:dword_447530
sub_40C9B8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9C4 proc near ; CODE XREF: sub_4053A1+E5�p
; sub_4053A1+14C�p
jmp ds:dword_447534
sub_40C9C4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9D0 proc near ; CODE XREF: sub_409847+D97�p
; sub_409847+DD1�p
jmp ds:dword_447538
sub_40C9D0 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9DC proc near ; CODE XREF: .text:0040128D�p
; sub_409847+D1D�p ...
jmp ds:dword_44753C
sub_40C9DC endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9E8 proc near ; CODE XREF: sub_4088D5+116�p
jmp ds:dword_447540
sub_40C9E8 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40C9F4 proc near ; CODE XREF: sub_40129C+1A�p
; .text:0040144C�p ...
jmp ds:dword_447544
sub_40C9F4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA00 proc near ; CODE XREF: sub_4062CD+71�p
; sub_4062CD+236�p ...
jmp ds:dword_447548
sub_40CA00 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA0C proc near ; CODE XREF: sub_40109A+149�p
jmp ds:dword_44754C
sub_40CA0C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA18 proc near ; CODE XREF: sub_40170F:loc_401732�p
; sub_403C5F+50�p ...
jmp ds:dword_447550
sub_40CA18 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA24 proc near ; CODE XREF: sub_40109A+102�p
; sub_40109A+11C�p ...
jmp ds:dword_447554
sub_40CA24 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA30 proc near ; CODE XREF: sub_4037EF+2E�p
; .text:004038BB�p ...
jmp ds:dword_447558
sub_40CA30 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA3C proc near ; CODE XREF: sub_409847+74�p
; sub_40A766+137�p
jmp ds:dword_44755C
sub_40CA3C endp
; ---------------------------------------------------------------------------
align 8
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA48 proc near ; CODE XREF: sub_409847+A25�p
jmp ds:dword_447560
sub_40CA48 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA54 proc near ; CODE XREF: sub_403449+5D�p
; sub_4034D8+53�p ...
jmp ds:dword_447564
sub_40CA54 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA60 proc near ; CODE XREF: sub_40C434+17�p
jmp ds:dword_447568
sub_40CA60 endp
; ---------------------------------------------------------------------------
db 2 dup(90h)
dd 0
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40CA6C proc near ; CODE XREF: sub_4062CD+4B8�p
jmp ds:dword_44756C
sub_40CA6C endp
; ---------------------------------------------------------------------------
align 800h
_text ends
; Section 2. (virtual address 0000D000)
; Virtual size : 0002D428 ( 185384.)
; Section size in file : 0002D428 ( 185384.)
; Offset to raw data for section: 0000D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_bss segment para public 'DATA' use32
assume cs:_bss
;org 40D000h
dword_40D000 dd 72656B5Ch ; sub_4083E5+8E�r
aNel32_dll db 'nel32.dll',0
align 10h
db 0
aSCmd_pif db '%s\cmd.pif',0
db 0
db 2 dup(0), 5Ch
aCmd_exeCStartC db 'cmd.exe /C start c:\boot.sys',0
align 10h
dd 3F2h dup(0)
dword_40E008 dd 0 ; sub_40B01B+DF�r
dword_40E00C dd 0 ; sub_401D14+47D�w ...
dword_40E010 dd 40h dup(0) ; sub_409847+6DA�o ...
dword_40E110 dd 0 ; sub_40357C:loc_403606�r
dd 455h dup(0)
dword_40F268 dd 0 ; sub_401D14+23D�w ...
dword_40F26C dd 0 ; sub_401D14+412�r ...
dword_40F270 dd 0 ; sub_406E2B+FF8�r ...
byte_40F274 db 0 ; DATA XREF: sub_401D14+14F�w
align 10h
dword_40F280 dd 40h dup(0) ; sub_40A766+3BC�o ...
dword_40F380 dd 0 ; sub_402A4D+E5�w ...
dd 0FFh dup(0)
dword_40F780 dd 0 ; sub_40375C+89�r
dd 431h dup(0)
dword_410848 dd 0 ; sub_408E89+816�r ...
align 10h
dword_410850 dd 0 ; .text:loc_401B90�r
dd 457h dup(0)
dword_4119B0 dd 0 dd 0FFh dup(0)
dword_411DB0 dd 0 ; sub_4040FC:loc_40418A�r
dd 40Bh dup(0)
dword_412DE0 dd 0 ; .text:loc_402568�r
dd 462h dup(0)
dword_413F6C dd 0 ; sub_40B01B+F8�r
dword_413F70 dd 0 ; sub_408E89+854�r ...
align 8
byte_413F78 db 0 ; DATA XREF: sub_401D14+41A�w
align 10h
byte_413F80 db 0 ; DATA XREF: sub_401D14+6C�w
; sub_401D14+71�r ...
align 4
dword_413F84 dd 0 ; sub_401D14+1E7�w ...
align 10h
dword_413F90 dd 40h dup(0) ; sub_409847+969�o ...
dword_414090 dd 0 ; sub_402A4D+D9�r ...
dd 0FFh dup(0)
dword_414490 dd 0 ; sub_4080E0+9F�r
dd 45Bh dup(0)
dword_415600 dd 0 ; .text:00401957�r
dd 423h dup(0)
dword_416690 dd 0 ; sub_4045E2:loc_404659�r
dd 3EBh dup(0)
dword_417640 dd 0 ; .text:00402232�r
dd 40Bh dup(0)
dword_418670 dd 0 ; sub_40A766+EC�o
align 10h
dword_418680 dd 0 dd 23h dup(0)
dword_418710 dd 0 ; sub_405254+91�r
dd 3F3h dup(0)
dword_4196E0 dd 0 ; .text:004014B3�r
dd 45Eh dup(0)
byte_41A85C db 0 ; DATA XREF: sub_401D14+3DC�w
; sub_401D14+3E1�r
align 10h
dword_41A860 dd 0 ; sub_401D14+F6�r ...
dword_41A864 dd 0 dword_41A868 dd 0 ; sub_4022CC+114�r ...
align 10h
dword_41A870 dd 0 ; sub_40129C:loc_40132A�r
dd 40Ah dup(0)
dword_41B89C dd 0 ; sub_40A766+84C�r ...
dword_41B8A0 dd 0 ; sub_4068A2:loc_406924�r
dd 42Ah dup(0)
dword_41C94C dd 0 ; sub_408E89+1E8�r
dword_41C950 dd 0 ; sub_408E89+52�r ...
dword_41C954 dd 0 ; sub_4024C1+D�r
align 10h
dword_41C960 dd 0 ; sub_4032E7+92�r
dd 443h dup(0)
dword_41DA70 dd 0 ; sub_401D14+9D�w ...
dword_41DA74 dd 0 ; sub_408E89+723�r ...
dword_41DA78 dd 0 ; sub_40B01B+C5�r
dword_41DA7C dd 0 ; sub_408E89+367�r ...
dword_41DA80 dd 0 ; sub_402465+4C�r
dword_41DA84 dd 0 ; sub_408E89+DB�r ...
dword_41DA88 dd 0 ; sub_401D14+CD�w ...
align 10h
dword_41DA90 dd 0 ; sub_403936:loc_4039CC�r
dd 3FAh dup(0)
dword_41EA7C dd 0 ; sub_40B01B+B1�r
dword_41EA80 dd 40h dup(0) ; sub_40A766+387�o ...
byte_41EB80 db 0 ; DATA XREF: sub_401D14+19B�w
align 4
dword_41EB84 dd 0 ; sub_408E89+E3�r ...
align 10h
byte_41EB90 db 0 ; DATA XREF: sub_406E2B+199�o
; sub_406E2B+CD4�o ...
byte_41EB91 db 0 ; DATA XREF: sub_406E2B+E7D�r
byte_41EB92 db 0 ; DATA XREF: sub_406E2B+E86�r
byte_41EB93 db 0 ; DATA XREF: sub_406E2B+E8F�r
dd 3FFFh dup(0)
byte_42EB90 db 0 ; DATA XREF: sub_401D14+289�w
; sub_401D14+28E�r
align 4
dword_42EB94 dd 0 ; .text:0040809F�r ...
align 10h
dword_42EBA0 dd 0 ; .text:loc_4017FC�r
dd 453h dup(0)
dword_42FCF0 dd 0 dword_42FCF4 dd 0 ; sub_4022CC+36�r
dword_42FCF8 dd 0 ; sub_408E89+20E�r ...
byte_42FCFC db 0 ; DATA XREF: sub_401D14+315�w
; sub_401D14+31F�r ...
align 10h
dword_42FD00 dd 0 ; .text:loc_40451D�r
dd 3FBh dup(0)
dword_430CF0 dd 0 ; sub_406D88:loc_406E21�r
dd 402h dup(0)
dword_431CFC dd 0 ; sub_408E89+836�r ...
dword_431D00 dd 0 ; sub_40B143+28B�r ...
dword_431D04 dd 0 ; sub_408E89+325�r ...
align 10h
dword_431D10 dd 0 ; .text:004087B9�r
dd 43Bh dup(0)
dword_432E00 dd 40h dup(0) ; sub_403C5F+25C�o ...
byte_432F00 db 0 ; DATA XREF: sub_401334+AA�o
; sub_408189+F1�w ...
align 4
dd 3Fh dup(0)
dword_433000 dd 0 ; .text:loc_401A2C�r
dd 3F8h dup(0)
dword_433FE4 dd 0 ; sub_408E89+878�r ...
dword_433FE8 dd 0 ; sub_408E89+89B�r
align 10h
dword_433FF0 dd 0 ; .text:004015E1�r
dd 413h dup(0)
dword_435040 dd 0 ; sub_404F4F+96�r
dd 437h dup(0)
dword_436120 dd 0 ; .text:00401D0A�r
dd 41Bh dup(0)
dword_437190 dd 0 ; .text:00401705�r
dd 423h dup(0)
dword_438220 dd 0 ; .text:loc_408A8B�r
dd 441h dup(0)
dword_439328 dd 0 ; sub_40B143+293�r ...
align 10h
byte_439330 db 0 ; DATA XREF: sub_401D14+458�w
align 10h
dword_439340 dd 0 ; .text:0040889B�r
dd 439h dup(0)
_bss ends
; Section 3. (virtual address 0003B000)
; Virtual size : 0000C000 ( 49152.)
; Section size in file : 0000C000 ( 49152.)
; Offset to raw data for section: 0003B000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 43B000h
dd 4 dup(0)
dword_43B010 dd 0 ; sub_40109A+110�w ...
dword_43B014 dd 0 dd 0
dword_43B01C dd 0 dword_43B020 dd 0 ; .text:00401273�r
dword_43B024 dd 0 ; .text:0040126D�r
dword_43B028 dd 0 ; .text:00401267�r
dword_43B02C dd 0 ; sub_40109A:loc_401208�r
dword_43B030 dd 0 dword_43B034 dd 0 ; sub_40109A+87�r ...
dword_43B038 dd 0 dword_43B03C dd 14h dup(0) ; sub_40109A+8F�o
dword_43B08C dd 0 dword_43B090 dd 0 ; sub_40109A+32�w
dword_43B094 dd 0 ; sub_408E89+1C5�r ...
dword_43B098 dd 0 ; sub_408DEF+5B�r ...
dword_43B09C dd 0 ; sub_40129C:loc_4012C2�r ...
dword_43B0A0 dd 5 dup(0) ; sub_40A766+51F�o
dword_43B0B4 dd 0 ; sub_409847+17C�r ...
dword_43B0B8 dd 0 ; sub_409847+DF7�r ...
dword_43B0BC dd 0 ; sub_409847+182�r
dd 47h dup(0)
db 3 dup(0)
byte_43B1DF db 0 ; DATA XREF: sub_409847+599�o
; sub_409847+62D�o ...
dd 8 dup(0)
dword_43B200 dd 2 dup(0) ; sub_409847+628�o
dword_43B208 dd 3 dup(0) ; sub_409847+84D�o
dword_43B214 dd 0 ; sub_40B143:loc_40B2FA�r ...
dword_43B218 dd 0 ; sub_40B143+B3�r ...
dword_43B21C dd 0 db 2 dup(0)
word_43B222 dw 0 ; DATA XREF: sub_401334+E1�o
align 8
dword_43B228 dd 0 ; sub_401D14+B7�w ...
dd 2 dup(0)
dword_43B234 dd 0 ; .text:loc_401458�r ...
dword_43B238 dd 0 db 0
byte_43B23D db 3 dup(0) ; DATA XREF: sub_4014BD+34�o
db 2 dup(0)
word_43B242 dw 0 ; DATA XREF: sub_4014BD+4C�o
align 10h
dword_43B250 dd 0 ; .text:loc_40157D�r ...
dword_43B254 dd 4 dup(0) dword_43B264 dd 0 ; .text:loc_4016A8�r ...
dword_43B268 dd 3 dup(0) dword_43B274 dd 0 ; .text:loc_40179D�r ...
dword_43B278 dd 3 dup(0) dword_43B284 dd 0 ; .text:loc_4018FA�r ...
dword_43B288 dd 4 dup(0) dword_43B298 dd 0 ; .text:loc_4019D6�r ...
byte_43B29C db 0 ; DATA XREF: sub_401A36+C�o
byte_43B29D db 0 ; DATA XREF: sub_401A36+5D�o
byte_43B29E db 0 ; DATA XREF: sub_401A36+BA�o
dword_43B29F dd 0 align 4
dd 2 dup(0)
dword_43B2AC dd 0 ; .text:loc_401B46�r ...
dword_43B2B0 dd 4 dup(0) dword_43B2C0 dd 0 ; .text:loc_401CA9�r ...
dword_43B2C4 dd 2 dup(0) byte_43B2CC db 0 ; DATA XREF: sub_401D14+A7�o
byte_43B2CD db 3 dup(0) ; DATA XREF: sub_401D14+437�o
dd 0
dword_43B2D4 dd 0 dd 8Bh dup(0)
dword_43B504 dd 0 dd 73h dup(0)
dword_43B6D4 dd 0 dd 1D5h dup(0)
db 3 dup(0)
byte_43BE2F db 0 ; DATA XREF: sub_402A4D+45D�o
dd 3 dup(0)
dword_43BE3C dd 12h dup(0) dword_43BE84 dd 0 ; sub_402A4D+102�r ...
dword_43BE88 dd 0 dword_43BE8C dd 0 byte_43BE90 db 0 ; DATA XREF: sub_402A4D+76�r
; sub_402A4D+93�r
align 4
dd 29h dup(0)
dword_43BF38 dd 0 dword_43BF3C dd 0 ; .text:loc_4021CD�r ...
dword_43BF40 dd 6 dup(0) db 0
byte_43BF59 db 3 dup(0) ; DATA XREF: sub_40223C+3A�o
dd 6 dup(0)
db 2 dup(0)
word_43BF76 dw 0 ; DATA XREF: sub_40223C+4F�o
dd 4 dup(0)
dword_43BF88 dd 6 dup(0) db 3 dup(0)
byte_43BFA3 db 0 ; DATA XREF: sub_40223C+7B�o
dd 6 dup(0)
db 3 dup(0)
byte_43BFBF db 0 ; DATA XREF: sub_4022CC+C8�o
dd 3 dup(0)
dword_43BFCC dd 0Bh dup(0) db 2 dup(0)
word_43BFFA dw 0 ; DATA XREF: sub_40223C+1D�o
dd 0
db 2 dup(0)
word_43C002 dw 0 ; DATA XREF: sub_4022CC+20�o
db 3 dup(0)
byte_43C007 db 0 ; DATA XREF: sub_4022CC+3F�o
dd 0
db 3 dup(0)
dword_43C00F dd 0 byte_43C013 db 0 ; DATA XREF: sub_4022CC+A5�o
align 10h
dword_43C020 dd 0 ; sub_402A4D+5FA�r
dword_43C024 dd 0 ; .text:loc_402509�r ...
dd 23h dup(0)
byte_43C0B4 db 0 ; DATA XREF: sub_402572+B0�r
align 4
dword_43C0B8 dd 0 ; sub_402572+19F�r
dword_43C0BC dd 0 dd 18h dup(0)
dword_43C120 dd 0 db 0
dword_43C125 dd 0 word_43C129 dw 0 ; DATA XREF: sub_402A4D+110�r
byte_43C12B db 0 ; DATA XREF: sub_402A4D+17B�o
dd 0
db 3 dup(0)
word_43C133 dw 0 ; DATA XREF: sub_402A4D+1D3�r
byte_43C135 db 3 dup(0) ; DATA XREF: sub_402A4D+2C0�o
dd 0
db 0
word_43C13D dw 0 ; DATA XREF: sub_402A4D+370�r
byte_43C13F db 0 ; DATA XREF: sub_402A4D+722�o
db 2 dup(0)
dword_43C142 dd 0 word_43C146 dw 0 ; DATA XREF: sub_402A4D+761�o
dd 0
db 0
dword_43C14D dd 0 align 4
dd 2 dup(0)
dword_43C15C dd 0 ; sub_4032E7:loc_403316�r ...
dword_43C160 dd 0 db 0
byte_43C165 db 3 dup(0) ; DATA XREF: sub_403383+4F�o
dword_43C168 dd 0 dword_43C16C dd 0 db 0
byte_43C171 db 3 dup(0) ; DATA XREF: sub_4034D8+19�o
align 8
dword_43C178 dd 0 dword_43C17C dd 0 ; sub_40357C:loc_4035AA�r ...
word_43C180 dw 0 ; DATA XREF: sub_403610+18�r
word_43C182 dw 0 ; DATA XREF: sub_4036F2+11�o
dd 2 dup(0)
dword_43C18C dd 0 ; sub_40375C:loc_40378A�r ...
byte_43C190 db 3 dup(0) ; DATA XREF: sub_4037EF+17�o
word_43C193 dw 0 ; DATA XREF: sub_4037EF+33�r
byte_43C195 db 3 dup(0) ; DATA XREF: .text:0040389F�o
dd 3 dup(0)
dword_43C1A4 dd 0 ; sub_403936:loc_40396B�r ...
dword_43C1A8 dd 3A9h dup(0) db 3 dup(0)
byte_43D04F db 0 ; DATA XREF: sub_403C5F+2C0�o
dd 2D6h dup(0)
db 0
byte_43DBA9 db 3 dup(0) ; DATA XREF: sub_403AA3+10B�o
dd 0D87h dup(0)
db 2 dup(0)
word_4411CA dw 0 ; DATA XREF: sub_4039D6+1E�o
db 0
byte_4411CD db 3 dup(0) ; DATA XREF: sub_4039D6+7C�o
dd 0
db 0
byte_4411D5 db 3 dup(0) ; DATA XREF: sub_403AA3+17�o
db 3 dup(0)
byte_4411DB db 0 ; DATA XREF: sub_403AA3+54�o
db 2 dup(0)
dword_4411DE dd 0 word_4411E2 dw 0 ; DATA XREF: sub_403AA3+12D�o
db 0
byte_4411E5 db 3 dup(0) ; DATA XREF: sub_403AA3+16C�o
dd 0
dword_4411EC dd 0 db 0
byte_4411F1 db 3 dup(0) ; DATA XREF: sub_403C5F+140�o
db 3 dup(0)
byte_4411F7 db 0 ; DATA XREF: sub_403C5F+16E�o
dd 0
db 3 dup(0)
byte_4411FF db 0 ; DATA XREF: sub_403C5F+1A8�o
db 2 dup(0)
byte_441202 db 0 ; DATA XREF: sub_403C5F+274�o
byte_441203 db 0 ; DATA XREF: sub_403C5F+2EA�o
db 2 dup(0)
word_441206 dw 0 ; DATA XREF: sub_40404B+1E�o
db 0
byte_441209 db 3 dup(0) ; DATA XREF: sub_40404B+2E�o
dd 4 dup(0)
dword_44121C dd 0 ; sub_4040FC:loc_404122�r ...
byte_441220 db 3 dup(0) ; DATA XREF: sub_404194+30�o
byte_441223 db 0 ; DATA XREF: sub_404194+43�o
db 2 dup(0)
word_441226 dw 0 ; DATA XREF: sub_404194+B0�o
dd 0
db 2 dup(0)
word_44122E dw 0 ; DATA XREF: sub_404194+EA�o
dd 0
db 0
byte_441235 db 3 dup(0) ; DATA XREF: sub_404194+1E8�o
dword_441238 dd 4 dup(0) dword_441248 dd 0 ; .text:loc_4044BC�r ...
dword_44124C dd 0 ; sub_404527+34�r ...
dword_441250 dd 4 dup(0) dword_441260 dd 0 ; sub_4045E2:loc_40460F�r ...
dword_441264 dd 0 db 3 dup(0)
dword_44126B dd 0 dword_44126F dd 0 dword_441273 dd 0 byte_441277 db 0 ; DATA XREF: sub_40494F+1DC�o
db 2 dup(0)
dword_44127A dd 0 byte_44127E db 0 ; DATA XREF: sub_40494F+317�o
byte_44127F db 0 ; DATA XREF: sub_40494F+3A6�o
dd 0
db 3 dup(0)
byte_441287 db 0 ; DATA XREF: sub_40494F+44B�o
dd 0
db 0
word_44128D dw 0 ; DATA XREF: sub_40494F:loc_404E42�r
byte_44128F db 0 ; DATA XREF: sub_40494F+52E�o
dd 0
dword_441294 dd 0 db 0
word_441299 dw 0 ; DATA XREF: sub_40494F:loc_404EED�r
align 4
dword_44129C dd 0 dword_4412A0 dd 0 dword_4412A4 dd 0 ; sub_404F4F:loc_404F7D�r ...
dword_4412A8 dd 0 db 0
dword_4412AD dd 0 word_4412B1 dw 0 ; DATA XREF: sub_404FEF+79�r
byte_4412B3 db 0 ; DATA XREF: sub_40518F+52�o
dword_4412B4 dd 0 ; sub_4062CD+368�r
dword_4412B8 dd 0 ; sub_405F79+1D1�r ...
dword_4412BC dd 0 ; sub_405254:loc_405283�r ...
dword_4412C0 dd 0 dword_4412C4 dd 2 dup(0) word_4412CC dw 0 ; DATA XREF: sub_4053A1+158�r
word_4412CE dw 0 ; DATA XREF: sub_405527+C�o
dd 0
db 0
word_4412D5 dw 0 ; DATA XREF: sub_405601+10�r
word_4412D7 dw 0 ; DATA XREF: sub_405601+FF�r
word_4412D9 dw 0 ; DATA XREF: sub_405601+10C�r
byte_4412DB db 0 ; DATA XREF: sub_405601+204�o
dd 0
db 2 dup(0)
dword_4412E2 dd 0 word_4412E6 dw 0 ; DATA XREF: sub_405601+27D�o
db 3 dup(0)
word_4412EB dw 0 ; DATA XREF: sub_405601+39E�r
byte_4412ED db 3 dup(0) ; DATA XREF: sub_405601+3BD�o
dword_4412F0 dd 0 db 3 dup(0)
byte_4412F7 db 0 ; DATA XREF: sub_405601+69E�o
dd 0
db 2 dup(0)
word_4412FE dw 0 ; DATA XREF: sub_405601+6EB�o
dd 0
db 2 dup(0)
byte_441306 db 0 ; DATA XREF: sub_405601+80D�o
byte_441307 db 0 ; DATA XREF: sub_405601+8AC�o
dd 0
db 3 dup(0)
dword_44130F dd 0 byte_441313 db 0 ; DATA XREF: sub_405F79+25�o
dd 0
db 3 dup(0)
byte_44131B db 0 ; DATA XREF: sub_405F79+204�o
dd 0
db 2 dup(0)
word_441322 dw 0 ; DATA XREF: sub_4062CD+3B�o
db 3 dup(0)
byte_441327 db 0 ; DATA XREF: sub_4062CD+5E�o
dd 0
db 3 dup(0)
byte_44132F db 0 ; DATA XREF: sub_4062CD+7C�o
db 2 dup(0)
word_441332 dw 0 ; DATA XREF: sub_4062CD+117�o
align 8
byte_441338 db 3 dup(0) ; DATA XREF: sub_4062CD+1B1�o
byte_44133B db 0 ; DATA XREF: sub_4062CD+32E�o
dd 0
db 0
byte_441341 db 3 dup(0) ; DATA XREF: sub_4062CD+408�o
align 8
dword_441348 dd 0 dword_44134C dd 0 ; sub_4068A2:loc_4068CF�r ...
dword_441350 dd 0 ; sub_406A9A+39�r ...
dword_441354 dd 0 ; sub_406987+1D�r ...
dword_441358 dd 0 ; sub_406A9A+181�r ...
dword_44135C dd 0 dword_441360 dd 0 db 0
byte_441365 db 0 ; DATA XREF: sub_406A9A+220�o
word_441366 dw 0 ; DATA XREF: sub_406A9A+26F�o
dd 0
db 0
byte_44136D db 3 dup(0) ; DATA XREF: sub_406A9A+2A3�o
db 3 dup(0)
byte_441373 db 0 ; DATA XREF: sub_406A9A+2CB�o
dd 2 dup(0)
dword_44137C dd 0 dword_441380 dd 0 ; sub_406E2B+EEF�r ...
dword_441384 dd 0 ; sub_406D88:loc_406DB6�r ...
dword_441388 dd 0 ; sub_40801C+26�o
byte_44138C db 0 ; DATA XREF: sub_406E2B+FDC�r
align 10h
dd 0
dword_441394 dd 0 dword_441398 dd 0 db 0
byte_44139D db 3 dup(0) ; DATA XREF: sub_406E2B+BA�o
db 3 dup(0)
word_4413A3 dw 0 ; DATA XREF: sub_406E2B+D1�r
word_4413A5 dw 0 ; DATA XREF: sub_406E2B+1EB�r
byte_4413A7 db 0 ; DATA XREF: sub_406E2B+203�o
dd 0
db 2 dup(0)
word_4413AE dw 0 ; DATA XREF: sub_406E2B+210�r
byte_4413B0 db 3 dup(0) ; DATA XREF: sub_406E2B+223�o
byte_4413B3 db 0 ; DATA XREF: sub_406E2B+258�o
dword_4413B4 dd 0 db 2 dup(0)
byte_4413BA db 0 ; DATA XREF: sub_406E2B+3AE�o
byte_4413BB db 0 ; DATA XREF: sub_406E2B+3D9�o
dword_4413BC dd 2 dup(0) word_4413C4 dw 0 ; DATA XREF: sub_406E2B+4B5�r
word_4413C6 dw 0 ; DATA XREF: sub_406E2B+56C�o
dd 0
db 0
word_4413CD dw 0 ; DATA XREF: sub_406E2B:loc_407441�r
byte_4413CF db 0 ; DATA XREF: sub_406E2B+6CF�o
dd 0
db 2 dup(0)
word_4413D6 dw 0 ; DATA XREF: sub_406E2B+7A8�o
dd 0
dword_4413DC dd 0 db 0
byte_4413E1 db 3 dup(0) ; DATA XREF: sub_406E2B+8B2�o
dword_4413E4 dd 0 db 0
dword_4413E9 dd 0 byte_4413ED db 3 dup(0) ; DATA XREF: sub_406E2B+A33�o
db 3 dup(0)
byte_4413F3 db 0 ; DATA XREF: sub_406E2B+B71�o
dword_4413F4 dd 0 db 3 dup(0)
byte_4413FB db 0 ; DATA XREF: sub_406E2B+BE2�o
dd 0
db 2 dup(0)
byte_441402 db 0 ; DATA XREF: sub_406E2B+CC2�o
word_441403 dw 0 ; DATA XREF: sub_406E2B+D4F�r
dword_441405 dd 0 byte_441409 db 3 dup(0) ; DATA XREF: sub_406E2B+EA3�o
db 3 dup(0)
byte_44140F db 0 ; DATA XREF: sub_406E2B+107E�o
dd 0
dword_441414 dd 0 db 2 dup(0)
word_44141A dw 0 ; DATA XREF: sub_407F67+5�o
dd 2 dup(0)
db 2 dup(0)
word_441426 dw 0 ; DATA XREF: sub_40801C+C�o
dd 3 dup(0)
dword_441434 dd 0 dword_441438 dd 0 ; sub_4080E0:loc_40810F�r ...
dword_44143C dd 1003h dup(0) dword_445448 dd 0 ; sub_4083E5:loc_408413�r ...
dword_44544C dd 0 db 0
byte_445451 db 3 dup(0) ; DATA XREF: sub_4085D0+37�o
dd 2 dup(0)
db 0
word_44545D dw 0 ; DATA XREF: sub_4085D0+44�r
byte_44545F db 0 ; DATA XREF: sub_4085D0+BA�o
dword_445460 dd 0 dword_445464 dd 10h dup(0) dword_4454A4 dd 12h dup(0) dword_4454EC dd 0 ; .text:loc_40875B�r ...
word_4454F0 dw 0 ; DATA XREF: sub_4087F1+4�r
align 4
dword_4454F4 dd 0 dd 0
dword_4454FC dd 0 ; .text:loc_40883D�r ...
word_445500 dw 0 ; DATA XREF: sub_4088D5+C�r
word_445502 dw 0 ; DATA XREF: sub_4088D5+19�o
db 0
byte_445505 db 3 dup(0) ; DATA XREF: sub_4088D5+29�o
dword_445508 dd 0 dd 2 dup(0)
dword_445514 dd 0 ; .text:loc_408A35�r ...
dword_445518 dd 0 dd 0FFh dup(0)
dword_445918 dd 2 dup(0) dword_445920 dd 0 dword_445924 dd 0 dd 3 dup(0)
dword_445934 dd 65h dup(0) ; sub_408BE4+A7�o
db 3 dup(0)
dword_445ACB dd 0 dword_445ACF dd 0 byte_445AD3 db 0 ; DATA XREF: sub_408E89+2D7�o
dd 0
db 0
byte_445AD9 db 3 dup(0) ; DATA XREF: sub_408E89+2EB�o
db 3 dup(0)
byte_445ADF db 0 ; DATA XREF: sub_408E89+607�o
dd 0
db 0
word_445AE5 dw 0 ; DATA XREF: sub_408E89+7EF�r
byte_445AE7 db 0 ; DATA XREF: sub_408E89+847�o
dd 0
db 3 dup(0)
byte_445AEF db 0 ; DATA XREF: sub_408E89+889�o
dd 0
db 3 dup(0)
word_445AF7 dw 0 ; DATA XREF: sub_408E89+9AC�r
byte_445AF9 db 3 dup(0) ; DATA XREF: sub_409847+16�o
word_445AFC dw 0 ; DATA XREF: sub_409847+23�r
word_445AFE dw 0 ; DATA XREF: sub_409847+36�o
dd 0
db 0
byte_445B05 db 3 dup(0) ; DATA XREF: sub_409847+49�o
dd 0
word_445B0C dw 0 ; DATA XREF: sub_409847+56�r
dword_445B0E dd 0 word_445B12 dw 0 ; DATA XREF: sub_409847+9D�o
dd 0
db 0
byte_445B19 db 3 dup(0) ; DATA XREF: sub_409847+12A�o
db 3 dup(0)
byte_445B1F db 0 ; DATA XREF: sub_409847+227�o
dd 0
db 2 dup(0)
word_445B26 dw 0 ; DATA XREF: sub_409847+23A�o
db 3 dup(0)
byte_445B2B db 0 ; DATA XREF: sub_409847+291�o
dd 0
db 3 dup(0)
byte_445B33 db 0 ; DATA XREF: sub_409847+2DF�o
dd 0
db 3 dup(0)
byte_445B3B db 0 ; DATA XREF: sub_409847+3D4�o
align 10h
dword_445B40 dd 0 db 2 dup(0)
word_445B46 dw 0 ; DATA XREF: sub_409847+414�r
dword_445B48 dd 0 db 0
byte_445B4D db 3 dup(0) ; DATA XREF: sub_409847+50E�o
dd 0
dword_445B54 dd 2 dup(0) dword_445B5C dd 0 db 3 dup(0)
byte_445B63 db 0 ; DATA XREF: sub_409847+6C0�o
dword_445B64 dd 2 dup(0) byte_445B6C db 3 dup(0) ; DATA XREF: sub_409847+7F3�o
dword_445B6F dd 0 dword_445B73 dd 0 word_445B77 dw 0 ; DATA XREF: sub_409847+AFA�r
byte_445B79 db 3 dup(0) ; DATA XREF: sub_409847+B2D�o
byte_445B7C db 3 dup(0) ; DATA XREF: sub_409847+BE7�o
byte_445B7F db 0 ; DATA XREF: sub_409847+E84�o
dd 0
db 0
word_445B85 dw 0 ; DATA XREF: sub_40A704+7�r
word_445B87 dw 0 ; DATA XREF: sub_40A704+55�r
byte_445B89 db 3 dup(0) ; DATA XREF: sub_40A766+21�o
db 2 dup(0)
byte_445B8E db 0 ; DATA XREF: sub_40A766+B8�o
dword_445B8F dd 0 byte_445B93 db 0 ; DATA XREF: sub_40A766+154�o
align 8
dword_445B98 dd 2 dup(0) dword_445BA0 dd 0 db 3 dup(0)
dword_445BA7 dd 0 dword_445BAB dd 0 byte_445BAF db 0 ; DATA XREF: sub_40A766+557�o
db 2 dup(0)
word_445BB2 dw 0 ; DATA XREF: sub_40A766+59A�o
align 8
dword_445BB8 dd 2 dup(0) byte_445BC0 db 0 ; DATA XREF: sub_40A766+610�o
byte_445BC1 db 3 dup(0) ; DATA XREF: sub_40A766+67C�o
db 3 dup(0)
byte_445BC7 db 0 ; DATA XREF: sub_40A766+690�o
dd 0
db 3 dup(0)
byte_445BCF db 0 ; DATA XREF: sub_40A766+6F8�o
dd 0
dword_445BD4 dd 0 db 0
byte_445BD9 db 3 dup(0) ; DATA XREF: sub_40A766+827�o
align 10h
dword_445BE0 dd 0 dword_445BE4 dd 0 db 2 dup(0)
byte_445BEA db 0 ; DATA XREF: sub_40B143+74�o
byte_445BEB db 0 ; DATA XREF: sub_40B143+1CA�o
align 10h
word_445BF0 dw 0 ; DATA XREF: sub_40B143+258�r
word_445BF2 dw 0 ; DATA XREF: sub_40B143+33D�o
dd 0
db 2 dup(0)
word_445BFA dw 0 ; DATA XREF: sub_40B143+383�o
db 3 dup(0)
word_445BFF dw 0 ; DATA XREF: sub_40B143+667�r
byte_445C01 db 3 dup(0) ; DATA XREF: sub_40B143+780�o
align 8
byte_445C08 db 2 dup(0) ; DATA XREF: sub_40B143+810�o
word_445C0A dw 0 ; DATA XREF: sub_40B143+70A�o
db 0
byte_445C0D db 3 dup(0) ; DATA XREF: sub_40B143+639�o
dd 4 dup(0)
db 0
byte_445C21 db 3 dup(0) ; DATA XREF: sub_40B143+627�o
dd 0Ch dup(0)
db 3 dup(0)
byte_445C57 db 0 ; DATA XREF: sub_40B143+487�o
dd 0
db 0
byte_445C5D db 3 dup(0) ; DATA XREF: sub_40B143+42F�o
dd 7 dup(0)
dword_445C7C dd 0 ; sub_40B143+67B�o
db 2 dup(0)
word_445C82 dw 0 ; DATA XREF: sub_40B143+3A0�o
dd 7 dup(0)
db 2 dup(0)
word_445CA2 dw 0 ; DATA XREF: sub_40B143+347�o
db 0
byte_445CA5 db 3 dup(0) ; DATA XREF: sub_40A766+769�o
dd 5 dup(0)
db 0
byte_445CBD db 2 dup(0) ; DATA XREF: sub_40A766+73D�o
byte_445CBF db 0 ; DATA XREF: sub_40A766+707�o
db 0
byte_445CC1 db 3 dup(0) ; DATA XREF: sub_40A766+6C1�o
dd 10h dup(0)
db 3 dup(0)
byte_445D07 db 0 ; DATA XREF: sub_40A766+57A�o
dd 5 dup(0)
db 2 dup(0)
word_445D1E dw 0 ; DATA XREF: sub_40A766+566�o
dd 2 dup(0)
db 3 dup(0)
byte_445D2B db 0 ; DATA XREF: sub_40A766+425�o
dd 2 dup(0)
db 0
byte_445D35 db 3 dup(0) ; DATA XREF: sub_40A766+3E6�o
dd 2 dup(0)
db 2 dup(0)
word_445D42 dw 0 ; DATA XREF: sub_40A766+3B1�o
dd 2 dup(0)
dword_445D4C dd 2 dup(0) db 2 dup(0)
word_445D56 dw 0 ; DATA XREF: sub_40A766+372�o
; sub_40A766+3A7�o ...
dd 0
dword_445D5C dd 2 dup(0) db 2 dup(0)
word_445D66 dw 0 ; DATA XREF: sub_40A766+C5�o
align 10h
dword_445D70 dd 5 dup(0) dbl_445D84 dq 0.0 ; DATA XREF: sub_409847+D82�r
dword_445D8C dd 0 db 3 dup(0)
byte_445D93 db 0 ; DATA XREF: sub_409847+C6B�o
db 3 dup(0)
byte_445D97 db 0 ; DATA XREF: sub_409847+BAE�o
dd 0
db 0
byte_445D9D db 3 dup(0) ; DATA XREF: sub_409847+A0C�o
db 3 dup(0)
byte_445DA3 db 0 ; DATA XREF: sub_409847+912�o
dd 0
db 2 dup(0)
word_445DAA dw 0 ; DATA XREF: sub_409847+769�o
dd 2 dup(0)
dword_445DB4 dd 0 db 2 dup(0)
word_445DBA dw 0 ; DATA XREF: sub_409847+29B�o
; sub_409847+5B2�o ...
dword_445DBC dd 2 dup(0) dword_445DC4 dd 0 ; sub_409847+31E�o
dword_445DC8 dd 6 dup(0) ; sub_409847+30C�o
db 3 dup(0)
byte_445DE3 db 0 ; DATA XREF: sub_409847+19A�o
dd 2 dup(0)
db 2 dup(0)
word_445DEE dw 0 ; DATA XREF: sub_409847+165�o
dword_445DF0 dd 2 dup(0) db 2 dup(0)
word_445DFA dw 0 ; DATA XREF: sub_409847+D6�o
; sub_409847+C19�o
dd 2 dup(0)
dword_445E04 dd 5 dup(0) db 3 dup(0)
byte_445E1B db 0 ; DATA XREF: sub_408E89+730�o
dd 0
db 2 dup(0)
word_445E22 dw 0 ; DATA XREF: sub_408E89+661�o
; sub_408E89+6B9�o
db 3 dup(0)
byte_445E27 db 0 ; DATA XREF: sub_408E89+59B�o
dd 9 dup(0)
db 2 dup(0)
word_445E4E dw 0 ; DATA XREF: sub_408E89+521�o
dd 12h dup(0)
db 0
byte_445E99 db 3 dup(0) ; DATA XREF: sub_408E89+4AC�o
dd 2 dup(0)
db 2 dup(0)
word_445EA6 dw 0 ; DATA XREF: sub_408E89+437�o
dd 3 dup(0)
db 2 dup(0)
word_445EB6 dw 0 ; DATA XREF: sub_408E89+3B1�o
dd 3 dup(0)
db 3 dup(0)
byte_445EC7 db 0 ; DATA XREF: sub_408E89+332�o
dd 0
db 2 dup(0)
word_445ECE dw 0 ; DATA XREF: sub_408E89+2FB�o
db 3 dup(0)
byte_445ED3 db 0 ; DATA XREF: sub_408E89+1FA�o
; sub_408E89+25D�o
dd 2 dup(0)
dword_445EDC dd 6 dup(0) db 2 dup(0)
word_445EF6 dw 0 ; DATA XREF: sub_408E89+BD�o
; sub_408E89+137�o ...
dd 0
db 0
byte_445EFD db 3 dup(0) ; DATA XREF: sub_408E89+A2�o
; sub_409847+2B1�o ...
dd 0
db 2 dup(0)
word_445F06 dw 0 ; DATA XREF: sub_408E89+35�o
; sub_40B143+C6�o
dd 0
db 3 dup(0)
byte_445F0F db 0 ; DATA XREF: sub_408E89+19�o
; sub_40B143+A8�o
dd 2 dup(0)
db 0
byte_445F19 db 3 dup(0) ; DATA XREF: sub_408BE4+119�o
dd 3 dup(0)
dword_445F28 dd 0 db 0
byte_445F2D db 3 dup(0) ; DATA XREF: sub_408BE4+DC�o
dd 7 dup(0)
db 3 dup(0)
byte_445F4F db 0 ; DATA XREF: sub_408BE4+42�o
dd 0
dword_445F54 dd 7 dup(0) db 2 dup(0)
word_445F72 dw 0 ; DATA XREF: sub_4085D0+E3�o
dd 2 dup(0)
db 0
byte_445F7D db 3 dup(0) ; DATA XREF: sub_40847D+7A�o
dd 2 dup(0)
db 3 dup(0)
byte_445F8B db 0 ; DATA XREF: sub_408189+21A�o
db 2 dup(0)
word_445F8E dw 0 ; DATA XREF: sub_406E2B+EE0�o
dd 3 dup(0)
db 0
byte_445F9D db 3 dup(0) ; DATA XREF: sub_406E2B+EB3�o
dd 0
db 2 dup(0)
word_445FA6 dw 0 ; DATA XREF: sub_406E2B+E42�o
byte_445FA8 db 2 dup(0) ; DATA XREF: sub_406E2B+DD7�o
word_445FAA dw 0 ; DATA XREF: sub_406E2B+D65�o
db 3 dup(0)
byte_445FAF db 0 ; DATA XREF: sub_406E2B+6FC�o
db 0
byte_445FB1 db 3 dup(0) ; DATA XREF: sub_406E2B+625�o
dd 4 dup(0)
db 0
byte_445FC5 db 3 dup(0) ; DATA XREF: sub_406E2B+5E1�o
dd 4 dup(0)
dword_445FD8 dd 3 dup(0) dword_445FE4 dd 3 dup(0) dword_445FF0 dd 7 dup(0) dword_44600C dd 13h dup(0) db 2 dup(0)
word_44605A dw 0 ; DATA XREF: sub_4062CD+4A2�o
; sub_4062CD+4AD�o ...
dd 2 dup(0)
db 0
byte_446065 db 3 dup(0) ; DATA XREF: sub_4062CD+3DE�o
align 10h
dword_446070 dd 2 dup(0) dword_446078 dd 8 dup(0) db 3 dup(0)
byte_44609B db 0 ; DATA XREF: sub_4062CD+1EC�o
dd 3 dup(0)
db 2 dup(0)
word_4460AA dw 0 ; DATA XREF: sub_4062CD+A7�o
db 3 dup(0)
byte_4460AF db 0 ; DATA XREF: sub_4062CD+95�o
dd 8 dup(0)
db 0
byte_4460D1 db 3 dup(0) ; DATA XREF: sub_405F79+32A�o
dd 0Eh dup(0)
db 0
byte_44610D db 3 dup(0) ; DATA XREF: sub_405F79+2EB�o
dd 0Ch dup(0)
db 0
byte_446141 db 3 dup(0) ; DATA XREF: sub_405F79+2BD�o
dd 3 dup(0)
db 3 dup(0)
byte_446153 db 0 ; DATA XREF: sub_405F79+2AB�o
dd 0Eh dup(0)
db 3 dup(0)
byte_44618F db 0 ; DATA XREF: sub_405F79+265�o
dd 3 dup(0)
dword_44619C dd 16h dup(0) db 2 dup(0)
word_4461F6 dw 0 ; DATA XREF: sub_405F79+1C0�o
db 2 dup(0)
word_4461FA dw 0 ; DATA XREF: sub_405F79+1AE�o
dd 3 dup(0)
db 3 dup(0)
byte_44620B db 0 ; DATA XREF: sub_405F79+19C�o
dd 13h dup(0)
dword_446258 dd 13h dup(0) db 2 dup(0)
word_4462A6 dw 0 ; DATA XREF: sub_405F79+7D�o
; sub_405F79+B6�o ...
db 3 dup(0)
byte_4462AB db 0 ; DATA XREF: sub_405F79+5C�o
dd 11h dup(0)
dword_4462F0 dd 2 dup(0) dword_4462F8 dd 2 dup(0) dword_446300 dd 2 dup(0) db 2 dup(0)
word_44630A dw 0 ; DATA XREF: sub_405601+81A�o
dd 5 dup(0)
db 0
byte_446321 db 2 dup(0) ; DATA XREF: sub_405601+7F1�o
byte_446323 db 0 ; DATA XREF: sub_405601+7A5�o
dd 5 dup(0)
db 0
byte_446339 db 3 dup(0) ; DATA XREF: sub_405601+749�o
dd 3 dup(0)
dword_446348 dd 0 db 3 dup(0)
byte_44634F db 0 ; DATA XREF: sub_405601+6CA�o
dd 2 dup(0)
dword_446358 dd 2 dup(0) dword_446360 dd 7 dup(0) db 3 dup(0)
byte_44637F db 0 ; DATA XREF: sub_405601+57B�o
db 3 dup(0)
byte_446383 db 0 ; DATA XREF: sub_405601+4A4�o
; sub_405601+5ED�o
dd 0Ch dup(0)
dword_4463B4 dd 0Bh dup(0) db 2 dup(0)
word_4463E2 dw 0 ; DATA XREF: sub_405601+2CA�o
dd 0Ah dup(0)
db 0
byte_44640D db 3 dup(0) ; DATA XREF: sub_405601+28C�o
db 3 dup(0)
byte_446413 db 0 ; DATA XREF: sub_405601+256�o
dd 0
db 2 dup(0)
word_44641A dw 0 ; DATA XREF: sub_405601+233�o
dd 0
db 2 dup(0)
word_446422 dw 0 ; DATA XREF: sub_405601+1E9�o
; sub_4062CD+305�o
dd 3 dup(0)
db 0
byte_446431 db 3 dup(0) ; DATA XREF: sub_405601+1D9�o
dd 4 dup(0)
db 0
byte_446445 db 3 dup(0) ; DATA XREF: sub_405601+1A9�o
dd 0
dword_44644C dd 0 db 3 dup(0)
byte_446453 db 0 ; DATA XREF: sub_405601+170�o
align 8
dword_446458 dd 0 ; sub_405601+41D�o
db 3 dup(0)
byte_44645F db 0 ; DATA XREF: sub_4053A1+A8�o
db 3 dup(0)
byte_446463 db 0 ; DATA XREF: sub_4053A1+39�o
db 0
byte_446465 db 3 dup(0) ; DATA XREF: sub_404FEF+15A�o
db 2 dup(0)
word_44646A dw 0 ; DATA XREF: sub_404FEF+FF�o
db 2 dup(0)
word_44646E dw 0 ; DATA XREF: sub_404FEF+A1�o
dd 7 dup(0)
db 3 dup(0)
byte_44648F db 0 ; DATA XREF: sub_404FEF+5F�o
dd 0
db 2 dup(0)
word_446496 dw 0 ; DATA XREF: sub_40494F+5BF�o
align 10h
dword_4464A0 dd 2 dup(0) db 0
byte_4464A9 db 3 dup(0) ; DATA XREF: sub_40494F+54F�o
dd 0
db 0
byte_4464B1 db 3 dup(0) ; DATA XREF: sub_40494F+514�o
db 2 dup(0)
word_4464B6 dw 0 ; DATA XREF: sub_40494F+4DF�o
db 3 dup(0)
byte_4464BB db 0 ; DATA XREF: sub_40494F+49A�o
align 10h
dword_4464C0 dd 0 dword_4464C4 dd 0 dword_4464C8 dd 0 dword_4464CC dd 0 db 0
byte_4464D1 db 3 dup(0) ; DATA XREF: sub_40494F+212�o
db 2 dup(0)
word_4464D6 dw 0 ; DATA XREF: sub_40494F+8D�o
dd 0
byte_4464DC db 3 dup(0) ; DATA XREF: sub_404663+2B6�o
; sub_40494F+5E7�o
byte_4464DF db 0 ; DATA XREF: sub_404663+215�o
dd 2 dup(0)
db 2 dup(0)
word_4464EA dw 0 ; DATA XREF: sub_404663+12E�o
dd 3 dup(0)
db 3 dup(0)
byte_4464FB db 0 ; DATA XREF: sub_404663+F7�o
db 3 dup(0)
byte_4464FF db 0 ; DATA XREF: sub_404663+92�o
; sub_40494F+CF�o ...
dd 0
dword_446504 dd 0 dword_446508 dd 2 dup(0) ; sub_4045B7+C�o
db 3 dup(0)
byte_446513 db 0 ; DATA XREF: sub_404194+299�o
; sub_409847+B6E�o
dd 2 dup(0)
dword_44651C dd 0Eh dup(0) db 2 dup(0)
word_446556 dw 0 ; DATA XREF: sub_404194+1B7�o
; sub_409847+B3C�o
dd 2 dup(0)
db 3 dup(0)
byte_446563 db 0 ; DATA XREF: sub_404194+197�o
; sub_409847+B09�o
dd 3 dup(0)
db 2 dup(0)
word_446572 dw 0 ; DATA XREF: sub_404194+172�o
dd 3 dup(0)
db 2 dup(0)
word_446582 dw 0 ; DATA XREF: sub_404194+139�o
; sub_409847+AC2�o
dd 0
db 3 dup(0)
byte_44658B db 0 ; DATA XREF: sub_404194+119�o
; sub_409847+AA2�o
dd 2 dup(0)
db 2 dup(0)
word_446596 dw 0 ; DATA XREF: sub_404194+F9�o
dd 3 dup(0)
db 2 dup(0)
word_4465A6 dw 0 ; DATA XREF: sub_403C5F+3AC�o
dd 11h dup(0)
dword_4465EC dd 2 dup(0) db 2 dup(0)
word_4465F6 dw 0 ; DATA XREF: sub_403C5F+370�o
dd 3 dup(0)
db 0
byte_446605 db 0 ; DATA XREF: sub_403C5F+337�o
; sub_405F79+2F9�o ...
word_446606 dw 0 ; DATA XREF: sub_403C5F+304�o
dd 5 dup(0)
db 2 dup(0)
word_44661E dw 0 ; DATA XREF: sub_403C5F+24B�o
dd 2 dup(0)
dword_446628 dd 9 dup(0) db 3 dup(0)
byte_44664F db 0 ; DATA XREF: sub_403AA3+14F�o
db 0
byte_446651 db 3 dup(0) ; DATA XREF: sub_403AA3+6E�o
dd 0
db 3 dup(0)
byte_44665B db 0 ; DATA XREF: sub_4039D6+86�o
align 10h
byte_446660 db 2 dup(0) ; DATA XREF: sub_4037EF+42�o
; .text:004038C2�o
word_446662 dw 0 ; DATA XREF: sub_4036F2+32�o
byte_446664 db 2 dup(0) ; DATA XREF: sub_403610+9C�o
word_446666 dw 0 ; DATA XREF: sub_403449+4B�o
; sub_4034D8+41�o
dd 14Fh dup(0)
dword_446BA4 dd 4 dup(0) dword_446BB4 dd 4 dup(0) ; sub_406E2B+94F�o
dword_446BC4 dd 4 dup(0) dword_446BD4 dd 4 dup(0) dword_446BE4 dd 4 dup(0) dword_446BF4 dd 4 dup(0) dword_446C04 dd 4 dup(0) dword_446C14 dd 10h dup(0) ; sub_40BABC:loc_40BAD6�o ...
dword_446C54 dd 0 ; sub_40BA60:loc_40BAA2�o ...
dd 0Fh dup(0)
dword_446C94 dd 0 ; sub_40BBC5+825�r
dword_446C98 dd 0 ; sub_40BBC5+82C�r
dword_446C9C dd 0 ; sub_40BBC5+834�r
dword_446CA0 dd 0 ; sub_40BBC5+83C�r
align 400h
_data ends
; Section 4. (virtual address 00047000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00047000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 447000h
dd 0D0h dup(0)
dword_447340 dd 0 dd 2 dup(0)
dword_44734C dd 0 dword_447350 dd 0 dd 2 dup(0)
dword_44735C dd 0 dword_447360 dd 0 dword_447364 dd 0 dword_447368 dd 0 dd 2 dup(0)
dword_447374 dd 0 dword_447378 dd 0 dword_44737C dd 0 dword_447380 dd 0 dword_447384 dd 0 dword_447388 dd 0 dword_44738C dd 0 dword_447390 dd 0 dword_447394 dd 0 dword_447398 dd 0 dword_44739C dd 0 dword_4473A0 dd 0 dword_4473A4 dd 0 dword_4473A8 dd 0 dword_4473AC dd 0 dword_4473B0 dd 0 dword_4473B4 dd 0 dword_4473B8 dd 0 dword_4473BC dd 0 dword_4473C0 dd 0 dword_4473C4 dd 0 dword_4473C8 dd 0 dword_4473CC dd 0 dword_4473D0 dd 0 dword_4473D4 dd 0 dword_4473D8 dd 0 dword_4473DC dd 0 dword_4473E0 dd 0 dword_4473E4 dd 0 dword_4473E8 dd 0 dword_4473EC dd 0 dword_4473F0 dd 0 dword_4473F4 dd 0 dword_4473F8 dd 0 dword_4473FC dd 0 dword_447400 dd 0 dword_447404 dd 0 dword_447408 dd 0 dword_44740C dd 0 dword_447410 dd 0 dword_447414 dd 0 dword_447418 dd 0 dword_44741C dd 0 dword_447420 dd 0 dword_447424 dd 0 dword_447428 dd 0 dword_44742C dd 0 dword_447430 dd 0 dword_447434 dd 0 dword_447438 dd 0 dword_44743C dd 0 dword_447440 dd 0 dword_447444 dd 0 dword_447448 dd 0 dd 2 dup(0)
dword_447454 dd 0 dword_447458 dd 0 dword_44745C dd 0 dword_447460 dd 0 dword_447464 dd 0 dword_447468 dd 0 dword_44746C dd 0 dword_447470 dd 0 dword_447474 dd 0 dword_447478 dd 0 dword_44747C dd 0 dword_447480 dd 0 dword_447484 dd 0 dword_447488 dd 0 dword_44748C dd 0 dword_447490 dd 0 dword_447494 dd 0 dword_447498 dd 0 dword_44749C dd 0 dword_4474A0 dd 0 dword_4474A4 dd 0 dword_4474A8 dd 0 dword_4474AC dd 0 dword_4474B0 dd 0 dword_4474B4 dd 0 dword_4474B8 dd 0 dword_4474BC dd 0 dword_4474C0 dd 0 dword_4474C4 dd 0 align 10h
dword_4474D0 dd 0 dword_4474D4 dd 0 dword_4474D8 dd 0 dword_4474DC dd 0 dword_4474E0 dd 0 dd 2 dup(0)
dword_4474EC dd 0 dword_4474F0 dd 0 dword_4474F4 dd 0 dword_4474F8 dd 0 dword_4474FC dd 0 dword_447500 dd 0 dword_447504 dd 0 dword_447508 dd 0 dword_44750C dd 0 dword_447510 dd 0 dword_447514 dd 0 dword_447518 dd 0 dword_44751C dd 0 dd 2 dup(0)
dword_447528 dd 0 dword_44752C dd 0 dword_447530 dd 0 dword_447534 dd 0 dword_447538 dd 0 dword_44753C dd 0 dword_447540 dd 0 dword_447544 dd 0 dword_447548 dd 0 dword_44754C dd 0 dword_447550 dd 0 dword_447554 dd 0 dword_447558 dd 0 dword_44755C dd 0 dword_447560 dd 0 dword_447564 dd 0 dword_447568 dd 0 dword_44756C dd 0 dd 6A4h dup(0)
_idata ends
; Section 5. (virtual address 00049000)
; Virtual size : 00002000 ( 8192.)
; Section size in file : 00002000 ( 8192.)
; Offset to raw data for section: 00049000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_aspack segment para public 'DATA' use32
assume cs:_aspack
;org 449000h
db 0
public start
start db 3 dup(0)
dd 7FFh dup(0)
_aspack ends
; Section 7. (virtual address 0004C000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0004C000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 44C000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start